1 files changed, 122 insertions, 21 deletions
diff --git a/src/lib/libcrypto/man/X509_get0_notBefore.3 b/src/lib/libcrypto/man/X509_get0_notBefore.3
index 334f70e599..e9f0d62992 100644
--- a/src/lib/libcrypto/man/X509_get0_notBefore.3
+++ b/src/lib/libcrypto/man/X509_get0_notBefore.3
@@ -1,7 +1,7 @@
-.\" $OpenBSD: X509_get0_notBefore.3,v 1.4 2018/03/23 23:18:17 schwarze Exp $
+.\" $OpenBSD: X509_get0_notBefore.3,v 1.5 2020/06/24 14:59:41 schwarze Exp $
 .\" content checked up to: OpenSSL 27b138e9 May 19 00:16:38 2017 +0000
 .\"
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2018, 2020 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: June 24 2020 $
 .Dt X509_GET0_NOTBEFORE 3
 .Os
 .Sh NAME
@@ -23,12 +23,20 @@
 .Nm X509_get0_notAfter ,
 .Nm X509_getm_notBefore ,
 .Nm X509_getm_notAfter ,
+.Nm X509_get_notBefore ,
+.Nm X509_get_notAfter ,
 .Nm X509_CRL_get0_lastUpdate ,
 .Nm X509_CRL_get0_nextUpdate ,
+.Nm X509_CRL_get_lastUpdate ,
+.Nm X509_CRL_get_nextUpdate ,
 .Nm X509_set1_notBefore ,
 .Nm X509_set1_notAfter ,
+.Nm X509_set_notBefore ,
+.Nm X509_set_notAfter ,
 .Nm X509_CRL_set1_lastUpdate ,
-.Nm X509_CRL_set1_nextUpdate
+.Nm X509_CRL_set1_nextUpdate ,
+.Nm X509_CRL_set_lastUpdate ,
+.Nm X509_CRL_set_nextUpdate
 .Nd get and set certificate and CRL validity dates
 .Sh SYNOPSIS
 .In openssl/x509.h
@@ -49,13 +57,29 @@
 .Fa "const X509 *x"
 .Fc
 .Ft ASN1_TIME *
+.Fo X509_get_notBefore
+.Fa "const X509 *x"
+.Fc
+.Ft ASN1_TIME *
+.Fo X509_get_notAfter
+.Fa "const X509 *x"
+.Fc
+.Ft const ASN1_TIME *
 .Fo X509_CRL_get0_lastUpdate
 .Fa "const X509_CRL *crl"
 .Fc
-.Ft ASN1_TIME *
+.Ft const ASN1_TIME *
 .Fo X509_CRL_get0_nextUpdate
 .Fa "const X509_CRL *crl"
 .Fc
+.Ft ASN1_TIME *
+.Fo X509_CRL_get_lastUpdate
+.Fa "X509_CRL *crl"
+.Fc
+.Ft ASN1_TIME *
+.Fo X509_CRL_get_nextUpdate
+.Fa "X509_CRL *crl"
+.Fc
 .Ft int
 .Fo X509_set1_notBefore
 .Fa "X509 *x"
@@ -67,6 +91,16 @@
 .Fa "const ASN1_TIME *tm"
 .Fc
 .Ft int
+.Fo X509_set_notBefore
+.Fa "X509 *x"
+.Fa "const ASN1_TIME *tm"
+.Fc
+.Ft int
+.Fo X509_set_notAfter
+.Fa "X509 *x"
+.Fa "const ASN1_TIME *tm"
+.Fc
+.Ft int
 .Fo X509_CRL_set1_lastUpdate
 .Fa "X509_CRL *crl"
 .Fa "const ASN1_TIME *tm"
@@ -76,6 +110,16 @@
 .Fa "X509_CRL *crl"
 .Fa "const ASN1_TIME *tm"
 .Fc
+.Ft int
+.Fo X509_CRL_set_lastUpdate
+.Fa "X509_CRL *crl"
+.Fa "const ASN1_TIME *tm"
+.Fc
+.Ft int
+.Fo X509_CRL_set_nextUpdate
+.Fa "X509_CRL *crl"
+.Fa "const ASN1_TIME *tm"
+.Fc
 .Sh DESCRIPTION
 .Fn X509_getm_notBefore
 and
@@ -87,6 +131,10 @@ and
 fields of the validity period of the certificate
 .Fa x ,
 respectively.
+.Fn X509_get_notBefore
+and
+.Fn X509_get_notAfter
+are deprecated aliases implemented as macros.
 .Pp
 .Fn X509_get0_notBefore
 and
@@ -103,6 +151,12 @@ and
 fields of
 .Fa crl .
 .Pp
+.Fn X509_CRL_get_lastUpdate
+and
+.Fn X509_CRL_get_nextUpdate
+are deprecated and identical except for the const qualifier
+on the argument and on the return type.
+.Pp
 .Fn X509_set1_notBefore ,
 .Fn X509_set1_notAfter ,
 .Fn X509_CRL_set1_lastUpdate ,
@@ -123,24 +177,51 @@ respectively, to a deep copy of
 and free the
 .Vt ASN1_TIME
 value that they replace.
-.Sh RETURN VALUES
+.Pp
-.Fn X509_get0_notBefore ,
+.Fn X509_set_notBefore ,
-.Fn X509_get0_notAfter ,
+.Fn X509_set_notAfter ,
-.Fn X509_getm_notBefore ,
+.Fn X509_CRL_set_lastUpdate ,
-.Fn X509_getm_notAfter ,
-.Fn X509_CRL_get0_lastUpdate ,
 and
-.Fn X509_CRL_get0_nextUpdate
+.Fn X509_CRL_set_nextUpdate
-return internal pointers which must not be freed by the application, or
+are deprecated aliases.
+.Sh RETURN VALUES
+The
+.Sy get
+functions return internal pointers
+which must not be freed by the application, or
+.Dv NULL
+if the requested field is not available.
+They may crash with a
 .Dv NULL
-if the requested fields are not available.
+pointer access if
+.Fa x
+or
+.Fa crl
+is
+.Dv NULL .
 .Pp
-.Fn X509_set1_notBefore ,
+The
-.Fn X509_set1_notAfter ,
+.Sy set
-.Fn X509_CRL_set1_lastUpdate ,
+functions return 1 on success or 0 on failure.
-and
+They fail if
-.Fn X509_CRL_set1_nextUpdate
+.Fa x
-return 1 on success or 0 on failure.
+is
+.Dv NULL
+or does not contain a
+.Fa validity
+substructure, if
+.Fa crl
+is
+.Dv NULL ,
+or if
+.Xr ASN1_STRING_dup 3
+fails.
+.Pp
+Except for some cases of
+.Xr ASN1_STRING_dup 3
+failure, these functions do not support
+determining reasons for failure with
+.Xr ERR_get_error 3 .
 .Sh SEE ALSO
 .Xr ASN1_TIME_set 3 ,
 .Xr ASN1_TIME_set_tm 3 ,
@@ -153,6 +234,26 @@ return 1 on success or 0 on failure.
 .Xr X509_VAL_new 3 ,
 .Xr X509_verify_cert 3
 .Sh HISTORY
-These functions first appeared in OpenSSL 1.1.0
+.Fn X509_get_notBefore ,
+.Fn X509_get_notAfter ,
+.Fn X509_set_notBefore ,
+and
+.Fn X509_set_notAfter
+first appeared in SSLeay 0.6.5 and have been available since
+.Ox 2.4 .
+.Pp
+.Fn X509_CRL_get_lastUpdate
+and
+.Fn X509_CRL_get_nextUpdate
+first appeared in OpenSSL 0.9.2 and have been available since
+.Ox 2.6 .
+.Pp
+.Fn X509_CRL_set_lastUpdate
+and
+.Fn X509_CRL_set_nextUpdate
+first appeared in OpenSSL 0.9.7 and have been available since
+.Ox 3.2 .
+.Pp
+The remaining functions first appeared in OpenSSL 1.1.0
 and have been available since
 .Ox 6.3 .

diff --git a/src/lib/libcrypto/man/X509_get0_notBefore.3 b/src/lib/libcrypto/man/X509_get0_notBefore.3 index 334f70e599..e9f0d62992 100644 --- a/src/lib/libcrypto/man/X509_get0_notBefore.3 +++ b/src/lib/libcrypto/man/X509_get0_notBefore.3
@@ -1,7 +1,7 @@
1	.\" $OpenBSD: X509_get0_notBefore.3,v 1.4 2018/03/23 23:18:17 schwarze Exp $	1	.\" $OpenBSD: X509_get0_notBefore.3,v 1.5 2020/06/24 14:59:41 schwarze Exp $
2	.\" content checked up to: OpenSSL 27b138e9 May 19 00:16:38 2017 +0000	2	.\" content checked up to: OpenSSL 27b138e9 May 19 00:16:38 2017 +0000
3	.\"	3	.\"
4	.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>	4	.\" Copyright (c) 2018, 2020 Ingo Schwarze <schwarze@openbsd.org>
5	.\"	5	.\"
6	.\" Permission to use, copy, modify, and distribute this software for any	6	.\" Permission to use, copy, modify, and distribute this software for any
7	.\" purpose with or without fee is hereby granted, provided that the above	7	.\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
15	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	15	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	16	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17	.\"	17	.\"
18	.Dd $Mdocdate: March 23 2018 $	18	.Dd $Mdocdate: June 24 2020 $
19	.Dt X509_GET0_NOTBEFORE 3	19	.Dt X509_GET0_NOTBEFORE 3
20	.Os	20	.Os
21	.Sh NAME	21	.Sh NAME
@@ -23,12 +23,20 @@
23	.Nm X509_get0_notAfter ,	23	.Nm X509_get0_notAfter ,
24	.Nm X509_getm_notBefore ,	24	.Nm X509_getm_notBefore ,
25	.Nm X509_getm_notAfter ,	25	.Nm X509_getm_notAfter ,
		26	.Nm X509_get_notBefore ,
		27	.Nm X509_get_notAfter ,
26	.Nm X509_CRL_get0_lastUpdate ,	28	.Nm X509_CRL_get0_lastUpdate ,
27	.Nm X509_CRL_get0_nextUpdate ,	29	.Nm X509_CRL_get0_nextUpdate ,
		30	.Nm X509_CRL_get_lastUpdate ,
		31	.Nm X509_CRL_get_nextUpdate ,
28	.Nm X509_set1_notBefore ,	32	.Nm X509_set1_notBefore ,
29	.Nm X509_set1_notAfter ,	33	.Nm X509_set1_notAfter ,
		34	.Nm X509_set_notBefore ,
		35	.Nm X509_set_notAfter ,
30	.Nm X509_CRL_set1_lastUpdate ,	36	.Nm X509_CRL_set1_lastUpdate ,
31	.Nm X509_CRL_set1_nextUpdate	37	.Nm X509_CRL_set1_nextUpdate ,
		38	.Nm X509_CRL_set_lastUpdate ,
		39	.Nm X509_CRL_set_nextUpdate
32	.Nd get and set certificate and CRL validity dates	40	.Nd get and set certificate and CRL validity dates
33	.Sh SYNOPSIS	41	.Sh SYNOPSIS
34	.In openssl/x509.h	42	.In openssl/x509.h
@@ -49,13 +57,29 @@
49	.Fa "const X509 *x"	57	.Fa "const X509 *x"
50	.Fc	58	.Fc
51	.Ft ASN1_TIME *	59	.Ft ASN1_TIME *
		60	.Fo X509_get_notBefore
		61	.Fa "const X509 *x"
		62	.Fc
		63	.Ft ASN1_TIME *
		64	.Fo X509_get_notAfter
		65	.Fa "const X509 *x"
		66	.Fc
		67	.Ft const ASN1_TIME *
52	.Fo X509_CRL_get0_lastUpdate	68	.Fo X509_CRL_get0_lastUpdate
53	.Fa "const X509_CRL *crl"	69	.Fa "const X509_CRL *crl"
54	.Fc	70	.Fc
55	.Ft ASN1_TIME *	71	.Ft const ASN1_TIME *
56	.Fo X509_CRL_get0_nextUpdate	72	.Fo X509_CRL_get0_nextUpdate
57	.Fa "const X509_CRL *crl"	73	.Fa "const X509_CRL *crl"
58	.Fc	74	.Fc
		75	.Ft ASN1_TIME *
		76	.Fo X509_CRL_get_lastUpdate
		77	.Fa "X509_CRL *crl"
		78	.Fc
		79	.Ft ASN1_TIME *
		80	.Fo X509_CRL_get_nextUpdate
		81	.Fa "X509_CRL *crl"
		82	.Fc
59	.Ft int	83	.Ft int
60	.Fo X509_set1_notBefore	84	.Fo X509_set1_notBefore
61	.Fa "X509 *x"	85	.Fa "X509 *x"
@@ -67,6 +91,16 @@
67	.Fa "const ASN1_TIME *tm"	91	.Fa "const ASN1_TIME *tm"
68	.Fc	92	.Fc
69	.Ft int	93	.Ft int
		94	.Fo X509_set_notBefore
		95	.Fa "X509 *x"
		96	.Fa "const ASN1_TIME *tm"
		97	.Fc
		98	.Ft int
		99	.Fo X509_set_notAfter
		100	.Fa "X509 *x"
		101	.Fa "const ASN1_TIME *tm"
		102	.Fc
		103	.Ft int
70	.Fo X509_CRL_set1_lastUpdate	104	.Fo X509_CRL_set1_lastUpdate
71	.Fa "X509_CRL *crl"	105	.Fa "X509_CRL *crl"
72	.Fa "const ASN1_TIME *tm"	106	.Fa "const ASN1_TIME *tm"
@@ -76,6 +110,16 @@
76	.Fa "X509_CRL *crl"	110	.Fa "X509_CRL *crl"
77	.Fa "const ASN1_TIME *tm"	111	.Fa "const ASN1_TIME *tm"
78	.Fc	112	.Fc
		113	.Ft int
		114	.Fo X509_CRL_set_lastUpdate
		115	.Fa "X509_CRL *crl"
		116	.Fa "const ASN1_TIME *tm"
		117	.Fc
		118	.Ft int
		119	.Fo X509_CRL_set_nextUpdate
		120	.Fa "X509_CRL *crl"
		121	.Fa "const ASN1_TIME *tm"
		122	.Fc
79	.Sh DESCRIPTION	123	.Sh DESCRIPTION
80	.Fn X509_getm_notBefore	124	.Fn X509_getm_notBefore
81	and	125	and
@@ -87,6 +131,10 @@ and
87	fields of the validity period of the certificate	131	fields of the validity period of the certificate
88	.Fa x ,	132	.Fa x ,
89	respectively.	133	respectively.
		134	.Fn X509_get_notBefore
		135	and
		136	.Fn X509_get_notAfter
		137	are deprecated aliases implemented as macros.
90	.Pp	138	.Pp
91	.Fn X509_get0_notBefore	139	.Fn X509_get0_notBefore
92	and	140	and
@@ -103,6 +151,12 @@ and
103	fields of	151	fields of
104	.Fa crl .	152	.Fa crl .
105	.Pp	153	.Pp
		154	.Fn X509_CRL_get_lastUpdate
		155	and
		156	.Fn X509_CRL_get_nextUpdate
		157	are deprecated and identical except for the const qualifier
		158	on the argument and on the return type.
		159	.Pp
106	.Fn X509_set1_notBefore ,	160	.Fn X509_set1_notBefore ,
107	.Fn X509_set1_notAfter ,	161	.Fn X509_set1_notAfter ,
108	.Fn X509_CRL_set1_lastUpdate ,	162	.Fn X509_CRL_set1_lastUpdate ,
@@ -123,24 +177,51 @@ respectively, to a deep copy of
123	and free the	177	and free the
124	.Vt ASN1_TIME	178	.Vt ASN1_TIME
125	value that they replace.	179	value that they replace.
126	.Sh RETURN VALUES	180	.Pp
127	.Fn X509_get0_notBefore ,	181	.Fn X509_set_notBefore ,
128	.Fn X509_get0_notAfter ,	182	.Fn X509_set_notAfter ,
129	.Fn X509_getm_notBefore ,	183	.Fn X509_CRL_set_lastUpdate ,
130	.Fn X509_getm_notAfter ,
131	.Fn X509_CRL_get0_lastUpdate ,
132	and	184	and
133	.Fn X509_CRL_get0_nextUpdate	185	.Fn X509_CRL_set_nextUpdate
134	return internal pointers which must not be freed by the application, or	186	are deprecated aliases.
		187	.Sh RETURN VALUES
		188	The
		189	.Sy get
		190	functions return internal pointers
		191	which must not be freed by the application, or
		192	.Dv NULL
		193	if the requested field is not available.
		194	They may crash with a
135	.Dv NULL	195	.Dv NULL
136	if the requested fields are not available.	196	pointer access if
		197	.Fa x
		198	or
		199	.Fa crl
		200	is
		201	.Dv NULL .
137	.Pp	202	.Pp
138	.Fn X509_set1_notBefore ,	203	The
139	.Fn X509_set1_notAfter ,	204	.Sy set
140	.Fn X509_CRL_set1_lastUpdate ,	205	functions return 1 on success or 0 on failure.
141	and	206	They fail if
142	.Fn X509_CRL_set1_nextUpdate	207	.Fa x
143	return 1 on success or 0 on failure.	208	is
		209	.Dv NULL
		210	or does not contain a
		211	.Fa validity
		212	substructure, if
		213	.Fa crl
		214	is
		215	.Dv NULL ,
		216	or if
		217	.Xr ASN1_STRING_dup 3
		218	fails.
		219	.Pp
		220	Except for some cases of
		221	.Xr ASN1_STRING_dup 3
		222	failure, these functions do not support
		223	determining reasons for failure with
		224	.Xr ERR_get_error 3 .
144	.Sh SEE ALSO	225	.Sh SEE ALSO
145	.Xr ASN1_TIME_set 3 ,	226	.Xr ASN1_TIME_set 3 ,
146	.Xr ASN1_TIME_set_tm 3 ,	227	.Xr ASN1_TIME_set_tm 3 ,
@@ -153,6 +234,26 @@ return 1 on success or 0 on failure.
153	.Xr X509_VAL_new 3 ,	234	.Xr X509_VAL_new 3 ,
154	.Xr X509_verify_cert 3	235	.Xr X509_verify_cert 3
155	.Sh HISTORY	236	.Sh HISTORY
156	These functions first appeared in OpenSSL 1.1.0	237	.Fn X509_get_notBefore ,
		238	.Fn X509_get_notAfter ,
		239	.Fn X509_set_notBefore ,
		240	and
		241	.Fn X509_set_notAfter
		242	first appeared in SSLeay 0.6.5 and have been available since
		243	.Ox 2.4 .
		244	.Pp
		245	.Fn X509_CRL_get_lastUpdate
		246	and
		247	.Fn X509_CRL_get_nextUpdate
		248	first appeared in OpenSSL 0.9.2 and have been available since
		249	.Ox 2.6 .
		250	.Pp
		251	.Fn X509_CRL_set_lastUpdate
		252	and
		253	.Fn X509_CRL_set_nextUpdate
		254	first appeared in OpenSSL 0.9.7 and have been available since
		255	.Ox 3.2 .
		256	.Pp
		257	The remaining functions first appeared in OpenSSL 1.1.0
157	and have been available since	258	and have been available since
158	.Ox 6.3 .	259	.Ox 6.3 .