| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of the X509_CRL_INFO object. It should have been called "thisUpdate"
like in RFC 5280 section 5.1 (and in its precursor RFC 2459). Then again,
RFC 2459 was only published in 1999, so maybe the terminology wasn't
firmly established yet when Young wrote his code several years earlier -
just guessing, neither we nor the OpenSSL folks appear to know the real
reasons...
Anyway, we have been stuck with the "lastUpdate" names in the API for
more than two decades now, so clarify in the documentation what they
refer to and what they really mean.
Requested by and OK tb@.
|
| |
|
|
|
| |
Mop up documentation mentioning it or any of its numerous accessors that
almost nothing ever used.
|
| |
|
|
|
|
|
|
| |
These are in actual use, so their meaning should be documented.
The remaining commented codes are unused outside of x509_txt.c
except for X509_V_ERR_INVALID_NON_CA which looks used at first
glance, but it is actually in an unreachable path of the legacy
verifier.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
X509_verify_cert_error_string() is now thread safe as it no longer returns
a static buffer. Document X509_V_ERR_UNSPECIFIED. Stop asserting that the
X509_V_ERR_CERT_CHAIN_TOO_LONG code is unused, the new verifier can set it.
Add commented versions of various missing error codes in the proper spots
and move X509_V_ERR_UNNESTED_RESOURCE where it belongs.
prompted by claudio
|
| | |
|
| |
|
|
| |
CRL's signature is invalid, not the certificate's.
|
| |
|
|
| |
to claudio
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509_STORE_CTX_set_verify(3) and X509_STORE_CTX_get_verify(3).
Document them.
In the next bump, tb@ will also provide X509_STORE_CTX_verify_fn(3)
and X509_STORE_set_verify(3) and restore X509_STORE_set_verify_func(3)
to working order. For efficiency of documentation work, already
document those three, too, but keep the text temporariy .if'ed out
until they become available.
Delete X509_STORE_set_verify_func(3) from X509_STORE_set_verify_cb_func(3)
because it was misplaced in that page: it is not related to the
verification callback.
tb@ agrees with the general direction.
|
| |
|
|
|
|
|
|
|
|
| |
X509_STORE_CTX_set_error_depth x509_vfy.h 1.37 x509_vfy.c 1.91
X509_STORE_CTX_set_current_cert x509_vfy.h 1.37 x509_vfy.c 1.91
X509_STORE_CTX_get_num_untrusted x509_vfy.h 1.36 x509_vfy.c 1.90
X509_STORE_CTX_set0_verified_chain x509_vfy.h 1.37 x509_vfy.c 1.91
Merge the documentation from the OpenSSL 1.1.1 branch,
which is still under a free license; tweaked by me.
|
| | |
|
| |
|
|
| |
and X509_STORE_CTX_get_explicit_policy(3)
|
| |
|
|
| |
and X509_STORE_CTX_get0_current_crl(3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL documents it in X509_STORE_CTX_get_error(3), but it is
misplaced there. It has nothing to do with accessing status or
error information but merely retrieves a pointer to the certificate
that the users wants to validate. It is a companion function to
X509_STORE_CTX_init(3), X509_STORE_CTX_set_cert(3),
X509_STORE_CTX_get0_store(3), and X509_STORE_CTX_get0_untrusted(3).
While here:
1. Clarify how the new, init, verify, cleanup, and free calls interact,
and who owns the memory involved, because this is all really confusing
from the user perspective.
2. Clarify how X509_STORE_CTX_init(3), X509_STORE_CTX_set_cert(3), and
X509_STORE_CTX_set_chain(3) partially override each other.
3. Move X509_STORE_CTX_set0_untrusted(3) to the proper place because
it is the same as X509_STORE_CTX_set_chain(3).
4. Add a few missing words and improve some wordings.
|
| |
|
|
|
| |
It is deprecated, but it is still called by various application programs,
so let's better mention it.
|
| |
|
|
|
| |
from Martin Ukrop <mukrop at mail dot muni dot cz>
via OpenSSL commit bb00b040 Aug 5 14:14:54 2019 +0200
|
| |
|
|
| |
for consistency with all the other X509_STORE_*(3) manual pages
|
| |
|
|
| |
on the web, so fix up SSLeay HISTORY accordingly
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
X509_STORE_CTX_get0_chain(3). Adapt the documentation.
It is absurd that OpenSSL documents the two almost identical functions
X509_STORE_CTX_get0_chain(3) and X509_STORE_CTX_get1_chain(3) in
two different manual pages, with quite different wordings, and without
even referencing each other. It is very obvious that they have
lost their way in their own mire of functions.
|
| |
|
|
|
|
| |
X509_STORE_CTX_set0_untrusted(3), X509_STORE_CTX_set0_trusted_stack(3),
X509_STORE_CTX_get0_untrusted(3), and X509_STORE_CTX_get0_cert(3).
Merge the related documentation from OpenSSL.
|
| |
|
|
| |
related to X.509 with .Vt such that they can be searched for.
|
| |
|
|
|
| |
Never include <openssl/x509_vfy.h> directly; from OpenSSL.
Merge a typo fix from OpenSSL.
|
| | |
|
| | |
|
| |
|
