openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	Remove documentation of (caveat on) X509_TRUST_DEFAULT	tb	2024-08-29	1	-12/+2
\| \| \| \|	Sadly, it's going to go away before ever having become the default.
*	Remove X509_STORE_CTX_purpose_inherit(3) documentation	tb	2024-01-12	1	-131/+41
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This abomination of an API will be removed. Remove the hairy details of its internals and make the documentation of X509_STORE_CTX_set_trust(3) and X509_STORE_CTX_set_purpose(3) independent of it. Neither of these two remaining APIs can be recommended. Once set, trust and purpose are sticky. Setting the trust to a different (valid) value will indicate success but leave the value unchanged. I suppose it means the new trust value was successfully ignored. Also, setting the trust to X509_TRUST_DEFAULT can succeed or fail depending on which OpenSSL derivative you use. Setting the purpose will also set the trust (unless it is already set). Setting some purposes may or may not fail depending on the OpenSSL lib. The only way you have a chance of knowing what will be set is by calling only one of these functions directly after X509_STORE_CTX_init(). This isn't really safe either because in some versions the user can override the values stored in a global table by writing directly to it. The actual contributions here are rather minimal. State more explicitly that 0 is invalid (but results in success being returned), document the error values to be accurate across implementations and call out some of the nonsense in a CAVEATS section. Many thanks to schwarze for the very helpful review with lots of input. ok schwarze
*	In x509_vfy.h rev. 1.37 and x509_vfy.c rev. 1.91, tb@ provided	schwarze	2021-11-17	1	-2/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	X509_STORE_CTX_set_verify(3) and X509_STORE_CTX_get_verify(3). Document them. In the next bump, tb@ will also provide X509_STORE_CTX_verify_fn(3) and X509_STORE_set_verify(3) and restore X509_STORE_set_verify_func(3) to working order. For efficiency of documentation work, already document those three, too, but keep the text temporariy .if'ed out until they become available. Delete X509_STORE_set_verify_func(3) from X509_STORE_set_verify_cb_func(3) because it was misplaced in that page: it is not related to the verification callback. tb@ agrees with the general direction.
*	document X509_VERIFY_PARAM_inherit(3) and X509_VERIFY_PARAM_set1(3)	schwarze	2021-10-18	1	-2/+4
\|
*	split seven functions out of the page X509_VERIFY_PARAM_set_flags(3), which	schwarze	2021-10-18	1	-2/+3
\| \| \| \| \|	is becoming excessively long, into a new page X509_VERIFY_PARAM_new(3); no content change
*	Document X509_STORE_CTX_set_trust(3), X509_STORE_CTX_set_purpose(3),	schwarze	2021-07-25	1	-4/+226
\| \| \| \| \|	and X509_STORE_CTX_purpose_inherit(3). These functions look deceptively simple on first sight, but their semantics is surprisingly complicated.
*	document X509_STORE_CTX_set_time(3) and X509_STORE_CTX_set_depth(3)	schwarze	2021-07-22	1	-2/+34
\|
*	Split the functions operating on the X509_VERIFY_PARAM object out	schwarze	2021-07-22	1	-0/+166
	of X509_STORE_CTX_new(3) because i'm about to document five additional functions of this kind and the page X509_STORE_CTX_new(3) is growing unwieldy. No text change yet, except that i added an introductory sentence to the beginning of the DESCRIPTION of the new page.