| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Update EXFLAG_PROXY and X509_V_FLAG_ALLOW_PROXY_CERTS documentation since
we need to keep them for the time being.
|
| |
|
|
|
| |
Mop up documentation mentioning it or any of its numerous accessors that
almost nothing ever used.
|
| | |
|
| |
|
|
|
|
| |
and X509_VERIFY_PARAM_set_auth_level(3). Document them.
For the latter, i included a few sentences from the OpenSSL 1.1.1
branch, which is still under a free license.
|
| |
|
|
|
|
|
| |
jmc@ dislikes a comma before "then" in a conditional, so leave those
untouched.
ok jmc@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509_STORE_CTX_set_verify(3) and X509_STORE_CTX_get_verify(3).
Document them.
In the next bump, tb@ will also provide X509_STORE_CTX_verify_fn(3)
and X509_STORE_set_verify(3) and restore X509_STORE_set_verify_func(3)
to working order. For efficiency of documentation work, already
document those three, too, but keep the text temporariy .if'ed out
until they become available.
Delete X509_STORE_set_verify_func(3) from X509_STORE_set_verify_cb_func(3)
because it was misplaced in that page: it is not related to the
verification callback.
tb@ agrees with the general direction.
|
| |
|
|
|
|
|
|
| |
X509_V_FLAG_NO_CHECK_TIME, X509_VERIFY_PARAM_set_time(3),
X509_VERIFY_PARAM_set_flags(3), and X509_VERIFY_PARAM_clear_flags(3)
in detail because the API design is both surprising and surprisingly
complicated in this respect, and the resulting nasty traps have
already caused bugs in the past.
|
| |
|
|
|
|
|
| |
and X509_V_FLAG_USE_CHECK_TIME.
While here, fix a typo and improve the wording
for X509_V_FLAG_NOTIFY_POLICY.
|
| |
|
|
|
| |
is becoming excessively long, into a new page X509_VERIFY_PARAM_new(3);
no content change
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
and add two other .Xrs that might help readers find their way.
Update the merge notices of all files touched and
merge a few trivial changes from the OpenSSL 1.1.1 branch.
OK tb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Tighten up checks for various X509_VERIFY_PARAM functions, and
allow for the verify param to be poisoned (preculding future
successful cert validation) if the setting of host, ip, or email
for certificate validation fails. (since many callers do not
check the return code in the wild and blunder along anyway)
Inspired by some discussions with Adam Langley.
ok jsing@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
X509_STORE_get0_objects(3). Merge the documenteation from OpenSSL,
heavily tweaked by me. While here, document six additional public
functions closely related to X509_STORE_set1_param(3) that OpenSSL
lacks documentation for. No Copyright-worthy amount of text remains
in X509_STORE_set1_param.3, so switch to my Copyright and license.
|
| |
|
|
|
|
| |
because jsing@ points out that this follows a (dangerous) general
pattern in the library, and mentioning that everywhere would become
repetitive.
|
| |
|
|
|
|
| |
as requested by jsing@, and also document six more related functions
that have already been public before that.
OpenSSL fails to document any of these.
|
| |
|
|
|
| |
that jsing@ recently exposed publicly in libcrypto.
Requested by jsing@.
|
| |
|
|
|
|
|
| |
function that had the the sole purpose of discouraging its use.
Not talking about it at all discourages using it even more.
Dangling cross reference reported by jmc@.
|
| | |
|
| | |
|
| | |
|
| |
|
