| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
while here, add a few STANDARDS references
|
| | |
|
| |
|
|
|
| |
provided ASN1_TIME_diff(3). Merge the documentation from
the OpenSSL 1.1.1 branch, which is still under a free license.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
While here, also improve the description of ASN1_INTEGER_set(3)
and add a BUGS section explaining that several of these functions
do not provide type safety.
|
| |
|
|
|
|
| |
ASN1_OCTET_STRING_dup(3), and ASN1_OCTET_STRING_set(3).
Explicitly say that they do not provide any type safety
and explain what that means.
|
| |
|
|
| |
documenting the three functions using the BIT_STRING_BITNAME structure
|
| |
|
|
| |
markup bug found with regress/lib/libcrypto/man/check_complete.pl
|
| |
|
|
|
|
|
|
| |
X509_OBJECT_new(3) and X509_OBJECT_free(3); document them.
While here, stop talking about storing storing EVP_PKEY objects
and plain C strings in X509_OBJECT objects. LibreSSL never fully
supported that, and it certainly no longer supports that now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
X509_STORE_CTX_set_verify(3) and X509_STORE_CTX_get_verify(3).
Document them.
In the next bump, tb@ will also provide X509_STORE_CTX_verify_fn(3)
and X509_STORE_set_verify(3) and restore X509_STORE_set_verify_func(3)
to working order. For efficiency of documentation work, already
document those three, too, but keep the text temporariy .if'ed out
until they become available.
Delete X509_STORE_set_verify_func(3) from X509_STORE_set_verify_cb_func(3)
because it was misplaced in that page: it is not related to the
verification callback.
tb@ agrees with the general direction.
|
| |
|
|
| |
X509_STORE_CTX_get_verify_cb(3); document it.
|
| |
|
|
|
|
|
|
|
|
| |
X509_STORE_CTX_set_error_depth x509_vfy.h 1.37 x509_vfy.c 1.91
X509_STORE_CTX_set_current_cert x509_vfy.h 1.37 x509_vfy.c 1.91
X509_STORE_CTX_get_num_untrusted x509_vfy.h 1.36 x509_vfy.c 1.90
X509_STORE_CTX_set0_verified_chain x509_vfy.h 1.37 x509_vfy.c 1.91
Merge the documentation from the OpenSSL 1.1.1 branch,
which is still under a free license; tweaked by me.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
X509_V_FLAG_NO_CHECK_TIME, X509_VERIFY_PARAM_set_time(3),
X509_VERIFY_PARAM_set_flags(3), and X509_VERIFY_PARAM_clear_flags(3)
in detail because the API design is both surprising and surprisingly
complicated in this respect, and the resulting nasty traps have
already caused bugs in the past.
|
| |
|
|
|
|
| |
With LibreSSL, they can only be used internally in the library itself,
and even with OpenSSL, no real-world application code uses them.
OK tb@
|
| | |
|
| |
|
|
|
|
|
| |
and X509_V_FLAG_USE_CHECK_TIME.
While here, fix a typo and improve the wording
for X509_V_FLAG_NOTIFY_POLICY.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
X509_LOOKUP_METHODs because these objects are now opaque.
Simplify the documentation accordingly, shortening it by
about 35 input lines in total, but continue providing the
information which RETURN VALUES functions might return with
other implementations of the library.
OK tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
changed the return type of X509_OBJECT_get_type(3) and argument
types of X509_LOOKUP_by_subject(3), X509_LOOKUP_by_issuer_serial(3),
X509_LOOKUP_by_fingerprint(3), X509_LOOKUP_by_alias(3),
X509_OBJECT_idx_by_subject(3), X509_OBJECT_retrieve_by_subject(3),
and X509_STORE_get_by_subject(3) from int to X509_LOOKUP_TYPE, and
in rev. 1.42, he provided X509_STORE_CTX_get_obj_by_subject(3).
Adjust the documentation.
Joint work with and OK tb@.
|
| | |
|
| |
|
|
|
|
| |
because some third party application code uses them.
List the full names (even though they are long)
such that they can be found with "man -k Dv=...".
|
| |
|
|
|
| |
that are related to this page but intentionally undocumented,
to better support grepping the source directory for function names.
|
| |
|
|
| |
also documenting X509_policy_tree_get0_user_policies(3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
out of X509_LOOKUP_hash_dir(3) because both groups of functions
differ substantially in purpose and structure.
Rewrite the complete text of X509_load_cert_file(3) from scratch
for correctness and clarity.
This fixes several documentation errors:
1. The names of the constants were wrong, lacking the "X509_" prefix.
2. None of these functions support X509_FILETYPE_DEFAULT,
neither in OpenSSL nor in LibreSSL.
3. The memory cache does not contain X509_STORE objects;
instead, the X509_STORE object *is* the memory cache.
|
| |
|
|
|
| |
While here, improve some argument names, improve ordering of the
material, and mention the meaning of negative and of large arguments,
|
| |
|
|
| |
ASN1_item_digest(3), ASN1_item_sign(3), and ASN1_item_verify(3)
|
| |
|
|
|
| |
While here, put descriptions right after the prototypes they describe.
No content change.
|
| | |
|
| | |
|
| |
|
|
| |
documenting five functions to customize CRL handling
|
| |
|
|
|
|
| |
to fail if parsing of a certificate extension failed.
Adjust the documentation accordingly.
OK tb@
|
| | |
|
| |
|
|
|
|
| |
while here, add the missing const qualifier to the obj argument of
X509_EXTENSION_create_by_OBJ(3) and correct a typo in the argument
name of X509_EXTENSION_get_data(3)
|
| |
|
|
| |
also documenting X509_REQ_print(3) and X509_REQ_print_fp(3)
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
documenting six functions for extensions in certification requests
|
| | |
|
| |
|
|
| |
and add .Xrs to relevant objects
|
| |
|
|
|
|
|
|
|
| |
* Say "number of bytes" instead of "length of bytes".
* Remove mention of a BUGS section that exists neither here nor in OpenSSL.
* List all authors who contributed Copyright-worthy amounts of text.
* Remove years from the Copyright line that saw no non-trivial changes.
* Add the year 2014: that's when Emilia wrote the i2d_re_X509_tbs() text.
* Improve merge comments.
|
| | |
|
| | |
|
