| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
and X509_STORE_CTX_get_explicit_policy(3)
|
| | |
|
| |
|
|
| |
refering to child object names defined in the standard
|
| |
|
|
|
|
| |
description of the *pexplicit_policy output argument and make it
less technical, and drop the mention of the expected_policy_set
because the library provides no accessor function for it.
|
| | |
|
| | |
|
| |
|
|
| |
documenting the X509_POLICY_TREE object and its sub-objects
|
| |
|
|
|
| |
and X509_STORE_CTX_purpose_inherit(3). These functions look deceptively
simple on first sight, but their semantics is surprisingly complicated.
|
| |
|
|
|
| |
documenting ten functions related to X509_TRUST objects,
trust identifiers, and trust indices.
|
| |
|
|
|
|
| |
intentionally undocumented because it uses MD5 only and is
unused in real-world code according to codesearch.debian.net.
No objection from tb@.
|
| | |
|
| |
|
|
| |
been defined or user-supplied checking functions may have been installed
|
| |
|
|
| |
related to X509_PURPOSE objects, purpose identifiers, and purpose indices
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
1. Fix the order of functions to match the order they occur in
application code, making the text significantly easier to follow.
2. Do not use the same argument placeholder *sk for several different
things; call the arguments *trusted, *untrusted, and *crls as
appropriate.
3. Avoid using the word "initialised" for two different concepts
in the same manual page; it was sometimes intended to mean "fill
with zeros" and sometimes "replace the zeros with useful data".
4. Generally, make the text more precise, more straightforward,
and shorter (-84 +65 lines of mdoc code).
|
| |
|
|
|
|
|
|
|
| |
of X509_STORE_CTX_new(3) because i'm about to document five additional
functions of this kind and the page X509_STORE_CTX_new(3) is growing
unwieldy.
No text change yet, except that i added an introductory sentence
to the beginning of the DESCRIPTION of the new page.
|
| |
|
|
| |
and X509_STORE_CTX_get0_current_crl(3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSSL documents it in X509_STORE_CTX_get_error(3), but it is
misplaced there. It has nothing to do with accessing status or
error information but merely retrieves a pointer to the certificate
that the users wants to validate. It is a companion function to
X509_STORE_CTX_init(3), X509_STORE_CTX_set_cert(3),
X509_STORE_CTX_get0_store(3), and X509_STORE_CTX_get0_untrusted(3).
While here:
1. Clarify how the new, init, verify, cleanup, and free calls interact,
and who owns the memory involved, because this is all really confusing
from the user perspective.
2. Clarify how X509_STORE_CTX_init(3), X509_STORE_CTX_set_cert(3), and
X509_STORE_CTX_set_chain(3) partially override each other.
3. Move X509_STORE_CTX_set0_untrusted(3) to the proper place because
it is the same as X509_STORE_CTX_set_chain(3).
4. Add a few missing words and improve some wordings.
|
| |
|
|
|
| |
It is deprecated, but it is still called by various application programs,
so let's better mention it.
|
| |
|
|
|
|
|
|
|
|
| |
X509_issuer_name_hash(3), X509_subject_name_hash(3), and the _old variants.
Even though this is only tangentially related to decoding and encoding,
including a single function in d2i_X509_NAME(3) was probably OK,
but let's not bog down that page with six functions that are likely
to become obsolete at some point - even though right now, they are
still being used both internally and by external software.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
is pure comedy gold, and now documented as such, sadly this bit of pure
Muppet genius can't really in good consience stay in the tree as is.
Change BIO_dump to always return the number of bytes printed on success
and to stop printing and return -1 on failure if a writing function
fails.
ok tb@, jsing@
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
"please commit" schwarze
|
| |
|
|
| |
X509_alias_set1(3), X509_alias_get0(3)
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
It is not particularly well-designed and sets a number of traps for the
unwary, but it is a public API function in both OpenSSL and LibreSSL
and used at various places.
|
| |
|
|
|
| |
While here, stress that X509_NAME objects cannot share X509_NAME_ENTRY
objects, and polish a few misleading wordings.
|
| |
|
|
|
|
| |
undocumented. It is archaic and practically unused and unusable.
tb@ and jsing@ agree with marking it as undocumented.
Put the comment here because EVP_PKEY_base_id(3) is a viable alternative.
|
| |
|
|
|
| |
undocumented because it is almost unused in real-world code.
OK tb@
|
| |
|
|
| |
and X509_REQ_extract_key(3), using feedback from tb@ and jsing@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
EVP_DigestSign{,Init,Update,Final}() and EVP_DigestVerify{Init,Update}()
always returned 1 for success and 0 for failure. EVP_DigestVerify()
and EVP_DigestVerifyFinal() can return -1 or -2, though.
Based on OpenSSL 1.1.1 56c59ddd99da05c2f30832cccaffb873a8481555
ok inoguchi
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
