From 8bc3352bee3f743c2b8f9fd9c743fca60706336c Mon Sep 17 00:00:00 2001
From: schwarze <>
Date: Mon, 5 Sep 2016 10:43:42 +0000
Subject: remove CMS manuals; beck@ agress with the general idea

---
 src/lib/libcrypto/man/CMS_verify.3 | 188 -------------------------------------
 1 file changed, 188 deletions(-)
 delete mode 100644 src/lib/libcrypto/man/CMS_verify.3

(limited to 'src/lib/libcrypto/man/CMS_verify.3')

diff --git a/src/lib/libcrypto/man/CMS_verify.3 b/src/lib/libcrypto/man/CMS_verify.3
deleted file mode 100644
index 0ab1baf6b3..0000000000
--- a/src/lib/libcrypto/man/CMS_verify.3
+++ /dev/null
@@ -1,188 +0,0 @@
-.Dd $Mdocdate: November 11 2015 $
-.Dt CMS_VERIFY 3
-.Os
-.Sh NAME
-.Nm CMS_verify ,
-.Nm CMS_get0_signers
-.Nd verify a CMS SignedData structure
-.Sh SYNOPSIS
-.In openssl/cms.h
-.Ft int
-.Fo CMS_verify
-.Fa "CMS_ContentInfo *cms"
-.Fa "STACK_OF(X509) *certs"
-.Fa "X509_STORE *store"
-.Fa "BIO *indata"
-.Fa "BIO *out"
-.Fa "unsigned int flags"
-.Fc
-.Ft STACK_OF(X509) *
-.Fo CMS_get0_signers
-.Fa "CMS_ContentInfo *cms"
-.Fc
-.Sh DESCRIPTION
-.Fn CMS_verify
-verifies a CMS SignedData structure.
-.Fa cms
-is the
-.Vt CMS_ContentInfo
-structure to verify.
-.Fa certs
-is a set of certificates in which to search for the signing
-certificate(s).
-.Fa store
-is a trusted certificate store used for chain verification.
-.Fa indata
-is the detached content if the content is not present in
-.Fa cms .
-The content is written to
-.Fa out
-if it is not
-.Dv NULL .
-.Pp
-.Fa flags
-is an optional set of flags, which can be used to modify the verify
-operation.
-.Pp
-.Fn CMS_get0_signers
-retrieves the signing certificate(s) from
-.Fa cms ,
-it must be called after a successful
-.Fn CMS_verify
-operation.
-.Sh VERIFY PROCESS
-Normally the verify process proceeds as follows.
-.Pp
-Initially some sanity checks are performed on
-.Fa cms .
-The type of
-.Fa cms
-must be SignedData.
-There must be at least one signature on the data and if the content is
-detached
-.Fa indata
-cannot be
-.Dv NULL .
-.Pp
-An attempt is made to locate all the signing certificate(s), first
-looking in the
-.Fa certs
-parameter (if it is not
-.Dv NULL )
-and then looking in any certificates contained in the
-.Fa cms
-structure itself.
-If no signing certificate can be located, the operation fails.
-.Pp
-Each signing certificate is chain verified using the
-.Sy smimesign
-purpose and the supplied trusted certificate store.
-Any internal certificates in the message are used as untrusted CAs.
-If CRL checking is enabled in
-.Fa store ,
-any internal CRLs are used in addition to attempting to look them up in
-.Fa store .
-If any chain verify fails, an error code is returned.
-.Pp
-Finally the signed content is read (and written to
-.Fa out
-is it is not
-.Dv NULL )
-and the signature is checked.
-.Pp
-If all signatures verify correctly, then the function is successful.
-.Pp
-Any of the following flags (OR'ed together) can be passed in the
-.Fa flags
-parameter to change the default verify behaviour.
-.Pp
-If
-.Dv CMS_NOINTERN
-is set, the certificates in the message itself are not searched when
-locating the signing certificate(s).
-This means that all the signing certificates must be in the
-.Fa certs
-parameter.
-.Pp
-If
-.Dv CMS_NOCRL
-is set, and CRL checking is enabled in
-.Fa store ,
-then any CRLs in the message itself are ignored.
-.Pp
-If the
-.Dv CMS_TEXT
-flag is set, MIME headers for type
-.Sy text/plain
-are deleted from the content.
-If the content is not of type
-.Sy text/plain ,
-then an error is returned.
-.Pp
-If
-.Dv CMS_NO_SIGNER_CERT_VERIFY
-is set, the signing certificates are not verified.
-.Pp
-If
-.Dv CMS_NO_ATTR_VERIFY
-is set, the signed attributes signature is not verified.
-.Pp
-If
-.Dv CMS_NO_CONTENT_VERIFY
-is set, then the content digest is not checked.
-.Sh NOTES
-One application of
-.Dv CMS_NOINTERN
-is to only accept messages signed by a small number of certificates.
-The acceptable certificates would be passed in the
-.Fa certs
-parameter.
-In this case, if the signer is not one of the certificates supplied in
-.Fa certs ,
-then the verify will fail because the signer cannot be found.
-.Pp
-In some cases the standard techniques for looking up and validating
-certificates are not appropriate: for example an application may wish to
-lookup certificates in a database or perform customised verification.
-This can be achieved by setting and verifying the signers certificates
-manually using the signed data utility functions.
-.Pp
-Care should be taken when modifying the default verify behaviour, for
-example setting
-.Dv CMS_NO_CONTENT_VERIFY
-will totally disable all content verification and any modified content
-will be considered valid.
-This combination is however useful if one merely wishes to write the
-content to
-.Fa out
-and its validity is not considered important.
-.Pp
-Chain verification should arguably be performed using the signing time
-rather than the current time.
-However since the signing time is supplied by the signer it cannot be
-trusted without additional evidence (such as a trusted timestamp).
-.Sh RETURN VALUES
-.Fn CMS_verify
-returns 1 for a successful verification and zero if an error occurred.
-.Pp
-.Fn CMS_get0_signers
-returns all signers or
-.Dv NULL
-if an error occurred.
-.Pp
-The error can be obtained from
-.Xr ERR_get_error 3 .
-.Sh SEE ALSO
-.Xr CMS_sign 3 ,
-.Xr ERR_get_error 3
-.Sh HISTORY
-.Fn CMS_verify
-was added to OpenSSL 0.9.8.
-.Sh BUGS
-The trusted certificate store is not searched for the signing
-certificate, this is primarily due to the inadequacies of the current
-.Vt X509_STORE
-functionality.
-.Pp
-The lack of single pass processing means that the signed content must
-all be held in memory if it is not detached.
-- 
cgit v1.2.3-55-g6feb