From 9ea098f3616b1e68dff3cd8a9b2d0d4f929bfd2d Mon Sep 17 00:00:00 2001
From: tb <>
Date: Fri, 24 Oct 2025 11:34:23 +0000
Subject: Document X509_VERIFY_PARAM_set_hostflags(3)

ok kenjiro
---
 src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index e21d1122a9..b6860ab40b 100644
--- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.30 2025/06/08 22:40:30 schwarze Exp $
+.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.31 2025/10/24 11:34:23 tb Exp $
 .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 8 2025 $
+.Dd $Mdocdate: October 24 2025 $
 .Dt X509_VERIFY_PARAM_SET_FLAGS 3
 .Os
 .Sh NAME
@@ -88,6 +88,7 @@
 .Nm X509_VERIFY_PARAM_set_auth_level ,
 .Nm X509_VERIFY_PARAM_set1_host ,
 .Nm X509_VERIFY_PARAM_add1_host ,
+.Nm X509_VERIFY_PARAM_get_hostflags ,
 .Nm X509_VERIFY_PARAM_set_hostflags ,
 .Nm X509_VERIFY_PARAM_get0_peername ,
 .Nm X509_VERIFY_PARAM_set1_email ,
@@ -175,6 +176,10 @@
 .Fa "const char *name"
 .Fa "size_t namelen"
 .Fc
+.Ft unsigned int
+.Fo X509_VERIFY_PARAM_get_hostflags
+.Fa "const X509_VERIFY_PARAM *param"
+.Fc
 .Ft void
 .Fo X509_VERIFY_PARAM_set_hostflags
 .Fa "X509_VERIFY_PARAM *param"
@@ -351,6 +356,10 @@ uses a different default security level of 1 and calls
 .Fn X509_VERIFY_PARAM_set_auth_level
 with its own level before validating a certificate chain.
 .Pp
+.Fn X509_VERIFY_PARAM_get_hostflags
+returns the host flags previously set by a call to
+.Fn X509_VERIFY_PARAM_set_hostflags .
+.Pp
 .Fn X509_VERIFY_PARAM_set1_host
 sets the expected DNS hostname to
 .Fa name
@@ -723,6 +732,10 @@ first appeared in OpenSSL 1.1.0 and
 in OpenSSL 1.1.0d.
 Both functions have been available since
 .Ox 7.2 .
+.Pp
+.Fn X509_VERIFY_PARAM_get_hostflags
+first appeared in OpenSSL 1.1.0i and has been available since
+.Ox 7.9 .
 .Sh BUGS
 Delta CRL checking is currently primitive.
 Only a single delta can be used and (partly due to limitations of
-- 
cgit v1.2.3-55-g6feb