-.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $
-.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
+.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.6 2018/02/15 11:09:34 schwarze Exp $
+.\" full merge up to: OpenSSL f0e0fd51 Apr 14 23:59:26 2016 -0400
+.\" selective merge up to: OpenSSL 2947af32 Nov 19 00:10:05 2016 +0100
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2009, 2013, 2015, 2016 The OpenSSL Project.
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: December 25 2016 $
+.Dd $Mdocdate: February 15 2018 $
.Dt X509_STORE_CTX_GET_ERROR 3
.Os
.Sh NAME
.Nm X509_STORE_CTX_set_error ,
.Nm X509_STORE_CTX_get_error_depth ,
.Nm X509_STORE_CTX_get_current_cert ,
+.Nm X509_STORE_CTX_get0_cert ,
.Nm X509_STORE_CTX_get1_chain ,
.Nm X509_verify_cert_error_string
.Nd get or set certificate verification status information
.Fo X509_STORE_CTX_get_current_cert
.Fa "X509_STORE_CTX *ctx"
.Fc
+.Ft X509 *
+.Fo X509_STORE_CTX_get0_cert
+.Fa "X509_STORE_CTX *ctx"
+.Fc
.Ft STACK_OF(X509) *
.Fo X509_STORE_CTX_get1_chain
.Fa "X509_STORE_CTX *ctx"
.Dv NULL
if no certificate is relevant to the error.
.Pp
+.Fn X509_STORE_CTX_get0_cert
+retrieves an internal pointer to the certificate being verified by
+.Fa ctx .
+.Pp
.Fn X509_verify_cert_error_string
returns a human readable error string for verification error
.Fa n .
This will never be returned unless explicitly set by an application.
.El
.Sh SEE ALSO
+.Xr X509_up_ref 3 ,
.Xr X509_verify_cert 3
-.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.6 2018/02/14 02:05:55 schwarze Exp $
-.\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
+.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.7 2018/02/15 11:09:34 schwarze Exp $
+.\" full merge up to: OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
+.\" selective merge up to: OpenSSL 7643a172 Apr 21 13:35:51 2017 +0200
.\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
-.\" Copyright (c) 2009, 2015 The OpenSSL Project. All rights reserved.
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
+.\" and Rich Salz <rsalz@openssl.org>.
+.\" Copyright (c) 2009, 2015, 2016 The OpenSSL Project. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: February 14 2018 $
+.Dd $Mdocdate: February 15 2018 $
.Dt X509_STORE_CTX_NEW 3
.Os
.Sh NAME
.Nm X509_STORE_CTX_cleanup ,
.Nm X509_STORE_CTX_free ,
.Nm X509_STORE_CTX_init ,
+.Nm X509_STORE_CTX_set0_trusted_stack ,
.Nm X509_STORE_CTX_trusted_stack ,
.Nm X509_STORE_CTX_set_cert ,
.Nm X509_STORE_CTX_set_chain ,
.Nm X509_STORE_CTX_set0_crls ,
.Nm X509_STORE_CTX_get0_param ,
.Nm X509_STORE_CTX_set0_param ,
+.Nm X509_STORE_CTX_get0_untrusted ,
+.Nm X509_STORE_CTX_set0_untrusted ,
.Nm X509_STORE_CTX_set_default
.Nd X509_STORE_CTX initialisation
.Sh SYNOPSIS
.Fa "STACK_OF(X509) *chain"
.Fc
.Ft void
+.Fo X509_STORE_CTX_set0_trusted_stack
+.Fa "X509_STORE_CTX *ctx"
+.Fa "STACK_OF(X509) *sk"
+.Fc
+.Ft void
.Fo X509_STORE_CTX_trusted_stack
.Fa "X509_STORE_CTX *ctx"
.Fa "STACK_OF(X509) *sk"
.Fa "X509_STORE_CTX *ctx"
.Fa "const char *name"
.Fc
+.Ft STACK_OF(X509)*
+.Fo X509_STORE_CTX_get0_untrusted
+.Fa "X509_STORE_CTX *ctx"
+.Fc
+.Ft void
+.Fo X509_STORE_CTX_set0_untrusted
+.Fa "X509_STORE_CTX *ctx"
+.Fa "STACK_OF(X509) *sk"
+.Fc
.Sh DESCRIPTION
These functions initialise an
.Vt X509_STORE_CTX
parameters can be
.Dv NULL .
.Pp
-.Fn X509_STORE_CTX_trusted_stack
+.Fn X509_STORE_CTX_set0_trusted_stack
sets the set of trusted certificates of
.Fa ctx
to
This is an alternative way of specifying trusted certificates instead of
using an
.Vt X509_STORE .
+.Fn X509_STORE_CTX_trusted_stack
+is a deprecated alias for
+.Fn X509_STORE_CTX_set0_trusted_stack .
.Pp
.Fn X509_STORE_CTX_set_cert
sets the certificate to be verified in
to find an appropriate set of parameters from
.Fa name .
.Pp
+.Fn X509_STORE_CTX_get0_untrusted
+retrieves an internal pointer
+to the stack of untrusted certificates associated with
+.Fa ctx .
+.Pp
+.Fn X509_STORE_CTX_set0_untrusted
+sets the internal pointer
+to the stack of untrusted certificates associated with
+.Fa ctx
+to
+.Fa sk .
+.Pp
The certificates and CRLs in a store are used internally and should
.Sy not
be freed up until after the associated
.Dv NULL
if an error occurred.
.Pp
-.Fn X509_STORE_CTX_cleanup ,
-.Fn X509_STORE_CTX_free ,
-.Fn X509_STORE_CTX_trusted_stack ,
-.Fn X509_STORE_CTX_set_cert ,
-.Fn X509_STORE_CTX_set_chain ,
-.Fn X509_STORE_CTX_set0_crls ,
-and
-.Fn X509_STORE_CTX_set0_param
-do not return values.
-.Pp
.Fn X509_STORE_CTX_set_default
returns 1 for success or 0 if an error occurred.
+.Pp
+.Fn X509_STORE_CTX_get0_untrusted
+returns an internal pointer.
.Sh SEE ALSO
.Xr X509_verify_cert 3 ,
.Xr X509_VERIFY_PARAM_set_flags 3
projects / openbsd / commitdiff