X509_LOOKUP_METHODs because these objects are now opaque.
Simplify the documentation accordingly, shortening it by
about 35 input lines in total, but continue providing the
information which RETURN VALUES functions might return with
other implementations of the library.
OK tb@
-.\" $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.11 2021/11/09 16:23:04 schwarze Exp $
+.\" $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.12 2021/11/12 14:05:28 schwarze Exp $
.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
.\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
.\"
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: November 9 2021 $
+.Dd $Mdocdate: November 12 2021 $
.Dt X509_LOOKUP_HASH_DIR 3
.Os
.Sh NAME
.Nm X509_LOOKUP_hash_dir ,
.Nm X509_LOOKUP_file ,
.Nm X509_LOOKUP_mem
-.Nd default certificate lookup methods
+.Nd certificate lookup methods
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft X509_LOOKUP_METHOD *
-.\" $OpenBSD: X509_LOOKUP_new.3,v 1.8 2021/11/12 11:41:50 schwarze Exp $
+.\" $OpenBSD: X509_LOOKUP_new.3,v 1.9 2021/11/12 14:05:28 schwarze Exp $
.\"
.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
.Dv NULL .
.El
.Pp
+With LibreSSL,
.Fn X509_LOOKUP_ctrl
always ignores the
.Fa ret
-argument when the built-in
-.Vt X509_LOOKUP_METHOD
-objects are used.
+argument.
.Pp
-When using built-in
-.Vt X509_LOOKUP_METHOD
-objects,
+With LibreSSL,
.Fn X509_LOOKUP_by_subject
is only useful if
.Fa lookup
.Pf * Fa object
provided by the caller, overwriting any previous content.
.Pp
-Unless an application program manually constructs its own
-.Vt X509_LOOKUP_METHOD
-object containing its own callback functions,
+With LibreSSL,
.Fn X509_LOOKUP_init ,
.Fn X509_LOOKUP_shutdown ,
.Fn X509_LOOKUP_by_issuer_serial ,
and
.Fn X509_LOOKUP_by_alias
have no effect.
-.Fn X509_LOOKUP_init
-is supposed to be called after
-.Fn X509_LOOKUP_new
-and before using the
-.Fa lookup
-object,
-.Fn X509_LOOKUP_shutdown
-after using it and before
-.Fn X509_LOOKUP_free .
.Sh RETURN VALUES
.Fn X509_LOOKUP_new
returns the new object or
.Pp
.Fn X509_LOOKUP_ctrl
returns 1 for success or 0 for failure.
-If
-.Fa lookup
-uses a user-defined
-.Vt X509_LOOKUP_METHOD
-object, it might also return \-1 for internal errors.
+With library implementations other than LibreSSL,
+it might also return \-1 for internal errors.
.Pp
.Fn X509_LOOKUP_by_subject
returns 1 for success or 0 for failure.
nor
.Dv X509_LU_CRL ,
if no match is found, or if memory allocation fails.
-If
-.Fa lookup
-uses a user-defined
-.Vt X509_LOOKUP_METHOD
-object, it might also return negative values for internal errors.
+With library implementations other than LibreSSL,
+it might also return negative values for internal errors.
.Pp
.Fn X509_LOOKUP_init
and
.Fn X509_LOOKUP_shutdown
are supposed to return 1 for success and 0 for failure.
-When using the built-in
-.Vt X509_LOOKUP_METHOD
-objects, they always return 1.
+With LibreSSL, they always return 1.
.Pp
+With LibreSSL,
.Fn X509_LOOKUP_by_issuer_serial ,
.Fn X509_LOOKUP_by_fingerprint ,
and
.Fn X509_LOOKUP_by_alias
-always return 0 when using the built-in
-.Vt X509_LOOKUP_METHOD
-objects.
+always return 0.
.Pp
.Fn X509_get_default_cert_dir
returns a pointer to the constant string
-.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.2 2021/11/12 11:41:50 schwarze Exp $
+.\" $OpenBSD: X509_STORE_get_by_subject.3,v 1.3 2021/11/12 14:05:28 schwarze Exp $
.\"
.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
.\"
In addition to simply not finding a match,
they may also fail due to memory allocation failure in
.Xr X509_LOOKUP_by_subject 3 .
-If
-.Fa ctx
-contains any
-.Vt X509_LOOKUP
-object using a user-defined
-.Vt X509_LOOKUP_METHOD ,
+With library implementations other than LibreSSL,
they might also return negative values for internal errors.
.Pp
.Fn X509_STORE_CTX_get_obj_by_subject
returns 1 if a matching
.Fa issuer
CA certificate is found or 0 otherwise.
-If
-.Fa ctx
-contains any
-.Vt X509_LOOKUP
-object using a user-defined
-.Vt X509_LOOKUP_METHOD ,
+With library implementations other than LibreSSL,
it might also return negative values for internal errors.
.Sh SEE ALSO
.Xr STACK_OF 3 ,
-.\" $OpenBSD: X509_STORE_load_locations.3,v 1.9 2021/11/09 16:23:04 schwarze Exp $
+.\" $OpenBSD: X509_STORE_load_locations.3,v 1.10 2021/11/12 14:05:28 schwarze Exp $
.\" full merge up to:
.\" OpenSSL X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: November 9 2021 $
+.Dd $Mdocdate: November 12 2021 $
.Dt X509_STORE_LOAD_LOCATIONS 3
.Os
.Sh NAME
returns the existing or new lookup object or
.Dv NULL
on failure.
-When using the built-in
-.Vt X509_LOOKUP_METHOD
-objects, the only reason for failure is lack of memory.
+With LibreSSL, the only reason for failure is lack of memory.
.Sh FILES
.Bl -tag -width Ds
.It Pa /etc/ssl/cert.pem
projects / openbsd / commitdiff