From: tb Date: Thu, 1 Dec 2022 05:33:55 +0000 (+0000) Subject: Mark the X509_V_FLAG_CB_ISSUER_CHECK flag as deprecated X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=8a0b2fe26aa8f692f9f27f548a603e2f1bc428d8;p=openbsd Mark the X509_V_FLAG_CB_ISSUER_CHECK flag as deprecated --- diff --git a/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index 7a39050c4f8..08961eb4d3e 100644 --- a/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.26 2022/07/13 21:17:03 schwarze Exp $ +.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.27 2022/12/01 05:33:55 tb Exp $ .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -68,7 +68,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 13 2022 $ +.Dd $Mdocdate: December 1 2022 $ .Dt X509_VERIFY_PARAM_SET_FLAGS 3 .Os .Sh NAME @@ -590,16 +590,10 @@ A side effect of not checking the root CA signature is that disabled or unsupported message digests on the root CA are not treated as fatal errors. .Pp -The +The deprecated .Dv X509_V_FLAG_CB_ISSUER_CHECK -flag enables debugging of certificate issuer checks. -It is -.Sy not -needed unless you are logging certificate verification. -If this flag is set then additional status codes will be sent to the -verification callback and it -.Sy must -be prepared to handle such cases without assuming they are hard errors. +flag used to enable debugging of certificate issuer checks. +It is provided for binary backwards compatibility and has no effect. .Pp When .Dv X509_V_FLAG_TRUSTED_FIRST