From: schwarze Date: Wed, 16 Nov 2022 14:51:08 +0000 (+0000) Subject: document X509_STORE_CTX_verify_cb(3) and X509_STORE_get_verify_cb(3) X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=da9cc4dd921b473aba7edf29ed2faa0736fd7bb4;p=openbsd document X509_STORE_CTX_verify_cb(3) and X509_STORE_get_verify_cb(3) which tb@ provided with x509_vfy.h revisions 1.48 and 1.49 --- diff --git a/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 index c4afb89385c..9ae3d0294a3 100644 --- a/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 +++ b/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 @@ -1,5 +1,5 @@ -.\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.8 2022/01/02 21:00:37 tb Exp $ -.\" full merge up to: OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.9 2022/11/16 14:51:08 schwarze Exp $ +.\" full merge up to: OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" .\" This file is a derived work. @@ -66,23 +66,28 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 2 2022 $ +.Dd $Mdocdate: November 16 2022 $ .Dt X509_STORE_CTX_SET_VERIFY_CB 3 .Os .Sh NAME +.Nm X509_STORE_CTX_verify_cb , .Nm X509_STORE_CTX_set_verify_cb , .Nm X509_STORE_CTX_get_verify_cb .Nd set and retrieve verification callback .Sh SYNOPSIS .In openssl/x509_vfy.h +.Ft typedef int +.Fo (*X509_STORE_CTX_verify_cb) +.Fa "int ok" +.Fa "X509_STORE_CTX *ctx" +.Fc .Ft void .Fo X509_STORE_CTX_set_verify_cb .Fa "X509_STORE_CTX *ctx" -.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" +.Fa "X509_STORE_CTX_verify_cb verify_cb" .Fc -.Ft int -.Fo "(*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))" -.Fa "int ok" +.Ft X509_STORE_CTX_verify_cb +.Fo X509_STORE_CTX_get_verify_cb .Fa "X509_STORE_CTX *ctx" .Fc .Sh DESCRIPTION @@ -98,7 +103,7 @@ certificate verification, either by overriding error conditions or logging errors for debugging purposes. .Pp However, a verification callback is -.Sy not +.Em not essential and the default operation is often sufficient. .Pp The @@ -256,6 +261,7 @@ verify_callback(int ok, X509_STORE_CTX *ctx) .Xr X509_STORE_CTX_new 3 , .Xr X509_STORE_CTX_set_error 3 , .Xr X509_STORE_CTX_set_flags 3 , +.Xr X509_STORE_CTX_set_verify 3 , .Xr X509_STORE_set_verify_cb 3 , .Xr X509_verify_cert 3 , .Xr X509_VERIFY_PARAM_set_flags 3 @@ -267,6 +273,10 @@ first appeared in OpenSSL 0.9.6c and has been available since .Fn X509_STORE_CTX_get_verify_cb first appeared in OpenSSL 1.1.0 and has been available since .Ox 7.1 . +.Pp +.Fn X509_STORE_CTX_verify_cb +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 7.2 . .Sh CAVEATS In general a verification callback should .Sy NOT diff --git a/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 index f6d534bbb0d..bdd5ea50444 100644 --- a/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ b/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.11 2021/11/17 16:08:32 schwarze Exp $ +.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.12 2022/11/16 14:51:08 schwarze Exp $ .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 .\" selective merge up to: OpenSSL 315c47e0 Dec 1 14:22:16 2020 +0100 .\" @@ -49,24 +49,29 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 17 2021 $ +.Dd $Mdocdate: November 16 2022 $ .Dt X509_STORE_SET_VERIFY_CB_FUNC 3 .Os .Sh NAME .Nm X509_STORE_set_verify_cb , -.Nm X509_STORE_set_verify_cb_func +.Nm X509_STORE_set_verify_cb_func , +.Nm X509_STORE_get_verify_cb .Nd set verification callback .Sh SYNOPSIS .In openssl/x509_vfy.h .Ft void .Fo X509_STORE_set_verify_cb .Fa "X509_STORE *st" -.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" +.Fa "X509_STORE_CTX_verify_cb verify_cb" .Fc .Ft void .Fo X509_STORE_set_verify_cb_func .Fa "X509_STORE *st" -.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" +.Fa "X509_STORE_CTX_verify_cb verify_cb" +.Fc +.Ft X509_STORE_CTX_verify_cb +.Fo X509_STORE_get_verify_cb +.Fa "X509_STORE *st" .Fc .Sh DESCRIPTION .Fn X509_STORE_set_verify_cb @@ -87,6 +92,14 @@ structure when it is initialized. This can be used to set the verification callback when the .Vt X509_STORE_CTX is otherwise inaccessible (for example during S/MIME verification). +.Sh RETURN VALUES +.Fn X509_STORE_get_verify_cb +returns the function pointer set with +.Fn X509_STORE_set_verify_cb , +or +.Dv NULL +if that function was not called on +.Fa st . .Sh SEE ALSO .Xr X509_STORE_CTX_new 3 , .Xr X509_STORE_CTX_set_verify 3 , @@ -102,3 +115,7 @@ first appeared in SSLeay 0.8.0 and has been available since .Fn X509_STORE_set_verify_cb first appeared in OpenSSL 1.0.0 and has been available since .Ox 4.9 . +.Pp +.Fn X509_STORE_get_verify_cb +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 7.2 .