From 274e6233cc5f15b38fdd880f57f73f7147936c69 Mon Sep 17 00:00:00 2001
From: schwarze <schwarze@openbsd.org>
Date: Thu, 15 Feb 2018 11:09:34 +0000
Subject: [PATCH] In x509_vfy.h rev. 1.20 2018/02/14 17:06:34, jsing@ provided
 X509_STORE_CTX_set0_untrusted(3), X509_STORE_CTX_set0_trusted_stack(3),
 X509_STORE_CTX_get0_untrusted(3), and X509_STORE_CTX_get0_cert(3). Merge the
 related documentation from OpenSSL.

---
 lib/libcrypto/man/X509_STORE_CTX_get_error.3 | 17 +++++-
 lib/libcrypto/man/X509_STORE_CTX_new.3       | 59 ++++++++++++++------
 2 files changed, 57 insertions(+), 19 deletions(-)

diff --git a/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/lib/libcrypto/man/X509_STORE_CTX_get_error.3
index 3a871ef3075..5caf4cefe4d 100644
--- a/lib/libcrypto/man/X509_STORE_CTX_get_error.3
+++ b/lib/libcrypto/man/X509_STORE_CTX_get_error.3
@@ -1,5 +1,6 @@
-.\"	$OpenBSD: X509_STORE_CTX_get_error.3,v 1.5 2016/12/25 22:15:10 schwarze Exp $
-.\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
+.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.6 2018/02/15 11:09:34 schwarze Exp $
+.\" full merge up to: OpenSSL f0e0fd51 Apr 14 23:59:26 2016 -0400
+.\" selective merge up to: OpenSSL 2947af32 Nov 19 00:10:05 2016 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
 .\" Copyright (c) 2009, 2013, 2015, 2016 The OpenSSL Project.
@@ -49,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 25 2016 $
+.Dd $Mdocdate: February 15 2018 $
 .Dt X509_STORE_CTX_GET_ERROR 3
 .Os
 .Sh NAME
@@ -57,6 +58,7 @@
 .Nm X509_STORE_CTX_set_error ,
 .Nm X509_STORE_CTX_get_error_depth ,
 .Nm X509_STORE_CTX_get_current_cert ,
+.Nm X509_STORE_CTX_get0_cert ,
 .Nm X509_STORE_CTX_get1_chain ,
 .Nm X509_verify_cert_error_string
 .Nd get or set certificate verification status information
@@ -79,6 +81,10 @@
 .Fo X509_STORE_CTX_get_current_cert
 .Fa "X509_STORE_CTX *ctx"
 .Fc
+.Ft X509 *
+.Fo X509_STORE_CTX_get0_cert
+.Fa "X509_STORE_CTX *ctx"
+.Fc
 .Ft STACK_OF(X509) *
 .Fo X509_STORE_CTX_get1_chain
 .Fa "X509_STORE_CTX *ctx"
@@ -172,6 +178,10 @@ returns the certificate which caused the error or
 .Dv NULL
 if no certificate is relevant to the error.
 .Pp
+.Fn X509_STORE_CTX_get0_cert
+retrieves an internal pointer to the certificate being verified by
+.Fa ctx .
+.Pp
 .Fn X509_verify_cert_error_string
 returns a human readable error string for verification error
 .Fa n .
@@ -346,4 +356,5 @@ An application specific error.
 This will never be returned unless explicitly set by an application.
 .El
 .Sh SEE ALSO
+.Xr X509_up_ref 3 ,
 .Xr X509_verify_cert 3
diff --git a/lib/libcrypto/man/X509_STORE_CTX_new.3 b/lib/libcrypto/man/X509_STORE_CTX_new.3
index 639eba16488..ca3c43ecbdc 100644
--- a/lib/libcrypto/man/X509_STORE_CTX_new.3
+++ b/lib/libcrypto/man/X509_STORE_CTX_new.3
@@ -1,8 +1,10 @@
-.\"	$OpenBSD: X509_STORE_CTX_new.3,v 1.6 2018/02/14 02:05:55 schwarze Exp $
-.\"	OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
+.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.7 2018/02/15 11:09:34 schwarze Exp $
+.\" full merge up to: OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
+.\" selective merge up to: OpenSSL 7643a172 Apr 21 13:35:51 2017 +0200
 .\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
-.\" Copyright (c) 2009, 2015 The OpenSSL Project.  All rights reserved.
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
+.\" and Rich Salz <rsalz@openssl.org>.
+.\" Copyright (c) 2009, 2015, 2016 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -48,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 14 2018 $
+.Dd $Mdocdate: February 15 2018 $
 .Dt X509_STORE_CTX_NEW 3
 .Os
 .Sh NAME
@@ -56,12 +58,15 @@
 .Nm X509_STORE_CTX_cleanup ,
 .Nm X509_STORE_CTX_free ,
 .Nm X509_STORE_CTX_init ,
+.Nm X509_STORE_CTX_set0_trusted_stack ,
 .Nm X509_STORE_CTX_trusted_stack ,
 .Nm X509_STORE_CTX_set_cert ,
 .Nm X509_STORE_CTX_set_chain ,
 .Nm X509_STORE_CTX_set0_crls ,
 .Nm X509_STORE_CTX_get0_param ,
 .Nm X509_STORE_CTX_set0_param ,
+.Nm X509_STORE_CTX_get0_untrusted ,
+.Nm X509_STORE_CTX_set0_untrusted ,
 .Nm X509_STORE_CTX_set_default
 .Nd X509_STORE_CTX initialisation
 .Sh SYNOPSIS
@@ -84,6 +89,11 @@
 .Fa "STACK_OF(X509) *chain"
 .Fc
 .Ft void
+.Fo X509_STORE_CTX_set0_trusted_stack
+.Fa "X509_STORE_CTX *ctx"
+.Fa "STACK_OF(X509) *sk"
+.Fc
+.Ft void
 .Fo X509_STORE_CTX_trusted_stack
 .Fa "X509_STORE_CTX *ctx"
 .Fa "STACK_OF(X509) *sk"
@@ -117,6 +127,15 @@
 .Fa "X509_STORE_CTX *ctx"
 .Fa "const char *name"
 .Fc
+.Ft STACK_OF(X509)*
+.Fo X509_STORE_CTX_get0_untrusted
+.Fa "X509_STORE_CTX *ctx"
+.Fc
+.Ft void
+.Fo X509_STORE_CTX_set0_untrusted
+.Fa "X509_STORE_CTX *ctx"
+.Fa "STACK_OF(X509) *sk"
+.Fc
 .Sh DESCRIPTION
 These functions initialise an
 .Vt X509_STORE_CTX
@@ -166,7 +185,7 @@ and
 parameters can be
 .Dv NULL .
 .Pp
-.Fn X509_STORE_CTX_trusted_stack
+.Fn X509_STORE_CTX_set0_trusted_stack
 sets the set of trusted certificates of
 .Fa ctx
 to
@@ -174,6 +193,9 @@ to
 This is an alternative way of specifying trusted certificates instead of
 using an
 .Vt X509_STORE .
+.Fn X509_STORE_CTX_trusted_stack
+is a deprecated alias for
+.Fn X509_STORE_CTX_set0_trusted_stack .
 .Pp
 .Fn X509_STORE_CTX_set_cert
 sets the certificate to be verified in
@@ -217,6 +239,18 @@ This uses the function
 to find an appropriate set of parameters from
 .Fa name .
 .Pp
+.Fn X509_STORE_CTX_get0_untrusted
+retrieves an internal pointer
+to the stack of untrusted certificates associated with
+.Fa ctx .
+.Pp
+.Fn X509_STORE_CTX_set0_untrusted
+sets the internal pointer
+to the stack of untrusted certificates associated with
+.Fa ctx
+to
+.Fa sk .
+.Pp
 The certificates and CRLs in a store are used internally and should
 .Sy not
 be freed up until after the associated
@@ -257,18 +291,11 @@ structure or
 .Dv NULL
 if an error occurred.
 .Pp
-.Fn X509_STORE_CTX_cleanup ,
-.Fn X509_STORE_CTX_free ,
-.Fn X509_STORE_CTX_trusted_stack ,
-.Fn X509_STORE_CTX_set_cert ,
-.Fn X509_STORE_CTX_set_chain ,
-.Fn X509_STORE_CTX_set0_crls ,
-and
-.Fn X509_STORE_CTX_set0_param
-do not return values.
-.Pp
 .Fn X509_STORE_CTX_set_default
 returns 1 for success or 0 if an error occurred.
+.Pp
+.Fn X509_STORE_CTX_get0_untrusted
+returns an internal pointer.
 .Sh SEE ALSO
 .Xr X509_verify_cert 3 ,
 .Xr X509_VERIFY_PARAM_set_flags 3
-- 
2.20.1