From 47537faa79ee928dff058e1227531f946389e2ab Mon Sep 17 00:00:00 2001 From: schwarze Date: Sun, 25 Feb 2018 17:46:38 +0000 Subject: [PATCH] In x509_vfy.h rev. 1.22 2018/02/22 17:15:09, jsing@ provided X509_STORE_up_ref(3). X509_STORE_new(3) and X509_STORE_free(3) have already been available earlier. Import the documentation from OpenSSL, adding some precision. --- lib/libcrypto/man/Makefile | 3 +- lib/libcrypto/man/PKCS7_verify.3 | 7 +- lib/libcrypto/man/X509_STORE_CTX_new.3 | 3 +- lib/libcrypto/man/X509_STORE_load_locations.3 | 5 +- lib/libcrypto/man/X509_STORE_new.3 | 133 ++++++++++++++++++ lib/libcrypto/man/X509_STORE_set1_param.3 | 7 +- .../man/X509_STORE_set_verify_cb_func.3 | 7 +- lib/libssl/man/SSL_CTX_set_cert_store.3 | 7 +- 8 files changed, 157 insertions(+), 15 deletions(-) create mode 100644 lib/libcrypto/man/X509_STORE_new.3 diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile index d880928ea56..0de55209bb6 100644 --- a/lib/libcrypto/man/Makefile +++ b/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.133 2018/02/19 14:08:52 schwarze Exp $ +# $OpenBSD: Makefile,v 1.134 2018/02/25 17:46:38 schwarze Exp $ .include @@ -231,6 +231,7 @@ MAN= \ X509_STORE_CTX_new.3 \ X509_STORE_CTX_set_verify_cb.3 \ X509_STORE_load_locations.3 \ + X509_STORE_new.3 \ X509_STORE_set_verify_cb_func.3 \ X509_STORE_set1_param.3 \ X509_VERIFY_PARAM_set_flags.3 \ diff --git a/lib/libcrypto/man/PKCS7_verify.3 b/lib/libcrypto/man/PKCS7_verify.3 index f046a0b84b0..716282ead3a 100644 --- a/lib/libcrypto/man/PKCS7_verify.3 +++ b/lib/libcrypto/man/PKCS7_verify.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: PKCS7_verify.3,v 1.5 2016/12/13 15:00:22 schwarze Exp $ +.\" $OpenBSD: PKCS7_verify.3,v 1.6 2018/02/25 17:46:38 schwarze Exp $ .\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 13 2016 $ +.Dd $Mdocdate: February 25 2018 $ .Dt PKCS7_VERIFY 3 .Os .Sh NAME @@ -226,7 +226,8 @@ The error can be obtained from .Sh SEE ALSO .Xr ERR_get_error 3 , .Xr PKCS7_new 3 , -.Xr PKCS7_sign 3 +.Xr PKCS7_sign 3 , +.Xr X509_STORE_new 3 .Sh HISTORY .Fn PKCS7_verify was added to OpenSSL 0.9.5 . diff --git a/lib/libcrypto/man/X509_STORE_CTX_new.3 b/lib/libcrypto/man/X509_STORE_CTX_new.3 index c83958b54f0..31c77041789 100644 --- a/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/lib/libcrypto/man/X509_STORE_CTX_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.9 2018/02/25 16:26:15 schwarze Exp $ +.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.10 2018/02/25 17:46:38 schwarze Exp $ .\" full merge up to: OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 .\" selective merge up to: OpenSSL 7643a172 Apr 21 13:35:51 2017 +0200 .\" @@ -317,6 +317,7 @@ returns 1 for success or 0 if an error occurred. returns an internal pointer. .Sh SEE ALSO .Xr X509_STORE_CTX_get_error 3 , +.Xr X509_STORE_new 3 , .Xr X509_verify_cert 3 , .Xr X509_VERIFY_PARAM_set_flags 3 .Sh HISTORY diff --git a/lib/libcrypto/man/X509_STORE_load_locations.3 b/lib/libcrypto/man/X509_STORE_load_locations.3 index 8f1f41feac8..ca81297bed4 100644 --- a/lib/libcrypto/man/X509_STORE_load_locations.3 +++ b/lib/libcrypto/man/X509_STORE_load_locations.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_load_locations.3,v 1.2 2017/01/07 08:46:13 jmc Exp $ +.\" $OpenBSD: X509_STORE_load_locations.3,v 1.3 2018/02/25 17:46:38 schwarze Exp $ .\" .\" Copyright (c) 2017 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: January 7 2017 $ +.Dd $Mdocdate: February 25 2018 $ .Dt X509_STORE_LOAD_LOCATIONS 3 .Os .Sh NAME @@ -105,6 +105,7 @@ default directory for .Sh SEE ALSO .Xr SSL_CTX_load_verify_locations 3 , .Xr X509_LOOKUP_hash_dir 3 , +.Xr X509_STORE_new 3 , .Xr X509_STORE_set1_param 3 , .Xr X509_STORE_set_verify_cb 3 .Sh BUGS diff --git a/lib/libcrypto/man/X509_STORE_new.3 b/lib/libcrypto/man/X509_STORE_new.3 new file mode 100644 index 00000000000..4fc9e952057 --- /dev/null +++ b/lib/libcrypto/man/X509_STORE_new.3 @@ -0,0 +1,133 @@ +.\" $OpenBSD: X509_STORE_new.3,v 1.1 2018/02/25 17:46:38 schwarze Exp $ +.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by +.\" Alessandro Ghedini . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: February 25 2018 $ +.Dt X509_STORE_NEW 3 +.Os +.Sh NAME +.Nm X509_STORE_new , +.Nm X509_STORE_up_ref , +.Nm X509_STORE_free +.Nd allocate and free X.509 certificate stores +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft X509_STORE * +.Fn X509_STORE_new void +.Ft int +.Fo X509_STORE_up_ref +.Fa "X509_STORE *store" +.Fc +.Ft void +.Fo X509_STORE_free +.Fa "X509_STORE *store" +.Fc +.Sh DESCRIPTION +.Fn X509_STORE_new +allocates and initializes an empty X.509 certificate store +and sets its reference count to 1. +.Pp +.Fn X509_STORE_up_ref +increments the reference count of +.Fa store +by 1. +.Pp +.Fn X509_STORE_free +decrements the reference count of +.Fa store +by 1. +If the reference count reaches 0, +all resources used by the store, including all certificates +contained in it, are released and +.Fa store +itself is freed. +If +.Fa store +is a +.Dv NULL +pointer, no action occurs. +.Sh RETURN VALUES +.Fn X509_STORE_new +returns a newly created +.Vt X509_STORE +object or +.Dv NULL +if an error occurs. +.Pp +.Fn X509_STORE_up_ref +returns 1 for success and 0 for failure. +.Sh SEE ALSO +.Xr PKCS7_verify 3 , +.Xr SSL_CTX_set_cert_store 3 , +.Xr X509_STORE_CTX_new 3 , +.Xr X509_STORE_load_locations 3 , +.Xr X509_STORE_set1_param 3 , +.Xr X509_STORE_set_verify_cb 3 +.Sh HISTORY +.Fn X509_STORE_up_ref +first appeared in OpenSSL 1.1.0. diff --git a/lib/libcrypto/man/X509_STORE_set1_param.3 b/lib/libcrypto/man/X509_STORE_set1_param.3 index 000058515e9..bed64c4c4bb 100644 --- a/lib/libcrypto/man/X509_STORE_set1_param.3 +++ b/lib/libcrypto/man/X509_STORE_set1_param.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_set1_param.3,v 1.3 2017/01/06 22:46:06 schwarze Exp $ +.\" $OpenBSD: X509_STORE_set1_param.3,v 1.4 2018/02/25 17:46:39 schwarze Exp $ .\" OpenSSL 99d63d46 .\" .\" This file was written by Christian Heimes . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 6 2017 $ +.Dd $Mdocdate: February 25 2018 $ .Dt X509_STORE_SET1_PARAM 3 .Os .Sh NAME @@ -70,3 +70,6 @@ for .Sh RETURN VALUES .Fn X509_STORE_set1_param returns 1 for success and 0 for failure. +.Sh SEE ALSO +.Xr X509_STORE_load_locations 3 , +.Xr X509_STORE_new 3 diff --git a/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 index 3baccfba771..18691126e6a 100644 --- a/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ b/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.4 2016/12/10 20:34:57 schwarze Exp $ +.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.5 2018/02/25 17:46:39 schwarze Exp $ .\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 10 2016 $ +.Dd $Mdocdate: February 25 2018 $ .Dt X509_STORE_SET_VERIFY_CB_FUNC 3 .Os .Sh NAME @@ -92,7 +92,8 @@ and .Fn X509_STORE_set_verify_cb_func do not return a value. .Sh SEE ALSO -.Xr X509_STORE_CTX_set_verify_cb 3 +.Xr X509_STORE_CTX_set_verify_cb 3 , +.Xr X509_STORE_new 3 .Sh HISTORY .Fn X509_STORE_set_verify_cb_func is available in all versions of SSLeay and OpenSSL. diff --git a/lib/libssl/man/SSL_CTX_set_cert_store.3 b/lib/libssl/man/SSL_CTX_set_cert_store.3 index 4fd6fa7714b..9fd754c0f6b 100644 --- a/lib/libssl/man/SSL_CTX_set_cert_store.3 +++ b/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: SSL_CTX_set_cert_store.3,v 1.4 2017/04/10 16:11:50 schwarze Exp $ +.\" $OpenBSD: SSL_CTX_set_cert_store.3,v 1.5 2018/02/25 17:46:39 schwarze Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Lutz Jaenicke . @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 10 2017 $ +.Dd $Mdocdate: February 25 2018 $ .Dt SSL_CTX_SET_CERT_STORE 3 .Os .Sh NAME @@ -120,4 +120,5 @@ returns the current setting. .Sh SEE ALSO .Xr ssl 3 , .Xr SSL_CTX_load_verify_locations 3 , -.Xr SSL_CTX_set_verify 3 +.Xr SSL_CTX_set_verify 3 , +.Xr X509_STORE_new 3 -- 2.20.1