From 831f59db350d99302ada4457857003cb4c9ce126 Mon Sep 17 00:00:00 2001 From: op Date: Tue, 30 May 2023 07:37:34 +0000 Subject: [PATCH] fix some nits on previous - move a sentence out of a Bd block - add some .Pp for spacing - avoid a double colon on a sentence and the usage of second person - mark STORE_CTX with .Vt - change one Vt -> Dv (done after this has been ok'd by beck) ok beck@ --- lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 index e78af8a6cfb..0fe086b721a 100644 --- a/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 +++ b/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.11 2023/05/29 11:57:23 beck Exp $ +.\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.12 2023/05/30 07:37:34 op Exp $ .\" full merge up to: OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -66,7 +66,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 29 2023 $ +.Dd $Mdocdate: May 30 2023 $ .Dt X509_STORE_CTX_SET_VERIFY_CB 3 .Os .Sh NAME @@ -176,10 +176,11 @@ verify_callback(int ok, X509_STORE_CTX *ctx) { return ok; } -This is likely the only safe callback to use. .Ed .Pp -Simple and terrible example that you should not use: +This is likely the only safe callback to use. +.Pp +Simple and terrible example that should not be used. Suppose a certificate in the chain is expired and we wish to continue after this error: .Bd -literal @@ -193,10 +194,13 @@ verify_callback(int ok, X509_STORE_CTX *ctx) return ok; } .Ed +.Pp While this example is presented for historical purposes, this is not the correct way to accomplish this. -You should set verification options on the STORE_CTX to use -.Vt X509_V_FLAG_NO_CHECK_TIME +The verification flag +.Dv X509_V_FLAG_NO_CHECK_TIME +should be set on the +.Vt STORE_CTX using .Xr X509_VERIFY_PARAM_set_flags 3 instead. -- 2.20.1