From a9630e5b24317a53917fa45a98e81ddf0d77dd5f Mon Sep 17 00:00:00 2001 From: schwarze Date: Tue, 6 Jun 2023 16:20:13 +0000 Subject: [PATCH] In 1995, Eric A. Young chose a confusing name for the "lastUpdate" field of the X509_CRL_INFO object. It should have been called "thisUpdate" like in RFC 5280 section 5.1 (and in its precursor RFC 2459). Then again, RFC 2459 was only published in 1999, so maybe the terminology wasn't firmly established yet when Young wrote his code several years earlier - just guessing, neither we nor the OpenSSL folks appear to know the real reasons... Anyway, we have been stuck with the "lastUpdate" names in the API for more than two decades now, so clarify in the documentation what they refer to and what they really mean. Requested by and OK tb@. --- lib/libcrypto/man/X509_STORE_CTX_get_error.3 | 8 ++++--- lib/libcrypto/man/X509_get0_notBefore.3 | 24 ++++++++++++-------- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/lib/libcrypto/man/X509_STORE_CTX_get_error.3 index b3d0ee3069d..1f221563cb3 100644 --- a/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ b/lib/libcrypto/man/X509_STORE_CTX_get_error.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.27 2023/04/30 14:49:47 tb Exp $ +.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.28 2023/06/06 16:20:13 schwarze Exp $ .\" full merge up to: .\" OpenSSL man3/X509_STORE_CTX_get_error 24a535ea Sep 22 13:14:20 2020 +0100 .\" OpenSSL man3/X509_STORE_CTX_new 24a535ea Sep 22 13:14:20 2020 +0100 @@ -68,7 +68,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 30 2023 $ +.Dd $Mdocdate: June 6 2023 $ .Dt X509_STORE_CTX_GET_ERROR 3 .Os .Sh NAME @@ -386,7 +386,9 @@ The certificate notBefore field contains an invalid time. The certificate notAfter field contains an invalid time. .It Dv X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD : \ No format error in CRL's lastUpdate field -The CRL lastUpdate field contains an invalid time. +The CRL thisUpdate field (sic!) contains an invalid time. +Both the name of the error constant and the text of the error message +give a wrong name for the field that contains the problem. .It Dv X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD : \ No format error in CRL's nextUpdate field The CRL nextUpdate field contains an invalid time. diff --git a/lib/libcrypto/man/X509_get0_notBefore.3 b/lib/libcrypto/man/X509_get0_notBefore.3 index e9f0d629928..53b18d59913 100644 --- a/lib/libcrypto/man/X509_get0_notBefore.3 +++ b/lib/libcrypto/man/X509_get0_notBefore.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_get0_notBefore.3,v 1.5 2020/06/24 14:59:41 schwarze Exp $ +.\" $OpenBSD: X509_get0_notBefore.3,v 1.6 2023/06/06 16:20:13 schwarze Exp $ .\" content checked up to: OpenSSL 27b138e9 May 19 00:16:38 2017 +0000 .\" .\" Copyright (c) 2018, 2020 Ingo Schwarze @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: June 24 2020 $ +.Dd $Mdocdate: June 6 2023 $ .Dt X509_GET0_NOTBEFORE 3 .Os .Sh NAME @@ -142,14 +142,20 @@ and are identical except for the const qualifier on the return type. .Pp .Fn X509_CRL_get0_lastUpdate -and +is misnamed in a confusing way: it returns a pointer to the +.Fa thisUpdate +field of the +.Fa crl , +indicating the time when this +.Fa crl +was issued. +.Pp .Fn X509_CRL_get0_nextUpdate -return pointers to the -.Fa lastUpdate -and +returns a pointer to the .Fa nextUpdate -fields of -.Fa crl . +field of the +.Fa crl , +indicating the time when issuing the subsequent CRL will be due. .Pp .Fn X509_CRL_get_lastUpdate and @@ -165,7 +171,7 @@ and set the .Fa notBefore , .Fa notAfter , -.Fa lastUpdate , +.Fa thisUpdate Pq sic!\& , or .Fa nextUpdate field of -- 2.20.1