From e349b5c656473fab82bdf306f183e16cd2a007eb Mon Sep 17 00:00:00 2001 From: schwarze Date: Sun, 25 Feb 2018 22:24:18 +0000 Subject: [PATCH] In x509_vfy.h rev. 1.24 2018/02/22 17:19:31, jsing provided X509_STORE_get0_objects(3). Merge the documenteation from OpenSSL, heavily tweaked by me. While here, document six additional public functions closely related to X509_STORE_set1_param(3) that OpenSSL lacks documentation for. No Copyright-worthy amount of text remains in X509_STORE_set1_param.3, so switch to my Copyright and license. --- lib/libcrypto/man/X509_OBJECT_get0_X509.3 | 3 +- lib/libcrypto/man/X509_STORE_CTX_new.3 | 3 +- lib/libcrypto/man/X509_STORE_set1_param.3 | 183 ++++++++++++------ .../man/X509_VERIFY_PARAM_set_flags.3 | 7 +- 4 files changed, 137 insertions(+), 59 deletions(-) diff --git a/lib/libcrypto/man/X509_OBJECT_get0_X509.3 b/lib/libcrypto/man/X509_OBJECT_get0_X509.3 index 8d39028b8e8..868574d8a2b 100644 --- a/lib/libcrypto/man/X509_OBJECT_get0_X509.3 +++ b/lib/libcrypto/man/X509_OBJECT_get0_X509.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_OBJECT_get0_X509.3,v 1.1 2018/02/25 20:26:51 schwarze Exp $ +.\" $OpenBSD: X509_OBJECT_get0_X509.3,v 1.2 2018/02/25 22:24:18 schwarze Exp $ .\" Copyright (c) 2018 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any @@ -205,6 +205,7 @@ is .Dv NULL or no match is found. .Sh SEE ALSO +.Xr X509_STORE_get0_objects 3 , .Xr X509_STORE_load_locations 3 , .Xr X509_STORE_new 3 .\" The type X509_OBJECT is also used diff --git a/lib/libcrypto/man/X509_STORE_CTX_new.3 b/lib/libcrypto/man/X509_STORE_CTX_new.3 index 31c77041789..c1d8acd0d22 100644 --- a/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/lib/libcrypto/man/X509_STORE_CTX_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.10 2018/02/25 17:46:38 schwarze Exp $ +.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.11 2018/02/25 22:24:18 schwarze Exp $ .\" full merge up to: OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 .\" selective merge up to: OpenSSL 7643a172 Apr 21 13:35:51 2017 +0200 .\" @@ -318,6 +318,7 @@ returns an internal pointer. .Sh SEE ALSO .Xr X509_STORE_CTX_get_error 3 , .Xr X509_STORE_new 3 , +.Xr X509_STORE_set1_param 3 , .Xr X509_verify_cert 3 , .Xr X509_VERIFY_PARAM_set_flags 3 .Sh HISTORY diff --git a/lib/libcrypto/man/X509_STORE_set1_param.3 b/lib/libcrypto/man/X509_STORE_set1_param.3 index bed64c4c4bb..adbf8f5a1ee 100644 --- a/lib/libcrypto/man/X509_STORE_set1_param.3 +++ b/lib/libcrypto/man/X509_STORE_set1_param.3 @@ -1,75 +1,148 @@ -.\" $OpenBSD: X509_STORE_set1_param.3,v 1.4 2018/02/25 17:46:39 schwarze Exp $ -.\" OpenSSL 99d63d46 +.\" $OpenBSD: X509_STORE_set1_param.3,v 1.5 2018/02/25 22:24:18 schwarze Exp $ +.\" content checked up to: +.\" OpenSSL man3/X509_STORE_get0_param e90fc053 Jul 15 09:39:45 2017 -0400 .\" -.\" This file was written by Christian Heimes . -.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" Copyright (c) 2018 Ingo Schwarze .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. .\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .Dd $Mdocdate: February 25 2018 $ .Dt X509_STORE_SET1_PARAM 3 .Os .Sh NAME -.Nm X509_STORE_set1_param -.Nd set X509_STORE verification parameters +.Nm X509_STORE_set1_param , +.Nm X509_STORE_set_flags , +.Nm X509_STORE_set_purpose , +.Nm X509_STORE_set_trust , +.Nm X509_STORE_set_depth , +.Nm X509_STORE_add_cert , +.Nm X509_STORE_add_crl , +.Nm X509_STORE_get0_objects +.Nd get and set X509_STORE data .Sh SYNOPSIS .In openssl/x509_vfy.h .Ft int .Fo X509_STORE_set1_param -.Fa "X509_STORE *ctx" +.Fa "X509_STORE *store" .Fa "X509_VERIFY_PARAM *pm" .Fc +.Ft int +.Fo X509_STORE_set_flags +.Fa "X509_STORE *store" +.Fa "unsigned long flags" +.Fc +.Ft int +.Fo X509_STORE_set_purpose +.Fa "X509_STORE *store" +.Fa "int purpose" +.Fc +.Ft int +.Fo X509_STORE_set_trust +.Fa "X509_STORE *store" +.Fa "int trust" +.Fc +.Ft int +.Fo X509_STORE_set_depth +.Fa "X509_STORE *store" +.Fa "int depth" +.Fc +.Ft int +.Fo X509_STORE_add_cert +.Fa "X509_STORE *store" +.Fa "X509 *x" +.Fc +.Ft int +.Fo X509_STORE_add_crl +.Fa "X509_STORE *store" +.Fa "X509_CRL *crl" +.Fc +.Ft STACK_OF(X509_OBJECT) * +.Fo X509_STORE_get0_objects +.Fa "X509_STORE *store" +.Fc .Sh DESCRIPTION .Fn X509_STORE_set1_param -sets the verification parameters to +copies the verification parameters from .Fa pm -for -.Fa ctx . +into the verification parameter object contained in the +.Fa store . +.Pp +.Fn X509_VERIFY_PARAM_set_flags , +.Fn X509_STORE_set_purpose , +.Fn X509_STORE_set_trust , +and +.Fn X509_STORE_set_depth +call +.Fn X509_VERIFY_PARAM_set_flags , +.Fn X509_VERIFY_PARAM_set_purpose , +.Fn X509_VERIFY_PARAM_set_trust , +and +.Fn X509_VERIFY_PARAM_set_depth +on the verification parameter object contained in the +.Fa store . +.Pp +.Fn X509_STORE_add_cert +and +.Fn X509_STORE_add_crl +add the certificate +.Fa x +or the certificate revocation list +.Fa crl +to the +.Fa store , +increasing its reference count by 1 in case of success. .Sh RETURN VALUES -.Fn X509_STORE_set1_param -returns 1 for success and 0 for failure. +.Fn X509_STORE_set1_param , +.Fn X509_STORE_set_purpose , +and +.Fn X509_STORE_set_trust +return 1 for success or 0 for failure. +.Pp +.Fn X509_STORE_set_flags +and +.Fn X509_STORE_set_depth +always return 1, indicating success. +.Pp +.Fn X509_STORE_add_cert +and +.Fn X509_STORE_add_crl +return 1 for success or 0 for failure. +For example, they fail if +.Fa x +or +.Fa crl +is a +.Dv NULL +pointer, if a certificate with the same subject name as +.Fa x +or a revocation list with the same issuer name as +.Fa crl +are already contained in the +.Fa store , +or if memory allocation fails. +.Pp +.Fn X509_STORE_get0_objects +returns an internal pointer to the stack of certificates, revocation lists, +and private keys contained in the +.Fa store . +The returned pointer must not be freed by the calling application. .Sh SEE ALSO +.Xr SSL_set1_param 3 , +.Xr X509_OBJECT_get0_X509 3 , +.Xr X509_STORE_CTX_set0_param 3 , .Xr X509_STORE_load_locations 3 , -.Xr X509_STORE_new 3 +.Xr X509_STORE_new 3 , +.Xr X509_VERIFY_PARAM_set_flags 3 +.Sh HISTORY +.Fn X509_STORE_get0_objects +first appeared in OpenSSL 1.1.0. diff --git a/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index 184a44cc492..9a9194fd0fc 100644 --- a/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.8 2018/02/17 19:14:16 schwarze Exp $ +.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.9 2018/02/25 22:24:18 schwarze Exp $ .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500 .\" selective merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 .\" @@ -68,7 +68,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: February 17 2018 $ +.Dd $Mdocdate: February 25 2018 $ .Dt X509_VERIFY_PARAM_SET_FLAGS 3 .Os .Sh NAME @@ -654,7 +654,10 @@ SSL_CTX_set1_param(ctx, param); X509_VERIFY_PARAM_free(param); .Ed .Sh SEE ALSO +.Xr SSL_set1_param 3 , .Xr X509_check_host 3 , +.Xr X509_STORE_CTX_set0_param 3 , +.Xr X509_STORE_set1_param 3 , .Xr X509_verify_cert 3 .Sh BUGS Delta CRL checking is currently primitive. -- 2.20.1