From e38e0490fe8fac60ada3097fb24e69dab49b8150 Mon Sep 17 00:00:00 2001 From: schwarze Date: Wed, 16 Nov 2022 14:55:40 +0000 Subject: [PATCH] expose the documentation of X509_STORE_CTX_verify_fn(3) and X509_STORE_set_verify(3) and document X509_STORE_get_verify(3) which tb@ all provided with x509_vfy.h revisions 1.48 and 1.49 --- lib/libcrypto/man/X509_STORE_CTX_new.3 | 6 +- lib/libcrypto/man/X509_STORE_CTX_set_verify.3 | 62 +++++++------------ 2 files changed, 26 insertions(+), 42 deletions(-) diff --git a/lib/libcrypto/man/X509_STORE_CTX_new.3 b/lib/libcrypto/man/X509_STORE_CTX_new.3 index a10742ff050..96af7a8afb3 100644 --- a/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/lib/libcrypto/man/X509_STORE_CTX_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.26 2021/11/17 16:08:32 schwarze Exp $ +.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.27 2022/11/16 14:55:40 schwarze Exp $ .\" full merge up to: OpenSSL aae41f8c Jun 25 09:47:15 2015 +0100 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100 .\" @@ -67,7 +67,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 17 2021 $ +.Dd $Mdocdate: November 16 2022 $ .Dt X509_STORE_CTX_NEW 3 .Os .Sh NAME @@ -85,6 +85,8 @@ .Nm X509_STORE_CTX_set0_untrusted , .Nm X509_STORE_CTX_get0_untrusted , .Nm X509_STORE_CTX_set0_crls +.\" X509_STORE_CTX_verify_fn moved to X509_STORE_CTX_set_verify(3) +.\" X509_STORE_CTX_set_verify moved to X509_STORE_CTX_set_verify(3) .Nd X509_STORE_CTX initialisation .Sh SYNOPSIS .In openssl/x509_vfy.h diff --git a/lib/libcrypto/man/X509_STORE_CTX_set_verify.3 b/lib/libcrypto/man/X509_STORE_CTX_set_verify.3 index ccce6a0eb1e..1c7797bbfcb 100644 --- a/lib/libcrypto/man/X509_STORE_CTX_set_verify.3 +++ b/lib/libcrypto/man/X509_STORE_CTX_set_verify.3 @@ -1,6 +1,6 @@ -.\" $OpenBSD: X509_STORE_CTX_set_verify.3,v 1.2 2021/11/23 17:06:05 tb Exp $ +.\" $OpenBSD: X509_STORE_CTX_set_verify.3,v 1.3 2022/11/16 14:55:40 schwarze Exp $ .\" -.\" Copyright (c) 2021 Ingo Schwarze +.\" Copyright (c) 2021, 2022 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -14,53 +14,32 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 23 2021 $ +.Dd $Mdocdate: November 16 2022 $ .Dt X509_STORE_CTX_SET_VERIFY 3 .Os -.\" ds LIBRESSL_NEXT_API .Sh NAME -.if dLIBRESSL_NEXT_API \{\ .Nm X509_STORE_CTX_verify_fn , -.\} .Nm X509_STORE_CTX_set_verify , -.ie dLIBRESSL_NEXT_API \{\ .Nm X509_STORE_CTX_get_verify , .Nm X509_STORE_set_verify , -.Nm X509_STORE_set_verify_func -.\} -.el \{\ -.Nm X509_STORE_CTX_get_verify -.\} +.Nm X509_STORE_set_verify_func , +.Nm X509_STORE_get_verify .Nd user-defined certificate chain verification function .Sh SYNOPSIS .In openssl/x509_vfy.h -.if dLIBRESSL_NEXT_API \{\ .Ft typedef int .Fo "(*X509_STORE_CTX_verify_fn)" .Fa "X509_STORE_CTX *ctx" .Fc -.\} .Ft void .Fo X509_STORE_CTX_set_verify .Fa "X509_STORE_CTX *ctx" -.ie dLIBRESSL_NEXT_API \{\ .Fa "X509_STORE_CTX_verify_fn verify" -.\} -.el \{\ -.Fa "int (*verify)(X509_STORE_CTX *)" -.\} .Fc -.ie dLIBRESSL_NEXT_API \{\ .Ft X509_STORE_CTX_verify_fn .Fo X509_STORE_CTX_get_verify -.\} -.el \{\ -.Ft int -.Fo "(*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))" -.\} .Fa "X509_STORE_CTX *ctx" .Fc -.if dLIBRESSL_NEXT_API \{\ .Ft void .Fo X509_STORE_set_verify .Fa "X509_STORE *store" @@ -71,7 +50,10 @@ .Fa "X509_STORE *store" .Fa "X509_STORE_CTX_verify_fn verify" .Fc -.\} +.Ft X509_STORE_CTX_verify_fn +.Fo X509_STORE_get_verify +.Fa "X509_STORE_CTX *ctx" +.Fc .Sh DESCRIPTION .Fn X509_STORE_CTX_set_verify configures @@ -97,7 +79,6 @@ or .Xr X509_VERIFY_PARAM_set_flags 3 . Otherwise, it is ignored and a different algorithm is used that does not support replacing the verification function. -.if dLIBRESSL_NEXT_API \{\ .Pp .Fn X509_STORE_set_verify saves the function pointer @@ -116,16 +97,13 @@ is later passed as an argument to is an alias for .Fn X509_STORE_set_verify implemented as a macro. -.\} .Sh RETURN VALUES -.if dLIBRESSL_NEXT_API \{\ .Fn X509_STORE_CTX_verify_fn is supposed to return 1 to indicate that the chain is valid or 0 if it is not or if an error occurred. .Pp -.\} .Fn X509_STORE_CTX_get_verify -returns a function pointer to the function previously set with +returns a function pointer previously set with .Fn X509_STORE_CTX_set_verify or .Xr X509_STORE_CTX_init 3 , @@ -134,6 +112,14 @@ or if .Fa ctx is uninitialized. +.Pp +.Fn X509_STORE_get_verify +returns the function pointer previously set with +.Fn X509_STORE_set_verify , +or +.Dv NULL +if that function was not called on the +.Fa store . .Sh SEE ALSO .Xr X509_STORE_CTX_init 3 , .Xr X509_STORE_CTX_set_error 3 , @@ -145,23 +131,19 @@ is uninitialized. .Xr X509_verify_cert 3 , .Xr X509_VERIFY_PARAM_set_flags 3 .Sh HISTORY -.if dLIBRESSL_NEXT_API \{\ .Fn X509_STORE_set_verify_func first appeared in SSLeay 0.8.0 and has been available since .Ox 2.4 . .Pp -.\} .Fn X509_STORE_CTX_set_verify and .Fn X509_STORE_CTX_get_verify first appeared in OpenSSL 1.1.0 and have been available since .Ox 7.1 . -.if dLIBRESSL_NEXT_API \{\ .Pp -.Fn X509_STORE_CTX_verify_fn +.Fn X509_STORE_CTX_verify_fn , +.Fn X509_STORE_set_verify , and -.Fn X509_STORE_set_verify +.Fn X509_STORE_get_verify first appeared in OpenSSL 1.1.0 and have been available since -.reminder Check the version number! -.Ox 7.1 . -.\} +.Ox 7.2 . -- 2.20.1