In x509_vfy.h rev. 1.22 2018/02/22 17:15:09, jsing@ provided

X509_STORE_up_ref(3).  X509_STORE_new(3) and X509_STORE_free(3)
have already been available earlier.  Import the documentation from
OpenSSL, adding some precision.

8 files changed, 157 insertions, 15 deletions

diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile
index d880928ea56..0de55209bb6 100644
--- a/lib/libcrypto/man/Makefile
+++ b/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.133 2018/02/19 14:08:52 schwarze Exp $
+# $OpenBSD: Makefile,v 1.134 2018/02/25 17:46:38 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -231,6 +231,7 @@ MAN=	\
 	X509_STORE_CTX_new.3 \
 	X509_STORE_CTX_set_verify_cb.3 \
 	X509_STORE_load_locations.3 \
+	X509_STORE_new.3 \
 	X509_STORE_set_verify_cb_func.3 \
 	X509_STORE_set1_param.3 \
 	X509_VERIFY_PARAM_set_flags.3 \
diff --git a/lib/libcrypto/man/PKCS7_verify.3 b/lib/libcrypto/man/PKCS7_verify.3
index f046a0b84b0..716282ead3a 100644
--- a/lib/libcrypto/man/PKCS7_verify.3
+++ b/lib/libcrypto/man/PKCS7_verify.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: PKCS7_verify.3,v 1.5 2016/12/13 15:00:22 schwarze Exp $
+.\"	$OpenBSD: PKCS7_verify.3,v 1.6 2018/02/25 17:46:38 schwarze Exp $
 .\"	OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 13 2016 $
+.Dd $Mdocdate: February 25 2018 $
 .Dt PKCS7_VERIFY 3
 .Os
 .Sh NAME
@@ -226,7 +226,8 @@ The error can be obtained from
 .Sh SEE ALSO
 .Xr ERR_get_error 3 ,
 .Xr PKCS7_new 3 ,
-.Xr PKCS7_sign 3
+.Xr PKCS7_sign 3 ,
+.Xr X509_STORE_new 3
 .Sh HISTORY
 .Fn PKCS7_verify
 was added to OpenSSL 0.9.5 .
diff --git a/lib/libcrypto/man/X509_STORE_CTX_new.3 b/lib/libcrypto/man/X509_STORE_CTX_new.3
index c83958b54f0..31c77041789 100644
--- a/lib/libcrypto/man/X509_STORE_CTX_new.3
+++ b/lib/libcrypto/man/X509_STORE_CTX_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.9 2018/02/25 16:26:15 schwarze Exp $
+.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.10 2018/02/25 17:46:38 schwarze Exp $
 .\" full merge up to: OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
 .\" selective merge up to: OpenSSL 7643a172 Apr 21 13:35:51 2017 +0200
 .\"
@@ -317,6 +317,7 @@ returns 1 for success or 0 if an error occurred.
 returns an internal pointer.
 .Sh SEE ALSO
 .Xr X509_STORE_CTX_get_error 3 ,
+.Xr X509_STORE_new 3 ,
 .Xr X509_verify_cert 3 ,
 .Xr X509_VERIFY_PARAM_set_flags 3
 .Sh HISTORY
diff --git a/lib/libcrypto/man/X509_STORE_load_locations.3 b/lib/libcrypto/man/X509_STORE_load_locations.3
index 8f1f41feac8..ca81297bed4 100644
--- a/lib/libcrypto/man/X509_STORE_load_locations.3
+++ b/lib/libcrypto/man/X509_STORE_load_locations.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: X509_STORE_load_locations.3,v 1.2 2017/01/07 08:46:13 jmc Exp $
+.\"	$OpenBSD: X509_STORE_load_locations.3,v 1.3 2018/02/25 17:46:38 schwarze Exp $
 .\"
 .\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 7 2017 $
+.Dd $Mdocdate: February 25 2018 $
 .Dt X509_STORE_LOAD_LOCATIONS 3
 .Os
 .Sh NAME
@@ -105,6 +105,7 @@ default directory for
 .Sh SEE ALSO
 .Xr SSL_CTX_load_verify_locations 3 ,
 .Xr X509_LOOKUP_hash_dir 3 ,
+.Xr X509_STORE_new 3 ,
 .Xr X509_STORE_set1_param 3 ,
 .Xr X509_STORE_set_verify_cb 3
 .Sh BUGS
diff --git a/lib/libcrypto/man/X509_STORE_new.3 b/lib/libcrypto/man/X509_STORE_new.3
new file mode 100644
index 00000000000..4fc9e952057
--- /dev/null
+++ b/lib/libcrypto/man/X509_STORE_new.3
@@ -0,0 +1,133 @@
+.\" $OpenBSD: X509_STORE_new.3,v 1.1 2018/02/25 17:46:38 schwarze Exp $
+.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400
+.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
+.\"
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by
+.\" Alessandro Ghedini <alessandro@ghedini.me>.
+.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: February 25 2018 $
+.Dt X509_STORE_NEW 3
+.Os
+.Sh NAME
+.Nm X509_STORE_new ,
+.Nm X509_STORE_up_ref ,
+.Nm X509_STORE_free
+.Nd allocate and free X.509 certificate stores
+.Sh SYNOPSIS
+.In openssl/x509_vfy.h
+.Ft X509_STORE *
+.Fn X509_STORE_new void
+.Ft int
+.Fo X509_STORE_up_ref
+.Fa "X509_STORE *store"
+.Fc
+.Ft void
+.Fo X509_STORE_free
+.Fa "X509_STORE *store"
+.Fc
+.Sh DESCRIPTION
+.Fn X509_STORE_new
+allocates and initializes an empty X.509 certificate store
+and sets its reference count to 1.
+.Pp
+.Fn X509_STORE_up_ref
+increments the reference count of
+.Fa store
+by 1.
+.Pp
+.Fn X509_STORE_free
+decrements the reference count of
+.Fa store
+by 1.
+If the reference count reaches 0,
+all resources used by the store, including all certificates
+contained in it, are released and
+.Fa store
+itself is freed.
+If
+.Fa store
+is a
+.Dv NULL
+pointer, no action occurs.
+.Sh RETURN VALUES
+.Fn X509_STORE_new
+returns a newly created
+.Vt X509_STORE
+object or
+.Dv NULL
+if an error occurs.
+.Pp
+.Fn X509_STORE_up_ref
+returns 1 for success and 0 for failure.
+.Sh SEE ALSO
+.Xr PKCS7_verify 3 ,
+.Xr SSL_CTX_set_cert_store 3 ,
+.Xr X509_STORE_CTX_new 3 ,
+.Xr X509_STORE_load_locations 3 ,
+.Xr X509_STORE_set1_param 3 ,
+.Xr X509_STORE_set_verify_cb 3
+.Sh HISTORY
+.Fn X509_STORE_up_ref
+first appeared in OpenSSL 1.1.0.
diff --git a/lib/libcrypto/man/X509_STORE_set1_param.3 b/lib/libcrypto/man/X509_STORE_set1_param.3
index 000058515e9..bed64c4c4bb 100644
--- a/lib/libcrypto/man/X509_STORE_set1_param.3
+++ b/lib/libcrypto/man/X509_STORE_set1_param.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: X509_STORE_set1_param.3,v 1.3 2017/01/06 22:46:06 schwarze Exp $
+.\"	$OpenBSD: X509_STORE_set1_param.3,v 1.4 2018/02/25 17:46:39 schwarze Exp $
 .\"	OpenSSL 99d63d46
 .\"
 .\" This file was written by Christian Heimes <cheimes@redhat.com>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 6 2017 $
+.Dd $Mdocdate: February 25 2018 $
 .Dt X509_STORE_SET1_PARAM 3
 .Os
 .Sh NAME
@@ -70,3 +70,6 @@ for
 .Sh RETURN VALUES
 .Fn X509_STORE_set1_param
 returns 1 for success and 0 for failure.
+.Sh SEE ALSO
+.Xr X509_STORE_load_locations 3 ,
+.Xr X509_STORE_new 3
diff --git a/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
index 3baccfba771..18691126e6a 100644
--- a/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
+++ b/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.4 2016/12/10 20:34:57 schwarze Exp $
+.\"	$OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.5 2018/02/25 17:46:39 schwarze Exp $
 .\"	OpenSSL 05ea606a May 20 20:52:46 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 10 2016 $
+.Dd $Mdocdate: February 25 2018 $
 .Dt X509_STORE_SET_VERIFY_CB_FUNC 3
 .Os
 .Sh NAME
@@ -92,7 +92,8 @@ and
 .Fn X509_STORE_set_verify_cb_func
 do not return a value.
 .Sh SEE ALSO
-.Xr X509_STORE_CTX_set_verify_cb 3
+.Xr X509_STORE_CTX_set_verify_cb 3 ,
+.Xr X509_STORE_new 3
 .Sh HISTORY
 .Fn X509_STORE_set_verify_cb_func
 is available in all versions of SSLeay and OpenSSL.
diff --git a/lib/libssl/man/SSL_CTX_set_cert_store.3 b/lib/libssl/man/SSL_CTX_set_cert_store.3
index 4fd6fa7714b..9fd754c0f6b 100644
--- a/lib/libssl/man/SSL_CTX_set_cert_store.3
+++ b/lib/libssl/man/SSL_CTX_set_cert_store.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: SSL_CTX_set_cert_store.3,v 1.4 2017/04/10 16:11:50 schwarze Exp $
+.\"	$OpenBSD: SSL_CTX_set_cert_store.3,v 1.5 2018/02/25 17:46:39 schwarze Exp $
 .\"	OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 10 2017 $
+.Dd $Mdocdate: February 25 2018 $
 .Dt SSL_CTX_SET_CERT_STORE 3
 .Os
 .Sh NAME
@@ -120,4 +120,5 @@ returns the current setting.
 .Sh SEE ALSO
 .Xr ssl 3 ,
 .Xr SSL_CTX_load_verify_locations 3 ,
-.Xr SSL_CTX_set_verify 3
+.Xr SSL_CTX_set_verify 3 ,
+.Xr X509_STORE_new 3