summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorIngo Schwarze <schwarze@cvs.openbsd.org>2021-07-08 12:30:28 +0000
committerIngo Schwarze <schwarze@cvs.openbsd.org>2021-07-08 12:30:28 +0000
commita651e933c1aa768c2c863cd5b7ab0bc8633913f8 (patch)
treeb8a3dd3620228bb114de414d60c35947eac65a0d /lib
parent35ed1380706314aef787867332ebe2b4a4b41256 (diff)
add new manual page for X509_add1_trust_object(3) and X509_trust_clear(3)
Diffstat (limited to 'lib')
-rw-r--r--lib/libcrypto/man/Makefile3
-rw-r--r--lib/libcrypto/man/X509_CINF_new.35
-rw-r--r--lib/libcrypto/man/X509_add1_trust_object.382
3 files changed, 87 insertions, 3 deletions
diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile
index 974fd918f3a..ff7fc4fd95a 100644
--- a/lib/libcrypto/man/Makefile
+++ b/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.173 2021/07/06 16:05:44 schwarze Exp $
+# $OpenBSD: Makefile,v 1.174 2021/07/08 12:30:27 schwarze Exp $
.include <bsd.own.mk>
@@ -299,6 +299,7 @@ MAN= \
X509_STORE_set_verify_cb_func.3 \
X509_STORE_set1_param.3 \
X509_VERIFY_PARAM_set_flags.3 \
+ X509_add1_trust_object.3 \
X509_check_ca.3 \
X509_check_host.3 \
X509_check_issued.3 \
diff --git a/lib/libcrypto/man/X509_CINF_new.3 b/lib/libcrypto/man/X509_CINF_new.3
index 4a0e24dfa2c..52d5acef6e0 100644
--- a/lib/libcrypto/man/X509_CINF_new.3
+++ b/lib/libcrypto/man/X509_CINF_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_CINF_new.3,v 1.6 2019/06/06 01:06:59 schwarze Exp $
+.\" $OpenBSD: X509_CINF_new.3,v 1.7 2021/07/08 12:30:27 schwarze Exp $
.\"
.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: July 8 2021 $
.Dt X509_CINF_NEW 3
.Os
.Sh NAME
@@ -94,6 +94,7 @@ object, respectively, or
if an error occurs.
.Sh SEE ALSO
.Xr d2i_X509_CINF 3 ,
+.Xr X509_add1_trust_object 3 ,
.Xr X509_new 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
diff --git a/lib/libcrypto/man/X509_add1_trust_object.3 b/lib/libcrypto/man/X509_add1_trust_object.3
new file mode 100644
index 00000000000..ed21a6da377
--- /dev/null
+++ b/lib/libcrypto/man/X509_add1_trust_object.3
@@ -0,0 +1,82 @@
+.\" $OpenBSD: X509_add1_trust_object.3,v 1.1 2021/07/08 12:30:27 schwarze Exp $
+.\"
+.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: July 8 2021 $
+.Dt X509_ADD1_TRUST_OBJECT 3
+.Os
+.Sh NAME
+.Nm X509_add1_trust_object ,
+.Nm X509_trust_clear
+.Nd mark an X.509 certificate as intended for a specific purpose
+.Sh SYNOPSIS
+.In openssl/x509.h
+.Ft int
+.Fo X509_add1_trust_object
+.Fa "X509 *x"
+.Fa "const ASN1_OBJECT *purpose"
+.Fc
+.Ft void
+.Fo X509_trust_clear
+.Fa "X509 *x"
+.Fc
+.Sh DESCRIPTION
+.Fn X509_add1_trust_object
+appends a deep copy of the
+.Fa purpose
+object to the set of intended purposes that
+.Fa x
+contains as non-standard auxiliary data.
+The function
+.Xr OBJ_nid2obj 3
+can be used to create appropriate purpose objects from the
+.Dv NID_*
+constants mentioned in
+.Xr X509_check_purpose 3 ,
+even though the
+.Dv X509_PURPOSE_*
+constants listed in that manual page are not intended for use with
+.Fn X509_add1_trust_object .
+.Pp
+.Fn X509_trust_clear
+frees and removes all purpose objects
+contained in the non-standard auxiliary data of
+.Fa x .
+.Pp
+As an alternative to using the functions documented in the present
+manual page, X.509 certificate extensions can be used.
+At the price of higher complexity, those allow storing the purpose
+inside the certificate itself in a standard-conforming way rather than
+merely in non-standard auxiliary data associated with the certificate.
+See
+.Xr EXTENDED_KEY_USAGE_new 3
+for details.
+.Sh RETURN VALUES
+.Fn X509_add1_trust_object
+returns the new number of purposes that
+.Fa x
+is intended for, or 0 if an error occurs, in particular if memory
+allocation fails or if
+.Fa x
+does not contain a sub-object that can hold non-standard auxiliary data.
+.Sh SEE ALSO
+.Xr ASN1_OBJECT_new 3 ,
+.Xr EXTENDED_KEY_USAGE_new 3 ,
+.Xr OBJ_nid2obj 3 ,
+.Xr X509_CERT_AUX_new 3 ,
+.Xr X509_new 3
+.Sh HISTORY
+These functions first appeared in OpenSSL 0.9.4 and have been available since
+.Ox 2.7 .