diff options
-rw-r--r-- | lib/libcrypto/man/Makefile | 3 | ||||
-rw-r--r-- | lib/libcrypto/man/X509_CRL_get0_by_serial.3 | 57 | ||||
-rw-r--r-- | lib/libcrypto/man/X509_REVOKED_new.3 | 146 |
3 files changed, 157 insertions, 49 deletions
diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile index e35d6239af0..dccb082a02b 100644 --- a/lib/libcrypto/man/Makefile +++ b/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.81 2016/12/16 09:56:33 schwarze Exp $ +# $OpenBSD: Makefile,v 1.82 2016/12/16 14:50:58 schwarze Exp $ .include <bsd.own.mk> @@ -188,6 +188,7 @@ MAN= \ X509_NAME_new.3 \ X509_NAME_print_ex.3 \ X509_PUBKEY_new.3 \ + X509_REVOKED_new.3 \ X509_STORE_CTX_get_error.3 \ X509_STORE_CTX_get_ex_new_index.3 \ X509_STORE_CTX_new.3 \ diff --git a/lib/libcrypto/man/X509_CRL_get0_by_serial.3 b/lib/libcrypto/man/X509_CRL_get0_by_serial.3 index 1f846713427..15c94d7c2ab 100644 --- a/lib/libcrypto/man/X509_CRL_get0_by_serial.3 +++ b/lib/libcrypto/man/X509_CRL_get0_by_serial.3 @@ -1,5 +1,5 @@ -.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.2 2016/12/05 18:25:07 schwarze Exp $ -.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.3 2016/12/16 14:50:58 schwarze Exp $ +.\" OpenSSL X509_CRL_get0_by_serial.pod 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. .\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. @@ -48,18 +48,16 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 5 2016 $ +.Dd $Mdocdate: December 16 2016 $ .Dt X509_CRL_GET0_BY_SERIAL 3 .Os .Sh NAME .Nm X509_CRL_get0_by_serial , .Nm X509_CRL_get0_by_cert , .Nm X509_CRL_get_REVOKED , -.Nm X509_REVOKED_set_serialNumber , -.Nm X509_REVOKED_set_revocationDate , .Nm X509_CRL_add0_revoked , .Nm X509_CRL_sort -.Nd CRL revoked entry utility functions +.Nd add, sort, and retrieve CRL entries .Sh SYNOPSIS .In openssl/x509.h .Ft int @@ -79,16 +77,6 @@ .Fa "X509_CRL *crl" .Fc .Ft int -.Fo X509_REVOKED_set_serialNumber -.Fa "X509_REVOKED *r" -.Fa "ASN1_INTEGER *serial" -.Fc -.Ft int -.Fo X509_REVOKED_set_revocationDate -.Fa "X509_REVOKED *r" -.Fa "ASN1_TIME *tm" -.Fc -.Ft int .Fo X509_CRL_add0_revoked .Fa "X509_CRL *crl" .Fa "X509_REVOKED *rev" @@ -122,24 +110,6 @@ returns an internal pointer to a stack of all revoked entries for .Fa crl . It is implemented as a macro. .Pp -.Fn X509_REVOKED_set_serialNumber -sets the serial number of -.Fa r -to -.Fa serial . -The supplied -.Fa serial -pointer is not used internally so it should be freed up after use. -.Pp -.Fn X509_REVOKED_set_revocationDate -sets the revocation date of -.Fa r -to -.Fa tm . -The supplied -.Fa tm -pointer is not used internally so it should be freed up after use. -.Pp .Fn X509_CRL_add0_revoked appends revoked entry .Fa rev @@ -164,8 +134,6 @@ and examine each one in turn using .Sh RETURN VALUES .Fn X509_CRL_get0_by_serial , .Fn X509_CRL_get0_by_cert , -.Fn X509_REVOKED_set_serialNumber , -.Fn X509_REVOKED_set_revocationDate , .Fn X509_CRL_add0_revoked , and .Fn X509_CRL_sort @@ -174,17 +142,10 @@ return 1 for success or 0 for failure. .Fn X509_CRL_get_REVOKED returns a STACK of revoked entries. .Sh SEE ALSO -.Xr d2i_X509 3 , +.Xr d2i_X509_CRL 3 , .Xr ERR_get_error 3 , -.Xr X509_get_ext_d2i 3 , -.Xr X509_get_pubkey 3 , -.Xr X509_get_subject_name 3 , -.Xr X509_get_version 3 , -.Xr X509_NAME_add_entry_by_txt 3 , -.Xr X509_NAME_ENTRY_get_object 3 , -.Xr X509_NAME_get_index_by_NID 3 , -.Xr X509_NAME_print_ex 3 , -.Xr X509_new 3 , -.Xr X509_sign 3 , -.Xr X509_verify_cert 3 , +.Xr X509_CRL_get_ext 3 , +.Xr X509_CRL_get_issuer 3 , +.Xr X509_CRL_get_version 3 , +.Xr X509_REVOKED_new 3 , .Xr X509V3_get_d2i 3 diff --git a/lib/libcrypto/man/X509_REVOKED_new.3 b/lib/libcrypto/man/X509_REVOKED_new.3 new file mode 100644 index 00000000000..2303f9caf20 --- /dev/null +++ b/lib/libcrypto/man/X509_REVOKED_new.3 @@ -0,0 +1,146 @@ +.\" $OpenBSD: X509_REVOKED_new.3,v 1.1 2016/12/16 14:50:58 schwarze Exp $ +.\" OpenSSL X509_CRL_get0_by_serial.pod 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org> +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>. +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 16 2016 $ +.Dt X509_REVOKED_NEW 3 +.Os +.Sh NAME +.Nm X509_REVOKED_new , +.Nm X509_REVOKED_free , +.Nm X509_REVOKED_set_serialNumber , +.Nm X509_REVOKED_set_revocationDate +.Nd create and change an X.509 CRL revoked entry +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_REVOKED * +.Fn X509_REVOKED_new void +.Ft void +.Fn X509_REVOKED_free "X509_REVOKED *r" +.Ft int +.Fo X509_REVOKED_set_serialNumber +.Fa "X509_REVOKED *r" +.Fa "ASN1_INTEGER *serial" +.Fc +.Ft int +.Fo X509_REVOKED_set_revocationDate +.Fa "X509_REVOKED *r" +.Fa "ASN1_TIME *tm" +.Fc +.Sh DESCRIPTION +.Fn X509_REVOKED_new +allocates and initializes an empty +.Vt X509_REVOKED +object, representing one of the elements of +the revokedCertificates field of the ASN.1 TBSCertList structure +defined in RFC 5280 section 5.1. +It is used by +.Vt X509_CRL +objects and can hold information about one revoked certificate +including issuer names, serial number, revocation date, and revocation +reason. +.Pp +.Fn X509_REVOKED_free +frees +.Fa r . +.Pp +.Fn X509_REVOKED_set_serialNumber +sets the serial number of +.Fa r +to +.Fa serial . +The supplied +.Fa serial +pointer is not used internally so it should be freed up after use. +.Pp +.Fn X509_REVOKED_set_revocationDate +sets the revocation date of +.Fa r +to +.Fa tm . +The supplied +.Fa tm +pointer is not used internally so it should be freed up after use. +.Sh RETURN VALUES +.Fn X509_REVOKED_new +returns the new +.Vt X509_REVOKED +object or +.Dv NULL +if an error occurs. +.Pp +.Fn X509_REVOKED_set_serialNumber +and +.Fn X509_REVOKED_set_revocationDate +return 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr d2i_X509_CRL 3 , +.Xr ERR_get_error 3 , +.Xr PEM_read_X509_CRL 3 , +.Xr X509_CRL_get0_by_serial 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, section 5.1: CRL Fields |