diff options
author | Jung-uk Kim <jkim@FreeBSD.org> | 2019-02-26 19:31:33 +0000 |
---|---|---|
committer | Jung-uk Kim <jkim@FreeBSD.org> | 2019-02-26 19:31:33 +0000 |
commit | 6935a639f0f999de98b970a3cf26b0dc80b1798b (patch) | |
tree | 4549bd7ef0d8a5d43b6278ae71c08e155435c33f /secure/lib/libcrypto/man/OCSP_resp_find_status.3 | |
parent | 50792eb553bf2cebaea3ddaea066100ab9e51f2d (diff) | |
parent | 851f7386fd78b9787f4f6669ad271886a2a003f1 (diff) | |
download | src-6935a639f0f999de98b970a3cf26b0dc80b1798b.tar.gz src-6935a639f0f999de98b970a3cf26b0dc80b1798b.zip |
Merge OpenSSL 1.1.1b.
Notes
Notes:
svn path=/head/; revision=344602
Diffstat (limited to 'secure/lib/libcrypto/man/OCSP_resp_find_status.3')
-rw-r--r-- | secure/lib/libcrypto/man/OCSP_resp_find_status.3 | 94 |
1 files changed, 49 insertions, 45 deletions
diff --git a/secure/lib/libcrypto/man/OCSP_resp_find_status.3 b/secure/lib/libcrypto/man/OCSP_resp_find_status.3 index 8cfea7b49cbb..d98518403f03 100644 --- a/secure/lib/libcrypto/man/OCSP_resp_find_status.3 +++ b/secure/lib/libcrypto/man/OCSP_resp_find_status.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP_RESP_FIND_STATUS 3" -.TH OCSP_RESP_FIND_STATUS 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH OCSP_RESP_FIND_STATUS 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -182,7 +186,7 @@ OCSP_resp_get0_certs, OCSP_resp_get0_signer, OCSP_resp_get0_id, OCSP_resp_get1_i .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is +\&\fBOCSP_resp_find_status()\fR searches \fBbs\fR for an \s-1OCSP\s0 response for \fBid\fR. If it is successful the fields of the response are returned in \fB*status\fR, \fB*reason\fR, \&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. The \fB*status\fR value will be one of \&\fBV_OCSP_CERTSTATUS_GOOD\fR, \fBV_OCSP_CERTSTATUS_REVOKED\fR or @@ -195,50 +199,50 @@ will be set to the revocation reason which will be one of \&\fB\s-1OCSP_REVOKED_STATUS_CESSATIONOFOPERATION\s0\fR, \&\fB\s-1OCSP_REVOKED_STATUS_CERTIFICATEHOLD\s0\fR or \fB\s-1OCSP_REVOKED_STATUS_REMOVEFROMCRL\s0\fR. .PP -\&\fIOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR. +\&\fBOCSP_resp_count()\fR returns the number of \fB\s-1OCSP_SINGLERESP\s0\fR structures in \fBbs\fR. .PP -\&\fIOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR +\&\fBOCSP_resp_get0()\fR returns the \fB\s-1OCSP_SINGLERESP\s0\fR structure in \fBbs\fR corresponding to index \fBidx\fR. Where \fBidx\fR runs from 0 to OCSP_resp_count(bs) \- 1. .PP -\&\fIOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first +\&\fBOCSP_resp_find()\fR searches \fBbs\fR for \fBid\fR and returns the index of the first matching entry after \fBlast\fR or starting from the beginning if \fBlast\fR is \-1. .PP -\&\fIOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR, +\&\fBOCSP_single_get0_status()\fR extracts the fields of \fBsingle\fR in \fB*reason\fR, \&\fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR. .PP -\&\fIOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the +\&\fBOCSP_resp_get0_produced_at()\fR extracts the \fBproducedAt\fR field from the single response \fBbs\fR. .PP -\&\fIOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR. +\&\fBOCSP_resp_get0_signature()\fR returns the signature from \fBbs\fR. .PP -\&\fIOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR. +\&\fBOCSP_resp_get0_tbs_sigalg()\fR returns the \fBsignatureAlgorithm\fR from \fBbs\fR. .PP -\&\fIOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR. +\&\fBOCSP_resp_get0_respdata()\fR returns the \fBtbsResponseData\fR from \fBbs\fR. .PP -\&\fIOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR. +\&\fBOCSP_resp_get0_certs()\fR returns any certificates included in \fBbs\fR. .PP -\&\fIOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly +\&\fBOCSP_resp_get0_signer()\fR attempts to retrieve the certificate that directly signed \fBbs\fR. The \s-1OCSP\s0 protocol does not require that this certificate is included in the \fBcerts\fR field of the response, so additional certificates can be supplied in \fBextra_certs\fR if the certificates that may have signed the response are known via some out-of-band mechanism. .PP -\&\fIOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is +\&\fBOCSP_resp_get0_id()\fR gets the responder id of \fBbs\fR. If the responder \s-1ID\s0 is a name then <*pname> is set to the name and \fB*pid\fR is set to \s-1NULL.\s0 If the responder \s-1ID\s0 is by key \s-1ID\s0 then \fB*pid\fR is set to the key \s-1ID\s0 and \fB*pname\fR -is set to \s-1NULL.\s0 \fIOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR +is set to \s-1NULL.\s0 \fBOCSP_resp_get1_id()\fR leaves ownership of \fB*pid\fR and \fB*pname\fR with the caller, who is responsible for freeing them. Both functions return 1 -in case of success and 0 in case of failure. If \fIOCSP_resp_get1_id()\fR returns 0, +in case of success and 0 in case of failure. If \fBOCSP_resp_get1_id()\fR returns 0, no freeing of the results is necessary. .PP -\&\fIOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values -which will be typically obtained from \fIOCSP_resp_find_status()\fR or -\&\fIOCSP_single_get0_status()\fR. If \fBsec\fR is non-zero it indicates how many seconds +\&\fBOCSP_check_validity()\fR checks the validity of \fBthisupd\fR and \fBnextupd\fR values +which will be typically obtained from \fBOCSP_resp_find_status()\fR or +\&\fBOCSP_single_get0_status()\fR. If \fBsec\fR is non-zero it indicates how many seconds leeway should be allowed in the check. If \fBmaxsec\fR is positive it indicates the maximum age of \fBthisupd\fR in seconds. .PP -\&\fIOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly +\&\fBOCSP_basic_verify()\fR checks that the basic response message \fBbs\fR is correctly signed and that the signer certificate can be validated. It takes \fBst\fR as the trusted store and \fBcerts\fR as a set of untrusted intermediate certificates. The function first tries to find the signer certificate of the response @@ -260,51 +264,51 @@ criteria including potential delegation. If this does not succeed and the trust for \s-1OCSP\s0 signing in the root \s-1CA\s0 certificate. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise. +\&\fBOCSP_resp_find_status()\fR returns 1 if \fBid\fR is found in \fBbs\fR and 0 otherwise. .PP -\&\fIOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in +\&\fBOCSP_resp_count()\fR returns the total number of \fB\s-1OCSP_SINGLERESP\s0\fR fields in \&\fBbs\fR. .PP -\&\fIOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or +\&\fBOCSP_resp_get0()\fR returns a pointer to an \fB\s-1OCSP_SINGLERESP\s0\fR structure or \&\fB\s-1NULL\s0\fR if \fBidx\fR is out of range. .PP -\&\fIOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if +\&\fBOCSP_resp_find()\fR returns the index of \fBid\fR in \fBbs\fR (which may be 0) or \-1 if \&\fBid\fR was not found. .PP -\&\fIOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error +\&\fBOCSP_single_get0_status()\fR returns the status of \fBsingle\fR or \-1 if an error occurred. .PP -\&\fIOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located, +\&\fBOCSP_resp_get0_signer()\fR returns 1 if the signing certificate was located, or 0 on error. .PP -\&\fIOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such +\&\fBOCSP_basic_verify()\fR returns 1 on success, 0 on error, or \-1 on fatal error such as malloc failure. .SH "NOTES" .IX Header "NOTES" -Applications will typically call \fIOCSP_resp_find_status()\fR using the certificate -\&\s-1ID\s0 of interest and then check its validity using \fIOCSP_check_validity()\fR. They +Applications will typically call \fBOCSP_resp_find_status()\fR using the certificate +\&\s-1ID\s0 of interest and then check its validity using \fBOCSP_check_validity()\fR. They can then take appropriate action based on the status of the certificate. .PP An \s-1OCSP\s0 response for a certificate contains \fBthisUpdate\fR and \fBnextUpdate\fR fields. Normally the current time should be between these two values. To account for clock skew the \fBmaxsec\fR field can be set to non-zero in -\&\fIOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this +\&\fBOCSP_check_validity()\fR. Some responders do not set the \fBnextUpdate\fR field, this would otherwise mean an ancient response would be considered valid: the -\&\fBmaxsec\fR parameter to \fIOCSP_check_validity()\fR can be used to limit the permitted +\&\fBmaxsec\fR parameter to \fBOCSP_check_validity()\fR can be used to limit the permitted age of responses. .PP The values written to \fB*revtime\fR, \fB*thisupd\fR and \fB*nextupd\fR by -\&\fIOCSP_resp_find_status()\fR and \fIOCSP_single_get0_status()\fR are internal pointers +\&\fBOCSP_resp_find_status()\fR and \fBOCSP_single_get0_status()\fR are internal pointers which \fB\s-1MUST NOT\s0\fR be freed up by the calling application. Any or all of these parameters can be set to \s-1NULL\s0 if their value is not required. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIcrypto\fR\|(7), -\&\fIOCSP_cert_to_id\fR\|(3), -\&\fIOCSP_request_add1_nonce\fR\|(3), -\&\fIOCSP_REQUEST_new\fR\|(3), -\&\fIOCSP_response_status\fR\|(3), -\&\fIOCSP_sendreq_new\fR\|(3) +\&\fBcrypto\fR\|(7), +\&\fBOCSP_cert_to_id\fR\|(3), +\&\fBOCSP_request_add1_nonce\fR\|(3), +\&\fBOCSP_REQUEST_new\fR\|(3), +\&\fBOCSP_response_status\fR\|(3), +\&\fBOCSP_sendreq_new\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2015\-2018 The OpenSSL Project Authors. All Rights Reserved. |