1 files changed, 40 insertions, 15 deletions

diff --git a/crypto/openssl/doc/man3/X509_LOOKUP_hash_dir.pod b/crypto/openssl/doc/man3/X509_LOOKUP_hash_dir.pod
index 365d0dea1c76..22a599692549 100644
--- a/crypto/openssl/doc/man3/X509_LOOKUP_hash_dir.pod
+++ b/crypto/openssl/doc/man3/X509_LOOKUP_hash_dir.pod
@@ -2,11 +2,11 @@
 
 =head1 NAME
 
-X509_LOOKUP_hash_dir, X509_LOOKUP_file,
-X509_load_cert_file,
+X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_LOOKUP_store,
+X509_load_cert_file_ex, X509_load_cert_file,
 X509_load_crl_file,
-X509_load_cert_crl_file - Default OpenSSL certificate
-lookup methods
+X509_load_cert_crl_file_ex, X509_load_cert_crl_file
+- Default OpenSSL certificate lookup methods
 
 =head1 SYNOPSIS
 
@@ -14,9 +14,14 @@ lookup methods
 
  X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
  X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+ X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
 
+ int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type,
+                            OSSL_LIB_CTX *libctx, const char *propq);
  int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
  int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+ int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type,
+                                OSSL_LIB_CTX *libctx, const char *propq);
  int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 
 =head1 DESCRIPTION
@@ -82,10 +87,10 @@ the directory.
 The directory should contain one certificate or CRL per file in PEM format,
 with a filename of the form I<hash>.I<N> for a certificate, or
 I<hash>.B<r>I<N> for a CRL.
-The I<hash> is the value returned by the L<X509_NAME_hash(3)> function applied
-to the subject name for certificates or issuer name for CRLs.
-The hash can also be obtained via the B<-hash> option of the L<x509(1)> or
-L<crl(1)> commands.
+The I<hash> is the value returned by the L<X509_NAME_hash_ex(3)> function
+applied to the subject name for certificates or issuer name for CRLs.
+The hash can also be obtained via the B<-hash> option of the
+L<openssl-x509(1)> or L<openssl-crl(1)> commands.
 
 The .I<N> or .B<r>I<N> suffix is a sequence number that starts at zero, and is
 incremented consecutively for each certificate or CRL with the same I<hash>
@@ -108,13 +113,27 @@ Note that the hash algorithm used for subject name hashing changed in OpenSSL
 1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL
 0.9.8 to 1.0.0.
 
-OpenSSL includes a L<rehash(1)> utility which creates symlinks with correct
-hashed names for all files with .pem suffix in a given directory.
+OpenSSL includes a L<openssl-rehash(1)> utility which creates symlinks with
+hashed names for all files with F<.pem> suffix in a given directory.
+
+=head2 OSSL_STORE Method
+
+B<X509_LOOKUP_store> is a method that allows access to any store of
+certificates and CRLs through any loader supported by
+L<ossl_store(7)>.
+It works with the help of URIs, which can be direct references to
+certificates or CRLs, but can also be references to catalogues of such
+objects (that behave like directories).
+
+This method overlaps the L</File Method> and L</Hashed Directory Method>
+because of the 'file:' scheme loader.
+It does no caching of its own, but can use a caching L<ossl_store(7)>
+loader, and therefore depends on the loader's capability.
 
 =head1 RETURN VALUES
 
-X509_LOOKUP_hash_dir() and X509_LOOKUP_file() always return a valid
-B<X509_LOOKUP_METHOD> structure.
+X509_LOOKUP_hash_dir(), X509_LOOKUP_file() and X509_LOOKUP_store()
+always return a valid B<X509_LOOKUP_METHOD> structure.
 
 X509_load_cert_file(), X509_load_crl_file() and X509_load_cert_crl_file() return
 the number of loaded objects or 0 on error.
@@ -123,15 +142,21 @@ the number of loaded objects or 0 on error.
 
 L<PEM_read_PrivateKey(3)>,
 L<X509_STORE_load_locations(3)>,
-L<X509_store_add_lookup(3)>,
 L<SSL_CTX_load_verify_locations(3)>,
 L<X509_LOOKUP_meth_new(3)>,
+L<ossl_store(7)>
+
+=head1 HISTORY
+
+The functions X509_load_cert_file_ex(),
+X509_load_cert_crl_file_ex() and X509_LOOKUP_store() were added in
+OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
 
-Licensed under the OpenSSL license (the "License").  You may not use
+Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L<https://www.openssl.org/source/license.html>.