diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3')
-rw-r--r-- | secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 | 59 |
1 files changed, 42 insertions, 17 deletions
diff --git a/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 b/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 index ace395bb6d44..fd701e6f596c 100644 --- a/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 +++ b/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,18 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_LOOKUP_HASH_DIR 3" -.TH X509_LOOKUP_HASH_DIR 3 "2022-05-03" "1.1.1o" "OpenSSL" +.IX Title "X509_LOOKUP_HASH_DIR 3ossl" +.TH X509_LOOKUP_HASH_DIR 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file, X509_load_cert_crl_file \- Default OpenSSL certificate lookup methods +X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_LOOKUP_store, +X509_load_cert_file_ex, X509_load_cert_file, +X509_load_crl_file, +X509_load_cert_crl_file_ex, X509_load_cert_crl_file +\&\- Default OpenSSL certificate lookup methods .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -147,9 +149,14 @@ X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file, \& \& X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); \& X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +\& X509_LOOKUP_METHOD *X509_LOOKUP_store(void); \& +\& int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); \& int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +\& int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type, +\& OSSL_LIB_CTX *libctx, const char *propq); \& int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); .Ve .SH "DESCRIPTION" @@ -212,10 +219,10 @@ the directory. The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format, with a filename of the form \fIhash\fR.\fIN\fR for a certificate, or \&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL.\s0 -The \fIhash\fR is the value returned by the \fBX509_NAME_hash\fR\|(3) function applied -to the subject name for certificates or issuer name for CRLs. -The hash can also be obtained via the \fB\-hash\fR option of the \fBx509\fR\|(1) or -\&\fBcrl\fR\|(1) commands. +The \fIhash\fR is the value returned by the \fBX509_NAME_hash_ex\fR\|(3) function +applied to the subject name for certificates or issuer name for CRLs. +The hash can also be obtained via the \fB\-hash\fR option of the +\&\fBopenssl\-x509\fR\|(1) or \fBopenssl\-crl\fR\|(1) commands. .PP The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR @@ -238,12 +245,25 @@ Note that the hash algorithm used for subject name hashing changed in OpenSSL 1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL 0.9.8 to 1.0.0. .PP -OpenSSL includes a \fBrehash\fR\|(1) utility which creates symlinks with correct -hashed names for all files with .pem suffix in a given directory. +OpenSSL includes a \fBopenssl\-rehash\fR\|(1) utility which creates symlinks with +hashed names for all files with \fI.pem\fR suffix in a given directory. +.SS "\s-1OSSL_STORE\s0 Method" +.IX Subsection "OSSL_STORE Method" +\&\fBX509_LOOKUP_store\fR is a method that allows access to any store of +certificates and CRLs through any loader supported by +\&\fBossl_store\fR\|(7). +It works with the help of URIs, which can be direct references to +certificates or CRLs, but can also be references to catalogues of such +objects (that behave like directories). +.PP +This method overlaps the \*(L"File Method\*(R" and \*(L"Hashed Directory Method\*(R" +because of the 'file:' scheme loader. +It does no caching of its own, but can use a caching \fBossl_store\fR\|(7) +loader, and therefore depends on the loader's capability. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fBX509_LOOKUP_hash_dir()\fR and \fBX509_LOOKUP_file()\fR always return a valid -\&\fBX509_LOOKUP_METHOD\fR structure. +\&\fBX509_LOOKUP_hash_dir()\fR, \fBX509_LOOKUP_file()\fR and \fBX509_LOOKUP_store()\fR +always return a valid \fBX509_LOOKUP_METHOD\fR structure. .PP \&\fBX509_load_cert_file()\fR, \fBX509_load_crl_file()\fR and \fBX509_load_cert_crl_file()\fR return the number of loaded objects or 0 on error. @@ -251,14 +271,19 @@ the number of loaded objects or 0 on error. .IX Header "SEE ALSO" \&\fBPEM_read_PrivateKey\fR\|(3), \&\fBX509_STORE_load_locations\fR\|(3), -\&\fBX509_store_add_lookup\fR\|(3), \&\fBSSL_CTX_load_verify_locations\fR\|(3), \&\fBX509_LOOKUP_meth_new\fR\|(3), +\&\fBossl_store\fR\|(7) +.SH "HISTORY" +.IX Header "HISTORY" +The functions \fBX509_load_cert_file_ex()\fR, +\&\fBX509_load_cert_crl_file_ex()\fR and \fBX509_LOOKUP_store()\fR were added in +OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. |