1 files changed, 42 insertions, 17 deletions

diff --git a/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3 b/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3
index ace395bb6d44..fd701e6f596c 100644
--- a/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3
+++ b/secure/lib/libcrypto/man/man3/X509_LOOKUP_hash_dir.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -68,8 +68,6 @@
 .    \}
 .\}
 .rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
 .    \" fudge factors for nroff and troff
 .if n \{\
@@ -132,14 +130,18 @@
 .rm #[ #] #H #V #F C
 .\" ========================================================================
 .\"
-.IX Title "X509_LOOKUP_HASH_DIR 3"
-.TH X509_LOOKUP_HASH_DIR 3 "2022-05-03" "1.1.1o" "OpenSSL"
+.IX Title "X509_LOOKUP_HASH_DIR 3ossl"
+.TH X509_LOOKUP_HASH_DIR 3ossl "2023-09-19" "3.0.11" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
 .nh
 .SH "NAME"
-X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file, X509_load_cert_crl_file \- Default OpenSSL certificate lookup methods
+X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_LOOKUP_store,
+X509_load_cert_file_ex, X509_load_cert_file,
+X509_load_crl_file,
+X509_load_cert_crl_file_ex, X509_load_cert_crl_file
+\&\- Default OpenSSL certificate lookup methods
 .SH "SYNOPSIS"
 .IX Header "SYNOPSIS"
 .Vb 1
@@ -147,9 +149,14 @@ X509_LOOKUP_hash_dir, X509_LOOKUP_file, X509_load_cert_file, X509_load_crl_file,
 \&
 \& X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
 \& X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+\& X509_LOOKUP_METHOD *X509_LOOKUP_store(void);
 \&
+\& int X509_load_cert_file_ex(X509_LOOKUP *ctx, const char *file, int type,
+\&                            OSSL_LIB_CTX *libctx, const char *propq);
 \& int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
 \& int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+\& int X509_load_cert_crl_file_ex(X509_LOOKUP *ctx, const char *file, int type,
+\&                                OSSL_LIB_CTX *libctx, const char *propq);
 \& int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 .Ve
 .SH "DESCRIPTION"
@@ -212,10 +219,10 @@ the directory.
 The directory should contain one certificate or \s-1CRL\s0 per file in \s-1PEM\s0 format,
 with a filename of the form \fIhash\fR.\fIN\fR for a certificate, or
 \&\fIhash\fR.\fBr\fR\fIN\fR for a \s-1CRL.\s0
-The \fIhash\fR is the value returned by the \fBX509_NAME_hash\fR\|(3) function applied
-to the subject name for certificates or issuer name for CRLs.
-The hash can also be obtained via the \fB\-hash\fR option of the \fBx509\fR\|(1) or
-\&\fBcrl\fR\|(1) commands.
+The \fIhash\fR is the value returned by the \fBX509_NAME_hash_ex\fR\|(3) function
+applied to the subject name for certificates or issuer name for CRLs.
+The hash can also be obtained via the \fB\-hash\fR option of the
+\&\fBopenssl\-x509\fR\|(1) or \fBopenssl\-crl\fR\|(1) commands.
 .PP
 The .\fIN\fR or .\fBr\fR\fIN\fR suffix is a sequence number that starts at zero, and is
 incremented consecutively for each certificate or \s-1CRL\s0 with the same \fIhash\fR
@@ -238,12 +245,25 @@ Note that the hash algorithm used for subject name hashing changed in OpenSSL
 1.0.0, and all certificate stores have to be rehashed when moving from OpenSSL
 0.9.8 to 1.0.0.
 .PP
-OpenSSL includes a \fBrehash\fR\|(1) utility which creates symlinks with correct
-hashed names for all files with .pem suffix in a given directory.
+OpenSSL includes a \fBopenssl\-rehash\fR\|(1) utility which creates symlinks with
+hashed names for all files with \fI.pem\fR suffix in a given directory.
+.SS "\s-1OSSL_STORE\s0 Method"
+.IX Subsection "OSSL_STORE Method"
+\&\fBX509_LOOKUP_store\fR is a method that allows access to any store of
+certificates and CRLs through any loader supported by
+\&\fBossl_store\fR\|(7).
+It works with the help of URIs, which can be direct references to
+certificates or CRLs, but can also be references to catalogues of such
+objects (that behave like directories).
+.PP
+This method overlaps the \*(L"File Method\*(R" and \*(L"Hashed Directory Method\*(R"
+because of the 'file:' scheme loader.
+It does no caching of its own, but can use a caching \fBossl_store\fR\|(7)
+loader, and therefore depends on the loader's capability.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
-\&\fBX509_LOOKUP_hash_dir()\fR and \fBX509_LOOKUP_file()\fR always return a valid
-\&\fBX509_LOOKUP_METHOD\fR structure.
+\&\fBX509_LOOKUP_hash_dir()\fR, \fBX509_LOOKUP_file()\fR and \fBX509_LOOKUP_store()\fR
+always return a valid \fBX509_LOOKUP_METHOD\fR structure.
 .PP
 \&\fBX509_load_cert_file()\fR, \fBX509_load_crl_file()\fR and \fBX509_load_cert_crl_file()\fR return
 the number of loaded objects or 0 on error.
@@ -251,14 +271,19 @@ the number of loaded objects or 0 on error.
 .IX Header "SEE ALSO"
 \&\fBPEM_read_PrivateKey\fR\|(3),
 \&\fBX509_STORE_load_locations\fR\|(3),
-\&\fBX509_store_add_lookup\fR\|(3),
 \&\fBSSL_CTX_load_verify_locations\fR\|(3),
 \&\fBX509_LOOKUP_meth_new\fR\|(3),
+\&\fBossl_store\fR\|(7)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The functions \fBX509_load_cert_file_ex()\fR,
+\&\fBX509_load_cert_crl_file_ex()\fR and \fBX509_LOOKUP_store()\fR were added in
+OpenSSL 3.0.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2015\-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015\-2021 The OpenSSL Project Authors. All Rights Reserved.
 .PP
-Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
+Licensed under the Apache License 2.0 (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file \s-1LICENSE\s0 in the source distribution or at
 <https://www.openssl.org/source/license.html>.