diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3')
-rw-r--r-- | secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 | 98 |
1 files changed, 78 insertions, 20 deletions
diff --git a/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 b/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 index 9eae9d7dd9f5..28810ca07fa3 100644 --- a/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 +++ b/secure/lib/libcrypto/man/man3/X509_STORE_add_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.43) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,14 +130,22 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_STORE_ADD_CERT 3" -.TH X509_STORE_ADD_CERT 3 "2022-05-03" "1.1.1o" "OpenSSL" +.IX Title "X509_STORE_ADD_CERT 3ossl" +.TH X509_STORE_ADD_CERT 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -X509_STORE, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, X509_STORE_add_lookup, X509_STORE_load_locations, X509_STORE_set_default_paths \&\- X509_STORE manipulation +X509_STORE, +X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, +X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, +X509_STORE_add_lookup, +X509_STORE_load_file_ex, X509_STORE_load_file, X509_STORE_load_path, +X509_STORE_load_store_ex, X509_STORE_load_store, +X509_STORE_set_default_paths_ex, X509_STORE_set_default_paths, +X509_STORE_load_locations_ex, X509_STORE_load_locations +\&\- X509_STORE manipulation .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -157,9 +163,21 @@ X509_STORE, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth, X509_ \& X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store, \& X509_LOOKUP_METHOD *meth); \& +\& int X509_STORE_set_default_paths_ex(X509_STORE *ctx, OSSL_LIB_CTX *libctx, +\& const char *propq); +\& int X509_STORE_set_default_paths(X509_STORE *ctx); +\& int X509_STORE_load_file_ex(X509_STORE *ctx, const char *file, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& int X509_STORE_load_file(X509_STORE *ctx, const char *file); +\& int X509_STORE_load_path(X509_STORE *ctx, const char *dir); +\& int X509_STORE_load_store_ex(X509_STORE *ctx, const char *uri, +\& OSSL_LIB_CTX *libctx, const char *propq); +\& int X509_STORE_load_store(X509_STORE *ctx, const char *uri); +\& int X509_STORE_load_locations_ex(X509_STORE *ctx, const char *file, +\& const char *dir, OSSL_LIB_CTX *libctx, +\& const char *propq); \& int X509_STORE_load_locations(X509_STORE *ctx, \& const char *file, const char *dir); -\& int X509_STORE_set_default_paths(X509_STORE *ctx); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -170,6 +188,10 @@ It admits multiple lookup mechanisms and efficient scaling performance with large numbers of certificates, and a great deal of flexibility in how validation and policy checks are performed. .PP +Details of the chain building and checking process are described in +\&\*(L"Certification Path Building\*(R" in \fBopenssl\-verification\-options\fR\|(1) and +\&\*(L"Certification Path Validation\*(R" in \fBopenssl\-verification\-options\fR\|(1). +.PP \&\fBX509_STORE_new\fR\|(3) creates an empty \fBX509_STORE\fR structure, which contains no information about trusted certificates or where such certificates are located on disk, and is generally not usable. Normally, trusted @@ -208,22 +230,53 @@ pages, e.g., \fBX509_VERIFY_PARAM_set_depth\fR\|(3). \&\fIstore\fR. This also associates the \fBX509_STORE\fR with the lookup, so \&\fBX509_LOOKUP\fR functions can look up objects in that store. .PP -\&\fBX509_STORE_load_locations()\fR loads trusted certificate(s) into an -\&\fBX509_STORE\fR from a given file and/or directory path. It is permitted -to specify just a file, just a directory, or both paths. The certificates -in the directory must be in hashed form, as documented in -\&\fBX509_LOOKUP_hash_dir\fR\|(3). +\&\fBX509_STORE_load_file_ex()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a given file. The library context \fIlibctx\fR and property +query \fIpropq\fR are used when fetching algorithms from providers. .PP -\&\fBX509_STORE_set_default_paths()\fR is somewhat misnamed, in that it does not -set what default paths should be used for loading certificates. Instead, -it loads certificates into the \fBX509_STORE\fR from the hardcoded default +\&\fBX509_STORE_load_file()\fR is similar to \fBX509_STORE_load_file_ex()\fR but +uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +.PP +\&\fBX509_STORE_load_path()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a given directory path. +The certificates in the directory must be in hashed form, as +documented in \fBX509_LOOKUP_hash_dir\fR\|(3). +.PP +\&\fBX509_STORE_load_store_ex()\fR loads trusted certificate(s) into an +\&\fBX509_STORE\fR from a store at a given \s-1URI.\s0 The library context \fIlibctx\fR and +property query \fIpropq\fR are used when fetching algorithms from providers. +.PP +\&\fBX509_STORE_load_store()\fR is similar to \fBX509_STORE_load_store_ex()\fR but +uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +.PP +\&\fBX509_STORE_load_locations_ex()\fR combines +\&\fBX509_STORE_load_file_ex()\fR and \fBX509_STORE_load_path()\fR for a given file +and/or directory path. +It is permitted to specify just a file, just a directory, or both paths. +.PP +\&\fBX509_STORE_load_locations()\fR is similar to \fBX509_STORE_load_locations_ex()\fR +but uses \s-1NULL\s0 for the library context \fIlibctx\fR and property query \fIpropq\fR. +.PP +\&\fBX509_STORE_set_default_paths_ex()\fR is somewhat misnamed, in that it does +not set what default paths should be used for loading certificates. Instead, +it loads certificates into the \fBX509_STORE\fR from the hardcoded default +paths. The library context \fIlibctx\fR and property query \fIpropq\fR are used when +fetching algorithms from providers. +.PP +\&\fBX509_STORE_set_default_paths()\fR is similar to +\&\fBX509_STORE_set_default_paths_ex()\fR but uses \s-1NULL\s0 for the library +context \fIlibctx\fR and property query \fIpropq\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fBX509_STORE_add_cert()\fR, \fBX509_STORE_add_crl()\fR, \fBX509_STORE_set_depth()\fR, -\&\fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, -\&\fBX509_STORE_set_trust()\fR, \fBX509_STORE_load_locations()\fR, and -\&\fBX509_STORE_set_default_paths()\fR return 1 on success or 0 on failure. +\&\fBX509_STORE_set_flags()\fR, \fBX509_STORE_set_purpose()\fR, \fBX509_STORE_set_trust()\fR, +\&\fBX509_STORE_load_file_ex()\fR, \fBX509_STORE_load_file()\fR, +\&\fBX509_STORE_load_path()\fR, +\&\fBX509_STORE_load_store_ex()\fR, \fBX509_STORE_load_store()\fR, +\&\fBX509_STORE_load_locations_ex()\fR, \fBX509_STORE_load_locations()\fR, +\&\fBX509_STORE_set_default_paths_ex()\fR and \fBX509_STORE_set_default_paths()\fR +return 1 on success or 0 on failure. .PP \&\fBX509_STORE_add_lookup()\fR returns the found or created \&\fBX509_LOOKUP\fR\|(3), or \s-1NULL\s0 on error. @@ -233,11 +286,16 @@ paths. \&\fBX509_VERIFY_PARAM_set_depth\fR\|(3). \&\fBX509_STORE_new\fR\|(3), \&\fBX509_STORE_get0_param\fR\|(3) +.SH "HISTORY" +.IX Header "HISTORY" +The functions \fBX509_STORE_set_default_paths_ex()\fR, +\&\fBX509_STORE_load_file_ex()\fR, \fBX509_STORE_load_store_ex()\fR and +\&\fBX509_STORE_load_locations_ex()\fR were added in OpenSSL 3.0. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2017\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. |