diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/X509_check_host.3')
-rw-r--r-- | secure/lib/libcrypto/man/man3/X509_check_host.3 | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/secure/lib/libcrypto/man/man3/X509_check_host.3 b/secure/lib/libcrypto/man/man3/X509_check_host.3 index fec5bd92f04c..d5ef9c20f4aa 100644 --- a/secure/lib/libcrypto/man/man3/X509_check_host.3 +++ b/secure/lib/libcrypto/man/man3/X509_check_host.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -68,8 +68,6 @@ . \} .\} .rr rF -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ @@ -132,8 +130,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "X509_CHECK_HOST 3" -.TH X509_CHECK_HOST 3 "2022-06-21" "1.1.1p" "OpenSSL" +.IX Title "X509_CHECK_HOST 3ossl" +.TH X509_CHECK_HOST 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,7 +159,7 @@ The validity of the certificate and its trust level has to be checked by other means. .PP \&\fBX509_check_host()\fR checks if the certificate Subject Alternative -Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified hostname, +Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified hostname, which must be encoded in the preferred name syntax described in section 3.5 of \s-1RFC 1034.\s0 By default, wildcards are supported and they match only in the left-most label; but they may match @@ -185,9 +183,13 @@ is responsible for freeing the peername via \fBOPENSSL_free()\fR when it is no longer needed. .PP \&\fBX509_check_email()\fR checks if the certificate matches the specified -email \fBaddress\fR. Only the mailbox syntax of \s-1RFC 822\s0 is supported, +email \fBaddress\fR. The mailbox syntax of \s-1RFC 822\s0 is supported, comments are not allowed, and no attempt is made to normalize quoted -characters. The \fBaddresslen\fR argument must be the number of +characters. The mailbox syntax of \s-1RFC 6531\s0 is supported for +SmtpUTF8Mailbox address in subjectAltName according to \s-1RFC 8398,\s0 +with similar limitations as for \s-1RFC 822\s0 syntax, and no attempt +is made to convert from A\-label to U\-label before comparison. +The \fBaddresslen\fR argument must be the number of characters in the address string or zero in which case the length is calculated with strlen(\fBaddress\fR). .PP @@ -195,7 +197,8 @@ is calculated with strlen(\fBaddress\fR). IPv6 address. The \fBaddress\fR array is in binary format, in network byte order. The length is either 4 (IPv4) or 16 (IPv6). Only explicitly marked addresses in the certificates are considered; \s-1IP\s0 -addresses stored in \s-1DNS\s0 names and Common Names are ignored. +addresses stored in \s-1DNS\s0 names and Common Names are ignored. There are +currently no \fBflags\fR that would affect the behavior of this call. .PP \&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated string \fBaddress\fR is first converted to the internal representation. @@ -263,7 +266,7 @@ NULs. .SH "NOTES" .IX Header "NOTES" Applications are encouraged to use \fBX509_VERIFY_PARAM_set1_host()\fR -rather than explicitly calling \fBX509_check_host\fR\|(3). Host name +rather than explicitly calling \fBX509_check_host\fR\|(3). Hostname checks may be out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage, and the internal checks will be suppressed as appropriate when \&\s-1DANE\s0 support is enabled. @@ -273,16 +276,15 @@ and the internal checks will be suppressed as appropriate when \&\fBX509_VERIFY_PARAM_set1_host\fR\|(3), \&\fBX509_VERIFY_PARAM_add1_host\fR\|(3), \&\fBX509_VERIFY_PARAM_set1_email\fR\|(3), -\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3), -\&\fBX509_VERIFY_PARAM_set1_ipasc\fR\|(3) +\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2012\-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012\-2022 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>. |