|
1 | | -.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.17 2021/07/28 14:48:09 schwarze Exp $ |
| 1 | +.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.18 2021/07/29 09:14:23 schwarze Exp $ |
2 | 2 | .\" full merge up to: |
3 | 3 | .\" OpenSSL crypto/X509_STORE_CTX_get_error f0e0fd51 Apr 14 23:59:26 2016 -0400 |
4 | 4 | .\" selective merge up to: |
|
70 | 70 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
71 | 71 | .\" OF THE POSSIBILITY OF SUCH DAMAGE. |
72 | 72 | .\" |
73 | | -.Dd $Mdocdate: July 28 2021 $ |
| 73 | +.Dd $Mdocdate: July 29 2021 $ |
74 | 74 | .Dt X509_STORE_CTX_GET_ERROR 3 |
75 | 75 | .Os |
76 | 76 | .Sh NAME |
|
80 | 80 | .Nm X509_STORE_CTX_get_current_cert , |
81 | 81 | .Nm X509_STORE_CTX_get0_current_issuer , |
82 | 82 | .Nm X509_STORE_CTX_get0_current_crl , |
| 83 | +.Nm X509_STORE_CTX_get0_parent_ctx , |
83 | 84 | .Nm X509_STORE_CTX_get0_chain , |
84 | 85 | .Nm X509_STORE_CTX_get_chain , |
85 | 86 | .Nm X509_STORE_CTX_get1_chain , |
|
114 | 115 | .Fo X509_STORE_CTX_get0_current_crl |
115 | 116 | .Fa "X509_STORE_CTX *ctx" |
116 | 117 | .Fc |
| 118 | +.Ft X509_STORE_CTX * |
| 119 | +.Fo X509_STORE_CTX_get0_parent_ctx |
| 120 | +.Fa "X509_STORE_CTX *ctx" |
| 121 | +.Fc |
117 | 122 | .Ft STACK_OF(X509) * |
118 | 123 | .Fo X509_STORE_CTX_get0_chain |
119 | 124 | .Fa "X509_STORE_CTX *ctx" |
@@ -185,6 +190,22 @@ returns the certificate revocation list that caused CRL checking to fail or |
185 | 190 | .Dv NULL |
186 | 191 | if no CRL is relevant. |
187 | 192 | .Pp |
| 193 | +When, during certification path validation, the need arises to check |
| 194 | +the validity of the certification path of a CRL issuer certificate, |
| 195 | +the library creates a new, temporary |
| 196 | +.Vt X509_STORE_CTX |
| 197 | +object. |
| 198 | +If |
| 199 | +.Fn X509_STORE_CTX_get0_parent_ctx |
| 200 | +is called on that temporary object, a pointer to the original |
| 201 | +certification path validation context is returned. |
| 202 | +This may be useful in callback functions called from |
| 203 | +.Xr X509_verify_cert 3 |
| 204 | +or from its subroutines to find out whether the callback is called |
| 205 | +from the path validation of the target certificate or from the path |
| 206 | +validation of a related CRL issuer certificate, and if the latter, |
| 207 | +what the target certificate is. |
| 208 | +.Pp |
188 | 209 | .Fn X509_STORE_CTX_get0_chain |
189 | 210 | returns an internal pointer to a complete validate chain |
190 | 211 | if a previous call to |
@@ -241,6 +262,14 @@ return the object which caused the error or |
241 | 262 | .Dv NULL |
242 | 263 | if no object of the requested kind is relevant to the error. |
243 | 264 | .Pp |
| 265 | +.Fn X509_STORE_CTX_get0_parent_ctx |
| 266 | +returns the parent context or |
| 267 | +.Dv NULL |
| 268 | +if |
| 269 | +.Fa ctx |
| 270 | +is not a temporary child context |
| 271 | +used for path validation of a CRL issuer certificate. |
| 272 | +.Pp |
244 | 273 | .Fn X509_STORE_CTX_get0_chain , |
245 | 274 | .Fn X509_STORE_CTX_get_chain , |
246 | 275 | and |
|
467 | 496 | first appeared in OpenSSL 0.9.8 and have been available since |
468 | 497 | .Ox 4.5 . |
469 | 498 | .Pp |
470 | | -.Fn X509_STORE_CTX_get0_current_issuer |
| 499 | +.Fn X509_STORE_CTX_get0_current_issuer , |
| 500 | +.Fn X509_STORE_CTX_get0_current_crl , |
471 | 501 | and |
472 | | -.Fn X509_STORE_CTX_get0_current_crl |
| 502 | +.Fn X509_STORE_CTX_get0_parent_ctx |
473 | 503 | first appeared in OpenSSL 1.0.0 and have been available since |
474 | 504 | .Ox 4.9 . |
475 | 505 | .Pp |
|
0 commit comments