|
1 | | -.\" $OpenBSD: X509_LOOKUP_new.3,v 1.2 2021/08/02 16:29:27 schwarze Exp $ |
| 1 | +.\" $OpenBSD: X509_LOOKUP_new.3,v 1.3 2021/08/03 19:47:39 schwarze Exp $ |
2 | 2 | .\" |
3 | 3 | .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org> |
4 | 4 | .\" |
|
14 | 14 | .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
15 | 15 | .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
16 | 16 | .\" |
17 | | -.Dd $Mdocdate: August 2 2021 $ |
| 17 | +.Dd $Mdocdate: August 3 2021 $ |
18 | 18 | .Dt X509_LOOKUP_NEW 3 |
19 | 19 | .Os |
20 | 20 | .Sh NAME |
|
31 | 31 | .Nm X509_LOOKUP_by_fingerprint , |
32 | 32 | .Nm X509_LOOKUP_by_alias , |
33 | 33 | .Nm X509_get_default_cert_dir , |
34 | | -.Nm X509_get_default_cert_file |
| 34 | +.Nm X509_get_default_cert_file , |
| 35 | +.Nm X509_get_default_cert_dir_env , |
| 36 | +.Nm X509_get_default_cert_file_env |
35 | 37 | .Nd certificate lookup object |
36 | 38 | .Sh SYNOPSIS |
37 | 39 | .In openssl/x509_vfy.h |
|
105 | 107 | .Fn X509_get_default_cert_dir void |
106 | 108 | .Ft const char * |
107 | 109 | .Fn X509_get_default_cert_file void |
| 110 | +.Ft const char * |
| 111 | +.Fn X509_get_default_cert_dir_env void |
| 112 | +.Ft const char * |
| 113 | +.Fn X509_get_default_cert_file_env void |
108 | 114 | .Sh DESCRIPTION |
109 | 115 | .Fn X509_LOOKUP_new |
110 | 116 | allocates a new, empty |
@@ -410,10 +416,29 @@ objects. |
410 | 416 | .Fn X509_get_default_cert_dir |
411 | 417 | returns a pointer to the constant string |
412 | 418 | .Qq /etc/ssl/certs , |
413 | | -and |
414 | 419 | .Fn X509_get_default_cert_file |
415 | | -to the constant string |
416 | | -.Qq /etc/ssl/certs.pem . |
| 420 | +to |
| 421 | +.Qq /etc/ssl/certs.pem , |
| 422 | +.Fn X509_get_default_cert_dir_env |
| 423 | +to |
| 424 | +.Qq SSL_CERT_DIR , |
| 425 | +and |
| 426 | +.Fn X509_get_default_cert_file_env |
| 427 | +to |
| 428 | +.Qq SSL_CERT_FILE . |
| 429 | +.Sh ENVIRONMENT |
| 430 | +For reasons of security and simplicity, |
| 431 | +LibreSSL ignores the environment variables |
| 432 | +.Ev SSL_CERT_DIR |
| 433 | +and |
| 434 | +.Ev SSL_CERT_FILE , |
| 435 | +but other library implementations may use their contents instead |
| 436 | +of the standard locations for trusted certificates, and a few |
| 437 | +third-party application programs also inspect these variables |
| 438 | +directly and may pass their values to |
| 439 | +.Fn X509_LOOKUP_add_dir |
| 440 | +and |
| 441 | +.Fn X509_LOOKUP_load_file . |
417 | 442 | .Sh FILES |
418 | 443 | .Bl -tag -width /etc/ssl/certs.pem -compact |
419 | 444 | .It Pa /etc/ssl/certs/ |
@@ -519,9 +544,11 @@ causes failure but provides no diagnostics. |
519 | 544 | .Xr X509_STORE_add_cert 3 , |
520 | 545 | .Xr X509_STORE_get_by_subject 3 |
521 | 546 | .Sh HISTORY |
522 | | -.Fn X509_get_default_cert_dir |
| 547 | +.Fn X509_get_default_cert_dir , |
| 548 | +.Fn X509_get_default_cert_file , |
| 549 | +.Fn X509_get_default_cert_dir_env , |
523 | 550 | and |
524 | | -.Fn X509_get_default_cert_file |
| 551 | +.Fn X509_get_default_cert_file_env |
525 | 552 | first appeared in SSLeay 0.4.1 and have been available since |
526 | 553 | .Ox 2.4 . |
527 | 554 | .Pp |
|
0 commit comments