diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-08-28 12:42:47 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-05 19:33:33 +0200 |
commit | 0b86eefd431dd05a0ba87b2f67a6b99def89b6d5 (patch) | |
tree | 87fe7baf949fbfbffd47f529432ef41f6f7a8237 /doc | |
parent | Strengthen chain building for CMP (diff) | |
download | openssl-0b86eefd431dd05a0ba87b2f67a6b99def89b6d5.tar.xz openssl-0b86eefd431dd05a0ba87b2f67a6b99def89b6d5.zip |
OSSL_CMP_CTX: rename field and its getter/setter from 'untrusted_certs' to 'untrusted
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12788)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/OSSL_CMP_CTX_new.pod | 15 | ||||
-rw-r--r-- | doc/man3/OSSL_CMP_validate_msg.pod | 2 |
2 files changed, 8 insertions, 9 deletions
diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index f4425d511a..972cef9047 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -26,8 +26,8 @@ OSSL_CMP_CTX_set1_srvCert, OSSL_CMP_CTX_set1_expected_sender, OSSL_CMP_CTX_set0_trustedStore, OSSL_CMP_CTX_get0_trustedStore, -OSSL_CMP_CTX_set1_untrusted_certs, -OSSL_CMP_CTX_get0_untrusted_certs, +OSSL_CMP_CTX_set1_untrusted, +OSSL_CMP_CTX_get0_untrusted, OSSL_CMP_CTX_set1_cert, OSSL_CMP_CTX_build_cert_chain, OSSL_CMP_CTX_set1_pkey, @@ -99,9 +99,8 @@ OSSL_CMP_CTX_set1_senderNonce const X509_NAME *name); int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); - int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, - STACK_OF(X509) *certs); - STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx); + int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); + STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx); /* client authentication: */ int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); @@ -420,13 +419,13 @@ When given a NULL parameter the entry is cleared. OSSL_CMP_CTX_get0_trustedStore() returns a pointer to the currently set certificate store containing trusted cert etc., or an empty store if unset. -OSSL_CMP_CTX_set1_untrusted_certs() sets up a list of non-trusted certificates +OSSL_CMP_CTX_set1_untrusted() sets up a list of non-trusted certificates of intermediate CAs that may be useful for path construction for the CMP client certificate, for the TLS client certificate (if any), when verifying the CMP server certificate, and when verifying newly enrolled certificates. The reference counts of those certificates handled successfully are increased. -OSSL_CMP_CTX_get0_untrusted_certs(OSSL_CMP_CTX *ctx) returns a pointer to the +OSSL_CMP_CTX_get0_untrusted(OSSL_CMP_CTX *ctx) returns a pointer to the list of untrusted certs, which may be empty if unset. OSSL_CMP_CTX_set1_cert() sets the certificate used for CMP message protection. @@ -629,7 +628,7 @@ OSSL_CMP_CTX_new(), OSSL_CMP_CTX_get_http_cb_arg(), OSSL_CMP_CTX_get_transfer_cb_arg(), OSSL_CMP_CTX_get0_trustedStore(), -OSSL_CMP_CTX_get0_untrusted_certs(), +OSSL_CMP_CTX_get0_untrusted(), OSSL_CMP_CTX_get0_newPkey(), OSSL_CMP_CTX_get_certConf_cb_arg(), OSSL_CMP_CTX_get0_statusString(), diff --git a/doc/man3/OSSL_CMP_validate_msg.pod b/doc/man3/OSSL_CMP_validate_msg.pod index 6370325028..ed2ff6c2c6 100644 --- a/doc/man3/OSSL_CMP_validate_msg.pod +++ b/doc/man3/OSSL_CMP_validate_msg.pod @@ -26,7 +26,7 @@ In case of signature algorithm, the certificate to use for the signature check is preferably the one provided by a call to L<OSSL_CMP_CTX_set1_srvCert(3)>. If no such sender cert has been pinned then candidate sender certificates are taken from the list of certificates received in the C<msg> extraCerts, then any -certificates provided before via L<OSSL_CMP_CTX_set1_untrusted_certs(3)>, and +certificates provided before via L<OSSL_CMP_CTX_set1_untrusted(3)>, and then all trusted certificates provided via L<OSSL_CMP_CTX_set0_trustedStore(3)>, where a candidate is acceptable only if has not expired, its subject DN matches the C<msg> sender DN (as far as present), and its subject key identifier |