Updates the CT_POLICY_EVAL_CTX POD

Ownership semantics and function names have changed. Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>

Updates the CT_POLICY_EVAL_CTX POD
Ownership semantics and function names have changed. Reviewed-by: N Rich Salz <rsalz@openssl.org> Reviewed-by: N Matt Caswell <matt@openssl.org>
ea4b7ded · Rob Percival · Matt Caswell · 513a3cb1 · ea4b7ded · ea4b7ded
隐藏空白更改
内联并排

Showing with 17 addition and 12 deletion

doc/crypto/CT_POLICY_EVAL_CTX_new.pod doc/crypto/CT_POLICY_EVAL_CTX_new.pod +16 -11

include/openssl/ct.h include/openssl/ct.h +1 -1

未找到文件。
--- a/doc/crypto/CT_POLICY_EVAL_CTX_new.pod
+++ b/doc/crypto/CT_POLICY_EVAL_CTX_new.pod
@@ -3,9 +3,9 @@
 =head1 NAME
 CT_POLICY_EVAL_CTX_new, CT_POLICY_EVAL_CTX_free,
-CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set0_cert,
+CT_POLICY_EVAL_CTX_get0_cert, CT_POLICY_EVAL_CTX_set1_cert,
-CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set0_issuer,
+CT_POLICY_EVAL_CTX_get0_issuer, CT_POLICY_EVAL_CTX_set1_issuer,
-CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set0_log_store -
+CT_POLICY_EVAL_CTX_get0_log_store, CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE -
 Encapsulates the data required to evaluate whether SCTs meet a Certificate Transparency policy
 =head1 SYNOPSIS
@@ -15,11 +15,11 @@ Encapsulates the data required to evaluate whether SCTs meet a Certificate Trans
 CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
 void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
 X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
- void CT_POLICY_EVAL_CTX_set0_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+ int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
 X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
- void CT_POLICY_EVAL_CTX_set0_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+ int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
 const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
- void CT_POLICY_EVAL_CTX_set0_log_store(CT_POLICY_EVAL_CTX *ctx, CTLOG_STORE *log_store);
+ void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, CTLOG_STORE *log_store);
 =head1 DESCRIPTION
@@ -45,17 +45,22 @@ should then be populated using:
 =over
-=item * CT_POLICY_EVAL_CTX_set0_cert() to provide the certificate the SCTs were issued for
+=item * CT_POLICY_EVAL_CTX_set1_cert() to provide the certificate the SCTs were issued for
-=item * CT_POLICY_EVAL_CTX_set0_issuer() to provide the issuer certificate
+Increments the reference count of the certificate.
-=item * CT_POLICY_EVAL_CTX_set0_log_store() to provide a list of logs that are trusted as sources of SCTs
+=item * CT_POLICY_EVAL_CTX_set1_issuer() to provide the issuer certificate
+Increments the reference count of the certificate.
+=item * CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE() to provide a list of logs that are trusted as sources of SCTs
+Holds a pointer to the CTLOG_STORE, so the CTLOG_STORE must outlive the
+CT_POLICY_EVAL_CTX.
 =back
-None of these setters take ownership of the pointers passed to them.
 Each setter has a matching getter for accessing the current value.
-The getters do not transfer ownership either.
 When no longer required, the B<CT_POLICY_EVAL_CTX> should be passed to
 CT_POLICY_EVAL_CTX_free() to delete it.

--- a/include/openssl/ct.h
+++ b/include/openssl/ct.h
@@ -76,7 +76,7 @@ X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
 /*
 * Sets the certificate associated with the received SCTs.
- * Incremenets the reference count of cert.
+ * Increments the reference count of cert.
 * Returns 1 on success, 0 otherwise.
 */
 int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);