提交 · 21d08b9ee9c0f7fabcad27b5d0b0c8c16f7dd1e9 · btwise / openssl

24 1月, 2020 1 次提交

Update man3/verify documentation, error text · 21d08b9e

由 Rich Salz 提交于 10月 12, 2019

Move the x509_V_ERR_xxx definitions from openssl-verify to
X509_STORE_CTX_get_error.pod.  Add some missing ones.  Consistently
start with a lowercase letter, unless it's an acronym.

Fix some markup mistakes in X509_verify_cert.
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10132)

21d08b9e

11 11月, 2019 1 次提交

Fix L<xxx(1)> links to be L<openssl-xxx(1)> · 1903a9b7

由 Rich Salz 提交于 11月 01, 2019

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10328)

1903a9b7

06 12月, 2018 1 次提交
- R
  Following the license change, modify the boilerplates in doc/man3/ · 4746f25a
  由 Richard Levitte 提交于 12月 06, 2018
```
[skip ci]
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7829)
```
  4746f25a
27 10月, 2016 1 次提交

Move manpages to man[1357] structure. · 99d63d46

由 Rich Salz 提交于 10月 26, 2016

Move manpages to manX directories
Add Windows/VMS install fix from Richard Levitte
Update README
Fix typo's
Remove some duplicates
Reviewed-by: NRichard Levitte <levitte@openssl.org>

99d63d46

21 5月, 2016 1 次提交

Doc nits cleanup, round 2 · 05ea606a

由 Rich Salz 提交于 5月 20, 2016

Fix some code examples, trailing whitespace
Fix TBA sections in verify, remove others.
Remove empty sections
Use Mixed Case not ALL CAPS in head2
Enhance doc-nits script.
Remove extra =cut line
Reviewed-by: NRichard Levitte <levitte@openssl.org>

05ea606a

19 5月, 2016 3 次提交

R
Add copyright to manpages · e2f92610
由 Rich Salz 提交于 5月 18, 2016
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
e2f92610

Ensure verify error is set when X509_verify_cert() fails · f3e235ed

由 Viktor Dukhovni 提交于 5月 17, 2016

Set ctx->error = X509_V_ERR_OUT_OF_MEM when verificaiton cannot
continue due to malloc failure.  Also, when X509_verify_cert()
returns <= 0 make sure that the verification status does not remain
X509_V_OK, as a last resort set it it to X509_V_ERR_UNSPECIFIED,
just in case some code path returns an error without setting an
appropriate value of ctx->error.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

f3e235ed

V
Clarify negative return from X509_verify_cert() · 5fba3912
由 Viktor Dukhovni 提交于 5月 16, 2016
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
5fba3912

23 3月, 2016 1 次提交

Correct another batch of typos · b9b6a7e5

由 Alex Gaynor 提交于 3月 20, 2016

Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

b9b6a7e5

29 10月, 2015 1 次提交

Remove SSLeay history, etc., from docs · a528d4f0

由 Rich Salz 提交于 10月 27, 2015

If something was "present in all versions" of SSLeay, or if it was
added to a version of SSLeay (and therefore predates OpenSSL),
remove mention of it.  Documentation history now starts with OpenSSL.

Remove mention of all history before OpenSSL 0.9.8, inclusive.

Remove all AUTHOR sections.
Reviewed-by: NTim Hudson <tjh@openssl.org>

a528d4f0

22 8月, 2015 1 次提交

Fix L<> content in manpages · 9b86974e

由 Rich Salz 提交于 8月 17, 2015

L<foo|foo> is sub-optimal  If the xref is the same as the title,
which is what we do, then you only need L<foo>.  This fixes all
1457 occurrences in 349 files.  Approximately.  (And pod used to
need both.)
Reviewed-by: NRichard Levitte <levitte@openssl.org>

9b86974e

08 7月, 2015 1 次提交

Reject calls to X509_verify_cert that have not been reinitialised · aae41f8c

由 Matt Caswell 提交于 6月 25, 2015

The function X509_verify_cert checks the value of |ctx->chain| at the
beginning, and if it is NULL then it initialises it, along with the value
of ctx->untrusted. The normal way to use X509_verify_cert() is to first
call X509_STORE_CTX_init(); then set up various parameters etc; then call
X509_verify_cert(); then check the results; and finally call
X509_STORE_CTX_cleanup(). The initial call to X509_STORE_CTX_init() sets
|ctx->chain| to NULL. The only place in the OpenSSL codebase  where
|ctx->chain| is set to anything other than a non NULL value is in
X509_verify_cert itself. Therefore the only ways that |ctx->chain| could be
non NULL on entry to X509_verify_cert is if one of the following occurs:
1) An application calls X509_verify_cert() twice without re-initialising
in between.
2) An application reaches inside the X509_STORE_CTX structure and changes
the value of |ctx->chain| directly.

With regards to the second of these, we should discount this - it should
not be supported to allow this.

With regards to the first of these, the documentation is not exactly
crystal clear, but the implication is that you must call
X509_STORE_CTX_init() before each call to X509_verify_cert(). If you fail
to do this then, at best, the results would be undefined.

Calling X509_verify_cert() with |ctx->chain| set to a non NULL value is
likely to have unexpected results, and could be dangerous. This commit
changes the behaviour of X509_verify_cert() so that it causes an error if
|ctx->chain| is anything other than NULL (because this indicates that we
have not been initialised properly). It also clarifies the associated
documentation. This is a follow up commit to CVE-2015-1793.
Reviewed-by: NStephen Henson <steve@openssl.org>

aae41f8c

03 5月, 2015 1 次提交
- A
  RT3802: Fixes typos in doc/crypto/ · 186bb907
  由 Alok Menghrajani 提交于 4月 13, 2015
```
Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  186bb907
18 10月, 2009 1 次提交
- D
  
  More X509 verification docs. · 53246488
  由 Dr. Stephen Henson 提交于 10月 17, 2009
  
  53246488
17 10月, 2009 1 次提交
- D
  
  Manual page for X509_verify_cert() · b8c182a4
  由 Dr. Stephen Henson 提交于 10月 17, 2009
  
  b8c182a4