]>
Commit | Line | Data |
---|---|---|
53246488 DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
f0e0fd51 | 5 | X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, |
51227177 | 6 | X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, |
c9654873 VD |
7 | X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, |
8 | X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, | |
9 | X509_verify_cert_error_string - get or set certificate verification status | |
10 | information | |
53246488 DSH |
11 | |
12 | =head1 SYNOPSIS | |
13 | ||
1e6b8d39 | 14 | #include <openssl/x509.h> |
53246488 | 15 | |
8cc86b81 | 16 | int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx); |
c9654873 | 17 | void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); |
8cc86b81 | 18 | int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx); |
51227177 | 19 | void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); |
8cc86b81 | 20 | X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx); |
c9654873 | 21 | void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); |
8cc86b81 | 22 | X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx); |
53246488 | 23 | |
8cc86b81 | 24 | STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); |
53246488 | 25 | |
1e6b8d39 DSH |
26 | const char *X509_verify_cert_error_string(long n); |
27 | ||
53246488 DSH |
28 | =head1 DESCRIPTION |
29 | ||
30 | These functions are typically called after X509_verify_cert() has indicated | |
31 | an error or in a verification callback to determine the nature of an error. | |
32 | ||
33 | X509_STORE_CTX_get_error() returns the error code of B<ctx>, see | |
34 | the B<ERROR CODES> section for a full description of all error codes. | |
35 | ||
36 | X509_STORE_CTX_set_error() sets the error code of B<ctx> to B<s>. For example | |
37 | it might be used in a verification callback to set an error based on additional | |
38 | checks. | |
39 | ||
40 | X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a | |
41 | non-negative integer representing where in the certificate chain the error | |
478b50cf | 42 | occurred. If it is zero it occurred in the end entity certificate, one if |
53246488 DSH |
43 | it is the certificate which signed the end entity certificate and so on. |
44 | ||
51227177 VD |
45 | X509_STORE_CTX_set_error_depth() sets the error B<depth>. |
46 | This can be used in combination with X509_STORE_CTX_set_error() to set the | |
47 | depth at which an error condition was detected. | |
48 | ||
53246488 DSH |
49 | X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which |
50 | caused the error or B<NULL> if no certificate is relevant. | |
51 | ||
c9654873 VD |
52 | X509_STORE_CTX_set_current_cert() sets the certificate B<x> in B<ctx> which |
53 | caused the error. | |
54 | This value is not intended to remain valid for very long, and remains owned by | |
55 | the caller. | |
56 | It may be examined by a verification callback invoked to handle each error | |
57 | encountered during chain verification and is no longer required after such a | |
58 | callback. | |
59 | If a callback wishes the save the certificate for use after it returns, it | |
60 | needs to increment its reference count via L<X509_up_ref(3)>. | |
61 | Once such a I<saved> certificate is no longer needed it can be freed with | |
62 | L<X509_free(3)>. | |
63 | ||
8162f6f5 RS |
64 | X509_STORE_CTX_get0_cert() retrieves an internal pointer to the |
65 | certificate being verified by the B<ctx>. | |
c9654873 | 66 | |
53246488 DSH |
67 | X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous |
68 | call to X509_verify_cert() is successful. If the call to X509_verify_cert() | |
69 | is B<not> successful the returned chain may be incomplete or invalid. The | |
70 | returned chain persists after the B<ctx> structure is freed, when it is | |
71 | no longer needed it should be free up using: | |
72 | ||
2947af32 | 73 | sk_X509_pop_free(chain, X509_free); |
53246488 | 74 | |
1e6b8d39 DSH |
75 | X509_verify_cert_error_string() returns a human readable error string for |
76 | verification error B<n>. | |
77 | ||
53246488 DSH |
78 | =head1 RETURN VALUES |
79 | ||
1e6b8d39 | 80 | X509_STORE_CTX_get_error() returns B<X509_V_OK> or an error code. |
53246488 DSH |
81 | |
82 | X509_STORE_CTX_get_error_depth() returns a non-negative error depth. | |
83 | ||
186bb907 | 84 | X509_STORE_CTX_get_current_cert() returns the certificate which caused the |
53246488 DSH |
85 | error or B<NULL> if no certificate is relevant to the error. |
86 | ||
1e6b8d39 DSH |
87 | X509_verify_cert_error_string() returns a human readable error string for |
88 | verification error B<n>. | |
89 | ||
53246488 DSH |
90 | =head1 ERROR CODES |
91 | ||
1e6b8d39 DSH |
92 | A list of error codes and messages is shown below. Some of the |
93 | error codes are defined but currently never returned: these are described as | |
94 | "unused". | |
53246488 DSH |
95 | |
96 | =over 4 | |
97 | ||
6c17629f | 98 | =item B<X509_V_OK: ok> |
53246488 | 99 | |
21d08b9e RS |
100 | The operation was successful. |
101 | ||
102 | =item B<X509_V_ERR_UNSPECIFIED: unspecified certificate verification error> | |
103 | ||
104 | Unspecified error; should not happen. | |
53246488 DSH |
105 | |
106 | =item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate> | |
107 | ||
21d08b9e | 108 | The issuer certificate of a locally looked up certificate could not be found. |
6d5aa88d | 109 | This normally means the list of trusted certificates is not complete. |
53246488 DSH |
110 | |
111 | =item B<X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL> | |
112 | ||
21d08b9e | 113 | The CRL of a certificate could not be found. |
53246488 DSH |
114 | |
115 | =item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature> | |
116 | ||
21d08b9e | 117 | The certificate signature could not be decrypted. This means that the actual |
53246488 DSH |
118 | signature value could not be determined rather than it not matching the |
119 | expected value, this is only meaningful for RSA keys. | |
120 | ||
121 | =item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature> | |
122 | ||
21d08b9e | 123 | The CRL signature could not be decrypted: this means that the actual signature |
53246488 DSH |
124 | value could not be determined rather than it not matching the expected value. |
125 | Unused. | |
126 | ||
127 | =item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key> | |
128 | ||
21d08b9e RS |
129 | The public key in the certificate C<SubjectPublicKeyInfo> field could |
130 | not be read. | |
53246488 DSH |
131 | |
132 | =item B<X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure> | |
133 | ||
21d08b9e | 134 | The signature of the certificate is invalid. |
53246488 DSH |
135 | |
136 | =item B<X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure> | |
137 | ||
21d08b9e | 138 | The signature of the certificate is invalid. |
53246488 DSH |
139 | |
140 | =item B<X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid> | |
141 | ||
21d08b9e RS |
142 | The certificate is not yet valid: the C<notBefore> date is after the |
143 | current time. | |
53246488 DSH |
144 | |
145 | =item B<X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired> | |
146 | ||
21d08b9e RS |
147 | The certificate has expired: that is the C<notAfter> date is before the |
148 | current time. | |
53246488 DSH |
149 | |
150 | =item B<X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid> | |
151 | ||
21d08b9e | 152 | The CRL is not yet valid. |
53246488 DSH |
153 | |
154 | =item B<X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired> | |
155 | ||
21d08b9e | 156 | The CRL has expired. |
53246488 DSH |
157 | |
158 | =item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field> | |
159 | ||
21d08b9e | 160 | The certificate B<notBefore> field contains an invalid time. |
53246488 DSH |
161 | |
162 | =item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field> | |
163 | ||
21d08b9e | 164 | The certificate B<notAfter> field contains an invalid time. |
53246488 DSH |
165 | |
166 | =item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field> | |
167 | ||
21d08b9e | 168 | The CRL B<lastUpdate> field contains an invalid time. |
53246488 DSH |
169 | |
170 | =item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field> | |
171 | ||
21d08b9e | 172 | The CRL B<nextUpdate> field contains an invalid time. |
53246488 DSH |
173 | |
174 | =item B<X509_V_ERR_OUT_OF_MEM: out of memory> | |
175 | ||
21d08b9e | 176 | An error occurred trying to allocate memory. |
53246488 DSH |
177 | |
178 | =item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate> | |
179 | ||
21d08b9e | 180 | The passed certificate is self-signed and the same certificate cannot be found |
53246488 DSH |
181 | in the list of trusted certificates. |
182 | ||
183 | =item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain> | |
184 | ||
21d08b9e | 185 | The certificate chain could be built up using the untrusted certificates but |
53246488 DSH |
186 | the root could not be found locally. |
187 | ||
188 | =item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate> | |
189 | ||
21d08b9e | 190 | The issuer certificate could not be found: this occurs if the issuer certificate |
6d5aa88d | 191 | of an untrusted certificate cannot be found. |
53246488 DSH |
192 | |
193 | =item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate> | |
194 | ||
21d08b9e | 195 | No signatures could be verified because the chain contains only one certificate |
53246488 DSH |
196 | and it is not self signed. |
197 | ||
198 | =item B<X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long> | |
199 | ||
21d08b9e | 200 | The certificate chain length is greater than the supplied maximum depth. Unused. |
53246488 DSH |
201 | |
202 | =item B<X509_V_ERR_CERT_REVOKED: certificate revoked> | |
203 | ||
21d08b9e | 204 | The certificate has been revoked. |
53246488 DSH |
205 | |
206 | =item B<X509_V_ERR_INVALID_CA: invalid CA certificate> | |
207 | ||
21d08b9e | 208 | A CA certificate is invalid. Either it is not a CA or its extensions are not |
53246488 DSH |
209 | consistent with the supplied purpose. |
210 | ||
211 | =item B<X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded> | |
212 | ||
21d08b9e | 213 | The basicConstraints path-length parameter has been exceeded. |
53246488 DSH |
214 | |
215 | =item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose> | |
216 | ||
21d08b9e | 217 | The supplied certificate cannot be used for the specified purpose. |
53246488 DSH |
218 | |
219 | =item B<X509_V_ERR_CERT_UNTRUSTED: certificate not trusted> | |
220 | ||
21d08b9e | 221 | The root CA is not marked as trusted for the specified purpose. |
53246488 DSH |
222 | |
223 | =item B<X509_V_ERR_CERT_REJECTED: certificate rejected> | |
224 | ||
21d08b9e | 225 | The root CA is marked to reject the specified purpose. |
53246488 DSH |
226 | |
227 | =item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch> | |
228 | ||
21d08b9e RS |
229 | The current candidate issuer certificate was rejected because its subject name |
230 | did not match the issuer name of the current certificate. | |
53246488 DSH |
231 | |
232 | =item B<X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch> | |
233 | ||
21d08b9e | 234 | The current candidate issuer certificate was rejected because its subject key |
53246488 | 235 | identifier was present and did not match the authority key identifier current |
21d08b9e RS |
236 | certificate. |
237 | Not used as of OpenSSL 1.1.0. | |
53246488 DSH |
238 | |
239 | =item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch> | |
240 | ||
21d08b9e | 241 | The current candidate issuer certificate was rejected because its issuer name |
53246488 | 242 | and serial number was present and did not match the authority key identifier of |
21d08b9e RS |
243 | the current certificate. |
244 | Not used as of OpenSSL 1.1.0. | |
53246488 DSH |
245 | |
246 | =item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing> | |
247 | ||
21d08b9e RS |
248 | The current candidate issuer certificate was rejected because its B<keyUsage> |
249 | extension does not permit certificate signing. | |
250 | Not used as of OpenSSL 1.1.0. | |
53246488 | 251 | |
1e6b8d39 DSH |
252 | =item B<X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension> |
253 | ||
254 | A certificate extension had an invalid value (for example an incorrect | |
255 | encoding) or some value inconsistent with other extensions. | |
256 | ||
1e6b8d39 DSH |
257 | =item B<X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension> |
258 | ||
259 | A certificate policies extension had an invalid value (for example an incorrect | |
260 | encoding) or some value inconsistent with other extensions. This error only | |
261 | occurs if policy processing is enabled. | |
262 | ||
263 | =item B<X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy> | |
264 | ||
265 | The verification flags were set to require and explicit policy but none was | |
266 | present. | |
267 | ||
268 | =item B<X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope> | |
269 | ||
270 | The only CRLs that could be found did not match the scope of the certificate. | |
271 | ||
272 | =item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature> | |
273 | ||
274 | Some feature of a certificate extension is not supported. Unused. | |
275 | ||
276 | =item B<X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation> | |
277 | ||
478b50cf | 278 | A name constraint violation occurred in the permitted subtrees. |
1e6b8d39 DSH |
279 | |
280 | =item B<X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation> | |
281 | ||
478b50cf | 282 | A name constraint violation occurred in the excluded subtrees. |
1e6b8d39 DSH |
283 | |
284 | =item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported> | |
285 | ||
286 | A certificate name constraints extension included a minimum or maximum field: | |
287 | this is not supported. | |
288 | ||
289 | =item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type> | |
290 | ||
291 | An unsupported name constraint type was encountered. OpenSSL currently only | |
292 | supports directory name, DNS name, email and URI types. | |
293 | ||
294 | =item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax> | |
295 | ||
296 | The format of the name constraint is not recognised: for example an email | |
297 | address format of a form not mentioned in RFC3280. This could be caused by | |
298 | a garbage extension or some new feature not currently supported. | |
299 | ||
300 | =item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error> | |
301 | ||
478b50cf | 302 | An error occurred when attempting to verify the CRL path. This error can only |
1e6b8d39 DSH |
303 | happen if extended CRL checking is enabled. |
304 | ||
53246488 DSH |
305 | =item B<X509_V_ERR_APPLICATION_VERIFICATION: application verification failure> |
306 | ||
21d08b9e RS |
307 | An application specific error. This will never be returned unless explicitly |
308 | set by an application callback. | |
309 | ||
310 | =item B<X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get CRL issuer certificate> | |
311 | ||
312 | Unable to get CRL issuer certificate. | |
313 | ||
314 | =item B<X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension> | |
315 | ||
316 | Unhandled critical extension. | |
317 | ||
318 | =item B<X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include CRL signing> | |
319 | ||
320 | Key usage does not include CRL signing. | |
321 | ||
322 | =item B<X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical CRL extension> | |
323 | ||
324 | Unhandled critical CRL extension. | |
325 | ||
326 | =item B<X509_V_ERR_INVALID_NON_CA: invalid non-CA certificate (has CA markings)> | |
327 | ||
328 | Invalid non-CA certificate has CA markings. | |
329 | ||
330 | =item B<X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length contraint exceeded> | |
331 | ||
332 | Proxy path length constraint exceeded. | |
333 | ||
334 | =item B<X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature> | |
335 | ||
336 | Key usage does not include digital signature, and therefore cannot sign | |
337 | certificates. | |
338 | ||
339 | =item B<X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag> | |
340 | ||
341 | Proxy certificates not allowed unless the B<-allow_proxy_certs> option is used. | |
342 | ||
343 | =item B<X509_V_ERR_UNNESTED_RESOURCE: RFC 3779 resource not subset of parent's resrouces> | |
344 | ||
345 | See RFC 3779 for details. | |
346 | ||
347 | =item B<X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax> | |
348 | ||
349 | Unsupported or invalid name syntax. | |
350 | ||
351 | =item B<X509_V_ERR_PATH_LOOP: path loop> | |
352 | ||
353 | Path loop. | |
354 | ||
355 | =item B<X509_V_ERR_HOSTNAME_MISMATCH: hostname mismatch> | |
356 | ||
357 | Hostname mismatch. | |
358 | ||
359 | =item B<X509_V_ERR_EMAIL_MISMATCH: email address mismatch> | |
360 | ||
361 | Email address mismatch. | |
362 | ||
363 | =item B<X509_V_ERR_IP_ADDRESS_MISMATCH: IP address mismatch> | |
364 | ||
365 | IP address mismatch. | |
366 | ||
367 | =item B<X509_V_ERR_DANE_NO_MATCH: no matching DANE TLSA records> | |
368 | ||
369 | DANE TLSA authentication is enabled, but no TLSA records matched the | |
370 | certificate chain. | |
371 | This error is only possible in L<openssl-s_client(1)>. | |
372 | ||
373 | =item B<X509_V_ERR_EE_KEY_TOO_SMALL: EE certificate key too weak> | |
374 | ||
375 | EE certificate key too weak. | |
376 | ||
377 | =item B<X509_ERR_CA_KEY_TOO_SMALL: CA certificate key too weak> | |
378 | ||
379 | CA certificate key too weak. | |
380 | ||
381 | =item B<X509_ERR_CA_MD_TOO_WEAK: CA signature digest algorithm too weak> | |
382 | ||
383 | CA signature digest algorithm too weak. | |
384 | ||
385 | =item B<X509_V_ERR_INVALID_CALL: invalid certificate verification context> | |
386 | ||
387 | invalid certificate verification context. | |
388 | ||
389 | =item B<X509_V_ERR_STORE_LOOKUP: issuer certificate lookup error> | |
390 | ||
391 | Issuer certificate lookup error. | |
392 | ||
393 | =item B<X509_V_ERR_NO_VALID_SCTS: certificate transparency required, but no valid SCTs found> | |
394 | ||
395 | Certificate Transparency required, but no valid SCTs found. | |
396 | ||
397 | =item B<X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION: proxy subject name violation> | |
398 | ||
399 | Proxy subject name violation. | |
400 | ||
401 | =item B<X509_V_ERR_OCSP_VERIFY_NEEDED: OCSP verification needed> | |
402 | ||
403 | Returned by the verify callback to indicate an OCSP verification is needed. | |
404 | ||
405 | =item B<X509_V_ERR_OCSP_VERIFY_FAILED: OCSP verification failed> | |
406 | ||
407 | Returned by the verify callback to indicate OCSP verification failed. | |
408 | ||
409 | =item B<X509_V_ERR_OCSP_CERT_UNKNOWN: OCSP unknown cert> | |
410 | ||
411 | Returned by the verify callback to indicate that the certificate is not | |
412 | recognized by the OCSP responder. | |
413 | ||
414 | =item B<509_V_ERROR_NO_ISSUER_PUBLI_KEY, issuer certificate doesn't have a public key> | |
415 | ||
416 | The issuer certificate does not have a public key. | |
417 | ||
418 | =item B<X509_V_ERROR_SIGNATURE_ALGORITHM_MISMATCH, Subject signature algorithm and issuer public key algoritm mismatch> | |
419 | ||
420 | The issuer's public key is not of the type required by the signature in | |
421 | the subject's certificate. | |
53246488 | 422 | |
5cc27077 NA |
423 | =back |
424 | ||
53246488 DSH |
425 | =head1 NOTES |
426 | ||
427 | The above functions should be used instead of directly referencing the fields | |
428 | in the B<X509_VERIFY_CTX> structure. | |
429 | ||
430 | In versions of OpenSSL before 1.0 the current certificate returned by | |
431 | X509_STORE_CTX_get_current_cert() was never B<NULL>. Applications should | |
432 | check the return value before printing out any debugging information relating | |
433 | to the current certificate. | |
434 | ||
1e6b8d39 DSH |
435 | If an unrecognised error code is passed to X509_verify_cert_error_string() the |
436 | numerical value of the unknown code is returned in a static buffer. This is not | |
437 | thread safe but will never happen unless an invalid code is passed. | |
53246488 DSH |
438 | |
439 | =head1 SEE ALSO | |
440 | ||
c9654873 VD |
441 | L<X509_verify_cert(3)>, |
442 | L<X509_up_ref(3)>, | |
443 | L<X509_free(3)>. | |
53246488 | 444 | |
e2f92610 RS |
445 | =head1 COPYRIGHT |
446 | ||
33388b44 | 447 | Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 448 | |
4746f25a | 449 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
450 | this file except in compliance with the License. You can obtain a copy |
451 | in the file LICENSE in the source distribution or at | |
452 | L<https://www.openssl.org/source/license.html>. | |
453 | ||
454 | =cut |