From: Tomas Mraz Date: Tue, 3 Oct 2023 13:45:13 +0000 (+0200) Subject: d2i_X509.pod: Better document using the reuse capability for libctx setup X-Git-Tag: openssl-3.2.0-beta1~118 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4ca56f51803a8ae010423180ac80ef991cf78fc5;p=thirdparty%2Fopenssl.git d2i_X509.pod: Better document using the reuse capability for libctx setup Reviewed-by: Matt Caswell Reviewed-by: Viktor Dukhovni Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/22265) --- diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 9226ef77c39..00efb603581 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -390,10 +390,12 @@ to the returned structure is also written to I<*a>. If an error occurred then NULL is returned. On a successful return, if I<*a> is not NULL then it is assumed that I<*a> -contains a valid B> structure and an attempt is made to reuse it. This -"reuse" capability is present for historical compatibility but its use is -B (see BUGS below, and the discussion in the RETURN -VALUES section). +contains a valid B> structure and an attempt is made to reuse it. +For B> structures where it matters it is possible to set up a library +context on the decoded structure this way (see the B section). +However using the "reuse" capability for other purposes is B (see B below, and the discussion in the B +section). B_bio>() is similar to B>() except it attempts to parse data from BIO I. @@ -538,6 +540,22 @@ Alternative technique: if (d2i_X509(&x, &p, len) == NULL) /* error */ +Setting up a library context and property query: + + X509 *x; + unsigned char *buf; + const unsigned char *p; + int len; + OSSL_LIB_CTX *libctx = ....; + const char *propq = ....; + + /* Set up buf and len to point to the input buffer. */ + p = buf; + x = X509_new_ex(libctx, propq); + + if (d2i_X509(&x, &p, len) == NULL) + /* error, x was freed and NULL assigned to it (see RETURN VALUES) */ + =head1 WARNINGS Using a temporary variable is mandatory. A common