From 2576b9c31c66aabd2464a2c404a15421208607eb Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Mon, 4 Jan 2021 08:50:42 +0100 Subject: [PATCH] X509_STORE_CTX_new.pod and x509_vfy.h.in: rename some params for clarity, improve their doc Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/13735) --- doc/man3/X509_STORE_CTX_new.pod | 12 ++++++------ include/openssl/x509_vfy.h.in | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index f2f6a01c448..bedbb2f1996 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -24,11 +24,11 @@ X509_STORE_CTX_verify_fn void X509_STORE_CTX_free(X509_STORE_CTX *ctx); int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, - X509 *target, STACK_OF(X509) *chain); + X509 *target, STACK_OF(X509) *untrusted); void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); - void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x); + void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target); STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); @@ -75,9 +75,9 @@ The trusted certificate store is set to I of type B. This may be NULL because there are no trusted certificates or because they are provided simply as a list using X509_STORE_CTX_set0_trusted_stack(). The certificate to be verified is set to I, -and a list of additional certificates may be provided in I, +and a list of additional certificates may be provided in I, which will be untrusted but may be used to build the chain. -Each of the I, I and I parameters can be NULL. +Each of the I, I and I parameters can be NULL. Yet note that L and L will need a verification target. This can also be set using X509_STORE_CTX_set_cert(). @@ -87,10 +87,10 @@ this can be also set indirectly using X509_STORE_CTX_set0_untrusted(). X509_STORE_CTX_set0_trusted_stack() sets the set of trusted certificates of I to I. This is an alternative way of specifying trusted certificates -instead of using an B. +instead of using an B where its complexity is not needed. X509_STORE_CTX_set_cert() sets the target certificate to be verified in I -to I. +to I. X509_STORE_CTX_set0_verified_chain() sets the validated chain used by I to be I. diff --git a/include/openssl/x509_vfy.h.in b/include/openssl/x509_vfy.h.in index 126c1d658a7..27c5f08c3a4 100644 --- a/include/openssl/x509_vfy.h.in +++ b/include/openssl/x509_vfy.h.in @@ -401,8 +401,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void); int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); void X509_STORE_CTX_free(X509_STORE_CTX *ctx); -int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, - X509 *target, STACK_OF(X509) *chain); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *trust_store, + X509 *target, STACK_OF(X509) *untrusted); void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); @@ -601,9 +601,9 @@ X509_CRL *X509_STORE_CTX_get0_current_crl(const X509_STORE_CTX *ctx); X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get0_chain(const X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(const X509_STORE_CTX *ctx); -void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *target); void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk); -void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, -- 2.47.2