doc: Add documentation for X509_STORE_CTX_set_time

Document the X509_STORE_CTX_set_time() function which sets the
verification time for certificate chain validation. This is a
convenience wrapper around X509_VERIFY_PARAM_set_time().

Remove X509_STORE_CTX_set_time from missingcrypto.txt and
missingcrypto111.txt.

Fixes #21362

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Sun May  3 15:38:26 2026
(Merged from https://github.com/openssl/openssl/pull/29899)

diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod
index 143438655efd8628dca8174cbf406cc7c8b9ccc3..bef593f723803d13af91f51236e06aff6728dd7a 100644 (file)
--- a/doc/man3/X509_STORE_CTX_new.pod
+++ b/doc/man3/X509_STORE_CTX_new.pod
@@ -19,7 +19,8 @@ X509_STORE_CTX_verify_fn,
 X509_STORE_CTX_set_ocsp_resp,
 X509_STORE_CTX_set_purpose,
 X509_STORE_CTX_set_trust,
-X509_STORE_CTX_purpose_inherit
+X509_STORE_CTX_purpose_inherit,
+X509_STORE_CTX_set_time
 - X509_STORE_CTX initialisation
 
 =head1 SYNOPSIS
@@ -63,6 +64,9 @@ X509_STORE_CTX_purpose_inherit
  int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
                                     int purpose, int trust);
 
+ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+                              time_t t);
+
 =head1 DESCRIPTION
 
 These functions initialise an B<X509_STORE_CTX> structure for subsequent use
@@ -274,6 +278,16 @@ the default trust id for I<purpose>. If the default trust id for the
 purpose is I<X509_TRUST_DEFAULT> and I<trust> is 0 then the default trust id
 associated with the I<def_purpose> value is used for the trust setting instead.
 
+X509_STORE_CTX_set_time() sets the verification time in I<ctx> to I<t>,
+which is a POSIX time value representing seconds since 1970-01-01T00:00:00Z
+(see L<OPENSSL_tm_to_posix(3)>).
+This is a convenience function that calls L<X509_VERIFY_PARAM_set_time(3)>
+on the verification parameters associated with I<ctx>.
+By default, the current system time is used for certificate verification.
+Setting a specific time is useful for testing or when verifying historical
+certificates.
+The I<flags> parameter is ignored.
+
 =head1 NOTES
 
 The certificates and CRLs in a store are used internally and should B<not>
@@ -302,8 +316,8 @@ present, or NULL if absent.
 X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(),
 X509_STORE_CTX_set0_trusted_stack(),
 X509_STORE_CTX_set_cert(),
-X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return
-values.
+X509_STORE_CTX_set0_crls(), X509_STORE_CTX_set0_param(), and
+X509_STORE_CTX_set_time() do not return values.
 
 X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
 
@@ -313,7 +327,7 @@ used.
 =head1 SEE ALSO
 
 L<X509_verify_cert(3)>, L<X509_STORE_CTX_verify(3)>,
-L<X509_VERIFY_PARAM_set_flags(3)>
+L<X509_VERIFY_PARAM_set_flags(3)>, L<X509_VERIFY_PARAM_set_time(3)>
 
 =head1 HISTORY
 
@@ -328,7 +342,7 @@ There is no need to call X509_STORE_CTX_cleanup() explicitly since OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2009-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index 69aab337c8aa41be99548034d938fa28d26d82c2..884aeeeb684245f98e7320b501521cc91d481269 100644 (file)
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -1105,7 +1105,6 @@ X509_STORE_CTX_get_explicit_policy(3)
 X509_STORE_CTX_set0_dane(3)
 X509_STORE_CTX_set_depth(3)
 X509_STORE_CTX_set_flags(3)
-X509_STORE_CTX_set_time(3)
 X509_STORE_get_verify(3)
 X509_TRUST_add(3)
 X509_TRUST_cleanup(3)