]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d7d1d09)
X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_cl...
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>
Mon, 16 Jan 2023 07:38:01 +0000 (08:38 +0100)
committerDr. David von Oheimb <dev@ddvo.net>
Mon, 23 Jan 2023 10:00:04 +0000 (11:00 +0100)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20052)

crypto/x509/x509_txt.c patch | blob | blame | history
doc/man3/X509_STORE_CTX_get_error.pod patch | blob | blame | history
doc/man3/X509_VERIFY_PARAM_set_flags.pod patch | blob | blame | history

diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 0c7ae1ed79d01ace3e0163dd9529d6162c39ec30..54decf733286b23f59cf0ea3f2234163809efa38 100644 (file)
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -74,7 +74,7 @@ const char *X509_verify_cert_error_string(long n)
     case X509_V_ERR_PATH_LENGTH_EXCEEDED:
         return "path length constraint exceeded";
     case X509_V_ERR_INVALID_PURPOSE:
-        return "unsupported certificate purpose";
+        return "unsuitable certificate purpose";
     case X509_V_ERR_CERT_UNTRUSTED:
         return "certificate not trusted";
     case X509_V_ERR_CERT_REJECTED:
diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod
index 76fcf27b8dae59e74b454e3ce1e66c790f945bc4..8357f5056866d74b9b67ba7bf054e23f910cc200 100644 (file)
--- a/doc/man3/X509_STORE_CTX_get_error.pod
+++ b/doc/man3/X509_STORE_CTX_get_error.pod
@@ -229,7 +229,7 @@ consistent with the supplied purpose.
 
 The basicConstraints path-length parameter has been exceeded.
 
-=item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
+=item B<X509_V_ERR_INVALID_PURPOSE: unsuitable certificate purpose>
 
 The target certificate cannot be used for the specified purpose.
 
diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
index 149cc00d01a3ae3dc37678b6504e1205333b4d52..51fb70b50001ff9249b41897486aff38bcf86363 100644 (file)
--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
@@ -90,6 +90,7 @@ X509_VERIFY_PARAM_clear_flags() clears the flags B<flags> in B<param>.
 X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param>
 to B<purpose>. This determines the acceptable purpose of the certificate
 chain, for example B<X509_PURPOSE_SSL_CLIENT>.
+The purpose requirement is cleared if B<purpose> is 0.
 
 X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
 B<trust>.
Mirror of https://github.com/openssl/openssl.git