From: kovan Date: Mon, 2 Feb 2026 11:32:04 +0000 (+0100) Subject: doc: Add documentation for X509_STORE_CTX_set_time X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=69e54bee8d89f6703eaeca5f4c8b6a8822161c64;p=thirdparty%2Fopenssl.git doc: Add documentation for X509_STORE_CTX_set_time Document the X509_STORE_CTX_set_time() function which sets the verification time for certificate chain validation. This is a convenience wrapper around X509_VERIFY_PARAM_set_time(). Remove X509_STORE_CTX_set_time from missingcrypto.txt and missingcrypto111.txt. Fixes #21362 Co-Authored-By: Claude Opus 4.5 Reviewed-by: Eugene Syromiatnikov Reviewed-by: Nikola Pajkovsky MergeDate: Sun May 3 15:38:26 2026 (Merged from https://github.com/openssl/openssl/pull/29899) --- diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index 143438655ef..bef593f7238 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -19,7 +19,8 @@ X509_STORE_CTX_verify_fn, X509_STORE_CTX_set_ocsp_resp, X509_STORE_CTX_set_purpose, X509_STORE_CTX_set_trust, -X509_STORE_CTX_purpose_inherit +X509_STORE_CTX_purpose_inherit, +X509_STORE_CTX_set_time - X509_STORE_CTX initialisation =head1 SYNOPSIS @@ -63,6 +64,9 @@ X509_STORE_CTX_purpose_inherit int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, int purpose, int trust); + void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); + =head1 DESCRIPTION These functions initialise an B structure for subsequent use @@ -274,6 +278,16 @@ the default trust id for I. If the default trust id for the purpose is I and I is 0 then the default trust id associated with the I value is used for the trust setting instead. +X509_STORE_CTX_set_time() sets the verification time in I to I, +which is a POSIX time value representing seconds since 1970-01-01T00:00:00Z +(see L). +This is a convenience function that calls L +on the verification parameters associated with I. +By default, the current system time is used for certificate verification. +Setting a specific time is useful for testing or when verifying historical +certificates. +The I parameter is ignored. + =head1 NOTES The certificates and CRLs in a store are used internally and should B @@ -302,8 +316,8 @@ present, or NULL if absent. X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(), X509_STORE_CTX_set0_trusted_stack(), X509_STORE_CTX_set_cert(), -X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return -values. +X509_STORE_CTX_set0_crls(), X509_STORE_CTX_set0_param(), and +X509_STORE_CTX_set_time() do not return values. X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred. @@ -313,7 +327,7 @@ used. =head1 SEE ALSO L, L, -L +L, L =head1 HISTORY @@ -328,7 +342,7 @@ There is no need to call X509_STORE_CTX_cleanup() explicitly since OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2026 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index 69aab337c8a..884aeeeb684 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -1105,7 +1105,6 @@ X509_STORE_CTX_get_explicit_policy(3) X509_STORE_CTX_set0_dane(3) X509_STORE_CTX_set_depth(3) X509_STORE_CTX_set_flags(3) -X509_STORE_CTX_set_time(3) X509_STORE_get_verify(3) X509_TRUST_add(3) X509_TRUST_cleanup(3)