From: Matt Caswell Date: Thu, 11 Nov 2021 12:09:15 +0000 (+0000) Subject: Clarify the PEM docs X-Git-Tag: openssl-3.2.0-alpha1~3338 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e48fe798409eb22f067f635c62b9a72e18cd4347;p=thirdparty%2Fopenssl.git Clarify the PEM docs Make it clear how the existing PEM functions can be used to create an X509, X509_REQ or X509_CRL object with an associated libctx/propq. Fixes #16966 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17012) --- diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index 4ed1b8c7033..2e4ab7e6615 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -209,7 +209,14 @@ refer to the B>(), B>(), B>(), and B>() functions. Some operations have additional variants that take a library context I -and a property query string I. +and a property query string I. The B, B and B +objects may have an associated library context or property query string but +there are no variants of these functions that take a library context or property +query string parameter. In this case it is possible to set the appropriate +library context or property query string by creating an empty B, +B or B object using L, L +or L respectively. Then pass the empty object as a parameter +to the relevant PEM function. See the L section below. The B functions read or write a private key in PEM format using an EVP_PKEY structure. The write routines use PKCS#8 private key format and are @@ -448,7 +455,8 @@ where I already contains a valid certificate, may not work, whereas: X509_free(x); x = PEM_read_bio_X509(bp, NULL, 0, NULL); -is guaranteed to work. +is guaranteed to work. It is always acceptable for I to contain a newly +allocated, empty B object (for example allocated via L). =head1 RETURN VALUES