From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Mon, 16 Jan 2023 07:38:01 +0000 (+0100)
Subject: X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_cl... 
X-Git-Tag: openssl-3.2.0-alpha1~1416
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec6cbda0f2e435ae0efaec308dc5569c75bb759b;p=thirdparty%2Fopenssl.git

X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20052)
---

diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 0c7ae1ed79d..54decf73328 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -74,7 +74,7 @@ const char *X509_verify_cert_error_string(long n)
     case X509_V_ERR_PATH_LENGTH_EXCEEDED:
         return "path length constraint exceeded";
     case X509_V_ERR_INVALID_PURPOSE:
-        return "unsupported certificate purpose";
+        return "unsuitable certificate purpose";
     case X509_V_ERR_CERT_UNTRUSTED:
         return "certificate not trusted";
     case X509_V_ERR_CERT_REJECTED:
diff --git a/doc/man3/X509_STORE_CTX_get_error.pod b/doc/man3/X509_STORE_CTX_get_error.pod
index 76fcf27b8da..8357f505686 100644
--- a/doc/man3/X509_STORE_CTX_get_error.pod
+++ b/doc/man3/X509_STORE_CTX_get_error.pod
@@ -229,7 +229,7 @@ consistent with the supplied purpose.
 
 The basicConstraints path-length parameter has been exceeded.
 
-=item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
+=item B<X509_V_ERR_INVALID_PURPOSE: unsuitable certificate purpose>
 
 The target certificate cannot be used for the specified purpose.
 
diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
index 149cc00d01a..51fb70b5000 100644
--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
@@ -90,6 +90,7 @@ X509_VERIFY_PARAM_clear_flags() clears the flags B<flags> in B<param>.
 X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param>
 to B<purpose>. This determines the acceptable purpose of the certificate
 chain, for example B<X509_PURPOSE_SSL_CLIENT>.
+The purpose requirement is cleared if B<purpose> is 0.
 
 X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
 B<trust>.