From e48fe798409eb22f067f635c62b9a72e18cd4347 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 11 Nov 2021 12:09:15 +0000 Subject: [PATCH] Clarify the PEM docs Make it clear how the existing PEM functions can be used to create an X509, X509_REQ or X509_CRL object with an associated libctx/propq. Fixes #16966 Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/17012) --- doc/man3/PEM_read_bio_PrivateKey.pod | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index 4ed1b8c7033..2e4ab7e6615 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -209,7 +209,14 @@ refer to the B>(), B>(), B>(), and B>() functions. Some operations have additional variants that take a library context I -and a property query string I. +and a property query string I. The B, B and B +objects may have an associated library context or property query string but +there are no variants of these functions that take a library context or property +query string parameter. In this case it is possible to set the appropriate +library context or property query string by creating an empty B, +B or B object using L, L +or L respectively. Then pass the empty object as a parameter +to the relevant PEM function. See the L section below. The B functions read or write a private key in PEM format using an EVP_PKEY structure. The write routines use PKCS#8 private key format and are @@ -448,7 +455,8 @@ where I already contains a valid certificate, may not work, whereas: X509_free(x); x = PEM_read_bio_X509(bp, NULL, 0, NULL); -is guaranteed to work. +is guaranteed to work. It is always acceptable for I to contain a newly +allocated, empty B object (for example allocated via L). =head1 RETURN VALUES -- 2.47.3