projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Check chain extensions also for trusted certificates
[openssl.git]
/
doc
/
crypto
/
PKCS7_verify.pod
diff --git
a/doc/crypto/PKCS7_verify.pod
b/doc/crypto/PKCS7_verify.pod
index f5200a23ecf253355ac2ef87bebdc6ab373170b8..3a5300ad79967b46255cca6ccf6648e67a1a00a5 100644
(file)
--- a/
doc/crypto/PKCS7_verify.pod
+++ b/
doc/crypto/PKCS7_verify.pod
@@
-2,19
+2,21
@@
=head1 NAME
=head1 NAME
-PKCS7_verify - verify a PKCS#7 signedData structure
+PKCS7_verify
, PKCS7_get0_signers
- verify a PKCS#7 signedData structure
=head1 SYNOPSIS
=head1 SYNOPSIS
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+ #include <openssl/pkcs7.h>
-int PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+
+ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
=head1 DESCRIPTION
PKCS7_verify() verifies a PKCS#7 signedData structure. B<p7> is the PKCS7
structure to verify. B<certs> is a set of certificates in which to search for
=head1 DESCRIPTION
PKCS7_verify() verifies a PKCS#7 signedData structure. B<p7> is the PKCS7
structure to verify. B<certs> is a set of certificates in which to search for
-the signer's certificate. B<store> is a trusted certficate store (used for
+the signer's certificate. B<store> is a trusted cert
i
ficate store (used for
chain verification). B<indata> is the signed data if the content is not
present in B<p7> (that is it is detached). The content is written to B<out>
if it is not NULL.
chain verification). B<indata> is the signed data if the content is not
present in B<p7> (that is it is detached). The content is written to B<out>
if it is not NULL.
@@
-89,12
+91,12
@@
timestamp).
=head1 RETURN VALUES
=head1 RETURN VALUES
-PKCS7_verify() returns
1 for a successful verification and zero or a negative
-
value
if an error occurs.
+PKCS7_verify() returns
one for a successful verification and zero
+if an error occurs.
PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
-The error can be obtained from L<ERR_get_error(3)
|ERR_get_error(3)
>
+The error can be obtained from L<ERR_get_error(3)>
=head1 BUGS
=head1 BUGS
@@
-102,12
+104,11
@@
The trusted certificate store is not searched for the signers certificate,
this is primarily due to the inadequacies of the current B<X509_STORE>
functionality.
this is primarily due to the inadequacies of the current B<X509_STORE>
functionality.
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
-=head1
HISTORY
+=head1
SEE ALSO
-TBA
+L<ERR_get_error(3)>, L<PKCS7_sign(3)>
=cut
=cut