From 9372ddf1a294d61dcbf507680e4e3d5b094ef71d Mon Sep 17 00:00:00 2001 From: Paul Yang Date: Tue, 10 Sep 2019 13:08:29 +0800 Subject: [PATCH] Add doc for TS_VERIFY_CTX_set_certs() This addition is based on PR #9472. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/9838) --- doc/man3/TS_VERIFY_CTX_set_certs.pod | 57 ++++++++++++++++++++++++++++ util/missingcrypto.txt | 1 - util/missingmacro.txt | 1 - util/other.syms | 1 + 4 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 doc/man3/TS_VERIFY_CTX_set_certs.pod diff --git a/doc/man3/TS_VERIFY_CTX_set_certs.pod b/doc/man3/TS_VERIFY_CTX_set_certs.pod new file mode 100644 index 0000000000..a7aae4acda --- /dev/null +++ b/doc/man3/TS_VERIFY_CTX_set_certs.pod @@ -0,0 +1,57 @@ +=pod + +=head1 NAME + +TS_VERIFY_CTX_set_certs, TS_VERIFY_CTS_set_certs +- set certificates for TS response verification + +=head1 SYNOPSIS + + #include + + STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, + STACK_OF(X509) *certs); + STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, + STACK_OF(X509) *certs); + +=head1 DESCRIPTION + +The Time-Stamp Protocol (TSP) is defined by RFC 3161. TSP is a protocol used to +provide long term proof of the existence of a certain datum before a particular +time. TSP defines a Time Stamping Authority (TSA) and an entity who shall make +requests to the TSA. Usually the TSA is denoted as the server side and the +requesting entity is denoted as the client. + +In TSP, when a server is sending a response to a client, the server normally +needs to sign the response data - the TimeStampToken (TST) - with its private +key. Then the client shall verify the received TST by the server's certificate +chain. + +TS_VERIFY_CTX_set_certs() is used to set the server's certificate chain when +verifying a TST. B is the verification context created in advance and +B is a stack of B certificates. + +TS_VERIFY_CTS_set_certs() is a misspelled version of TS_VERIFY_CTX_set_certs() +which takes the same parameters and returns the same result. + +=head1 RETURN VALUES + +TS_VERIFY_CTX_set_certs() returns the stack of B certificates the user +passes in via parameter B. + +=head1 HISTORY + +The spelling of TS_VERIFY_CTX_set_certs() was corrected in OpenSSL 3.0.0. +The misspelled version TS_VERIFY_CTS_set_certs() has been retained for +compatibility reasons, but it is deprecated in OpenSSL 3.0.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index cf6824d49e..7f1cf49ab3 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -1070,7 +1070,6 @@ TS_TST_INFO_set_serial(3) TS_TST_INFO_set_time(3) TS_TST_INFO_set_tsa(3) TS_TST_INFO_set_version(3) -TS_VERIFY_CTX_set_certs(3) TS_VERIFY_CTX_add_flags(3) TS_VERIFY_CTX_cleanup(3) TS_VERIFY_CTX_free(3) diff --git a/util/missingmacro.txt b/util/missingmacro.txt index 3d825b199d..8738c87d9f 100644 --- a/util/missingmacro.txt +++ b/util/missingmacro.txt @@ -175,4 +175,3 @@ X509V3_set_ctx_test(3) X509V3_set_ctx_nodb(3) EXT_BITSTRING(3) EXT_IA5STRING(3) -TS_VERIFY_CTS_set_certs(3) diff --git a/util/other.syms b/util/other.syms index c6b2404f2c..b57af07c7d 100644 --- a/util/other.syms +++ b/util/other.syms @@ -562,3 +562,4 @@ OSSL_TRACE_CANCEL define OSSL_TRACE1 define OSSL_TRACE2 define OSSL_TRACE9 define +TS_VERIFY_CTS_set_certs define deprecated 3.0.0 -- 2.34.1