diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-22 08:18:31 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-26 14:03:23 +0200 |
commit | 7d5ea3fecbfb12cdbcfce32cc4ea00b96ee4218d (patch) | |
tree | 956a7d482caaf1c4e3e8d77689b2df75d1ab5cf6 /doc/man3/OCSP_resp_find_status.pod | |
parent | Fix bug in EDDSA speed test (diff) | |
download | openssl-7d5ea3fecbfb12cdbcfce32cc4ea00b96ee4218d.tar.xz openssl-7d5ea3fecbfb12cdbcfce32cc4ea00b96ee4218d.zip |
OCSP_resp_find_status.pod: Replace function arg references B<...> by I<...>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12947)
Diffstat (limited to 'doc/man3/OCSP_resp_find_status.pod')
-rw-r--r-- | doc/man3/OCSP_resp_find_status.pod | 102 |
1 files changed, 51 insertions, 51 deletions
diff --git a/doc/man3/OCSP_resp_find_status.pod b/doc/man3/OCSP_resp_find_status.pod index 7dd90837b6..00b14c7052 100644 --- a/doc/man3/OCSP_resp_find_status.pod +++ b/doc/man3/OCSP_resp_find_status.pod @@ -60,12 +60,12 @@ OCSP_basic_verify =head1 DESCRIPTION -OCSP_resp_find_status() searches B<bs> for an OCSP response for B<id>. If it is -successful the fields of the response are returned in B<*status>, B<*reason>, -B<*revtime>, B<*thisupd> and B<*nextupd>. The B<*status> value will be one of +OCSP_resp_find_status() searches I<bs> for an OCSP response for I<id>. If it is +successful the fields of the response are returned in I<*status>, I<*reason>, +I<*revtime>, I<*thisupd> and I<*nextupd>. The I<*status> value will be one of B<V_OCSP_CERTSTATUS_GOOD>, B<V_OCSP_CERTSTATUS_REVOKED> or -B<V_OCSP_CERTSTATUS_UNKNOWN>. The B<*reason> and B<*revtime> fields are only -set if the status is B<V_OCSP_CERTSTATUS_REVOKED>. If set the B<*reason> field +B<V_OCSP_CERTSTATUS_UNKNOWN>. The I<*reason> and I<*revtime> fields are only +set if the status is B<V_OCSP_CERTSTATUS_REVOKED>. If set the I<*reason> field will be set to the revocation reason which will be one of B<OCSP_REVOKED_STATUS_NOSTATUS>, B<OCSP_REVOKED_STATUS_UNSPECIFIED>, B<OCSP_REVOKED_STATUS_KEYCOMPROMISE>, B<OCSP_REVOKED_STATUS_CACOMPROMISE>, @@ -73,88 +73,88 @@ B<OCSP_REVOKED_STATUS_AFFILIATIONCHANGED>, B<OCSP_REVOKED_STATUS_SUPERSEDED>, B<OCSP_REVOKED_STATUS_CESSATIONOFOPERATION>, B<OCSP_REVOKED_STATUS_CERTIFICATEHOLD> or B<OCSP_REVOKED_STATUS_REMOVEFROMCRL>. -OCSP_resp_count() returns the number of B<OCSP_SINGLERESP> structures in B<bs>. +OCSP_resp_count() returns the number of B<OCSP_SINGLERESP> structures in I<bs>. -OCSP_resp_get0() returns the B<OCSP_SINGLERESP> structure in B<bs> -corresponding to index B<idx>. Where B<idx> runs from 0 to +OCSP_resp_get0() returns the B<OCSP_SINGLERESP> structure in I<bs> +corresponding to index I<idx>. Where I<idx> runs from 0 to OCSP_resp_count(bs) - 1. -OCSP_resp_find() searches B<bs> for B<id> and returns the index of the first -matching entry after B<last> or starting from the beginning if B<last> is -1. +OCSP_resp_find() searches I<bs> for I<id> and returns the index of the first +matching entry after I<last> or starting from the beginning if I<last> is -1. -OCSP_single_get0_status() extracts the fields of B<single> in B<*reason>, -B<*revtime>, B<*thisupd> and B<*nextupd>. +OCSP_single_get0_status() extracts the fields of I<single> in I<*reason>, +I<*revtime>, I<*thisupd> and I<*nextupd>. OCSP_resp_get0_produced_at() extracts the B<producedAt> field from the -single response B<bs>. +single response I<bs>. -OCSP_resp_get0_signature() returns the signature from B<bs>. +OCSP_resp_get0_signature() returns the signature from I<bs>. -OCSP_resp_get0_tbs_sigalg() returns the B<signatureAlgorithm> from B<bs>. +OCSP_resp_get0_tbs_sigalg() returns the B<signatureAlgorithm> from I<bs>. -OCSP_resp_get0_respdata() returns the B<tbsResponseData> from B<bs>. +OCSP_resp_get0_respdata() returns the B<tbsResponseData> from I<bs>. -OCSP_resp_get0_certs() returns any certificates included in B<bs>. +OCSP_resp_get0_certs() returns any certificates included in I<bs>. OCSP_resp_get0_signer() attempts to retrieve the certificate that directly -signed B<bs>. The OCSP protocol does not require that this certificate +signed I<bs>. The OCSP protocol does not require that this certificate is included in the B<certs> field of the response, so additional certificates -can be supplied in B<extra_certs> if the certificates that may have +can be supplied via the I<extra_certs> if the certificates that may have signed the response are known via some out-of-band mechanism. -OCSP_resp_get0_id() gets the responder id of B<bs>. If the responder ID is -a name then <*pname> is set to the name and B<*pid> is set to NULL. If the -responder ID is by key ID then B<*pid> is set to the key ID and B<*pname> -is set to NULL. OCSP_resp_get1_id() leaves ownership of B<*pid> and B<*pname> +OCSP_resp_get0_id() gets the responder id of I<bs>. If the responder ID is +a name then <*pname> is set to the name and I<*pid> is set to NULL. If the +responder ID is by key ID then I<*pid> is set to the key ID and I<*pname> +is set to NULL. OCSP_resp_get1_id() leaves ownership of I<*pid> and I<*pname> with the caller, who is responsible for freeing them. Both functions return 1 in case of success and 0 in case of failure. If OCSP_resp_get1_id() returns 0, no freeing of the results is necessary. -OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values -which will be typically obtained from OCSP_resp_find_status() or -OCSP_single_get0_status(). If B<sec> is nonzero it indicates how many seconds -leeway should be allowed in the check. If B<maxsec> is positive it indicates -the maximum age of B<thisupd> in seconds. +OCSP_check_validity() checks the validity of its I<thisupd> and I<nextupd> +arguments, which will be typically obtained from OCSP_resp_find_status() or +OCSP_single_get0_status(). If I<sec> is nonzero it indicates how many seconds +leeway should be allowed in the check. If I<maxsec> is positive it indicates +the maximum age of I<thisupd> in seconds. -OCSP_basic_verify() checks that the basic response message B<bs> is correctly -signed and that the signer certificate can be validated. It takes B<st> as -the trusted store and B<certs> as a set of untrusted intermediate certificates. +OCSP_basic_verify() checks that the basic response message I<bs> is correctly +signed and that the signer certificate can be validated. It takes I<st> as +the trusted store and I<certs> as a set of untrusted intermediate certificates. The function first tries to find the signer certificate of the response -in B<certs>. It also searches the certificates the responder may have included -in B<bs> unless the B<flags> contain B<OCSP_NOINTERN>. +in I<certs>. It then searches the certificates the responder may have included +in I<bs> unless the I<flags> contain B<OCSP_NOINTERN>. It fails if the signer certificate cannot be found. -Next, the function checks the signature of B<bs> and fails on error -unless the B<flags> contain B<OCSP_NOSIGS>. Then the function already returns -success if the B<flags> contain B<OCSP_NOVERIFY> or if the signer certificate -was found in B<certs> and the B<flags> contain B<OCSP_TRUSTOTHER>. +Next, unless the I<flags> contain B<OCSP_NOSIGS>, the function checks +the signature of I<bs> and fails on error. Then the function already returns +success if the I<flags> contain B<OCSP_NOVERIFY> or if the signer certificate +was found in I<certs> and the I<flags> contain B<OCSP_TRUSTOTHER>. Otherwise the function continues by validating the signer certificate. -If B<flags> contains B<OCSP_PARTIAL_CHAIN>, intermediate CA certificates -in B<st> are trust-anchors. +If I<flags> contains B<OCSP_PARTIAL_CHAIN>, intermediate CA certificates +in I<st> are trust anchors. For more details, see the description of B<X509_V_FLAG_PARTIAL_CHAIN> in L<X509_VERIFY_PARAM_set_flags(3)/VERIFICATION FLAGS>. -To this end, all certificates in B<cert> and in B<bs> are considered as +To this end, all certificates in I<cert> and in I<bs> are considered as untrusted certificates for the construction of the validation path for the signer certificate unless the B<OCSP_NOCHAIN> flag is set. After successful path validation the function returns success if the B<OCSP_NOCHECKS> flag is set. Otherwise it verifies that the signer certificate meets the OCSP issuer criteria including potential delegation. If this does not succeed and the -B<flags> do not contain B<OCSP_NOEXPLICIT> the function checks for explicit +I<flags> do not contain B<OCSP_NOEXPLICIT> the function checks for explicit trust for OCSP signing in the root CA certificate. =head1 RETURN VALUES -OCSP_resp_find_status() returns 1 if B<id> is found in B<bs> and 0 otherwise. +OCSP_resp_find_status() returns 1 if I<id> is found in I<bs> and 0 otherwise. OCSP_resp_count() returns the total number of B<OCSP_SINGLERESP> fields in -B<bs>. +I<bs>. OCSP_resp_get0() returns a pointer to an B<OCSP_SINGLERESP> structure or -B<NULL> if B<idx> is out of range. +NULL if I<idx> is out of range. -OCSP_resp_find() returns the index of B<id> in B<bs> (which may be 0) or -1 if -B<id> was not found. +OCSP_resp_find() returns the index of I<id> in I<bs> (which may be 0) or -1 if +I<id> was not found. -OCSP_single_get0_status() returns the status of B<single> or -1 if an error +OCSP_single_get0_status() returns the status of I<single> or -1 if an error occurred. OCSP_resp_get0_signer() returns 1 if the signing certificate was located, @@ -171,15 +171,15 @@ can then take appropriate action based on the status of the certificate. An OCSP response for a certificate contains B<thisUpdate> and B<nextUpdate> fields. Normally the current time should be between these two values. To -account for clock skew the B<maxsec> field can be set to nonzero in +account for clock skew the I<maxsec> field can be set to nonzero in OCSP_check_validity(). Some responders do not set the B<nextUpdate> field, this would otherwise mean an ancient response would be considered valid: the -B<maxsec> parameter to OCSP_check_validity() can be used to limit the permitted +I<maxsec> parameter to OCSP_check_validity() can be used to limit the permitted age of responses. -The values written to B<*revtime>, B<*thisupd> and B<*nextupd> by +The values written to I<*revtime>, I<*thisupd> and I<*nextupd> by OCSP_resp_find_status() and OCSP_single_get0_status() are internal pointers -which B<MUST NOT> be freed up by the calling application. Any or all of these +which MUST NOT be freed up by the calling application. Any or all of these parameters can be set to NULL if their value is not required. =head1 SEE ALSO |