diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2023-02-13 13:14:54 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2023-02-24 08:47:19 +0100 |
commit | 9fae775acf56d64854d76f0399a80919f9b115e7 (patch) | |
tree | 7c148136d99549df68f500a6ff45e6ea0519acc4 /doc | |
parent | 416e155a21ba188fcd88f2e32318886b19f8b311 (diff) |
CMS_add0_cert.pod: remove wrong text on duplicate CRLs; small further improvements
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20275)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/CMS_add0_cert.pod | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/doc/man3/CMS_add0_cert.pod b/doc/man3/CMS_add0_cert.pod index 734db9f7b9..54fe0787e7 100644 --- a/doc/man3/CMS_add0_cert.pod +++ b/doc/man3/CMS_add0_cert.pod @@ -20,6 +20,8 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge =head1 DESCRIPTION CMS_add0_cert() and CMS_add1_cert() add certificate I<cert> to I<cms>. +This is used by L<CMS_sign_ex()> and L<CMS_sign()> and may be used before +calling L<CMS_verify()> to help chain building in certificate validation. I<cms> must be of type signed data or (authenticated) enveloped data. For signed data, such a certificate can be used when signing or verifying to fill in the signer certificate or to provide an extra CA certificate @@ -29,7 +31,8 @@ CMS_get1_certs() returns all certificates in I<cms>. CMS_add0_crl() and CMS_add1_crl() add CRL I<crl> to I<cms>. I<cms> must be of type signed data or (authenticated) enveloped data. -For signed data, such a CRL may be used in certificate validation. +For signed data, such a CRL may be used in certificate validation +with L<CMS_verify()>. It may be given both for inclusion when signing a CMS message and when verifying a signed CMS message. @@ -48,8 +51,7 @@ As the I<0> implies CMS_add0_cert() adds I<cert> internally to I<cms> and it must not be freed up after the call as opposed to CMS_add1_cert() where I<cert> must be freed up. -The same certificate or CRL must not be added to the same cms structure more -than once. +The same certificate must not be added to the same cms structure more than once. =head1 RETURN VALUES @@ -63,7 +65,7 @@ in practice is if the I<cms> type is invalid. =head1 SEE ALSO L<ERR_get_error(3)>, -L<CMS_sign(3)>, +L<CMS_sign(3)>, L<CMS_sign_ex(3)>, L<CMS_verify(3)>, L<CMS_encrypt(3)> =head1 COPYRIGHT |