diff options
author | Damian Hobson-Garcia <dhobsong@igel.co.jp> | 2023-06-30 17:03:57 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-04-24 14:05:35 +0100 |
commit | b97fb22f596bfb528e69402b1bdcdf144a563918 (patch) | |
tree | d1595ff10774bf761f6889e9f2131afff8e741fa /doc | |
parent | 62960b8710a39d58fe386a51dccbd35bd973220f (diff) |
x509_acert: Add API to sign and verify attribute certificates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/X509_sign.pod | 10 | ||||
-rw-r--r-- | doc/man3/X509_verify.pod | 12 |
2 files changed, 19 insertions, 3 deletions
diff --git a/doc/man3/X509_sign.pod b/doc/man3/X509_sign.pod index 7ca8a1a55e..75c968b114 100644 --- a/doc/man3/X509_sign.pod +++ b/doc/man3/X509_sign.pod @@ -4,6 +4,7 @@ X509_sign, X509_sign_ctx, X509_REQ_sign, X509_REQ_sign_ctx, +X509_ACERT_sign, X509_ACERT_sign_ctx, X509_CRL_sign, X509_CRL_sign_ctx - sign certificate, certificate request, or CRL signature @@ -20,6 +21,11 @@ sign certificate, certificate request, or CRL signature int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); + #include <openssl/x509_acert.h> + + int X509_ACERT_sign(X509_ACERT *x, EVP_PKEY *pkey, const EVP_MD *md); + int X509_ACERT_sign_ctx(X509_ACERT *x, EVP_MD_CTX *ctx); + =head1 DESCRIPTION X509_sign() signs certificate I<x> using private key I<pkey> and message @@ -29,6 +35,7 @@ If the certificate information includes X.509 extensions, these two functions make sure that the certificate bears X.509 version 3. X509_REQ_sign(), X509_REQ_sign_ctx(), +X509_ACERT_sign(), X509_ACERT_sign_ctx(), X509_CRL_sign(), and X509_CRL_sign_ctx() sign certificate requests and CRLs, respectively. @@ -68,6 +75,9 @@ available in all versions of OpenSSL. The X509_sign_ctx(), X509_REQ_sign_ctx() and X509_CRL_sign_ctx() functions were added in OpenSSL 1.0.1. +The X509_ACERT_sign() and X509_ACERT_sign_ctx() functions were added +in OpenSSL 3.4. + =head1 COPYRIGHT Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/X509_verify.pod b/doc/man3/X509_verify.pod index 8cdb2154ae..e6c35675f8 100644 --- a/doc/man3/X509_verify.pod +++ b/doc/man3/X509_verify.pod @@ -4,7 +4,7 @@ X509_verify, X509_self_signed, X509_REQ_verify_ex, X509_REQ_verify, -X509_CRL_verify - +X509_CRL_verify, X509_ACERT_verify - verify certificate, certificate request, or CRL signature =head1 SYNOPSIS @@ -19,6 +19,9 @@ verify certificate, certificate request, or CRL signature int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); + #include <openssl/x509_acert.h> + int X509_ACERT_verify(X509_CRL *a, EVP_PKEY *r); + =head1 DESCRIPTION X509_verify() verifies the signature of certificate I<x> using public key @@ -31,8 +34,9 @@ authority key identifier (if present) must match the subject key identifier etc. The signature itself is actually verified only if B<verify_signature> is 1, as for explicitly trusted certificates this verification is not worth the effort. -X509_REQ_verify_ex(), X509_REQ_verify() and X509_CRL_verify() -verify the signatures of certificate requests and CRLs, respectively. +X509_REQ_verify_ex(), X509_REQ_verify(), X509_CRL_verify() and X509_ACERT_verify() +verify the signatures of certificate requests, CRLs and attribute certificates +respectively. =head1 RETURN VALUES @@ -71,6 +75,8 @@ functions are available in all versions of OpenSSL. X509_REQ_verify_ex(), and X509_self_signed() were added in OpenSSL 3.0. +X509_ACERT_verify() was added in OpenSSL 3.4. + =head1 COPYRIGHT Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. |