diff options
Diffstat (limited to 'doc/internal')
-rw-r--r-- | doc/internal/man3/ossl_cmp_hdr_init.pod | 6 | ||||
-rw-r--r-- | doc/internal/man3/ossl_cmp_mock_srv_new.pod | 85 | ||||
-rw-r--r-- | doc/internal/man3/ossl_cmp_pkisi_get_status.pod (renamed from doc/internal/man3/ossl_cmp_statusinfo_new.pod) | 53 |
3 files changed, 107 insertions, 37 deletions
diff --git a/doc/internal/man3/ossl_cmp_hdr_init.pod b/doc/internal/man3/ossl_cmp_hdr_init.pod index a7a4d87f09..31468a567b 100644 --- a/doc/internal/man3/ossl_cmp_hdr_init.pod +++ b/doc/internal/man3/ossl_cmp_hdr_init.pod @@ -14,7 +14,7 @@ ossl_cmp_hdr_push1_freeText, ossl_cmp_hdr_generalinfo_item_push0, ossl_cmp_hdr_generalinfo_items_push1, ossl_cmp_hdr_set_implicitConfirm, -ossl_cmp_hdr_check_implicitConfirm, +ossl_cmp_hdr_has_implicitConfirm, ossl_cmp_hdr_init - functions manipulating CMP message headers @@ -41,7 +41,7 @@ ossl_cmp_hdr_init int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, ASN1_UTF8STRING *text); int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr); - int ossl_cmp_hdr_check_implicitConfirm(OSSL_CMP_PKIHEADER *hdr); + int ossl_cmp_hdr_has_implicitConfirm(OSSL_CMP_PKIHEADER *hdr); int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); =head1 DESCRIPTION @@ -85,7 +85,7 @@ pointer. ossl_cmp_hdr_set_implicitConfirm() sets implicitConfirm in the generalInfo field of the PKIMessage header. -ossl_cmp_hdr_check_implicitConfirm() returns 1 if implicitConfirm is +ossl_cmp_hdr_has_implicitConfirm() returns 1 if implicitConfirm is set int generalInfo field of the given PKIMessage header, 0 if not. ossl_cmp_hdr_init() initializes a PKIHeader structure based on the diff --git a/doc/internal/man3/ossl_cmp_mock_srv_new.pod b/doc/internal/man3/ossl_cmp_mock_srv_new.pod new file mode 100644 index 0000000000..da1f44b391 --- /dev/null +++ b/doc/internal/man3/ossl_cmp_mock_srv_new.pod @@ -0,0 +1,85 @@ +=pod + +=head1 NAME + +ossl_cmp_mock_srv_new, +ossl_cmp_mock_srv_free, +ossl_cmp_mock_srv_set1_certOut, +ossl_cmp_mock_srv_set1_chainOut, +ossl_cmp_mock_srv_set1_caPubsOut, +ossl_cmp_mock_srv_set_statusInfo, +ossl_cmp_mock_srv_set_send_error, +ossl_cmp_mock_srv_set_pollCount, +ossl_cmp_mock_srv_set_checkAfterTime +- functions used for testing with CMP mock server + +=head1 SYNOPSIS + + #include <openssl/cmp.h> + + OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(void); + void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx); + + int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); + int ossl_cmp_mock_srv_set1_chainOut(OSSL_CMP_SRV_CTX *srv_ctx, + STACK_OF(X509) *chain); + int ossl_cmp_mock_srv_set1_caPubsOut(OSSL_CMP_SRV_CTX *srv_ctx, + STACK_OF(X509) *caPubs); + int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status, + int fail_info, const char *text); + int ossl_cmp_mock_srv_set_send_error(OSSL_CMP_SRV_CTX *srv_ctx, int val); + int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count); + int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec); + +=head1 DESCRIPTION + +ossl_cmp_mock_srv_new() allocates the contexts for the CMP mock server. + +ossl_cmp_mock_srv_free() deallocates the contexts for the CMP mock server. + +OSSL_CMP_SRV_CTX_set1_certOut() sets the certificate to be returned in +cp/ip/kup. + +OSSL_CMP_SRV_CTX_set1_chainOut() sets the certificate chain to be added to +the extraCerts in a cp/ip/kup. +It should to useful to validate B<certOut>. + +OSSL_CMP_SRV_CTX_set1_caPubsOut() sets the caPubs to be returned in an ip. + +OSSL_CMP_SRV_CTX_set_statusInfo() sets the status info to be returned. + +OSSL_CMP_SRV_CTX_set_send_error() enables enforcement of error responses. + +OSSL_CMP_SRV_CTX_set_pollCount() sets the number of polls before cert response. + +OSSL_CMP_SRV_CTX_set_checkAfterTime() sets the number of seconds +the client should wait for the next poll. + + +=head1 NOTES + +CMP is defined in RFC 4210 (and CRMF in RFC 4211). + +=head1 RETURN VALUES + +ossl_cmp_mock_srv() returns a B<OSSL_CMP_SRV_CTX> structure on success, +NULL on error. + +ossl_cmp_mock_srv_free() does not return a value. + +All other functions return 1 on success, 0 on error. + +=head1 HISTORY + +The OpenSSL CMP support was added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/doc/internal/man3/ossl_cmp_statusinfo_new.pod b/doc/internal/man3/ossl_cmp_pkisi_get_status.pod index ee7dd35cf5..deca1aa2bb 100644 --- a/doc/internal/man3/ossl_cmp_statusinfo_new.pod +++ b/doc/internal/man3/ossl_cmp_pkisi_get_status.pod @@ -2,13 +2,11 @@ =head1 NAME -ossl_cmp_statusinfo_new, -ossl_cmp_pkisi_pkistatus_get, -ossl_cmp_pkisi_pkifailureinfo_get, -ossl_cmp_pkisi_pkifailureinfo_check, -ossl_cmp_pkisi_failinfo_get0, -ossl_cmp_pkisi_statusstring_get0, -ossl_pkisi_snprint +ossl_cmp_pkisi_get_status, +ossl_cmp_PKIStatus_to_string, +ossl_cmp_pkisi_get0_statusString, +ossl_cmp_pkisi_get_pkifailureinfo, +ossl_cmp_pkisi_check_pkifailureinfo - functions for managing PKI status information =head1 SYNOPSIS @@ -44,40 +42,27 @@ ossl_pkisi_snprint # define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 # define OSSL_CMP_PKIFAILUREINFO_MAX 26 - OSSL_CMP_PKISI *ossl_cmp_statusinfo_new(int status, int fail_info, - const char *text); - int ossl_cmp_pkisi_pkistatus_get(OSSL_CMP_PKISI *si); - int ossl_cmp_pkisi_pkifailureinfo_get(OSSL_CMP_PKISI *si); - int ossl_cmp_pkisi_pkifailureinfo_check(OSSL_CMP_PKISI *si, int bit_index); - OSSL_CMP_PKIFAILUREINFO *ossl_cmp_pkisi_failinfo_get0(const OSSL_CMP_PKISI *si); - OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_statusstring_get0(const OSSL_CMP_PKISI *si); - char *ossl_pkisi_snprint(OSSL_CMP_PKISI *si, char *buf, int bufsize); + int ossl_cmp_pkisi_get_status(const OSSL_CMP_PKISI *si); + const char *ossl_cmp_PKIStatus_to_string(int status); + OSSL_CMP_PKIFREETEXT *ossl_cmp_pkisi_get0_statusString(const OSSL_CMP_PKISI *si); + int ossl_cmp_pkisi_get_pkifailureinfo(const OSSL_CMP_PKISI *si); + int ossl_cmp_pkisi_check_pkifailureinfo(const OSSL_CMP_PKISI *si, int index); =head1 DESCRIPTION -ossl_cmp_statusinfo_new() creates a new PKIStatusInfo structure and fills it -with the given values. It sets the status field to B<status>. -If B<text> is not NULL, it is copied to statusString. -B<fail_info> is is interpreted as bit pattern for the failInfo field. -Returns a pointer to the structure on success, or NULL on error. +ossl_cmp_pkisi_get_status() returns the PKIStatus of B<si>, or -1 on error. -ossl_cmp_pkisi_pkistatus_get() returns the PKIStatus of B<si>, or -1 on error. +ossl_cmp_PKIStatus_to_string() returns a human-readable string representing +the PKIStatus values as specified in RFC 4210, Appendix F. -ossl_cmp_pkisi_pkifailureinfo_get() returns the PKIFailureInfo bits -of B<si>, encoded as integer, or -1 on error. - -ossl_cmp_pkisi_pkifailureinfo_check() returns the state of the bit (0 or 1) -with index B<bit_index> in the PKIFailureInfo of the B<si>, or -1 on error. - -ossl_cmp_pkisi_failinfo_get0() returns a direct pointer to the failInfo -field contained in B<si>, or NULL on error. - -ossl_cmp_pkisi_statusstring_get0() returns a direct pointer to the statusString +ossl_cmp_pkisi_get0_statusString() returns a direct pointer to the statusString field contained in B<si>. -ossl_pkisi_snprint() places at max B<bufsize> characters of human-readable -error string of B<si> in pre-allocated B<buf>. Returns pointer to the same -B<buf> containing the string, or NULL on error. +ossl_cmp_pkisi_get_pkifailureinfo() returns the PKIFailureInfo bits +of B<si>, encoded as integer, or -1 on error. + +ossl_cmp_pkisi_check_pkifailureinfo() returns the state of the bit (0 or 1) +with index B<index> in the PKIFailureInfo of the B<si>, or -1 on error. =head1 NOTES |