[openssl] master update

kaishen.yy at antfin.com kaishen.yy at antfin.com
Thu Jan 16 03:29:32 UTC 2020


The branch master has been updated
       via  9372ddf1a294d61dcbf507680e4e3d5b094ef71d (commit)
      from  9ec7b6ad12529d2ab05b0b18fdabe1b12123f9d5 (commit)


- Log -----------------------------------------------------------------
commit 9372ddf1a294d61dcbf507680e4e3d5b094ef71d
Author: Paul Yang <kaishen.yy at antfin.com>
Date:   Tue Sep 10 13:08:29 2019 +0800

    Add doc for TS_VERIFY_CTX_set_certs()
    
    This addition is based on PR #9472.
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    (Merged from https://github.com/openssl/openssl/pull/9838)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/TS_VERIFY_CTX_set_certs.pod | 57 ++++++++++++++++++++++++++++++++++++
 util/missingcrypto.txt               |  1 -
 util/missingmacro.txt                |  1 -
 util/other.syms                      |  1 +
 4 files changed, 58 insertions(+), 2 deletions(-)
 create mode 100644 doc/man3/TS_VERIFY_CTX_set_certs.pod

diff --git a/doc/man3/TS_VERIFY_CTX_set_certs.pod b/doc/man3/TS_VERIFY_CTX_set_certs.pod
new file mode 100644
index 0000000000..a7aae4acda
--- /dev/null
+++ b/doc/man3/TS_VERIFY_CTX_set_certs.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+TS_VERIFY_CTX_set_certs, TS_VERIFY_CTS_set_certs
+- set certificates for TS response verification
+
+=head1 SYNOPSIS
+
+ #include <openssl/ts.h>
+
+ STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx,
+                                         STACK_OF(X509) *certs);
+ STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx,
+                                         STACK_OF(X509) *certs);
+
+=head1 DESCRIPTION
+
+The Time-Stamp Protocol (TSP) is defined by RFC 3161. TSP is a protocol used to
+provide long term proof of the existence of a certain datum before a particular
+time. TSP defines a Time Stamping Authority (TSA) and an entity who shall make
+requests to the TSA. Usually the TSA is denoted as the server side and the
+requesting entity is denoted as the client.
+
+In TSP, when a server is sending a response to a client, the server normally
+needs to sign the response data - the TimeStampToken (TST) - with its private
+key. Then the client shall verify the received TST by the server's certificate
+chain.
+
+TS_VERIFY_CTX_set_certs() is used to set the server's certificate chain when
+verifying a TST. B<ctx> is the verification context created in advance and
+B<certs> is a stack of B<X509> certificates.
+
+TS_VERIFY_CTS_set_certs() is a misspelled version of TS_VERIFY_CTX_set_certs()
+which takes the same parameters and returns the same result.
+
+=head1 RETURN VALUES
+
+TS_VERIFY_CTX_set_certs() returns the stack of B<X509> certificates the user
+passes in via parameter B<certs>.
+
+=head1 HISTORY
+
+The spelling of TS_VERIFY_CTX_set_certs() was corrected in OpenSSL 3.0.0.
+The misspelled version TS_VERIFY_CTS_set_certs() has been retained for
+compatibility reasons, but it is deprecated in OpenSSL 3.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
index cf6824d49e..7f1cf49ab3 100644
--- a/util/missingcrypto.txt
+++ b/util/missingcrypto.txt
@@ -1070,7 +1070,6 @@ TS_TST_INFO_set_serial(3)
 TS_TST_INFO_set_time(3)
 TS_TST_INFO_set_tsa(3)
 TS_TST_INFO_set_version(3)
-TS_VERIFY_CTX_set_certs(3)
 TS_VERIFY_CTX_add_flags(3)
 TS_VERIFY_CTX_cleanup(3)
 TS_VERIFY_CTX_free(3)
diff --git a/util/missingmacro.txt b/util/missingmacro.txt
index 3d825b199d..8738c87d9f 100644
--- a/util/missingmacro.txt
+++ b/util/missingmacro.txt
@@ -175,4 +175,3 @@ X509V3_set_ctx_test(3)
 X509V3_set_ctx_nodb(3)
 EXT_BITSTRING(3)
 EXT_IA5STRING(3)
-TS_VERIFY_CTS_set_certs(3)
diff --git a/util/other.syms b/util/other.syms
index c6b2404f2c..b57af07c7d 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -562,3 +562,4 @@ OSSL_TRACE_CANCEL                       define
 OSSL_TRACE1                             define
 OSSL_TRACE2                             define
 OSSL_TRACE9                             define
+TS_VERIFY_CTS_set_certs                 define deprecated 3.0.0


More information about the openssl-commits mailing list