| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211 |
- .\" -*- mode: troff; coding: utf-8 -*-
- .\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
- .\"
- .\" Standard preamble:
- .\" ========================================================================
- .de Sp \" Vertical space (when we can't use .PP)
- .if t .sp .5v
- .if n .sp
- ..
- .de Vb \" Begin verbatim text
- .ft CW
- .nf
- .ne \\$1
- ..
- .de Ve \" End verbatim text
- .ft R
- .fi
- ..
- .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
- .ie n \{\
- . ds C` ""
- . ds C' ""
- 'br\}
- .el\{\
- . ds C`
- . ds C'
- 'br\}
- .\"
- .\" Escape single quotes in literal strings from groff's Unicode transform.
- .ie \n(.g .ds Aq \(aq
- .el .ds Aq '
- .\"
- .\" If the F register is >0, we'll generate index entries on stderr for
- .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
- .\" entries marked with X<> in POD. Of course, you'll have to process the
- .\" output yourself in some meaningful fashion.
- .\"
- .\" Avoid warning from groff about undefined register 'F'.
- .de IX
- ..
- .nr rF 0
- .if \n(.g .if rF .nr rF 1
- .if (\n(rF:(\n(.g==0)) \{\
- . if \nF \{\
- . de IX
- . tm Index:\\$1\t\\n%\t"\\$2"
- ..
- . if !\nF==2 \{\
- . nr % 0
- . nr F 2
- . \}
- . \}
- .\}
- .rr rF
- .\" ========================================================================
- .\"
- .IX Title "TS_VERIFY_CTX 3ossl"
- .TH TS_VERIFY_CTX 3ossl 2025-01-17 3.4.0 OpenSSL
- .\" For nroff, turn off justification. Always turn off hyphenation; it makes
- .\" way too many mistakes in technical documents.
- .if n .ad l
- .nh
- .SH NAME
- TS_VERIFY_CTX, TS_VERIFY_CTX_new, TS_VERIFY_CTX_init, TS_VERIFY_CTX_free,
- TS_VERIFY_CTX_cleanup, TS_VERIFY_CTX_set_flags, TS_VERIFY_CTX_add_flags,
- TS_VERIFY_CTX_set0_data, TS_VERIFY_CTX_set0_imprint, TS_VERIFY_CTX_set0_store,
- TS_VERIFY_CTX_set0_certs, TS_VERIFY_CTX_set_certs, TS_VERIFY_CTS_set_certs,
- TS_VERIFY_CTX_set_data, TS_VERIFY_CTX_set_imprint, TS_VERIFY_CTX_set_store
- \&\- manage the TS response verification context
- .SH SYNOPSIS
- .IX Header "SYNOPSIS"
- .Vb 1
- \& #include <openssl/ts.h>
- \&
- \& typedef struct TS_verify_ctx TS_VERIFY_CTX;
- \&
- \& TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
- \& void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
- \& void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
- \& void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
- \& int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f);
- \& int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f);
- \& int TS_VERIFY_CTX_set0_data(TS_VERIFY_CTX *ctx, BIO *b);
- \& int TS_VERIFY_CTX_set0_imprint(TS_VERIFY_CTX *ctx,
- \& unsigned char *hexstr, long len);
- \& int TS_VERIFY_CTX_set0_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
- \& int TS_VERIFY_CTX_set0_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs);
- .Ve
- .PP
- The following functions have been deprecated since OpenSSL 3.4:
- .PP
- .Vb 6
- \& BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b);
- \& unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
- \& unsigned char *hexstr, long len);
- \& X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
- \& STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx,
- \& STACK_OF(X509) *certs);
- .Ve
- .PP
- The following function has been deprecated since OpenSSL 3.0:
- .PP
- .Vb 2
- \& STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx,
- \& STACK_OF(X509) *certs);
- .Ve
- .SH DESCRIPTION
- .IX Header "DESCRIPTION"
- The Time-Stamp Protocol (TSP) is defined by RFC 3161. TSP is a protocol used to
- provide long-term proof of the existence of certain data before a particular
- time. TSP defines a Time Stamping Authority (TSA) and an entity that makes
- requests to the TSA. Usually, the TSA is referred to as the server side, and the
- requesting entity is referred to as the client.
- .PP
- In TSP, when a server sends a response to a client, the server normally
- needs to sign the response data \- the TimeStampToken (TST) \- with its private
- key. Then the client verifies the received TST using the server's certificate
- chain.
- .PP
- For all the following methods, unless noted otherwise, \fIctx\fR is the
- verification context created in advance.
- .PP
- \&\fBTS_VERIFY_CTX_new()\fR returns an allocated \fBTS_VERIFY_CTX\fR structure.
- .PP
- \&\fBTS_VERIFY_CTX_init()\fR initializes a verification context.
- .PP
- \&\fBTS_VERIFY_CTX_free()\fR frees up a \fBTS_VERIFY_CTX\fR object. \fIctx\fR is the
- verification context to be freed. If \fIctx\fR is NULL, the call is ignored.
- .PP
- \&\fBTS_VERIFY_CTX_set_flags()\fR sets the flags in the verification context. \fIf\fR are
- the flags to be set.
- .PP
- \&\fBTS_VERIFY_CTX_add_flags()\fR adds flags to the verification context. \fIf\fR are the
- flags to be added (OR'd).
- .PP
- \&\fBTS_VERIFY_CTX_set0_data()\fR sets the data to be verified. \fIb\fR is the \fBBIO\fR with
- the data. A previously assigned \fBBIO\fR is freed.
- .PP
- \&\fBTS_VERIFY_CTX_set0_imprint()\fR sets the message imprint. \fIhexstr\fR is the
- message imprint to be assigned. A previously assigned imprint is freed.
- .PP
- \&\fBTS_VERIFY_CTX_set0_store()\fR sets the store for the verification context. \fIs\fR is
- the store to be assigned. A previously assigned store is freed.
- .PP
- \&\fBTS_VERIFY_CTX_set0_certs()\fR is used to set the server's certificate chain when
- verifying a TST. \fIcerts\fR is a stack of \fBX509\fR certificates.
- .PP
- \&\fBTS_VERIFY_CTX_cleanup()\fR frees all data associated with the given
- \&\fBTS_VERIFY_CTX\fR object and initializes it. \fIctx\fR is the verification context
- created in advance. If \fIctx\fR is NULL, the call is ignored.
- .PP
- All of the following functions described are deprecated. Applications should
- instead use the functions \fBTS_VERIFY_CTX_set0_data\fR\|(3),
- \&\fBTS_VERIFY_CTX_set0_imprint\fR\|(3), \fBTS_VERIFY_CTX_set0_store\fR\|(3),
- \&\fBTS_VERIFY_CTX_set0_certs\fR\|(3).
- .PP
- \&\fBTS_VERIFY_CTX_set_data()\fR is used to set the BIO with the data to be verified.
- A previously assigned BIO is \fBnot freed\fR by this call. \fIb\fR is the \fBBIO\fR
- with the data to assign.
- .PP
- \&\fBTS_VERIFY_CTX_set_imprint()\fR is used to set the message imprint. A previously
- assigned imprint \fBis freed\fR by this call. \fIhexstr\fR is the string with the
- message imprint to assign.
- .PP
- \&\fBTS_VERIFY_CTX_set_store()\fR is used to set the certificate store. A previously
- assigned store is \fBnot freed\fR by this call. \fIs\fR is the store to assign.
- .PP
- \&\fBTS_VERIFY_CTX_set_certs()\fR is used to set the server's certificate chain.
- A previously assigned stack is \fBnot freed\fR by this call. \fIcerts\fR is a stack
- of \fBX509\fR certificates.
- .PP
- \&\fBTS_VERIFY_CTS_set_certs()\fR is a misspelled version of \fBTS_VERIFY_CTX_set_certs()\fR
- which takes the same parameters and returns the same result.
- .SH "RETURN VALUES"
- .IX Header "RETURN VALUES"
- \&\fBTS_VERIFY_CTX_new()\fR returns an allocated \fBTS_VERIFY_CTX\fR structure.
- .PP
- \&\fBTS_VERIFY_CTX_set_flags()\fR returns the flags passed via parameter \fIf\fR.
- .PP
- \&\fBTS_VERIFY_CTX_add_flags()\fR returns the flags of the context after the ones
- passed via parameter \fIf\fR are added to it.
- .PP
- \&\fBTS_VERIFY_CTX_set0_data()\fR, \fBTS_VERIFY_CTX_set0_imprint()\fR,
- \&\fBTS_VERIFY_CTX_set0_store()\fR, and \fBTS_VERIFY_CTX_set0_certs()\fR return 1 if the
- value could be successfully set and 0 in case of any error.
- .PP
- The deprecated functions \fBTS_VERIFY_CTX_set_data()\fR, \fBTS_VERIFY_CTX_set_imprint()\fR,
- \&\fBTS_VERIFY_CTX_set_store()\fR, \fBTS_VERIFY_CTX_set_certs()\fR return the parameter
- the user passes via parameter \fIbio\fR, \fIhexstr\fR, \fIs\fR or \fIcerts\fR.
- .SH "SEE ALSO"
- .IX Header "SEE ALSO"
- \&\fBOSSL_ESS_check_signing_certs\fR\|(3)
- .SH HISTORY
- .IX Header "HISTORY"
- \&\fBTS_VERIFY_CTX_set0_data()\fR, \fBTS_VERIFY_CTX_set0_imprint()\fR,
- \&\fBTS_VERIFY_CTX_set0_store()\fR, \fBTS_VERIFY_CTX_set0_certs()\fR replace the functions
- \&\fBTS_VERIFY_CTX_set_data()\fR, \fBTS_VERIFY_CTX_set_imprint()\fR,
- \&\fBTS_VERIFY_CTX_set_store()\fR, \fBTS_VERIFY_CTX_set_certs()\fR that were deprecated
- in OpenSSL 3.4.0.
- .PP
- The spelling of \fBTS_VERIFY_CTX_set_certs()\fR was corrected in OpenSSL 3.0.0.
- The misspelled version \fBTS_VERIFY_CTS_set_certs()\fR has been retained for
- compatibility reasons, but it is deprecated in OpenSSL 3.0.0.
- .SH COPYRIGHT
- .IX Header "COPYRIGHT"
- Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved.
- .PP
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- <https://www.openssl.org/source/license.html>.
|