Topic: Where is the doc??

Hello,
I am trying to find doc on wolfSSL_CTX_load_verify_buffer_ex(...).

It doesn't exists ANYWHERE.  I've spend 30 minutes digging and searching, there isn't anything.

Every search takes me to stuff about version 4.2....

The prototype has TWO extra arguments compared to wolfSSL_CTX_load_verify_buffer(...)

One would think there should be only one, to handle the three option flags... But there are two.

And nothing is documented to explain anything.  It's all just Doxygen generated stuff, which should be outlawed for it's lack of usefulness.

-Scott
<Code shown is not to scale>

Share

Re: Where is the doc??

Hi Scotty2541,

Sorry about the documentation issue on `wolfSSL_CTX_load_verify_buffer_ex`. I added that API a few releases back for supporting loading of trusted certificates with some additional options to allow date override and forceful load.

The API definition is:

int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
                                         const unsigned char* in,
                                         long sz, int format, int userChain,
                                         word32 flags)

Additional two arguments:
* userChain: If using format WOLFSSL_FILETYPE_ASN1 this set to non-zero indicates a chain of DER's is being presented.
* flags: See ssl.h around WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS.

#define WOLFSSL_LOAD_FLAG_NONE          0x00000000
#define WOLFSSL_LOAD_FLAG_IGNORE_ERR    0x00000001
#define WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY 0x00000002
#define WOLFSSL_LOAD_FLAG_PEM_CA_ONLY   0x00000004

#ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS
#define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE
#endif

I've made note to add this to our doxygen in doc/dox_comments/header_files/ssl.h.

Thanks,
David Garske, wolfSSL

Share

Re: Where is the doc??

David,
Thanks.

When I looked into the header, all is has is this:

    WOLFSSL_API int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX*,
                                               const unsigned char*, long, int,
                                               int, word32);
    WOLFSSL_API int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX*,
                                               const unsigned char*, long, int);

Not very intuitive.  Nor is it enjoyable to dig through the actual source code trying to find the actual function.

I managed to find the flag definitions from a ChangeLog post.

Solved now.

-Scott

-Scott
<Code shown is not to scale>

Share

Re: Where is the doc??

Hi Scott,

I put up a PR with the `wolfSSL_CTX_load_verify_buffer_ex` API documentation. Thanks for reporting that.
https://github.com/wolfSSL/wolfssl/pull/4161

David Garske, wolfSSL

Share

5 (edited by ReesClaire 2021-07-06 01:08:35)

Re: Where is the doc??

Hi, I'm practicing making codes right now. Looking at your diagram and for some reason I didn't have much success, I don't know what I'm doing wrong, but I'll figure it out!!!

Share