Commit 6e9a4f9353 for openssl.org
commit 6e9a4f9353ed8213358557c7827c516805c5a053
Author: Jon Ericson <jon@jlericson.com>
Date: Mon Mar 30 10:05:14 2026 -0700
ossl-guide-migration: Format function names correctly
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
MergeDate: Wed Apr 15 10:53:59 2026
(Merged from https://github.com/openssl/openssl/pull/30629)
diff --git a/doc/man7/ossl-guide-migration.pod b/doc/man7/ossl-guide-migration.pod
index 4cadf4abca..6d674db431 100644
--- a/doc/man7/ossl-guide-migration.pod
+++ b/doc/man7/ossl-guide-migration.pod
@@ -65,25 +65,25 @@ an ASN1_BIT_STRING type, instead of direct flag and structure manipulation.
B<ASN1_STRING> is the basis for many types in OpenSSL. Since OpenSSL 1.1.1
accessor functions have been available to access and create B<ASN1_STRING>
-values of various types. See ASN1_STRING_type_new(3),
-ASN1_STRING_get0_data(3), ASN1_STRING_set(3) and ASN1_STRING_length(3).
+values of various types. See L<ASN1_STRING_type_new(3)>,
+L<ASN1_STRING_get0_data(3)>, L<ASN1_STRING_set(3)> and L<ASN1_STRING_length(3)>.
If your code uses direct access to B<ASN1_STRING> structure members you will
need to convert it to allocate the correct type B<ASN1_STRING>, and use accessors.
If your code has in the past used an B<ASN1_STRING> as a stack allocated
object, you will need to allocate it from the heap with
-ASN1_STRING_new(3) or ASN1_STRING_type_new(3).
+L<ASN1_STRING_new(3)> or L<ASN1_STRING_type_new(3)>.
The flags member of B<ASN1_STRING> has become inaccessible, and the definitions
of the flags are no longer public. This includes the public definition
of the flags:
-B<ASN1_STRING_FLAG_NDEF>
-B<ASN1_STRING_FLAG_CONT>
-B<ASN1_STRING_FLAG_MSTRING>
-B<ASN1_STRING_FLAG_EMBED>
-B<ASN1_STRING_FLAG_BITS_LEFT>
+ASN1_STRING_FLAG_NDEF,
+ASN1_STRING_FLAG_CONT,
+ASN1_STRING_FLAG_MSTRING,
+ASN1_STRING_FLAG_EMBED,
+ASN1_STRING_FLAG_BITS_LEFT
For the first four values, these were internal use flags which were never
user settable in a way that would not cause things to break.
@@ -93,10 +93,10 @@ value of unused bits left - Most applications do not touch this. You
should not use ASN1_STRING_set() to set the value of an
B<ASN1_BIT_STRING> that may have unused bits on the end. To ensure
the number of unused bits is correctly set in an B<ASN1_BIT_STRING>
-type, use the functions ASN1_BIT_STRING_set_bit(3) or
-ASN1_BIT_STRING_set1(3) to set the value of an B<ASN1_BIT_STRING>, and
+type, use the functions L<ASN1_BIT_STRING_set_bit(3)> or
+L<ASN1_BIT_STRING_set1(3)> to set the value of an B<ASN1_BIT_STRING>, and
ensure that the number of unused bits is correctly set. The function
-ASN1_BIT_STRING_get_length(3) may be used to retrieve the length in
+L<ASN1_BIT_STRING_get_length(3)> may be used to retrieve the length in
bytes, and the number of unused bits of an B<ASN1_BIT_STRING>.
=head3 Constification of B<X509> functions
@@ -120,67 +120,72 @@ bearing in mind that your copy has no effect on the original B<X509> object itse
The following functions have had arguments / return values related to B<X509>
constified. For full details see their relevant manual pages.
-NAME_CONSTRAINTS_check
-NAME_CONSTRAINTS_check_CN
-X509_add_cert
-X509_add_ext
-X509_alias_get0
-X509_build_chain
-X509_chain_check_suiteb
-X509_check_ca
-X509_check_email
-X509_check_host
-X509_check_ip
-X509_check_ip_asc
-X509_check_issued
-X509_check_purpose
-X509_check_trust
-X509_CRL_get0_by_cert
-X509_find_by_issuer_and_serial
-X509_find_by_subject
-X509_get_ext
-X509_get_extended_key_usage
-X509_get_extension_flags
-X509_get_key_usage
-X509_get_pathlen
-X509_get_proxy_pathlen
-X509_get_pubkey
-X509_get_pubkey_parameters
-X509_get_signature_info
-X509_get0_authority_issuer
-X509_get0_authority_key_id
-X509_get0_authority_serial
-X509_get0_pubkey
-X509_get0_reject_objects
-X509_get0_subject_key_id
-X509_get0_subject_key_id
-X509_get0_trust_objects
-X509_get1_email
-X509_get1_ocsp
-X509_issuer_and_serial_hash
-X509_issuer_name_hash
-X509_issuer_name_hash_old
-X509_keyid_get0
-X509_load_http
-X509_print_ex_fp
-X509_print_fp
-X509_REQ_get1_email
-X509_REQ_to_X509
-X509_self_signed
-X509_STORE_add_cert
-X509_STORE_CTX_get1_issuer
-X509_subject_name_hash
-X509_subject_name_hash_old
-X509_to_X509_REQ
-X509_TRUST_add
-X509v3_addr_validate_resource_set
+NAME_CONSTRAINTS_check,
+NAME_CONSTRAINTS_check_CN,
+L<X509_add_cert(3)>,
+L<X509_add_ext(3)>,
+X509_alias_get0,
+L<X509_build_chain(3)>,
+X509_chain_check_suiteb,
+L<X509_check_ca(3)>,
+L<X509_check_email(3)>,
+L<X509_check_host(3)>,
+L<X509_check_ip(3)>,
+L<X509_check_ip_asc(3)>,
+L<X509_check_issued(3)>,
+L<X509_check_purpose(3)>,
+X509_check_trust,
+L<X509_CRL_get0_by_cert(3)>,
+X509_find_by_issuer_and_serial,
+X509_find_by_subject,
+L<X509_get_ext(3)>,
+L<X509_get_extended_key_usage(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_key_usage(3)>,
+L<X509_get_pathlen(3)>,
+L<X509_get_proxy_pathlen(3)>,
+L<X509_get_pubkey(3)>,
+X509_get_pubkey_parameters,
+L<X509_get_signature_info(3)>,
+L<X509_get0_authority_issuer(3)>,
+L<X509_get0_authority_key_id(3)>,
+L<X509_get0_authority_serial(3)>,
+L<X509_get0_pubkey(3)>,
+X509_get0_reject_objects,
+L<X509_get0_subject_key_id(3)>,
+L<X509_get0_subject_key_id(3)>,
+X509_get0_trust_objects,
+X509_get1_email,
+X509_get1_ocsp,
+X509_issuer_and_serial_hash,
+L<X509_issuer_name_hash(3)>,
+X509_issuer_name_hash_old,
+X509_keyid_get0,
+L<X509_load_http(3)>,
+X509_print_ex_fp,
+X509_print_fp,
+X509_REQ_get1_email,
+X509_REQ_to_X509,
+L<X509_self_signed(3)>,
+L<X509_STORE_add_cert(3)>,
+L<X509_STORE_CTX_get1_issuer(3)>,
+L<X509_subject_name_hash(3)>,
+X509_subject_name_hash_old,
+X509_to_X509_REQ,
+X509_TRUST_add,
+X509v3_addr_validate_resource_set,
X509v3_asid_validate_resource_set
The following two functions we "un-constified" As they were documented as returning
an explicitly mutable pointer from within an B<X509> object:
-X509_getm_notAfter
-X509_getm_notBefore
+=over 4
+
+=item L<X509_getm_notAfter(3)>
+
+=item L<X509_getm_notBefore(3)>
+
+=back
=head3 Removal of atexit() usage