Install the new page SSL_set1_host(3), link to it from relevant places,

and add two other .Xrs that might help readers find their way.
Update the merge notices of all files touched and
merge a few trivial changes from the OpenSSL 1.1.1 branch.
OK tb@

6 files changed, 31 insertions, 22 deletions

diff --git a/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index 5e45278604c..33cca3b4b3e 100644
--- a/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,6 +1,6 @@
-.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.14 2018/04/07 13:57:43 jmc Exp $
+.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.15 2020/09/17 08:04:22 schwarze Exp $
 .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500
-.\" selective merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
+.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
 .\"
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 7 2018 $
+.Dd $Mdocdate: September 17 2020 $
 .Dt X509_VERIFY_PARAM_SET_FLAGS 3
 .Os
 .Sh NAME
@@ -337,7 +337,7 @@ in a chain.
 .Fn X509_VERIFY_PARAM_set1_host
 sets the expected DNS hostname to
 .Fa name
-clearing any previously specified host name or names.
+clearing any previously specified hostname or names.
 If
 .Fa name
 is
@@ -693,6 +693,7 @@ SSL_CTX_set1_param(ctx, param);
 X509_VERIFY_PARAM_free(param);
 .Ed
 .Sh SEE ALSO
+.Xr SSL_set1_host 3 ,
 .Xr SSL_set1_param 3 ,
 .Xr X509_check_host 3 ,
 .Xr X509_STORE_CTX_set0_param 3 ,
diff --git a/lib/libcrypto/man/X509_check_host.3 b/lib/libcrypto/man/X509_check_host.3
index a2c91af1adb..dbc56c0d215 100644
--- a/lib/libcrypto/man/X509_check_host.3
+++ b/lib/libcrypto/man/X509_check_host.3
@@ -1,5 +1,6 @@
-.\" $OpenBSD: X509_check_host.3,v 1.5 2019/08/23 12:23:39 schwarze Exp $
-.\" full merge up to: OpenSSL 6738bf14 Feb 13 12:51:29 2018 +0000
+.\" $OpenBSD: X509_check_host.3,v 1.6 2020/09/17 08:04:22 schwarze Exp $
+.\" full merge up to: OpenSSL a09e4d24 Jun 12 01:56:31 2014 -0400
+.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
 .\"
 .\" This file was written by Florian Weimer <fweimer@redhat.com> and
 .\" Viktor Dukhovni <openssl-users@dukhovni.org>.
@@ -50,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 23 2019 $
+.Dd $Mdocdate: September 17 2020 $
 .Dt X509_CHECK_HOST 3
 .Os
 .Sh NAME
@@ -91,13 +92,13 @@
 .Fc
 .Sh DESCRIPTION
 The certificate matching functions are used to check whether a
-certificate matches a given host name, email address, or IP address.
+certificate matches a given hostname, email address, or IP address.
 The validity of the certificate and its trust level has to be checked by
 other means.
 .Pp
 .Fn X509_check_host
 checks if the certificate Subject Alternative Name (SAN) or Subject
-CommonName (CN) matches the specified host name, which must be encoded
+CommonName (CN) matches the specified hostname, which must be encoded
 in the preferred name syntax described in section 3.5 of RFC 1034.
 By default, wildcards are supported and they match only in the
 left-most label; they may match part of that label with an
@@ -234,9 +235,11 @@ returns -2 if the provided
 .Fa name
 contains embedded NUL bytes.
 .Sh SEE ALSO
+.Xr SSL_set1_host 3 ,
 .Xr X509_EXTENSION_new 3 ,
 .Xr X509_get1_email 3 ,
-.Xr X509_new 3
+.Xr X509_new 3 ,
+.Xr X509_VERIFY_PARAM_set1_host 3
 .Sh HISTORY
 These functions first appeared in OpenSSL 1.0.2
 and have been available since
diff --git a/lib/libssl/man/Makefile b/lib/libssl/man/Makefile
index 4c3157bd950..0ea04a30775 100644
--- a/lib/libssl/man/Makefile
+++ b/lib/libssl/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.66 2019/04/05 18:29:43 schwarze Exp $
+# $OpenBSD: Makefile,v 1.67 2020/09/17 08:04:22 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -102,6 +102,7 @@ MAN =	BIO_f_ssl.3 \
 	SSL_renegotiate.3 \
 	SSL_rstate_string.3 \
 	SSL_session_reused.3 \
+	SSL_set1_host.3 \
 	SSL_set1_param.3 \
 	SSL_set_bio.3 \
 	SSL_set_connect_state.3 \
diff --git a/lib/libssl/man/SSL_CTX_set_verify.3 b/lib/libssl/man/SSL_CTX_set_verify.3
index 40a09de902a..5b137358ab2 100644
--- a/lib/libssl/man/SSL_CTX_set_verify.3
+++ b/lib/libssl/man/SSL_CTX_set_verify.3
@@ -1,6 +1,6 @@
-.\" $OpenBSD: SSL_CTX_set_verify.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $
+.\" $OpenBSD: SSL_CTX_set_verify.3,v 1.8 2020/09/17 08:04:22 schwarze Exp $
 .\" full merge up to: OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
-.\" selective merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
+.\" selective merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
 .\" Copyright (c) 2000, 2001, 2002, 2003, 2014 The OpenSSL Project.
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 27 2018 $
+.Dd $Mdocdate: September 17 2020 $
 .Dt SSL_CTX_SET_VERIFY 3
 .Os
 .Sh NAME
@@ -443,7 +443,8 @@ if (peer = SSL_get_peer_certificate(ssl)) {
 .Xr SSL_get_ex_new_index 3 ,
 .Xr SSL_get_peer_certificate 3 ,
 .Xr SSL_get_verify_result 3 ,
-.Xr SSL_new 3
+.Xr SSL_new 3 ,
+.Xr SSL_set1_host 3
 .Sh HISTORY
 .Fn SSL_set_verify
 appeared in SSLeay 0.4 or earlier.
diff --git a/lib/libssl/man/SSL_get_peer_certificate.3 b/lib/libssl/man/SSL_get_peer_certificate.3
index 5e7247f4d17..358026d396e 100644
--- a/lib/libssl/man/SSL_get_peer_certificate.3
+++ b/lib/libssl/man/SSL_get_peer_certificate.3
@@ -1,5 +1,5 @@
-.\"	$OpenBSD: SSL_get_peer_certificate.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
+.\" $OpenBSD: SSL_get_peer_certificate.3,v 1.5 2020/09/17 08:04:22 schwarze Exp $
+.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
 .\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project.  All rights reserved.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 27 2018 $
+.Dd $Mdocdate: September 17 2020 $
 .Dt SSL_GET_PEER_CERTIFICATE 3
 .Os
 .Sh NAME
@@ -97,7 +97,8 @@ The return value points to the certificate presented by the peer.
 .Sh SEE ALSO
 .Xr ssl 3 ,
 .Xr SSL_CTX_set_verify 3 ,
-.Xr SSL_get_verify_result 3
+.Xr SSL_get_verify_result 3 ,
+.Xr SSL_get0_peername 3
 .Sh HISTORY
 .Fn SSL_get_peer_certificate
 appeared in SSLeay 0.4 or earlier and has been available since
diff --git a/lib/libssl/man/SSL_get_verify_result.3 b/lib/libssl/man/SSL_get_verify_result.3
index ec4df2d38e0..03c4210084e 100644
--- a/lib/libssl/man/SSL_get_verify_result.3
+++ b/lib/libssl/man/SSL_get_verify_result.3
@@ -1,5 +1,5 @@
-.\"	$OpenBSD: SSL_get_verify_result.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
+.\" $OpenBSD: SSL_get_verify_result.3,v 1.5 2020/09/17 08:04:22 schwarze Exp $
+.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
 .\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project.  All rights reserved.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 27 2018 $
+.Dd $Mdocdate: September 17 2020 $
 .Dt SSL_GET_VERIFY_RESULT 3
 .Os
 .Sh NAME
@@ -84,7 +84,9 @@ Documented in
 .Sh SEE ALSO
 .Xr openssl 1 ,
 .Xr ssl 3 ,
+.Xr SSL_CTX_set_verify 3 ,
 .Xr SSL_get_peer_certificate 3 ,
+.Xr SSL_get0_peername 3 ,
 .Xr SSL_set_verify_result 3
 .Sh HISTORY
 .Fn SSL_get_verify_result