diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2021-10-23 15:37:00 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2021-10-23 15:37:00 +0000 |
commit | 180e7a41a12467d24c6de074c928aa380fd0b640 (patch) | |
tree | 474403154cd66aa494f86431b1e6f0f0a0909cac /lib/libssl | |
parent | afeb3b537c19c5ef18d542898def756a7c6b2e06 (diff) |
oops, wrong dir.
pointed out by schwarze
Diffstat (limited to 'lib/libssl')
-rw-r--r-- | lib/libssl/man/X509_SIG_get0.3 | 90 | ||||
-rw-r--r-- | lib/libssl/man/X509_get_extension_flags.3 | 211 |
2 files changed, 0 insertions, 301 deletions
diff --git a/lib/libssl/man/X509_SIG_get0.3 b/lib/libssl/man/X509_SIG_get0.3 deleted file mode 100644 index a05c9c25b7a..00000000000 --- a/lib/libssl/man/X509_SIG_get0.3 +++ /dev/null @@ -1,90 +0,0 @@ -.\" $OpenBSD: X509_SIG_get0.3,v 1.1 2021/10/23 15:27:46 tb Exp $ -.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 -.\" -.\" This file was written by Dr. Stephen Henson <steve@openssl.org>. -.\" Copyright (c) 2016 The OpenSSL Project. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: October 23 2021 $ -.Dt X509_SIG_GET0 3 -.Os -.Sh NAME -.Nm X509_SIG_get0 , -.Nm X509_SIG_getm -.Nd DigestInfo functions -.Sh SYNOPSIS -.In openssl/x509.h -.Ft void -.Fo X509_SIG_get0 -.Fa "const X509_SIG *sig" -.Fa "const X509_ALGOR **palg" -.Fa "const ASN1_OCTET_STRING **pdigest" -.Fc -.Ft void -.Fo X509_SIG_getm -.Fa "X509_SIG *sig" -.Fa "X509_ALGOR **palg" -.Fa "ASN1_OCTET_STRING **pdigest" -.Fc -.Sh DESCRIPTION -.Fn X509_SIG_get0 -returns pointers to the algorithm identifier and digest value in -.Fa sig . -.Fn X509_SIG_getm -is identical to -.Fn X509_SIG_get0 , -except the pointers returned are not constant and can be modified, -for example to initialise them. -.Sh SEE ALSO -.Xr d2i_X509 3 , -.Xr X509_SIG_new 3 -.Sh HISTORY -.Fn X509_SIG_get0 -and -.Fn X509_SIG_getm -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 7.1 . diff --git a/lib/libssl/man/X509_get_extension_flags.3 b/lib/libssl/man/X509_get_extension_flags.3 deleted file mode 100644 index 665f59a8090..00000000000 --- a/lib/libssl/man/X509_get_extension_flags.3 +++ /dev/null @@ -1,211 +0,0 @@ -.\" $OpenBSD: X509_get_extension_flags.3,v 1.1 2021/10/23 15:30:07 tb Exp $ -.\" full merge up to: OpenSSL 361136f4 Sep 1 18:56:58 2015 +0100 -.\" selective merge up to: OpenSSL 2b2e3106f Feb 16 15:04:45 2021 +0000 -.\" -.\" This file was written by Dr. Stephen Henson <steve@openssl.org>. -.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: October 23 2021 $ -.Dt X509_GET_EXTENSION_FLAGS 3 -.Os -.Sh NAME -.Nm X509_get_extension_flags , -.Nm X509_get_key_usage , -.Nm X509_get_extended_key_usage -.Nd retrieve certificate extension data -.Sh SYNOPSIS -.In openssl/x509v3.h -.Ft uint32_t -.Fo X509_get_extension_flags -.Fa "X509 *x" -.Fc -.Ft uint32_t -.Fo X509_get_key_usage -.Fa "X509 *x" -.Fc -.Ft uint32_t -.Fo X509_get_extended_key_usage -.Fa "X509 *x" -.Fc -.Sh DESCRIPTION -These functions retrieve information related to commonly used -certificate extensions. -.Pp -.Fn X509_get_extension_flags -retrieves general information about a certificate, it will return one or -more of the following flags ored together. -.Bl -tag -width Ds -.It Dv EXFLAG_V1 -The certificate is an obsolete version 1 certificate. -.It Dv EXFLAG_BCONS -The certificate contains a basic constraints extension. -.It Dv EXFLAG_CA -The certificate contains basic constraints and asserts the CA flag. -.It Dv EXFLAG_PROXY -The certificate is a valid proxy certificate. -.It Dv EXFLAG_SI -The certificate is self issued (that is subject and issuer names match). -.It Dv EXFLAG_SS -The subject and issuer names match and extension values imply it is self -signed. -.It Dv EXFLAG_FRESHEST -The freshest CRL extension is present in the certificate. -.It Dv EXFLAG_CRITICAL -The certificate contains an unhandled critical extension. -.It Dv EXFLAG_INVALID -Some certificate extension values are invalid or inconsistent. -The certificate should be rejected. -This bit may also be raised after an out-of-memory error while -processing the X509 object, so it may not be related to the processed -ASN1 object itself. -.\" EXFLAG_NO_FINGERPRINT is not available in LibreSSL. Do we need -.\" https://github.com/openssl/openssl/issues/13698 and the fix it fixes? -.\".It Dv EXFLAG_NO_FINGERPRINT -.\" Failed to compute the internal SHA1 hash value of the certificate. -.\" This may be due to malloc failure or because no SHA1 implementation was -.\" found. -.It Dv EXFLAG_INVALID_POLICY -The -.Dv NID_certificate_policies -certificate extension is invalid or inconsistent. -The certificate should be rejected. -This bit may also be raised after an out-of-memory error while -processing the X509 object, so it may not be related to the processed -ASN1 object itself. -.It Dv EXFLAG_KUSAGE -The certificate contains a key usage extension. -The value can be retrieved using -.Fn X509_get_key_usage . -.It Dv EXFLAG_XKUSAGE -The certificate contains an extended key usage extension. -The value can be retrieved using -.Fn X509_get_extended_key_usage . -.El -.Pp -.Fn X509_get_key_usage -returns the value of the key usage extension. -If key usage is present will return zero or more of the flags: -.Dv KU_DIGITAL_SIGNATURE , -.Dv KU_NON_REPUDIATION , -.Dv KU_KEY_ENCIPHERMENT , -.Dv KU_DATA_ENCIPHERMENT , -.Dv KU_KEY_AGREEMENT , -.Dv KU_KEY_CERT_SIGN , -.Dv KU_CRL_SIGN , -.Dv KU_ENCIPHER_ONLY -or -.Dv KU_DECIPHER_ONLY -corresponding to individual key usage bits. -If key usage is absent then -.Dv UINT32_MAX -is returned. -.Pp -.Fn X509_get_extended_key_usage -returns the value of the extended key usage extension. -If extended key usage is present it will return zero or more of the -flags: -.Dv XKU_SSL_SERVER , -.Dv XKU_SSL_CLIENT , -.Dv XKU_SMIME , -.Dv XKU_CODE_SIGN -.Dv XKU_OCSP_SIGN , -.Dv XKU_TIMESTAMP , -.Dv XKU_DVCS , -or -.Dv XKU_ANYEKU . -These correspond to the OIDs -.Qq id-kp-serverAuth , -.Qq id-kp-clientAuth , -.Qq id-kp-emailProtection , -.Qq id-kp-codeSigning , -.Qq id-kp-OCSPSigning , -.Qq id-kp-timeStamping , -.Qq id-kp-dvcs , -and -.Qq anyExtendedKeyUsage , -respectively. -Additionally, -.Dv XKU_SGC -is set if either Netscape or Microsoft SGC OIDs are present. -.Pp -The value of the flags correspond to extension values which are cached -in the -.Vt X509 -structure. -If the flags returned do not provide sufficient information, -an application should examine extension values directly, -for example using -.Xr X509_get_ext_d2i 3 . -.Pp -If the key usage or extended key usage extension is absent then -typically usage is unrestricted. -For this reason -.Fn X509_get_key_usage -and -.Fn X509_get_extended_key_usage -return -.Dv UINT32_MAX -when the corresponding extension is absent. -Applications can additionally check the return value of -.Fn X509_get_extension_flags -and take appropriate action if an extension is absent. -.Sh RETURN VALUES -.Fn X509_get_extension_flags , -.Fn X509_get_key_usage -and -.Fn X509_get_extended_key_usage -return sets of flags corresponding to the certificate extension values. -.Sh SEE ALSO -.Xr X509_check_purpose 3 , -.Xr X509_get_ext_d2i 3 -.Sh HISTORY -.Nm X509_get_extension_flags , -.Nm X509_get_key_usage , -and -.Nm X509_get_extended_key_usage -first appeared in OpenSSL 1.1.0 and have been available since -.Ox 7.1 . |