document X509_REQ_to_X509(3)

1 files changed, 38 insertions, 7 deletions

diff --git a/lib/libcrypto/man/X509_new.3 b/lib/libcrypto/man/X509_new.3
index 198ace48d88..581c954c1a4 100644
--- a/lib/libcrypto/man/X509_new.3
+++ b/lib/libcrypto/man/X509_new.3
@@ -1,10 +1,10 @@
-.\" $OpenBSD: X509_new.3,v 1.33 2021/10/27 11:24:47 schwarze Exp $
+.\" $OpenBSD: X509_new.3,v 1.34 2021/10/28 15:30:54 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
 .\"
-.\" Copyright (c) 2016, 2018, 2019 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2016, 2018, 2019, 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -66,12 +66,13 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 27 2021 $
+.Dd $Mdocdate: October 28 2021 $
 .Dt X509_NEW 3
 .Os
 .Sh NAME
 .Nm X509_new ,
 .Nm X509_dup ,
+.Nm X509_REQ_to_X509 ,
 .Nm X509_free ,
 .Nm X509_up_ref ,
 .Nm X509_chain_up_ref
@@ -84,6 +85,12 @@
 .Fo X509_dup
 .Fa "X509 *a"
 .Fc
+.Ft X509 *
+.Fo X509_REQ_to_X509
+.Fa "X509_REQ *req"
+.Fa "int days"
+.Fa "EVP_PKEY *pkey"
+.Fc
 .Ft void
 .Fo X509_free
 .Fa "X509 *a"
@@ -114,6 +121,27 @@ using
 .Xr ASN1_item_dup 3 ,
 setting the reference count of the copy to 1.
 .Pp
+.Fn X509_REQ_to_X509
+allocates a new certificate object, copies the public key from
+.Fa req
+into it, copies the subject name of
+.Fa req
+to both the subject and issuer names of the new certificate, sets the
+.Fa notBefore
+field to the current time and the
+.Fa notAfter
+field to the given number of
+.Fa days
+in the future, and signs the new certificate with
+.Xr X509_sign 3
+using
+.Fa pkey
+and the MD5 algorithm.
+If
+.Fa req
+contains at least one attribute,
+the version of the new certificate is set to 2.
+.Pp
 .Fn X509_free
 decrements the reference count of the
 .Vt X509
@@ -146,9 +174,10 @@ Its purpose is similar to
 .Fn X509_up_ref :
 The returned chain persists after the original is freed.
 .Sh RETURN VALUES
-.Fn X509_new
+.Fn X509_new ,
+.Fn X509_dup ,
 and
-.Fn X509_dup
+.Fn X509_REQ_to_X509
 return a pointer to the newly allocated object or
 .Dv NULL
 if an error occurs; an error code can be obtained by
@@ -217,9 +246,11 @@ Certificate Revocation List (CRL) Profile
 .Fn X509_new
 and
 .Fn X509_free
-appeared in SSLeay 0.4 or earlier.
+appeared in SSLeay 0.4 or earlier,
 .Fn X509_dup
-first appeared in SSLeay 0.4.4.
+in SSLeay 0.4.4, and
+.Fn X509_REQ_to_X509
+in SSLeay 0.6.0 .
 These functions have been available since
 .Ox 2.4 .
 .Pp