Document OCSP_SIGNATURE_new(3), OCSP_SIGNATURE_free(3),

OCSP_REQINFO_new(3), OCSP_REQINFO_free(3), OCSP_ONEREQ_new(3),
OCSP_ONEREQ_free(3), all in <openssl/ocsp.h> and in OpenSSL
doc/man3/X509_dup.pod.  Note that the OpenSSL documentation
specifies the wrong header file.

Add some information about what these objects actually represent,
along with the pertinent STANDARDS reference.
Minor wording tweaks.

1 files changed, 95 insertions, 26 deletions

diff --git a/lib/libcrypto/man/OCSP_REQUEST_new.3 b/lib/libcrypto/man/OCSP_REQUEST_new.3
index 33b74406336..deac9104d9e 100644
--- a/lib/libcrypto/man/OCSP_REQUEST_new.3
+++ b/lib/libcrypto/man/OCSP_REQUEST_new.3
@@ -1,7 +1,24 @@
-.\"	$OpenBSD: OCSP_REQUEST_new.3,v 1.3 2016/12/06 14:54:55 schwarze Exp $
+.\"	$OpenBSD: OCSP_REQUEST_new.3,v 1.4 2016/12/12 17:46:23 schwarze Exp $
 .\"	OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
 .\" Copyright (c) 2014, 2016 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -48,12 +65,18 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 6 2016 $
+.Dd $Mdocdate: December 12 2016 $
 .Dt OCSP_REQUEST_NEW 3
 .Os
 .Sh NAME
 .Nm OCSP_REQUEST_new ,
 .Nm OCSP_REQUEST_free ,
+.Nm OCSP_SIGNATURE_new ,
+.Nm OCSP_SIGNATURE_free ,
+.Nm OCSP_REQINFO_new ,
+.Nm OCSP_REQINFO_free ,
+.Nm OCSP_ONEREQ_new ,
+.Nm OCSP_ONEREQ_free ,
 .Nm OCSP_request_add0_id ,
 .Nm OCSP_request_sign ,
 .Nm OCSP_request_add1_cert ,
@@ -65,9 +88,19 @@
 .Ft OCSP_REQUEST *
 .Fn OCSP_REQUEST_new void
 .Ft void
-.Fo OCSP_REQUEST_free
-.Fa "OCSP_REQUEST *req"
-.Fc
+.Fn OCSP_REQUEST_free "OCSP_REQUEST *req"
+.Ft OCSP_SIGNATURE *
+.Fn OCSP_SIGNATURE_new void
+.Ft void
+.Fn OCSP_SIGNATURE_free "OCSP_SIGNATURE *signature"
+.Ft OCSP_REQINFO *
+.Fn OCSP_REQINFO_new void
+.Ft void
+.Fn OCSP_REQINFO_free "OCSP_REQINFO *reqinfo"
+.Ft OCSP_ONEREQ *
+.Fn OCSP_ONEREQ_new void
+.Ft void
+.Fn OCSP_ONEREQ_free "OCSP_ONEREQ *onereq"
 .Ft OCSP_ONEREQ *
 .Fo OCSP_request_add0_id
 .Fa "OCSP_REQUEST *req"
@@ -98,14 +131,45 @@
 .Fc
 .Sh DESCRIPTION
 .Fn OCSP_REQUEST_new
-allocates and returns an empty
+allocates and initializes an empty
 .Vt OCSP_REQUEST
-structure.
-.Pp
+object, representing an ASN.1 OCSPRequest structure defined in RFC 6960.
 .Fn OCSP_REQUEST_free
-frees up the request structure
+frees
 .Fa req .
 .Pp
+.Fn OCSP_SIGNATURE_new
+allocates and initializes an empty
+.Vt OCSP_SIGNATURE
+object, representing an ASN.1 Signature structure defined in RFC 6960.
+Such an object is used inside
+.Vt OCSP_REQUEST .
+.Fn OCSP_SIGNATURE_free
+frees
+.Fa signature .
+.Pp
+.Fn OCSP_REQINFO_new
+allocates and initializes an empty
+.Vt OCSP_REQINFO
+object, representing an ASN.1 TBSRequest structure defined in RFC 6960.
+Such an object is used inside
+.Vt OCSP_REQUEST .
+It asks about the validity of one or more certificates.
+.Fn OCSP_REQINFO_free
+frees
+.Fa reqinfo .
+.Pp
+.Fn OCSP_ONEREQ_new
+allocates and initializes an empty
+.Vt OCSP_ONEREQ
+object, representing an ASN.1 Request structure defined in RFC 6960.
+Such objects are used inside
+.Vt OCSP_REQINFO .
+Each one asks about the validity of one certificiate.
+.Fn OCSP_ONEREQ_free
+frees
+.Fa onereq .
+.Pp
 .Fn OCSP_request_add0_id
 adds certificate ID
 .Fa cid
@@ -113,7 +177,7 @@ to
 .Fa req .
 It returns the
 .Vt OCSP_ONEREQ
-structure added so an application can add additional extensions to the
+object added so an application can add additional extensions to the
 request.
 The
 .Fa cid
@@ -148,7 +212,7 @@ after use.
 .Fn OCSP_request_onereq_count
 returns the total number of
 .Vt OCSP_ONEREQ
-structures in
+objects in
 .Fa req .
 .Pp
 .Fn OCSP_request_onereq_get0
@@ -163,28 +227,30 @@ The index value
 runs from 0 to
 .Fn OCSP_request_onereq_count req No - 1 .
 .Pp
-An
-.Vt OCSP_REQUEST
-structure contains one or more
-.Vt OCSP_ONEREQ
-structures corresponding to each certificate.
-.Pp
 .Fn OCSP_request_onereq_count
 and
 .Fn OCSP_request_onereq_get0
 are mainly used by OCSP responders.
 .Sh RETURN VALUES
-.Fn OCSP_REQUEST_new
-returns an empty
-.Vt OCSP_REQUEST
-structure or
+.Fn OCSP_REQUEST_new ,
+.Fn OCSP_SIGNATURE_new ,
+.Fn OCSP_REQINFO_new ,
+and
+.Fn OCSP_ONEREQ_new
+return an empty
+.Vt OCSP_REQUEST ,
+.Vt OCSP_SIGNATURE ,
+.Vt OCSP_REQINFO ,
+or
+.Vt OCSP_ONEREQ
+object, respectively, or
 .Dv NULL
 if an error occurred.
 .Pp
 .Fn OCSP_request_add0_id
 returns the
 .Vt OCSP_ONEREQ
-structure containing
+object containing
 .Fa cid
 or
 .Dv NULL
@@ -198,19 +264,19 @@ return 1 for success or 0 for failure.
 .Fn OCSP_request_onereq_count
 returns the total number of
 .Vt OCSP_ONEREQ
-structures in
+objects in
 .Fa req .
 .Pp
 .Fn OCSP_request_onereq_get0
 returns a pointer to an
 .Vt OCSP_ONEREQ
-structure or
+object or
 .Dv NULL
 if the index value is out of range.
 .Sh EXAMPLES
 Create an
 .Vt OCSP_REQUEST
-structure for certificate
+object for certificate
 .Fa cert
 with issuer
 .Fa issuer :
@@ -238,3 +304,6 @@ OCSP_REQUEST_free(req);
 .Xr OCSP_resp_find_status 3 ,
 .Xr OCSP_response_status 3 ,
 .Xr OCSP_sendreq_new 3
+.Sh STANDARDS
+RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
+Status Protocol, section 4.1: Request Syntax