Link to Peter Gutmann's classic "X.509 Style Guide".

Thanks to otto@ for making me aware of it.

If people know newer documents that are similarly readable and
interesting, please speak up.  I hate sending people to the STANDARDS
only for more information.  On the one hand, that's torture, and
on the other hand, if i read Gutmann correctly, the standards
sometimes provide bad advice, and often none at all.

1 files changed, 11 insertions, 2 deletions

diff --git a/lib/libcrypto/man/X509_new.3 b/lib/libcrypto/man/X509_new.3
index 6520aaf477a..020eee196d5 100644
--- a/lib/libcrypto/man/X509_new.3
+++ b/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: X509_new.3,v 1.7 2016/12/22 13:05:59 schwarze Exp $
+.\"	$OpenBSD: X509_new.3,v 1.8 2016/12/23 01:01:55 schwarze Exp $
 .\"	OpenSSL 3a59ad98 Dec 11 00:36:06 2015 +0000
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 22 2016 $
+.Dd $Mdocdate: December 23 2016 $
 .Dt X509_NEW 3
 .Os
 .Sh NAME
@@ -131,3 +131,12 @@ Certificate Revocation List (CRL) Profile
 and
 .Fn X509_free
 are available in all versions of SSLeay and OpenSSL.
+.Sh BUGS
+The X.509 public key infrastructure and its data types contain too
+many design bugs to list them.
+For lots of examples, see the classic
+.Lk https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt\
+ "X.509 Style Guide"
+that
+.An Peter Gutmann
+published in 2000.