diff options
| -rw-r--r-- | lib/libcrypto/man/X509V3_get_d2i.3 | 20 | ||||
| -rw-r--r-- | lib/libcrypto/man/X509_ALGOR_dup.3 | 13 | ||||
| -rw-r--r-- | lib/libcrypto/man/X509_LOOKUP_hash_dir.3 | 14 | ||||
| -rw-r--r-- | lib/libcrypto/man/X509_PUBKEY_new.3 | 5 | ||||
| -rw-r--r-- | lib/libcrypto/man/X509_STORE_set1_param.3 | 2 | ||||
| -rw-r--r-- | lib/libcrypto/man/X509_check_ca.3 | 4 | ||||
| -rw-r--r-- | lib/libcrypto/man/X509_check_host.3 | 14 | ||||
| -rw-r--r-- | lib/libcrypto/man/X509_check_issued.3 | 4 |
8 files changed, 35 insertions, 41 deletions
diff --git a/lib/libcrypto/man/X509V3_get_d2i.3 b/lib/libcrypto/man/X509V3_get_d2i.3 index cd3bb844b5d..b883bde0994 100644 --- a/lib/libcrypto/man/X509V3_get_d2i.3 +++ b/lib/libcrypto/man/X509V3_get_d2i.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509V3_get_d2i.3,v 1.1 2016/12/04 20:51:47 schwarze Exp $ +.\" $OpenBSD: X509V3_get_d2i.3,v 1.2 2016/12/05 16:38:24 jmc Exp $ .\" OpenSSL 047dd81e Jul 4 23:03:17 2014 +0100 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 4 2016 $ +.Dd $Mdocdate: December 5 2016 $ .Dt X509V3_GET_D2I 3 .Os .Sh NAME @@ -201,7 +201,7 @@ and .Fn X509_add1_ext_i2d operate on the extensions of certificate .Fa x , -they are otherwise identical to +and are otherwise identical to .Fn X509V3_get_d2i and .Fn X509V3_add1_i2d 3 . @@ -211,7 +211,7 @@ and .Fn X509_CRL_add1_ext_i2d operate on the extensions of CRL .Fa crl , -they are otherwise identical to +and are otherwise identical to .Fn X509V3_get_d2i and .Fn X509V3_add1_i2d 3 . @@ -223,7 +223,7 @@ operate on the extensions of the .Vt X509_REVOKED structure .Fa r -(i.e. for CRL entry extensions), they are otherwise identical to +(i.e. for CRL entry extensions), and are otherwise identical to .Fn X509V3_get_d2i and .Fn X509V3_add1_i2d 3 . @@ -265,7 +265,7 @@ No new extension is added. .Pp If .Dv X509V3_ADD_SILENT -is ored with +is OR'd with .Fa flags , any error returned will not be added to the error queue. .Pp @@ -282,7 +282,7 @@ The following sections contain a list of all supported extensions including their name and NID. .Ss PKIX Certificate Extensions The following certificate extensions are defined in PKIX standards such -as RFC5280. +as RFC 5280. .Bl -column 30n 30n .It Basic Constraints Ta Dv NID_basic_constraints .It Key Usage Ta Dv NID_key_usage @@ -318,7 +318,7 @@ The following are (largely obsolete) Netscape certificate extensions. .It Proxy Certificate Information Ta Dv NID_proxyCertInfo .El .Ss PKIX CRL Extensions -The following are CRL extensions from PKIX standards such as RFC5280. +The following are CRL extensions from PKIX standards such as RFC 5280. .Bl -column 30n 30n .It CRL Number Ta Dv NID_crl_number .It CRL Distribution Points Ta Dv NID_crl_distribution_points @@ -329,7 +329,7 @@ The following are CRL extensions from PKIX standards such as RFC5280. .El .Pp The following are CRL entry extensions from PKIX standards such as -RFC5280. +RFC 5280. .Bl -column 30n 30n .It CRL Reason Code Ta Dv NID_crl_reason .It Certificate Issuer Ta Dv NID_certificate_issuer @@ -345,7 +345,7 @@ RFC5280. .It Hold Instruction Code Ta Dv NID_hold_instruction_code .El .Ss Certificate Transparency Extensions -The following extensions are used by certificate transparency, RFC6962 +The following extensions are used by certificate transparency, RFC 6962 .Bl -column 30n 30n .It CT Precertificate SCTs Ta Dv NID_ct_precert_scts .It CT Certificate SCTs Ta Dv NID_ct_cert_scts diff --git a/lib/libcrypto/man/X509_ALGOR_dup.3 b/lib/libcrypto/man/X509_ALGOR_dup.3 index 00d87592c7f..5ca80dc3f85 100644 --- a/lib/libcrypto/man/X509_ALGOR_dup.3 +++ b/lib/libcrypto/man/X509_ALGOR_dup.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_ALGOR_dup.3,v 1.1 2016/12/04 20:51:47 schwarze Exp $ +.\" $OpenBSD: X509_ALGOR_dup.3,v 1.2 2016/12/05 16:38:24 jmc Exp $ .\" OpenSSL 4692340e Jun 7 15:49:08 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. @@ -48,7 +48,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 4 2016 $ +.Dd $Mdocdate: December 5 2016 $ .Dt X509_ALGOR_DUP 3 .Os .Sh NAME @@ -146,12 +146,3 @@ compares and .Fa b and returns 0 if they have identical encodings and non-zero otherwise. -.Sh COPYRIGHT -Copyright 2002-2016 The OpenSSL Project Authors. -All Rights Reserved. -.Pp -Licensed under the OpenSSL license (the "License"). -You may not use this file except in compliance with the License. -You can obtain a copy in the file LICENSE in the source distribution or -at -.Lk https://www.openssl.org/source/license.html . diff --git a/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 b/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 index 4b065259947..886b3d303a9 100644 --- a/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 +++ b/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.1 2016/12/04 20:51:47 schwarze Exp $ +.\" $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.2 2016/12/05 16:38:24 jmc Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Victor B. Wagner <vitus@cryptocom.ru> @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 4 2016 $ +.Dd $Mdocdate: December 5 2016 $ .Dt X509_LOOKUP_HASH_DIR 3 .Os .Sh NAME @@ -89,7 +89,7 @@ and .Fn X509_LOOKUP_file are two certificate lookup methods to use with .Vt X509_STORE , -provided by OpenSSL library. +provided by the OpenSSL library. .Pp Users of the library typically do not need to create instances of these methods manually. @@ -99,7 +99,7 @@ or .Xr SSL_CTX_load_verify_locations 3 functions. .Pp -Internally loading of certificates and CRLs is implemented via functions +Internally, loading of certificates and CRLs is implemented via the functions .Fn X509_load_cert_crl_file , .Fn X509_load_cert_file and @@ -137,7 +137,7 @@ The constant .Dv FILETYPE_DEFAULT with .Dv NULL -filename causes these functions to load default certificate +filename causes these functions to load the default certificate store file (see .Xr X509_STORE_set_default_paths 3 ) . .Pp @@ -162,7 +162,7 @@ This method should be used by applications which work with a small set of CAs. .Ss Hashed Directory Method .Fa X509_LOOKUP_hash_dir -is a more advanced method, which loads certificates and CRLs on demand, +is a more advanced method which loads certificates and CRLs on demand, and caches them in memory once they are loaded. As of OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so that newer CRLs are used as soon as they appear in the directory. @@ -182,7 +182,7 @@ name for CRLs. The hash can also be obtained via the .Fl hash option of the -.Xr openssl +.Xr openssl 1 .Cm x509 or .Cm crl diff --git a/lib/libcrypto/man/X509_PUBKEY_new.3 b/lib/libcrypto/man/X509_PUBKEY_new.3 index 59dc2fbf7a4..7ed923ac217 100644 --- a/lib/libcrypto/man/X509_PUBKEY_new.3 +++ b/lib/libcrypto/man/X509_PUBKEY_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_PUBKEY_new.3,v 1.1 2016/12/05 12:50:07 schwarze Exp $ +.\" $OpenBSD: X509_PUBKEY_new.3,v 1.2 2016/12/05 16:38:24 jmc Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Dr. Stephen Henson <steve@openssl.org>. @@ -172,7 +172,7 @@ returns the public key contained in .Fa key . The reference count on the returned key is incremented so it must be freed using -.Xr EVP_PKEY_free +.Xr EVP_PKEY_free 3 after use. .Pp .Fn d2i_PUBKEY @@ -226,6 +226,7 @@ is set to the associated OID and the encoding consists of .Pf * Fa ppklen bytes at .Pf * Fa pk , +and .Pf * Fa pa is set to the associated AlgorithmIdentifier for the public key. If the value of any of these parameters is not required, diff --git a/lib/libcrypto/man/X509_STORE_set1_param.3 b/lib/libcrypto/man/X509_STORE_set1_param.3 index abd1b872f34..93455893d5c 100644 --- a/lib/libcrypto/man/X509_STORE_set1_param.3 +++ b/lib/libcrypto/man/X509_STORE_set1_param.3 @@ -1,4 +1,4 @@ -.\" $OpenSSL$ +.\" $OpenBSD: X509_STORE_set1_param.3,v 1.2 2016/12/05 16:38:24 jmc Exp $ .\" OpenSSL 99d63d46 .\" .\" This file was written by Christian Heimes <cheimes@redhat.com>. diff --git a/lib/libcrypto/man/X509_check_ca.3 b/lib/libcrypto/man/X509_check_ca.3 index 67aac693e67..7d31c145c0c 100644 --- a/lib/libcrypto/man/X509_check_ca.3 +++ b/lib/libcrypto/man/X509_check_ca.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_check_ca.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $ +.\" $OpenBSD: X509_check_ca.3,v 1.2 2016/12/05 16:38:24 jmc Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>. @@ -63,7 +63,7 @@ .Sh DESCRIPTION This function checks whether the given certificate is a CA certificate, that is, whether it can be used to sign other certificates. -.Sh RETURN VALUE +.Sh RETURN VALUES This functions returns non-zero if .Fa cert is a CA certificate or 0 otherwise. diff --git a/lib/libcrypto/man/X509_check_host.3 b/lib/libcrypto/man/X509_check_host.3 index 1e6a44ffe19..5990670acb9 100644 --- a/lib/libcrypto/man/X509_check_host.3 +++ b/lib/libcrypto/man/X509_check_host.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_check_host.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $ +.\" $OpenBSD: X509_check_host.3,v 1.2 2016/12/05 16:38:24 jmc Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Florian Weimer <fweimer@redhat.com> and @@ -99,7 +99,7 @@ checks if the certificate Subject Alternative Name (SAN) or Subject CommonName (CN) matches the specified host name, which must be encoded in the preferred name syntax described in section 3.5 of RFC 1034. By default, wildcards are supported and they match only in the -left-most label; but they may match part of that label with an +left-most label; they may match part of that label with an explicit prefix or suffix. For example, by default, the host .Fa name @@ -124,7 +124,8 @@ When starts with a dot (e.g.\& .Qq .example.com ) , it will be matched by a certificate valid for any sub-domain of -.Fa name ; see also +.Fa name ; +see also .Fa X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS below. .Pp @@ -142,11 +143,12 @@ when it is no longer needed. .Fn X509_check_email checks if the certificate matches the specified email .Fa address . -Only the mailbox syntax of RFC 822 is supported, comments are not -allowed, and no attempt is made to normalize quoted characters. +Only the mailbox syntax of RFC 822 is supported. +Comments are not allowed, +and no attempt is made to normalize quoted characters. The .Fa addresslen -argument must be the number of characters in the address string or zero +argument must be the number of characters in the address string or zero, in which case the length is calculated with .Fn strlen address . .Pp diff --git a/lib/libcrypto/man/X509_check_issued.3 b/lib/libcrypto/man/X509_check_issued.3 index 997dfe12f14..a6696123ac8 100644 --- a/lib/libcrypto/man/X509_check_issued.3 +++ b/lib/libcrypto/man/X509_check_issued.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_check_issued.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $ +.\" $OpenBSD: X509_check_issued.3,v 1.2 2016/12/05 16:38:24 jmc Exp $ .\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" .\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>. @@ -89,7 +89,7 @@ check the field of .Fa issuer . .El -.Sh RETURN VALUE +.Sh RETURN VALUES This function returns .Dv X509_V_OK if the certificate |