diff options
| -rw-r--r-- | lib/libssl/src/doc/crypto/PKCS12_create.pod | 40 |
1 files changed, 19 insertions, 21 deletions
diff --git a/lib/libssl/src/doc/crypto/PKCS12_create.pod b/lib/libssl/src/doc/crypto/PKCS12_create.pod index 382193ec950..12fbd20b8ab 100644 --- a/lib/libssl/src/doc/crypto/PKCS12_create.pod +++ b/lib/libssl/src/doc/crypto/PKCS12_create.pod @@ -8,8 +8,9 @@ PKCS12_create - create a PKCS#12 structure #include <openssl/pkcs12.h> - PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, - int nid_key, int nid_cert, int iter, int mac_iter, int keytype); + PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, + int iter, int mac_iter, int keytype); =head1 DESCRIPTION @@ -17,12 +18,19 @@ PKCS12_create() creates a PKCS#12 structure. B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for the supplied certifictate and key. B<pkey> is the private key to include in -the structure and B<cert> its corresponding certificates. B<ca>, if not B<NULL> -is an optional set of certificates to also include in the structure. +the structure and B<cert> its corresponding certificates. B<ca> is an optional +set of certificates to also include in the structure. +Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or +certficate is required. B<nid_key> and B<nid_cert> are the encryption algorithms that should be used -for the key and certificate respectively. B<iter> is the encryption algorithm -iteration count to use and B<mac_iter> is the MAC iteration count to use. +for the key and certificate respectively. If either B<nid_key> or B<nid_cert> +is set to -1, no encryption will be used. + +B<iter> is the encryption algorithm iteration count to use and B<mac_iter> is +the MAC iteration count to use. If B<mac_iter> is set to -1, the MAC will be +omitted entirely. + B<keytype> is the type of key. =head1 NOTES @@ -46,30 +54,20 @@ for old export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption. -=head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8 - -Some additional functionality was added to PKCS12_create() in OpenSSL -0.9.8. These extensions are detailed below. - If a certificate contains an B<alias> or B<keyid> then this will be used for the corresponding B<friendlyName> or B<localKeyID> in the PKCS12 structure. -Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or -certficate is required. In previous versions both had to be present or -a fatal error is returned. - -B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption -should be used. - -B<mac_iter> can be set to -1 and the MAC will then be omitted entirely. - =head1 SEE ALSO L<d2i_PKCS12(3)|d2i_PKCS12(3)> =head1 HISTORY -PKCS12_create was added in OpenSSL 0.9.3 +PKCS12_create was added in OpenSSL 0.9.3. + +Before OpenSSL 0.9.8, neither B<pkey> nor B<cert> were allowed to be B<NULL>, +and a value of B<-1> was not allowed for B<nid_key>, B<nid_cert> and +B<mac_iter>. =cut |