summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/libcrypto/man/Makefile3
-rw-r--r--lib/libcrypto/man/X509_CRL_get0_by_serial.357
-rw-r--r--lib/libcrypto/man/X509_REVOKED_new.3146
3 files changed, 157 insertions, 49 deletions
diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile
index e35d6239af0..dccb082a02b 100644
--- a/lib/libcrypto/man/Makefile
+++ b/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.81 2016/12/16 09:56:33 schwarze Exp $
+# $OpenBSD: Makefile,v 1.82 2016/12/16 14:50:58 schwarze Exp $
.include <bsd.own.mk>
@@ -188,6 +188,7 @@ MAN= \
X509_NAME_new.3 \
X509_NAME_print_ex.3 \
X509_PUBKEY_new.3 \
+ X509_REVOKED_new.3 \
X509_STORE_CTX_get_error.3 \
X509_STORE_CTX_get_ex_new_index.3 \
X509_STORE_CTX_new.3 \
diff --git a/lib/libcrypto/man/X509_CRL_get0_by_serial.3 b/lib/libcrypto/man/X509_CRL_get0_by_serial.3
index 1f846713427..15c94d7c2ab 100644
--- a/lib/libcrypto/man/X509_CRL_get0_by_serial.3
+++ b/lib/libcrypto/man/X509_CRL_get0_by_serial.3
@@ -1,5 +1,5 @@
-.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.2 2016/12/05 18:25:07 schwarze Exp $
-.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
+.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.3 2016/12/16 14:50:58 schwarze Exp $
+.\" OpenSSL X509_CRL_get0_by_serial.pod 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved.
@@ -48,18 +48,16 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: December 5 2016 $
+.Dd $Mdocdate: December 16 2016 $
.Dt X509_CRL_GET0_BY_SERIAL 3
.Os
.Sh NAME
.Nm X509_CRL_get0_by_serial ,
.Nm X509_CRL_get0_by_cert ,
.Nm X509_CRL_get_REVOKED ,
-.Nm X509_REVOKED_set_serialNumber ,
-.Nm X509_REVOKED_set_revocationDate ,
.Nm X509_CRL_add0_revoked ,
.Nm X509_CRL_sort
-.Nd CRL revoked entry utility functions
+.Nd add, sort, and retrieve CRL entries
.Sh SYNOPSIS
.In openssl/x509.h
.Ft int
@@ -79,16 +77,6 @@
.Fa "X509_CRL *crl"
.Fc
.Ft int
-.Fo X509_REVOKED_set_serialNumber
-.Fa "X509_REVOKED *r"
-.Fa "ASN1_INTEGER *serial"
-.Fc
-.Ft int
-.Fo X509_REVOKED_set_revocationDate
-.Fa "X509_REVOKED *r"
-.Fa "ASN1_TIME *tm"
-.Fc
-.Ft int
.Fo X509_CRL_add0_revoked
.Fa "X509_CRL *crl"
.Fa "X509_REVOKED *rev"
@@ -122,24 +110,6 @@ returns an internal pointer to a stack of all revoked entries for
.Fa crl .
It is implemented as a macro.
.Pp
-.Fn X509_REVOKED_set_serialNumber
-sets the serial number of
-.Fa r
-to
-.Fa serial .
-The supplied
-.Fa serial
-pointer is not used internally so it should be freed up after use.
-.Pp
-.Fn X509_REVOKED_set_revocationDate
-sets the revocation date of
-.Fa r
-to
-.Fa tm .
-The supplied
-.Fa tm
-pointer is not used internally so it should be freed up after use.
-.Pp
.Fn X509_CRL_add0_revoked
appends revoked entry
.Fa rev
@@ -164,8 +134,6 @@ and examine each one in turn using
.Sh RETURN VALUES
.Fn X509_CRL_get0_by_serial ,
.Fn X509_CRL_get0_by_cert ,
-.Fn X509_REVOKED_set_serialNumber ,
-.Fn X509_REVOKED_set_revocationDate ,
.Fn X509_CRL_add0_revoked ,
and
.Fn X509_CRL_sort
@@ -174,17 +142,10 @@ return 1 for success or 0 for failure.
.Fn X509_CRL_get_REVOKED
returns a STACK of revoked entries.
.Sh SEE ALSO
-.Xr d2i_X509 3 ,
+.Xr d2i_X509_CRL 3 ,
.Xr ERR_get_error 3 ,
-.Xr X509_get_ext_d2i 3 ,
-.Xr X509_get_pubkey 3 ,
-.Xr X509_get_subject_name 3 ,
-.Xr X509_get_version 3 ,
-.Xr X509_NAME_add_entry_by_txt 3 ,
-.Xr X509_NAME_ENTRY_get_object 3 ,
-.Xr X509_NAME_get_index_by_NID 3 ,
-.Xr X509_NAME_print_ex 3 ,
-.Xr X509_new 3 ,
-.Xr X509_sign 3 ,
-.Xr X509_verify_cert 3 ,
+.Xr X509_CRL_get_ext 3 ,
+.Xr X509_CRL_get_issuer 3 ,
+.Xr X509_CRL_get_version 3 ,
+.Xr X509_REVOKED_new 3 ,
.Xr X509V3_get_d2i 3
diff --git a/lib/libcrypto/man/X509_REVOKED_new.3 b/lib/libcrypto/man/X509_REVOKED_new.3
new file mode 100644
index 00000000000..2303f9caf20
--- /dev/null
+++ b/lib/libcrypto/man/X509_REVOKED_new.3
@@ -0,0 +1,146 @@
+.\" $OpenBSD: X509_REVOKED_new.3,v 1.1 2016/12/16 14:50:58 schwarze Exp $
+.\" OpenSSL X509_CRL_get0_by_serial.pod 99d63d46 Oct 26 13:56:48 2016 -0400
+.\"
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
+.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in
+.\" the documentation and/or other materials provided with the
+.\" distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\" software must display the following acknowledgment:
+.\" "This product includes software developed by the OpenSSL Project
+.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\" endorse or promote products derived from this software without
+.\" prior written permission. For written permission, please contact
+.\" openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\" nor may "OpenSSL" appear in their names without prior written
+.\" permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\" acknowledgment:
+.\" "This product includes software developed by the OpenSSL Project
+.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: December 16 2016 $
+.Dt X509_REVOKED_NEW 3
+.Os
+.Sh NAME
+.Nm X509_REVOKED_new ,
+.Nm X509_REVOKED_free ,
+.Nm X509_REVOKED_set_serialNumber ,
+.Nm X509_REVOKED_set_revocationDate
+.Nd create and change an X.509 CRL revoked entry
+.Sh SYNOPSIS
+.In openssl/x509.h
+.Ft X509_REVOKED *
+.Fn X509_REVOKED_new void
+.Ft void
+.Fn X509_REVOKED_free "X509_REVOKED *r"
+.Ft int
+.Fo X509_REVOKED_set_serialNumber
+.Fa "X509_REVOKED *r"
+.Fa "ASN1_INTEGER *serial"
+.Fc
+.Ft int
+.Fo X509_REVOKED_set_revocationDate
+.Fa "X509_REVOKED *r"
+.Fa "ASN1_TIME *tm"
+.Fc
+.Sh DESCRIPTION
+.Fn X509_REVOKED_new
+allocates and initializes an empty
+.Vt X509_REVOKED
+object, representing one of the elements of
+the revokedCertificates field of the ASN.1 TBSCertList structure
+defined in RFC 5280 section 5.1.
+It is used by
+.Vt X509_CRL
+objects and can hold information about one revoked certificate
+including issuer names, serial number, revocation date, and revocation
+reason.
+.Pp
+.Fn X509_REVOKED_free
+frees
+.Fa r .
+.Pp
+.Fn X509_REVOKED_set_serialNumber
+sets the serial number of
+.Fa r
+to
+.Fa serial .
+The supplied
+.Fa serial
+pointer is not used internally so it should be freed up after use.
+.Pp
+.Fn X509_REVOKED_set_revocationDate
+sets the revocation date of
+.Fa r
+to
+.Fa tm .
+The supplied
+.Fa tm
+pointer is not used internally so it should be freed up after use.
+.Sh RETURN VALUES
+.Fn X509_REVOKED_new
+returns the new
+.Vt X509_REVOKED
+object or
+.Dv NULL
+if an error occurs.
+.Pp
+.Fn X509_REVOKED_set_serialNumber
+and
+.Fn X509_REVOKED_set_revocationDate
+return 1 for success or 0 for failure.
+.Sh SEE ALSO
+.Xr d2i_X509_CRL 3 ,
+.Xr ERR_get_error 3 ,
+.Xr PEM_read_X509_CRL 3 ,
+.Xr X509_CRL_get0_by_serial 3
+.Sh STANDARDS
+RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
+Certificate Revocation List (CRL) Profile, section 5.1: CRL Fields