1 files changed, 93 insertions, 0 deletions

diff --git a/lib/libcrypto/man/d2i_PROXY_POLICY.3 b/lib/libcrypto/man/d2i_PROXY_POLICY.3
new file mode 100644
index 00000000000..0c447b10347
--- /dev/null
+++ b/lib/libcrypto/man/d2i_PROXY_POLICY.3
@@ -0,0 +1,93 @@
+.\"	$OpenBSD: d2i_PROXY_POLICY.3,v 1.1 2016/12/28 20:36:33 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 28 2016 $
+.Dt D2I_PROXY_POLICY 3
+.Os
+.Sh NAME
+.Nm d2i_PROXY_POLICY ,
+.Nm i2d_PROXY_POLICY ,
+.Nm d2i_PROXY_CERT_INFO_EXTENSION ,
+.Nm i2d_PROXY_CERT_INFO_EXTENSION
+.Nd decode and encode X.509 proxy certificate extensions
+.Sh SYNOPSIS
+.In openssl/x509v3.h
+.Ft PROXY_POLICY *
+.Fo d2i_PROXY_POLICY
+.Fa "PROXY_POLICY **val_out"
+.Fa "const unsigned char **der_in"
+.Fa "long length"
+.Fc
+.Ft int
+.Fo i2d_PROXY_POLICY
+.Fa "PROXY_POLICY *val_in"
+.Fa "unsigned char **der_out"
+.Fc
+.Ft PROXY_CERT_INFO_EXTENSION *
+.Fo d2i_PROXY_CERT_INFO_EXTENSION
+.Fa "PROXY_CERT_INFO_EXTENSION **val_out"
+.Fa "const unsigned char **der_in"
+.Fa "long length"
+.Fc
+.Ft int
+.Fo i2d_PROXY_CERT_INFO_EXTENSION
+.Fa "PROXY_CERT_INFO_EXTENSION *val_in"
+.Fa "unsigned char **der_out"
+.Fc
+.Sh DESCRIPTION
+These functions encode and decode X.509 extensions that decide
+whether a certificate is a proxy certificate, and which policies
+apply to it.
+For details about the semantics, examples, caveats, and bugs, see
+.Xr ASN1_item_d2i 3 .
+.Pp
+.Fn d2i_PROXY_POLICY
+and
+.Fn i2d_PROXY_POLICY
+decode and encode an ASN.1
+.Vt ProxyPolicy
+structure defined in RFC 3820 section 3.8.
+.Pp
+.Fn d2i_PROXY_CERT_INFO_EXTENSION
+and
+.Fn i2d_PROXY_CERT_INFO_EXTENSION
+decode and encode an ASN.1
+.Vt ProxyCertInfo
+structure defined in RFC 3820 section 3.8.
+.Sh RETURN VALUES
+.Fn d2i_PROXY_POLICY
+and
+.Fn d2i_PROXY_CERT_INFO_EXTENSION
+return a
+.Vt PROXY_POLICY
+or
+.Vt PROXY_CERT_INFO_EXTENSION
+object, respectively, or
+.Dv NULL
+if an error occurs.
+.Pp
+.Fn i2d_PROXY_POLICY
+and
+.Fn i2d_PROXY_CERT_INFO_EXTENSION
+return the number of bytes successfully encoded or a negative value
+if an error occurs.
+.Sh SEE ALSO
+.Xr ASN1_item_d2i 3 ,
+.Xr PROXY_POLICY_new 3 ,
+.Xr X509_EXTENSION_new 3
+.Sh STANDARDS
+RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy
+Certificate Profile