1 files changed, 34 insertions, 5 deletions

diff --git a/doc/luaossl.tex b/doc/luaossl.tex
index 15881a8..d733ccf 100644
--- a/doc/luaossl.tex
+++ b/doc/luaossl.tex
@@ -286,8 +286,13 @@ field & type:default & description\\\hline
 
 .exp & number:65537 & RSA or Diffie-Hellman exponent \\
 
+.dhparam & string & PEM encoded string with precomputed DH parameters \\
+
 .curve & string:prime192v1 & for elliptic curve keys, the OpenSSL string identifier of the curve
 \end{ctabular}
+
+The DH parameters ``dhparam'' will be generated on the fly, ``bits'' wide. This is a slow process, and especially for larger sizes, you would precompute those; for example: ``openssl dhparam -2 -out dh-2048.pem -outform PEM 2048''. Using the field ``dhparam'' overrides the ``bits'' field.
+
 \subsubsection[\fn{pkey.interpose}]{\fn{pkey.interpose($name$, $function$)}}
 
 Add or interpose a pkey class method. Returns the previous method, if any.
@@ -389,7 +394,19 @@ Binds the X.509 extension OpenSSL object.
 
 \subsubsection[\fn{extension.new}]{\fn{extension.new($name$, $value$ [, $data$])}}
 
-Returns a new X.509 extension. If $value$ is the string ``DER'' or ``critical,DER'', then $data$ is an ASN.1-encoded octet string. Otherwise, $name$ and $value$ are plain text strings in \href{https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS}{OpenSSL's arbitrary extension format}; and if specified, $data$ is an OpenSSL configuration string defining any referenced identifiers in $value$.
+Returns a new X.509 extension.
+If $value$ is the string ``DER'' or ``critical,DER'', then $data$ is an ASN.1-encoded octet string.
+Otherwise, $name$ and $value$ are plain text strings in \href{https://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS}{OpenSSL's arbitrary extension format}; and if specified, $data$ is either an OpenSSL configuration string defining any referenced identifiers in $value$, or a table with members:
+
+\begin{ctabular}{ l | l | p{8cm} }
+field & type:default & description\\\hline
+.db & string:$nil$ & OpenSSL configuration string\\
+.issuer & \module{openssl.x509}:$nil$ & issuer certificate\\
+.subject & \module{openssl.x509}:$nil$ & subject certificate\\
+.request & \module{openssl.x509.csr}:$nil$ & certificate signing request\\
+.crl & \module{openssl.x509.crl}:$nil$ & certificate revocation list\\
+.flags & integer:$0$ & a bitwise combination of flags
+\end{ctabular}
 
 \subsubsection[\fn{extension.interpose}]{\fn{extension.interpose($name$, $function$)}}
 
@@ -528,7 +545,7 @@ Sets the basic constraints critical flag.
 
 \subsubsection[\fn{x509:addExtension}]{\fn{x509:addExtension($ext$)}}
 
-Adds a copy of the \module{x509.extension} object to the certificate. 
+Adds a copy of the \module{x509.extension} object to the certificate.
 
 \subsubsection[\fn{x509:getExtension}]{\fn{x509:getExtension($key$)}}
 
@@ -558,6 +575,10 @@ Sets the public key component referenced by the \module{openssl.pkey} object $ke
 
 Returns the digest of the public key as a binary string. $type$ is an optional string describing the digest type, and defaults to ``sha1''.
 
+\subsubsection[\fn{x509:getSignatureName}]{\fn{x509:getSignatureName()}}
+
+Returns the type of signature used to sign the certificate as a string. e.g. ``RSA-SHA1''
+
 \subsubsection[\fn{x509:sign}]{\fn{x509:sign($key$ [, $type$])}}
 
 Signs and updates the instance certificate using the \module{openssl.pkey} $key$. $type$ is an optional string describing the digest type. See \module{pkey:sign}, regarding which types of digests are valid. If $type$ is omitted than a default type is used---``sha1'' for RSA keys, ``dss1'' for DSA keys, and ``ecdsa-with-SHA1'' for EC keys.
@@ -678,7 +699,7 @@ Add the certificate identified by $serial$ to the revocation list. $serial$ shou
 
 \subsubsection[\fn{crl:addExtension}]{\fn{crl:addExtension($ext$)}}
 
-Adds a copy of the \module{x509.extension} object to the revocation list. 
+Adds a copy of the \module{x509.extension} object to the revocation list.
 
 \subsubsection[\fn{crl:getExtension}]{\fn{crl:getExtension($key$)}}
 
@@ -692,6 +713,10 @@ Returns the integer count of the number of extensions.
 
 Signs the instance CRL using the \module{openssl.pkey} $key$.
 
+\subsubsection[\fn{crl:verify}]{\fn{crl:verify($publickey$)}}
+
+Verifies the instance CRL using a public key.
+
 \subsubsection[\fn{crl:text}]{\fn{crl:text()}}
 
 Returns a human-readable textual representation of the instance CRL.
@@ -767,6 +792,10 @@ Add or interpose a store class method. Returns the previous method, if any.
 
 Returns a PKCS \#12 binary encoded string.
 
+\subsubsection[\fn{pkcs12.parse}]{\fn{pkcs12.parse($bag$[, $passphrase$])}}
+
+Parses a PKCS\#12 bag, presented as a binary string $bag$. The second parameter $passphrase$ is the passphrase required to decrypt the PKCS\#12 bag. The function returns three items; namely the key, certificate and the CA chain, as their respective objects. If an item is absent, it will be substituted with nil.
+
 \end{Module}
 
 
@@ -785,7 +814,7 @@ Returns a new context object. $protocol$ is an optional string identifier select
 \begin{ctabular}{ c | p{14cm} }
 \multicolumn{2}{c}{$protocol$ identifiers}\\\hline\hline
 name & \href{https://www.openssl.org/docs/ssl/SSL_CTX_new.html}{description} \\\hline
-TLS & Supports TLS 1.0 \emph{and above}. Internally uses \fn{SSLv23\_method} and disables SSLv2 and 
+TLS & Supports TLS 1.0 \emph{and above}. Internally uses \fn{SSLv23\_method} and disables SSLv2 and
 SSLv3 using \texttt{SSL\_OP\_NO\_SSLv2} and \texttt{SSL\_OP\_NO\_SSLv3}.\\
 
 SSL & Supports SSL 3.0 \emph{and above}. Internally uses \fn{SSLv23\_method} and disables SSLv2 using \texttt{SSL\_OP\_NO\_SSLv2}.\\
@@ -951,7 +980,7 @@ Similar to :getPeerCertifiate, but returns the entire chain sent by the peer as
 
 \subsubsection[\fn{ssl:getCipherInfo}]{\fn{ssl:getCipherInfo()}}
 
-Returns a table of information on the current cipher. 
+Returns a table of information on the current cipher.
 
 \begin{tabular}{ c | l }
 field & description\\\hline