Document the additional public function OCSP_basic_sign(3);

from David Cooper <david.cooper@nist.gov> via OpenSSL commit cace14b8 Jan 24 11:47:23 2018 -0500.
author: schwarze <> 2018-02-15 15:36:04 +0000
committer: schwarze <> 2018-02-15 15:36:04 +0000
commit: 9939b7782c6ac19252ee0d49847762ddb4ce1be1 (patch)
tree: cceb995eab9b10f5f5a407ac719888e7c0e3998b
parent: df436818a8ed43be4291cf07528f32725025ed16 (diff)
download: openbsd-9939b7782c6ac19252ee0d49847762ddb4ce1be1.tar.gz
openbsd-9939b7782c6ac19252ee0d49847762ddb4ce1be1.tar.bz2
openbsd-9939b7782c6ac19252ee0d49847762ddb4ce1be1.zip
1 files changed, 42 insertions, 5 deletions
diff --git a/src/lib/libcrypto/man/OCSP_response_status.3 b/src/lib/libcrypto/man/OCSP_response_status.3
index 1ffa8a728e..e0b294d8f6 100644
--- a/src/lib/libcrypto/man/OCSP_response_status.3
+++ b/src/lib/libcrypto/man/OCSP_response_status.3
@@ -1,5 +1,6 @@
-.\"     $OpenBSD: OCSP_response_status.3,v 1.4 2016/12/25 22:15:10 schwarze Exp $
+.\" $OpenBSD: OCSP_response_status.3,v 1.5 2018/02/15 15:36:04 schwarze Exp $
-.\"     OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
+.\" full merge up to: OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400
+.\" selective merge up to: OpenSSL e23ac625 Jan 24 12:27:19 2018 -0500
 .\"
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
@@ -19,7 +20,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
-.\" Copyright (c) 2014, 2016 The OpenSSL Project.  All rights reserved.
+.\" Copyright (c) 2014, 2016, 2018 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -65,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 25 2016 $
+.Dd $Mdocdate: February 15 2018 $
 .Dt OCSP_RESPONSE_STATUS 3
 .Os
 .Sh NAME
@@ -81,7 +82,8 @@
 .Nm OCSP_RESPID_free ,
 .Nm OCSP_response_create ,
 .Nm OCSP_response_status ,
-.Nm OCSP_response_get1_basic
+.Nm OCSP_response_get1_basic ,
+.Nm OCSP_basic_sign
 .Nd OCSP response functions
 .Sh SYNOPSIS
 .In openssl/ocsp.h
@@ -118,6 +120,15 @@
 .Fo OCSP_response_get1_basic
 .Fa "OCSP_RESPONSE *resp"
 .Fc
+.Ft int
+.Fo OCSP_basic_sign
+.Fa "OCSP_BASICRESP *bs"
+.Fa "X509 *signer"
+.Fa "EVP_PKEY *key"
+.Fa "const EVP_MD *dgst"
+.Fa "STACK_OF(X509) *certs"
+.Fa "unsigned long flags"
+.Fc
 .Sh DESCRIPTION
 .Fn OCSP_RESPONSE_new
 allocates and initializes an empty
@@ -206,6 +217,29 @@ object contained in
 .Fa resp .
 It is only called if the status of a response is
 .Dv OCSP_RESPONSE_STATUS_SUCCESSFUL .
+.Pp
+.Fn OCSP_basic_sign
+signs the OCSP response
+.Fa bs
+using the certificate
+.Fa signer ,
+the private key
+.Fa key ,
+the digest
+.Fa dgst ,
+and the additional certificates
+.Fa certs .
+If the
+.Fa flags
+option
+.Dv OCSP_NOCERTS
+is set, then no certificates will be included in the request.
+If the
+.Fa flags
+option
+.Dv OCSP_RESPID_KEY
+is set, then the responder is identified by key ID
+rather than by name.
 .Sh RETURN VALUES
 .Fn OCSP_RESPONSE_new
 and
@@ -240,6 +274,9 @@ if an error occurred.
 .Pp
 .Fn OCSP_response_status
 returns a status value.
+.Pp
+.Fn OCSP_basic_sign
+return 1 on success or 0 on failure.
 .Sh SEE ALSO
 .Xr OCSP_cert_to_id 3 ,
 .Xr OCSP_request_add1_nonce 3 ,
author	schwarze <>	2018-02-15 15:36:04 +0000
committer	schwarze <>	2018-02-15 15:36:04 +0000
commit	9939b7782c6ac19252ee0d49847762ddb4ce1be1 (patch)
tree	cceb995eab9b10f5f5a407ac719888e7c0e3998b
parent	df436818a8ed43be4291cf07528f32725025ed16 (diff)
download	openbsd-9939b7782c6ac19252ee0d49847762ddb4ce1be1.tar.gz openbsd-9939b7782c6ac19252ee0d49847762ddb4ce1be1.tar.bz2 openbsd-9939b7782c6ac19252ee0d49847762ddb4ce1be1.zip