Document X509_supported_extension(3).

The sentence about X509_EXTENSION_get_critical(3) in the DESCRIPTION contained broken grammar or at least broken punctuation, and more importantly, redundant and misplaced information. While he, shorten it.
author: schwarze <> 2024-12-28 11:04:09 +0000
committer: schwarze <> 2024-12-28 11:04:09 +0000
commit: de9ea4e9be643d0e11646c7435e6fa3ed0a1a028 (patch)
tree: 991704c856561d9020733892e88de6ddaefe8d33
parent: 2d704d09cd1a78115e2d10a4918602191ed0a6fd (diff)
download: openbsd-de9ea4e9be643d0e11646c7435e6fa3ed0a1a028.tar.gz
openbsd-de9ea4e9be643d0e11646c7435e6fa3ed0a1a028.tar.bz2
openbsd-de9ea4e9be643d0e11646c7435e6fa3ed0a1a028.zip
1 files changed, 28 insertions, 6 deletions
diff --git a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3
index 3f6c7709a5..45cf0dbaa5 100644
--- a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3
+++ b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3
@@ -1,10 +1,10 @@
-.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.18 2024/05/12 11:49:47 tb Exp $
+.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.19 2024/12/28 11:04:09 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
 .\"
-.\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org>
+.\" Copyright (c) 2016, 2021, 2024 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 12 2024 $
+.Dd $Mdocdate: December 28 2024 $
 .Dt X509_EXTENSION_SET_OBJECT 3
 .Os
 .Sh NAME
@@ -79,7 +79,8 @@
 .Nm X509_EXTENSION_set_data ,
 .Nm X509_EXTENSION_get_object ,
 .Nm X509_EXTENSION_get_critical ,
-.Nm X509_EXTENSION_get_data
+.Nm X509_EXTENSION_get_data ,
+.Nm X509_supported_extension
 .\" In the next line, the capital "E" is not a typo.
 .\" The ASN.1 structure is called "Extension", not "extension".
 .Nd create, change, and inspect X.509 Extension objects
@@ -132,6 +133,10 @@
 .Fo X509_EXTENSION_get_data
 .Fa "X509_EXTENSION *ex"
 .Fc
+.Ft int
+.Fo X509_supported_extension
+.Fa "X509_EXTENSION *ex"
+.Fc
 .Sh DESCRIPTION
 .Fn X509_EXTENSION_new
 allocates and initializes an empty
@@ -225,15 +230,23 @@ pointer.
 The returned pointer is an internal value which must not be freed up.
 .Pp
 .Fn X509_EXTENSION_get_critical
-returns the criticality of extension
+tests whether
 .Fa ex
-it returns 1 for critical and 0 for non-critical.
+is critical.
 .Pp
 .Fn X509_EXTENSION_get_data
 returns the data of extension
 .Fa ex .
 The returned pointer is an internal value which must not be freed up.
 .Pp
+.Fn X509_supported_extension
+checks whether
+.Fa ex
+is of a type supported by the verifier.
+The list of supported extension types is hardcoded into the library.
+If an extension is critical but unsupported,
+the certificate will normally be rejected.
+.Pp
 These functions manipulate the contents of an extension directly.
 Most applications will want to parse or encode and add an extension:
 they should use the extension encode and decode functions instead
@@ -277,6 +290,11 @@ returns 0 for non-critical or 1 for critical.
 returns an
 .Vt ASN1_OCTET_STRING
 pointer.
+.Pp
+.Fn X509_supported_extension
+returns 1 if the type of
+.Fa ex
+is supported by the verifier or 0 otherwise.
 .Sh SEE ALSO
 .Xr ACCESS_DESCRIPTION_new 3 ,
 .Xr AUTHORITY_KEYID_new 3 ,
@@ -324,3 +342,7 @@ and
 in SSLeay 0.8.0.
 These functions have been available since
 .Ox 2.4 .
+.Pp
+.Fn X509_supported_extension
+first appeared in OpenSSL 0.9.7 and has been available since
+.Ox 3.2 .
author	schwarze <>	2024-12-28 11:04:09 +0000
committer	schwarze <>	2024-12-28 11:04:09 +0000
commit	de9ea4e9be643d0e11646c7435e6fa3ed0a1a028 (patch)
tree	991704c856561d9020733892e88de6ddaefe8d33
parent	2d704d09cd1a78115e2d10a4918602191ed0a6fd (diff)
download	openbsd-de9ea4e9be643d0e11646c7435e6fa3ed0a1a028.tar.gz openbsd-de9ea4e9be643d0e11646c7435e6fa3ed0a1a028.tar.bz2 openbsd-de9ea4e9be643d0e11646c7435e6fa3ed0a1a028.zip

diff --git a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 index 3f6c7709a5..45cf0dbaa5 100644 --- a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 +++ b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3
@@ -1,10 +1,10 @@
1	.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.18 2024/05/12 11:49:47 tb Exp $	1	.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.19 2024/12/28 11:04:09 schwarze Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
5	.\" The changes are covered by the following Copyright and license:	5	.\" The changes are covered by the following Copyright and license:
6	.\"	6	.\"
7	.\" Copyright (c) 2016, 2021 Ingo Schwarze <schwarze@openbsd.org>	7	.\" Copyright (c) 2016, 2021, 2024 Ingo Schwarze <schwarze@openbsd.org>
8	.\"	8	.\"
9	.\" Permission to use, copy, modify, and distribute this software for any	9	.\" Permission to use, copy, modify, and distribute this software for any
10	.\" purpose with or without fee is hereby granted, provided that the above	10	.\" purpose with or without fee is hereby granted, provided that the above
@@ -65,7 +65,7 @@
65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
67	.\"	67	.\"
68	.Dd $Mdocdate: May 12 2024 $	68	.Dd $Mdocdate: December 28 2024 $
69	.Dt X509_EXTENSION_SET_OBJECT 3	69	.Dt X509_EXTENSION_SET_OBJECT 3
70	.Os	70	.Os
71	.Sh NAME	71	.Sh NAME
@@ -79,7 +79,8 @@
79	.Nm X509_EXTENSION_set_data ,	79	.Nm X509_EXTENSION_set_data ,
80	.Nm X509_EXTENSION_get_object ,	80	.Nm X509_EXTENSION_get_object ,
81	.Nm X509_EXTENSION_get_critical ,	81	.Nm X509_EXTENSION_get_critical ,
82	.Nm X509_EXTENSION_get_data	82	.Nm X509_EXTENSION_get_data ,
		83	.Nm X509_supported_extension
83	.\" In the next line, the capital "E" is not a typo.	84	.\" In the next line, the capital "E" is not a typo.
84	.\" The ASN.1 structure is called "Extension", not "extension".	85	.\" The ASN.1 structure is called "Extension", not "extension".
85	.Nd create, change, and inspect X.509 Extension objects	86	.Nd create, change, and inspect X.509 Extension objects
@@ -132,6 +133,10 @@
132	.Fo X509_EXTENSION_get_data	133	.Fo X509_EXTENSION_get_data
133	.Fa "X509_EXTENSION *ex"	134	.Fa "X509_EXTENSION *ex"
134	.Fc	135	.Fc
		136	.Ft int
		137	.Fo X509_supported_extension
		138	.Fa "X509_EXTENSION *ex"
		139	.Fc
135	.Sh DESCRIPTION	140	.Sh DESCRIPTION
136	.Fn X509_EXTENSION_new	141	.Fn X509_EXTENSION_new
137	allocates and initializes an empty	142	allocates and initializes an empty
@@ -225,15 +230,23 @@ pointer.
225	The returned pointer is an internal value which must not be freed up.	230	The returned pointer is an internal value which must not be freed up.
226	.Pp	231	.Pp
227	.Fn X509_EXTENSION_get_critical	232	.Fn X509_EXTENSION_get_critical
228	returns the criticality of extension	233	tests whether
229	.Fa ex	234	.Fa ex
230	it returns 1 for critical and 0 for non-critical.	235	is critical.
231	.Pp	236	.Pp
232	.Fn X509_EXTENSION_get_data	237	.Fn X509_EXTENSION_get_data
233	returns the data of extension	238	returns the data of extension
234	.Fa ex .	239	.Fa ex .
235	The returned pointer is an internal value which must not be freed up.	240	The returned pointer is an internal value which must not be freed up.
236	.Pp	241	.Pp
		242	.Fn X509_supported_extension
		243	checks whether
		244	.Fa ex
		245	is of a type supported by the verifier.
		246	The list of supported extension types is hardcoded into the library.
		247	If an extension is critical but unsupported,
		248	the certificate will normally be rejected.
		249	.Pp
237	These functions manipulate the contents of an extension directly.	250	These functions manipulate the contents of an extension directly.
238	Most applications will want to parse or encode and add an extension:	251	Most applications will want to parse or encode and add an extension:
239	they should use the extension encode and decode functions instead	252	they should use the extension encode and decode functions instead
@@ -277,6 +290,11 @@ returns 0 for non-critical or 1 for critical.
277	returns an	290	returns an
278	.Vt ASN1_OCTET_STRING	291	.Vt ASN1_OCTET_STRING
279	pointer.	292	pointer.
		293	.Pp
		294	.Fn X509_supported_extension
		295	returns 1 if the type of
		296	.Fa ex
		297	is supported by the verifier or 0 otherwise.
280	.Sh SEE ALSO	298	.Sh SEE ALSO
281	.Xr ACCESS_DESCRIPTION_new 3 ,	299	.Xr ACCESS_DESCRIPTION_new 3 ,
282	.Xr AUTHORITY_KEYID_new 3 ,	300	.Xr AUTHORITY_KEYID_new 3 ,
@@ -324,3 +342,7 @@ and
324	in SSLeay 0.8.0.	342	in SSLeay 0.8.0.
325	These functions have been available since	343	These functions have been available since
326	.Ox 2.4 .	344	.Ox 2.4 .
		345	.Pp
		346	.Fn X509_supported_extension
		347	first appeared in OpenSSL 0.9.7 and has been available since
		348	.Ox 3.2 .