Add minimal manpage documenting the misnamed X509V3_EXT_get_nid()

This avoids a dangling reference in i2s_ASN1_ENUMERATED_TABLE. To complete this manual, someone will need to document X509V3_EXT_METHOD, but that's for a much more rainy day than today.
author: tb <> 2024-05-12 11:49:47 +0000
committer: tb <> 2024-05-12 11:49:47 +0000
commit: fbe6d90bee35015432bebfd3c0a09782a7fcefc5 (patch)
tree: 2fabf8fcc6d123793b9a6d847560ca0653e78bed
parent: d4905f3c6c2cb96492ec1b9d82142d3f7e620a5a (diff)
download: openbsd-fbe6d90bee35015432bebfd3c0a09782a7fcefc5.tar.gz
openbsd-fbe6d90bee35015432bebfd3c0a09782a7fcefc5.tar.bz2
openbsd-fbe6d90bee35015432bebfd3c0a09782a7fcefc5.zip
2 files changed, 92 insertions, 2 deletions
diff --git a/src/lib/libcrypto/man/X509V3_EXT_get_nid.3 b/src/lib/libcrypto/man/X509V3_EXT_get_nid.3
new file mode 100644
index 0000000000..657db0e61e
--- /dev/null
+++ b/src/lib/libcrypto/man/X509V3_EXT_get_nid.3
@@ -0,0 +1,89 @@
+.\" $OpenBSD: X509V3_EXT_get_nid.3,v 1.1 2024/05/12 11:49:47 tb Exp $
+.\"
+.\" Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: May 12 2024 $
+.Dt X509V3_EXT_GET_NID 3
+.Os
+.Sh NAME
+.Nm X509V3_EXT_get_nid ,
+.Nm X509V3_EXT_get
+.Nd retrieve X.509v3 certificate extension methods
+.Sh SYNOPSIS
+.In openssl/x509v3.h
+.Ft const X509V3_EXT_METHOD *
+.Fo X509V3_EXT_get_nid
+.Fa "int nid"
+.Fc
+.Ft const X509V3_EXT_METHOD *
+.Fo X509V3_EXT_get
+.Fa "X509_EXTENSION *ext"
+.Fc
+.Sh DESCRIPTION
+An X.509v3 certificate extension contains an Object Identifier (OID),
+a boolean criticality indicator, and an opaque extension value
+.Vt ASN1_OCTET_STRING
+whose meaning is determined by the OID.
+The library's
+.Vt X509V3_EXT_METHOD
+type,
+which is not yet documented in detail,
+contains a numeric identifier to represent the OID and various
+handlers for encoding, decoding, printing, and configuring the
+extension's value.
+Criticality is handled separately, for example as an argument to
+.Xr X509V3_add1_i2d 3 .
+.Sh RETURN VALUES
+.Fn X509V3_EXT_get_nid
+returns the
+.Vt X509V3_EXT_METHOD
+corresponding to the numeric identifier
+.Fa nid ,
+or
+.Dv NULL
+if there is none.
+.Pp
+.Fn X509V3_EXT_get
+returns the built-in
+.Vt X509V3_EXT_METHOD
+associated with the extension type of
+.Fa ext ,
+or
+.Dv NULL
+if there is none.
+.Sh SEE ALSO
+.Xr i2s_ASN1_ENUMERATED_TABLE 3 ,
+.Xr OBJ_create 3 ,
+.Xr X509_EXTENSION_get_object 3 ,
+.Xr X509V3_get_d2i 3
+.Sh STANDARDS
+RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
+Certificate Revocation List (CRL) Profile
+.Bl -dash -compact
+.It
+section 4.2: Certificate Extensions
+.El
+.Sh HISTORY
+These functions first appeared in OpenSSL 0.9.2b and
+have been available since
+.Ox 2.6 .
+.Sh CAVEATS
+LibreSSL only supports built-in extension methods.
+Other implementations have incomplete support for custom extension methods,
+whose API is not threadsafe, does not affect the behavior of
+.Xr X509_verify_cert 3 ,
+and has various other surprising quirks.
+If custom extensions were added, both functions will prefer them
+over built-in methods.
diff --git a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3
index dcfe075ebd..3f6c7709a5 100644
--- a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3
+++ b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.17 2023/04/30 19:40:23 tb Exp $
+.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.18 2024/05/12 11:49:47 tb Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 30 2023 $
+.Dd $Mdocdate: May 12 2024 $
 .Dt X509_EXTENSION_SET_OBJECT 3
 .Os
 .Sh NAME
@@ -297,6 +297,7 @@ pointer.
 .Xr X509_check_issued 3 ,
 .Xr X509_get_extension_flags 3 ,
 .Xr X509_REQ_add_extensions 3 ,
+.Xr X509V3_EXT_get_nid 3 ,
 .Xr X509V3_EXT_print 3 ,
 .Xr X509V3_extensions_print 3 ,
 .Xr X509V3_get_d2i 3 ,
author	tb <>	2024-05-12 11:49:47 +0000
committer	tb <>	2024-05-12 11:49:47 +0000
commit	fbe6d90bee35015432bebfd3c0a09782a7fcefc5 (patch)
tree	2fabf8fcc6d123793b9a6d847560ca0653e78bed
parent	d4905f3c6c2cb96492ec1b9d82142d3f7e620a5a (diff)
download	openbsd-fbe6d90bee35015432bebfd3c0a09782a7fcefc5.tar.gz openbsd-fbe6d90bee35015432bebfd3c0a09782a7fcefc5.tar.bz2 openbsd-fbe6d90bee35015432bebfd3c0a09782a7fcefc5.zip

diff --git a/src/lib/libcrypto/man/X509V3_EXT_get_nid.3 b/src/lib/libcrypto/man/X509V3_EXT_get_nid.3 new file mode 100644 index 0000000000..657db0e61e --- /dev/null +++ b/src/lib/libcrypto/man/X509V3_EXT_get_nid.3
@@ -0,0 +1,89 @@
		1	.\" $OpenBSD: X509V3_EXT_get_nid.3,v 1.1 2024/05/12 11:49:47 tb Exp $
		2	.\"
		3	.\" Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: May 12 2024 $
		18	.Dt X509V3_EXT_GET_NID 3
		19	.Os
		20	.Sh NAME
		21	.Nm X509V3_EXT_get_nid ,
		22	.Nm X509V3_EXT_get
		23	.Nd retrieve X.509v3 certificate extension methods
		24	.Sh SYNOPSIS
		25	.In openssl/x509v3.h
		26	.Ft const X509V3_EXT_METHOD *
		27	.Fo X509V3_EXT_get_nid
		28	.Fa "int nid"
		29	.Fc
		30	.Ft const X509V3_EXT_METHOD *
		31	.Fo X509V3_EXT_get
		32	.Fa "X509_EXTENSION *ext"
		33	.Fc
		34	.Sh DESCRIPTION
		35	An X.509v3 certificate extension contains an Object Identifier (OID),
		36	a boolean criticality indicator, and an opaque extension value
		37	.Vt ASN1_OCTET_STRING
		38	whose meaning is determined by the OID.
		39	The library's
		40	.Vt X509V3_EXT_METHOD
		41	type,
		42	which is not yet documented in detail,
		43	contains a numeric identifier to represent the OID and various
		44	handlers for encoding, decoding, printing, and configuring the
		45	extension's value.
		46	Criticality is handled separately, for example as an argument to
		47	.Xr X509V3_add1_i2d 3 .
		48	.Sh RETURN VALUES
		49	.Fn X509V3_EXT_get_nid
		50	returns the
		51	.Vt X509V3_EXT_METHOD
		52	corresponding to the numeric identifier
		53	.Fa nid ,
		54	or
		55	.Dv NULL
		56	if there is none.
		57	.Pp
		58	.Fn X509V3_EXT_get
		59	returns the built-in
		60	.Vt X509V3_EXT_METHOD
		61	associated with the extension type of
		62	.Fa ext ,
		63	or
		64	.Dv NULL
		65	if there is none.
		66	.Sh SEE ALSO
		67	.Xr i2s_ASN1_ENUMERATED_TABLE 3 ,
		68	.Xr OBJ_create 3 ,
		69	.Xr X509_EXTENSION_get_object 3 ,
		70	.Xr X509V3_get_d2i 3
		71	.Sh STANDARDS
		72	RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
		73	Certificate Revocation List (CRL) Profile
		74	.Bl -dash -compact
		75	.It
		76	section 4.2: Certificate Extensions
		77	.El
		78	.Sh HISTORY
		79	These functions first appeared in OpenSSL 0.9.2b and
		80	have been available since
		81	.Ox 2.6 .
		82	.Sh CAVEATS
		83	LibreSSL only supports built-in extension methods.
		84	Other implementations have incomplete support for custom extension methods,
		85	whose API is not threadsafe, does not affect the behavior of
		86	.Xr X509_verify_cert 3 ,
		87	and has various other surprising quirks.
		88	If custom extensions were added, both functions will prefer them
		89	over built-in methods.


diff --git a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 index dcfe075ebd..3f6c7709a5 100644 --- a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 +++ b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.17 2023/04/30 19:40:23 tb Exp $	1	.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.18 2024/05/12 11:49:47 tb Exp $
2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -65,7 +65,7 @@
65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	65	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	66	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
67	.\"	67	.\"
68	.Dd $Mdocdate: April 30 2023 $	68	.Dd $Mdocdate: May 12 2024 $
69	.Dt X509_EXTENSION_SET_OBJECT 3	69	.Dt X509_EXTENSION_SET_OBJECT 3
70	.Os	70	.Os
71	.Sh NAME	71	.Sh NAME
@@ -297,6 +297,7 @@ pointer.
297	.Xr X509_check_issued 3 ,	297	.Xr X509_check_issued 3 ,
298	.Xr X509_get_extension_flags 3 ,	298	.Xr X509_get_extension_flags 3 ,
299	.Xr X509_REQ_add_extensions 3 ,	299	.Xr X509_REQ_add_extensions 3 ,
		300	.Xr X509V3_EXT_get_nid 3 ,
300	.Xr X509V3_EXT_print 3 ,	301	.Xr X509V3_EXT_print 3 ,
301	.Xr X509V3_extensions_print 3 ,	302	.Xr X509V3_extensions_print 3 ,
302	.Xr X509V3_get_d2i 3 ,	303	.Xr X509V3_get_d2i 3 ,