Document X509v3_{addr,asid}_inherits(3)

Also note another bug in X509v3_asid_{canonize,is_canonical}(3).
author: tb <> 2023-09-26 20:42:45 +0000
committer: tb <> 2023-09-26 20:42:45 +0000
commit: 69bb4041f1907aa069bdef3c3f546e3d34b5470b (patch)
tree: b97d15e08bb4f538df6cfd69070f7d55ef5d434a /src/lib/libcrypto/man/X509v3_addr_inherits.3
parent: 2fb34de3060792a0eb0a3d391d55a8644cbae70b (diff)
download: openbsd-69bb4041f1907aa069bdef3c3f546e3d34b5470b.tar.gz
openbsd-69bb4041f1907aa069bdef3c3f546e3d34b5470b.tar.bz2
openbsd-69bb4041f1907aa069bdef3c3f546e3d34b5470b.zip
1 files changed, 106 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/X509v3_addr_inherits.3 b/src/lib/libcrypto/man/X509v3_addr_inherits.3
new file mode 100644
index 0000000000..a8465afb38
--- /dev/null
+++ b/src/lib/libcrypto/man/X509v3_addr_inherits.3
@@ -0,0 +1,106 @@
+.\" $OpenBSD: X509v3_addr_inherits.3,v 1.1 2023/09/26 20:42:45 tb Exp $
+.\"
+.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: September 26 2023 $
+.Dt X509V3_ADDR_INHERITS 3
+.Os
+.Sh NAME
+.Nm X509v3_addr_inherits ,
+.Nm X509v3_asid_inherits
+.Nd inheritance for the IP address and AS number delegation extensions
+.Sh SYNOPSIS
+.In openssl/x509v3.h
+.Ft int
+.Fn X509v3_addr_inherits "IPAddrBlocks *addrblocks"
+.Ft int
+.Fn X509v3_asid_inherits "ASIdentifiers *asids"
+.Sh DESCRIPTION
+.Fn X509v3_addr_inherits
+determines if there is at least one address family in
+.Fa addrblocks
+that uses inheritance.
+.Pp
+.Fn X509v3_asid_inherits
+is intended to determine if at least one of
+the list of autonomous system numbers or
+the list of routing domain identifiers
+uses inheritance.
+.Sh RETURN VALUES
+.Fn X509v3_addr_inherits
+returns 1 if and only if
+.Fa addrblocks
+contains at least one
+.Fa IPAddressFamily
+object that is correctly marked
+.Dq inherit :
+its
+.Fa IPAddressChoice
+is of
+.Fa type
+.Dv IPAddressChoice_inherit
+and its
+.Fa inherit
+element is present.
+Otherwise it returns 0.
+.Pp
+.Fn X509v3_asid_inherits
+returns 1 if and only if
+at least one of the
+.Fa asnum
+or the
+.Fa rdi
+lists has
+.Fa type
+.Dv ASIdentifierChoice_inherit .
+Otherwise
+.Fn X509v3_asid_inherits 3
+returns 0.
+.Sh SEE ALSO
+.Xr ASIdentifiers_new 3 ,
+.Xr ASRange_new 3 ,
+.Xr crypto 3 ,
+.Xr IPAddressRange_new 3 ,
+.Xr X509_new 3 ,
+.Xr X509v3_addr_add_inherit 3 ,
+.Xr X509v3_asid_add_inherit 3
+.Sh STANDARDS
+RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
+.Bl -dash -compact
+.It
+section 2: IP Address delegation extension
+.It
+section 2.2.3.5: Element inherit
+.It
+section 3: AS identifiers delegation extension
+.It
+section 3.2.3.3: Element inherit
+.El
+.Sh HISTORY
+These functions first appeared in OpenSSL 0.9.8e
+and have been available since
+.Ox 7.1 .
+.Sh BUGS
+.Fn X509v3_asid_inherits
+ignores whether the
+.Fa inherit
+is present or absent in the list that is considered to use inheritance.
+.Pp
+There is no API that determines whether all lists contained in an
+.Vt ASIdentifiers
+or an
+.Vt IPAddrBlocks
+objects inherit.
+See RFC 9287, 5.1.2 for an example where this is relevant.
author	tb <>	2023-09-26 20:42:45 +0000
committer	tb <>	2023-09-26 20:42:45 +0000
commit	69bb4041f1907aa069bdef3c3f546e3d34b5470b (patch)
tree	b97d15e08bb4f538df6cfd69070f7d55ef5d434a /src/lib/libcrypto/man/X509v3_addr_inherits.3
parent	2fb34de3060792a0eb0a3d391d55a8644cbae70b (diff)
download	openbsd-69bb4041f1907aa069bdef3c3f546e3d34b5470b.tar.gz openbsd-69bb4041f1907aa069bdef3c3f546e3d34b5470b.tar.bz2 openbsd-69bb4041f1907aa069bdef3c3f546e3d34b5470b.zip

diff --git a/src/lib/libcrypto/man/X509v3_addr_inherits.3 b/src/lib/libcrypto/man/X509v3_addr_inherits.3 new file mode 100644 index 0000000000..a8465afb38 --- /dev/null +++ b/src/lib/libcrypto/man/X509v3_addr_inherits.3
@@ -0,0 +1,106 @@
	1	.\" $OpenBSD: X509v3_addr_inherits.3,v 1.1 2023/09/26 20:42:45 tb Exp $
	2	.\"
	3	.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
	4	.\"
	5	.\" Permission to use, copy, modify, and distribute this software for any
	6	.\" purpose with or without fee is hereby granted, provided that the above
	7	.\" copyright notice and this permission notice appear in all copies.
	8	.\"
	9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	.\"
	17	.Dd $Mdocdate: September 26 2023 $
	18	.Dt X509V3_ADDR_INHERITS 3
	19	.Os
	20	.Sh NAME
	21	.Nm X509v3_addr_inherits ,
	22	.Nm X509v3_asid_inherits
	23	.Nd inheritance for the IP address and AS number delegation extensions
	24	.Sh SYNOPSIS
	25	.In openssl/x509v3.h
	26	.Ft int
	27	.Fn X509v3_addr_inherits "IPAddrBlocks *addrblocks"
	28	.Ft int
	29	.Fn X509v3_asid_inherits "ASIdentifiers *asids"
	30	.Sh DESCRIPTION
	31	.Fn X509v3_addr_inherits
	32	determines if there is at least one address family in
	33	.Fa addrblocks
	34	that uses inheritance.
	35	.Pp
	36	.Fn X509v3_asid_inherits
	37	is intended to determine if at least one of
	38	the list of autonomous system numbers or
	39	the list of routing domain identifiers
	40	uses inheritance.
	41	.Sh RETURN VALUES
	42	.Fn X509v3_addr_inherits
	43	returns 1 if and only if
	44	.Fa addrblocks
	45	contains at least one
	46	.Fa IPAddressFamily
	47	object that is correctly marked
	48	.Dq inherit :
	49	its
	50	.Fa IPAddressChoice
	51	is of
	52	.Fa type
	53	.Dv IPAddressChoice_inherit
	54	and its
	55	.Fa inherit
	56	element is present.
	57	Otherwise it returns 0.
	58	.Pp
	59	.Fn X509v3_asid_inherits
	60	returns 1 if and only if
	61	at least one of the
	62	.Fa asnum
	63	or the
	64	.Fa rdi
	65	lists has
	66	.Fa type
	67	.Dv ASIdentifierChoice_inherit .
	68	Otherwise
	69	.Fn X509v3_asid_inherits 3
	70	returns 0.
	71	.Sh SEE ALSO
	72	.Xr ASIdentifiers_new 3 ,
	73	.Xr ASRange_new 3 ,
	74	.Xr crypto 3 ,
	75	.Xr IPAddressRange_new 3 ,
	76	.Xr X509_new 3 ,
	77	.Xr X509v3_addr_add_inherit 3 ,
	78	.Xr X509v3_asid_add_inherit 3
	79	.Sh STANDARDS
	80	RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
	81	.Bl -dash -compact
	82	.It
	83	section 2: IP Address delegation extension
	84	.It
	85	section 2.2.3.5: Element inherit
	86	.It
	87	section 3: AS identifiers delegation extension
	88	.It
	89	section 3.2.3.3: Element inherit
	90	.El
	91	.Sh HISTORY
	92	These functions first appeared in OpenSSL 0.9.8e
	93	and have been available since
	94	.Ox 7.1 .
	95	.Sh BUGS
	96	.Fn X509v3_asid_inherits
	97	ignores whether the
	98	.Fa inherit
	99	is present or absent in the list that is considered to use inheritance.
	100	.Pp
	101	There is no API that determines whether all lists contained in an
	102	.Vt ASIdentifiers
	103	or an
	104	.Vt IPAddrBlocks
	105	objects inherit.
	106	See RFC 9287, 5.1.2 for an example where this is relevant.