Install the new page SSL_set1_host(3), link to it from relevant places,

and add two other .Xrs that might help readers find their way.
Update the merge notices of all files touched and
merge a few trivial changes from the OpenSSL 1.1.1 branch.
OK tb@

2 files changed, 14 insertions, 10 deletions

diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index 5e45278604..33cca3b4b3 100644
--- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,6 +1,6 @@
-.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.14 2018/04/07 13:57:43 jmc Exp $
+.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.15 2020/09/17 08:04:22 schwarze Exp $
 .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500
-.\" selective merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
+.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
 .\"
 .\" This file is a derived work.
 .\" The changes are covered by the following Copyright and license:
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 7 2018 $
+.Dd $Mdocdate: September 17 2020 $
 .Dt X509_VERIFY_PARAM_SET_FLAGS 3
 .Os
 .Sh NAME
@@ -337,7 +337,7 @@ in a chain.
 .Fn X509_VERIFY_PARAM_set1_host
 sets the expected DNS hostname to
 .Fa name
-clearing any previously specified host name or names.
+clearing any previously specified hostname or names.
 If
 .Fa name
 is
@@ -693,6 +693,7 @@ SSL_CTX_set1_param(ctx, param);
 X509_VERIFY_PARAM_free(param);
 .Ed
 .Sh SEE ALSO
+.Xr SSL_set1_host 3 ,
 .Xr SSL_set1_param 3 ,
 .Xr X509_check_host 3 ,
 .Xr X509_STORE_CTX_set0_param 3 ,
diff --git a/src/lib/libcrypto/man/X509_check_host.3 b/src/lib/libcrypto/man/X509_check_host.3
index a2c91af1ad..dbc56c0d21 100644
--- a/src/lib/libcrypto/man/X509_check_host.3
+++ b/src/lib/libcrypto/man/X509_check_host.3
@@ -1,5 +1,6 @@
-.\" $OpenBSD: X509_check_host.3,v 1.5 2019/08/23 12:23:39 schwarze Exp $
-.\" full merge up to: OpenSSL 6738bf14 Feb 13 12:51:29 2018 +0000
+.\" $OpenBSD: X509_check_host.3,v 1.6 2020/09/17 08:04:22 schwarze Exp $
+.\" full merge up to: OpenSSL a09e4d24 Jun 12 01:56:31 2014 -0400
+.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
 .\"
 .\" This file was written by Florian Weimer <fweimer@redhat.com> and
 .\" Viktor Dukhovni <openssl-users@dukhovni.org>.
@@ -50,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 23 2019 $
+.Dd $Mdocdate: September 17 2020 $
 .Dt X509_CHECK_HOST 3
 .Os
 .Sh NAME
@@ -91,13 +92,13 @@
 .Fc
 .Sh DESCRIPTION
 The certificate matching functions are used to check whether a
-certificate matches a given host name, email address, or IP address.
+certificate matches a given hostname, email address, or IP address.
 The validity of the certificate and its trust level has to be checked by
 other means.
 .Pp
 .Fn X509_check_host
 checks if the certificate Subject Alternative Name (SAN) or Subject
-CommonName (CN) matches the specified host name, which must be encoded
+CommonName (CN) matches the specified hostname, which must be encoded
 in the preferred name syntax described in section 3.5 of RFC 1034.
 By default, wildcards are supported and they match only in the
 left-most label; they may match part of that label with an
@@ -234,9 +235,11 @@ returns -2 if the provided
 .Fa name
 contains embedded NUL bytes.
 .Sh SEE ALSO
+.Xr SSL_set1_host 3 ,
 .Xr X509_EXTENSION_new 3 ,
 .Xr X509_get1_email 3 ,
-.Xr X509_new 3
+.Xr X509_new 3 ,
+.Xr X509_VERIFY_PARAM_set1_host 3
 .Sh HISTORY
 These functions first appeared in OpenSSL 1.0.2
 and have been available since