Write new BASIC_CONSTRAINTS_new(3) manual from scratch, explaining

the important point of how to distinguish CA certificates from end entity certificates. Both functions are listed in <openssl/x509v3.h> and in OpenSSL doc/man3/X509_dup.pod. OpenSSL documentation specifies the wrong header file.
author: schwarze <> 2016-12-23 17:02:41 +0000
committer: schwarze <> 2016-12-23 17:02:41 +0000
commit: bb637e97b251f6a6f057ccc3095a4ba9581ac8d9 (patch)
tree: 5c137d9ac22d81b3f966d5c81bb57d3e3974170a /src/lib
parent: 2ef9e674d440147afdb3ca73cf9a2f40ea040d2f (diff)
download: openbsd-bb637e97b251f6a6f057ccc3095a4ba9581ac8d9.tar.gz
openbsd-bb637e97b251f6a6f057ccc3095a4ba9581ac8d9.tar.bz2
openbsd-bb637e97b251f6a6f057ccc3095a4ba9581ac8d9.zip
2 files changed, 81 insertions, 1 deletions
diff --git a/src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 b/src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3
new file mode 100644
index 0000000000..1293be0050
--- /dev/null
+++ b/src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3
@@ -0,0 +1,79 @@
+.\"     $OpenBSD: BASIC_CONSTRAINTS_new.3,v 1.1 2016/12/23 17:02:41 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 23 2016 $
+.Dt BASIC_CONSTRAINTS_NEW 3
+.Os
+.Sh NAME
+.Nm BASIC_CONSTRAINTS_new ,
+.Nm BASIC_CONSTRAINTS_free
+.Nd X.509 extension to mark CA certificates
+.Sh SYNOPSIS
+.In openssl/x509v3.h
+.Ft BASIC_CONSTRAINTS *
+.Fn BASIC_CONSTRAINTS_new void
+.Ft void
+.Fn BASIC_CONSTRAINTS_free "BASIC_CONSTRAINTS *bc"
+.Sh DESCRIPTION
+.Fn BASIC_CONSTRAINTS_new
+allocates and initializes an empty
+.Vt BASIC_CONSTRAINTS
+object, representing an ASN.1 BasicConstraints structure
+defined in RFC 5280 section 4.2.1.9.
+.Pp
+This object contains two fields.
+The field
+.Fa "int ca"
+is non-zero if the certificate is a CA certificate.
+The field
+.Fa "ASN1_INTEGER *pathlen"
+specifies the maximum number of non-self-issued intermediate
+certificates that may follow this certificate in a valid
+certification path.
+.Pp
+If an X.509 version 3 certificate does not contain this extension
+or if the
+.Fa ca
+field of the
+.Vt BASIC_CONSTRAINTS
+object is 0, or if the certificate contains a key usage extension
+having the
+.Dv KU_KEY_CERT_SIGN
+bit unset, then it is not a CA certificate but an end entity
+certificate.
+.Pp
+.Fn BASIC_CONSTRAINTS_free
+frees
+.Fa bc .
+.Sh RETURN VALUES
+.Fn BASIC_CONSTRAINTS_new
+returns the new
+.Vt BASIC_CONSTRAINTS
+object or
+.Dv NULL
+if an error occurs.
+.Sh SEE ALSO
+.Xr X509_EXTENSION_new 3 ,
+.Xr X509_new 3
+.Sh STANDARDS
+RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
+Certificate Revocation List (CRL) Profile:
+.Bl -dash -compact
+.It
+section 4.2.1.9: Basic Constraints
+.It
+section 6.1: Basic Path Validation
+.El
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 41c850357c..0aed9e0fad 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.92 2016/12/23 15:25:19 schwarze Exp $
+# $OpenBSD: Makefile,v 1.93 2016/12/23 17:02:41 schwarze Exp $
 .include <bsd.own.mk>
@@ -12,6 +12,7 @@ MAN=	\
        ASN1_generate_nconf.3 \
        ASN1_time_parse.3 \
        AUTHORITY_KEYID_new.3 \
+        BASIC_CONSTRAINTS_new.3 \
        BF_set_key.3 \
        BIO_ctrl.3 \
        BIO_f_base64.3 \
author	schwarze <>	2016-12-23 17:02:41 +0000
committer	schwarze <>	2016-12-23 17:02:41 +0000
commit	bb637e97b251f6a6f057ccc3095a4ba9581ac8d9 (patch)
tree	5c137d9ac22d81b3f966d5c81bb57d3e3974170a /src/lib
parent	2ef9e674d440147afdb3ca73cf9a2f40ea040d2f (diff)
download	openbsd-bb637e97b251f6a6f057ccc3095a4ba9581ac8d9.tar.gz openbsd-bb637e97b251f6a6f057ccc3095a4ba9581ac8d9.tar.bz2 openbsd-bb637e97b251f6a6f057ccc3095a4ba9581ac8d9.zip

diff --git a/src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 b/src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 new file mode 100644 index 0000000000..1293be0050 --- /dev/null +++ b/src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3
@@ -0,0 +1,79 @@
		1	.\" $OpenBSD: BASIC_CONSTRAINTS_new.3,v 1.1 2016/12/23 17:02:41 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: December 23 2016 $
		18	.Dt BASIC_CONSTRAINTS_NEW 3
		19	.Os
		20	.Sh NAME
		21	.Nm BASIC_CONSTRAINTS_new ,
		22	.Nm BASIC_CONSTRAINTS_free
		23	.Nd X.509 extension to mark CA certificates
		24	.Sh SYNOPSIS
		25	.In openssl/x509v3.h
		26	.Ft BASIC_CONSTRAINTS *
		27	.Fn BASIC_CONSTRAINTS_new void
		28	.Ft void
		29	.Fn BASIC_CONSTRAINTS_free "BASIC_CONSTRAINTS *bc"
		30	.Sh DESCRIPTION
		31	.Fn BASIC_CONSTRAINTS_new
		32	allocates and initializes an empty
		33	.Vt BASIC_CONSTRAINTS
		34	object, representing an ASN.1 BasicConstraints structure
		35	defined in RFC 5280 section 4.2.1.9.
		36	.Pp
		37	This object contains two fields.
		38	The field
		39	.Fa "int ca"
		40	is non-zero if the certificate is a CA certificate.
		41	The field
		42	.Fa "ASN1_INTEGER *pathlen"
		43	specifies the maximum number of non-self-issued intermediate
		44	certificates that may follow this certificate in a valid
		45	certification path.
		46	.Pp
		47	If an X.509 version 3 certificate does not contain this extension
		48	or if the
		49	.Fa ca
		50	field of the
		51	.Vt BASIC_CONSTRAINTS
		52	object is 0, or if the certificate contains a key usage extension
		53	having the
		54	.Dv KU_KEY_CERT_SIGN
		55	bit unset, then it is not a CA certificate but an end entity
		56	certificate.
		57	.Pp
		58	.Fn BASIC_CONSTRAINTS_free
		59	frees
		60	.Fa bc .
		61	.Sh RETURN VALUES
		62	.Fn BASIC_CONSTRAINTS_new
		63	returns the new
		64	.Vt BASIC_CONSTRAINTS
		65	object or
		66	.Dv NULL
		67	if an error occurs.
		68	.Sh SEE ALSO
		69	.Xr X509_EXTENSION_new 3 ,
		70	.Xr X509_new 3
		71	.Sh STANDARDS
		72	RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
		73	Certificate Revocation List (CRL) Profile:
		74	.Bl -dash -compact
		75	.It
		76	section 4.2.1.9: Basic Constraints
		77	.It
		78	section 6.1: Basic Path Validation
		79	.El


diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 41c850357c..0aed9e0fad 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.92 2016/12/23 15:25:19 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.93 2016/12/23 17:02:41 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -12,6 +12,7 @@ MAN= \
12	ASN1_generate_nconf.3 \	12	ASN1_generate_nconf.3 \
13	ASN1_time_parse.3 \	13	ASN1_time_parse.3 \
14	AUTHORITY_KEYID_new.3 \	14	AUTHORITY_KEYID_new.3 \
		15	BASIC_CONSTRAINTS_new.3 \
15	BF_set_key.3 \	16	BF_set_key.3 \
16	BIO_ctrl.3 \	17	BIO_ctrl.3 \
17	BIO_f_base64.3 \	18	BIO_f_base64.3 \