Write RFC 3820 manual page PROXY_POLICY_new(3) from scratch.

These four functions are listed in <openssl/x509v3.h> and in OpenSSL doc/man3/X509_dup.pod. OpenSSL documentation specifies the wrong header file.
author: schwarze <> 2016-12-23 23:19:57 +0000
committer: schwarze <> 2016-12-23 23:19:57 +0000
commit: c705b02744cea9b168f534a419d7d059685da139 (patch)
tree: 159763a8dccf0bd0726de3613e6cc2a37ff5f030 /src/lib
parent: 08fcf28e41cd4bae2eb14becff5b2a423dac9ff0 (diff)
download: openbsd-c705b02744cea9b168f534a419d7d059685da139.tar.gz
openbsd-c705b02744cea9b168f534a419d7d059685da139.tar.bz2
openbsd-c705b02744cea9b168f534a419d7d059685da139.zip
2 files changed, 91 insertions, 1 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 065a87b0ee..5f6719c73a 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.97 2016/12/23 22:21:40 schwarze Exp $
+# $OpenBSD: Makefile,v 1.98 2016/12/23 23:19:57 schwarze Exp $
 .include <bsd.own.mk>
@@ -161,6 +161,7 @@ MAN=	\
        PKCS7_verify.3 \
        PKCS8_PRIV_KEY_INFO_new.3 \
        POLICYINFO_new.3 \
+        PROXY_POLICY_new.3 \
        RAND_add.3 \
        RAND_bytes.3 \
        RAND_load_file.3 \
diff --git a/src/lib/libcrypto/man/PROXY_POLICY_new.3 b/src/lib/libcrypto/man/PROXY_POLICY_new.3
new file mode 100644
index 0000000000..eb4e963033
--- /dev/null
+++ b/src/lib/libcrypto/man/PROXY_POLICY_new.3
@@ -0,0 +1,89 @@
+.\"     $OpenBSD: PROXY_POLICY_new.3,v 1.1 2016/12/23 23:19:57 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 23 2016 $
+.Dt PROXY_POLICY_NEW 3
+.Os
+.Sh NAME
+.Nm PROXY_POLICY_new ,
+.Nm PROXY_POLICY_free ,
+.Nm PROXY_CERT_INFO_EXTENSION_new ,
+.Nm PROXY_CERT_INFO_EXTENSION_free
+.Nd X.509 proxy certificate extension
+.Sh SYNOPSIS
+.In openssl/x509v3.h
+.Ft PROXY_POLICY *
+.Fn PROXY_POLICY_new void
+.Ft void
+.Fn PROXY_POLICY_free "PROXY_POLICY *pp"
+.Ft PROXY_CERT_INFO_EXTENSION *
+.Fn PROXY_CERT_INFO_EXTENSION_new void
+.Ft void
+.Fn PROXY_CERT_INFO_EXTENSION_free "PROXY_CERT_INFO_EXTENSION *pcie"
+.Sh DESCRIPTION
+If a given non-CA certificate grants any privileges, using that
+certificate to issue a proxy certificate and handing that proxy
+certificate over to another person, organization, or service allows
+the bearer of the proxy certificate to exercise some or all of the
+privileges on behalf of the subject of the original certificate.
+.Pp
+.Fn PROXY_POLICY_new
+allocates and initializes an empty
+.Vt PROXY_POLICY
+object, representing an ASN.1 ProxyPolicy structure
+defined in RFC 3820 section 3.8.
+It defines which privileges are to be delegated.
+.Fn PROXY_POLICY_free
+frees
+.Fa pp .
+.Pp
+.Fn PROXY_CERT_INFO_EXTENSION_new
+allocates and initializes an empty
+.Vt PROXY_CERT_INFO_EXTENSION
+object, representing an ASN.1 ProxyCertInfo structure
+defined in RFC 3820 section 3.8.
+It can contain a
+.Vt PROXY_POLICY
+object, and it can additionally restrict the maximum depth of the
+path of proxy certificates that can be signed by this proxy
+certificate.
+.Fn PROXY_CERT_INFO_EXTENSION_free
+frees
+.Fa pcie .
+.Pp
+If a non-CA certificate contains a
+.Vt PROXY_CERT_INFO_EXTENSION ,
+it is a proxy certificate; otherwise, it is an end entity certificate.
+.Sh RETURN VALUES
+.Fn PROXY_POLICY_new
+and
+.Fn PROXY_CERT_INFO_EXTENSION_new
+return the new
+.Vt PROXY_POLICY
+or
+.Vt PROXY_CERT_INFO_EXTENSION
+object, respectively, or
+.Dv NULL
+if an error occurs.
+.Sh SEE ALSO
+.Xr BASIC_CONSTRAINTS_new 3 ,
+.Xr EXTENDED_KEY_USAGE_new 3 ,
+.Xr POLICYINFO_new 3 ,
+.Xr X509_EXTENSION_new 3 ,
+.Xr X509_new 3
+.Sh STANDARDS
+RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy
+Certificate Profile
author	schwarze <>	2016-12-23 23:19:57 +0000
committer	schwarze <>	2016-12-23 23:19:57 +0000
commit	c705b02744cea9b168f534a419d7d059685da139 (patch)
tree	159763a8dccf0bd0726de3613e6cc2a37ff5f030 /src/lib
parent	08fcf28e41cd4bae2eb14becff5b2a423dac9ff0 (diff)
download	openbsd-c705b02744cea9b168f534a419d7d059685da139.tar.gz openbsd-c705b02744cea9b168f534a419d7d059685da139.tar.bz2 openbsd-c705b02744cea9b168f534a419d7d059685da139.zip

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 065a87b0ee..5f6719c73a 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.97 2016/12/23 22:21:40 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.98 2016/12/23 23:19:57 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -161,6 +161,7 @@ MAN= \
161	PKCS7_verify.3 \	161	PKCS7_verify.3 \
162	PKCS8_PRIV_KEY_INFO_new.3 \	162	PKCS8_PRIV_KEY_INFO_new.3 \
163	POLICYINFO_new.3 \	163	POLICYINFO_new.3 \
		164	PROXY_POLICY_new.3 \
164	RAND_add.3 \	165	RAND_add.3 \
165	RAND_bytes.3 \	166	RAND_bytes.3 \
166	RAND_load_file.3 \	167	RAND_load_file.3 \


diff --git a/src/lib/libcrypto/man/PROXY_POLICY_new.3 b/src/lib/libcrypto/man/PROXY_POLICY_new.3 new file mode 100644 index 0000000000..eb4e963033 --- /dev/null +++ b/src/lib/libcrypto/man/PROXY_POLICY_new.3
@@ -0,0 +1,89 @@
		1	.\" $OpenBSD: PROXY_POLICY_new.3,v 1.1 2016/12/23 23:19:57 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: December 23 2016 $
		18	.Dt PROXY_POLICY_NEW 3
		19	.Os
		20	.Sh NAME
		21	.Nm PROXY_POLICY_new ,
		22	.Nm PROXY_POLICY_free ,
		23	.Nm PROXY_CERT_INFO_EXTENSION_new ,
		24	.Nm PROXY_CERT_INFO_EXTENSION_free
		25	.Nd X.509 proxy certificate extension
		26	.Sh SYNOPSIS
		27	.In openssl/x509v3.h
		28	.Ft PROXY_POLICY *
		29	.Fn PROXY_POLICY_new void
		30	.Ft void
		31	.Fn PROXY_POLICY_free "PROXY_POLICY *pp"
		32	.Ft PROXY_CERT_INFO_EXTENSION *
		33	.Fn PROXY_CERT_INFO_EXTENSION_new void
		34	.Ft void
		35	.Fn PROXY_CERT_INFO_EXTENSION_free "PROXY_CERT_INFO_EXTENSION *pcie"
		36	.Sh DESCRIPTION
		37	If a given non-CA certificate grants any privileges, using that
		38	certificate to issue a proxy certificate and handing that proxy
		39	certificate over to another person, organization, or service allows
		40	the bearer of the proxy certificate to exercise some or all of the
		41	privileges on behalf of the subject of the original certificate.
		42	.Pp
		43	.Fn PROXY_POLICY_new
		44	allocates and initializes an empty
		45	.Vt PROXY_POLICY
		46	object, representing an ASN.1 ProxyPolicy structure
		47	defined in RFC 3820 section 3.8.
		48	It defines which privileges are to be delegated.
		49	.Fn PROXY_POLICY_free
		50	frees
		51	.Fa pp .
		52	.Pp
		53	.Fn PROXY_CERT_INFO_EXTENSION_new
		54	allocates and initializes an empty
		55	.Vt PROXY_CERT_INFO_EXTENSION
		56	object, representing an ASN.1 ProxyCertInfo structure
		57	defined in RFC 3820 section 3.8.
		58	It can contain a
		59	.Vt PROXY_POLICY
		60	object, and it can additionally restrict the maximum depth of the
		61	path of proxy certificates that can be signed by this proxy
		62	certificate.
		63	.Fn PROXY_CERT_INFO_EXTENSION_free
		64	frees
		65	.Fa pcie .
		66	.Pp
		67	If a non-CA certificate contains a
		68	.Vt PROXY_CERT_INFO_EXTENSION ,
		69	it is a proxy certificate; otherwise, it is an end entity certificate.
		70	.Sh RETURN VALUES
		71	.Fn PROXY_POLICY_new
		72	and
		73	.Fn PROXY_CERT_INFO_EXTENSION_new
		74	return the new
		75	.Vt PROXY_POLICY
		76	or
		77	.Vt PROXY_CERT_INFO_EXTENSION
		78	object, respectively, or
		79	.Dv NULL
		80	if an error occurs.
		81	.Sh SEE ALSO
		82	.Xr BASIC_CONSTRAINTS_new 3 ,
		83	.Xr EXTENDED_KEY_USAGE_new 3 ,
		84	.Xr POLICYINFO_new 3 ,
		85	.Xr X509_EXTENSION_new 3 ,
		86	.Xr X509_new 3
		87	.Sh STANDARDS
		88	RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy
		89	Certificate Profile