Delete the x509(3) manual page and merge what little content remained

into X509_new(3). Add information about STANDARDS.
author: schwarze <> 2016-12-22 13:05:59 +0000
committer: schwarze <> 2016-12-22 13:05:59 +0000
commit: e803f754b531bde55b4988bcbd5eaa095ab488b6 (patch)
tree: b84773e72d1fa0e5fcc6a1ddad83f3c39a877bf6 /src/lib
parent: 97a2c3b99cd490a5541b176735b6b0ff0561ecb3 (diff)
download: openbsd-e803f754b531bde55b4988bcbd5eaa095ab488b6.tar.gz
openbsd-e803f754b531bde55b4988bcbd5eaa095ab488b6.tar.bz2
openbsd-e803f754b531bde55b4988bcbd5eaa095ab488b6.zip
3 files changed, 27 insertions, 136 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 6cbab45168..8a5e9419a9 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.86 2016/12/22 12:21:19 schwarze Exp $
+# $OpenBSD: Makefile,v 1.87 2016/12/22 13:05:59 schwarze Exp $
 .include <bsd.own.mk>
@@ -230,7 +230,6 @@ MAN=	\
        i2d_PKCS7_bio_stream.3 \
        lh_new.3 \
        lh_stats.3 \
-        x509.3 \
        openssl.cnf.5 \
        x509v3.cnf.5
diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3
index 605d1db7be..6520aaf477 100644
--- a/src/lib/libcrypto/man/X509_new.3
+++ b/src/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_new.3,v 1.6 2016/12/12 22:02:55 jmc Exp $
+.\"     $OpenBSD: X509_new.3,v 1.7 2016/12/22 13:05:59 schwarze Exp $
 .\"     OpenSSL 3a59ad98 Dec 11 00:36:06 2015 +0000
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,14 +48,14 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 12 2016 $
+.Dd $Mdocdate: December 22 2016 $
 .Dt X509_NEW 3
 .Os
 .Sh NAME
 .Nm X509_new ,
 .Nm X509_free ,
 .Nm X509_up_ref
-.Nd X509 certificate ASN.1 allocation functions
+.Nd X.509 certificate object
 .Sh SYNOPSIS
 .In openssl/x509.h
 .Ft X509 *
@@ -69,12 +69,14 @@
 .Fa "X509 *a"
 .Fc
 .Sh DESCRIPTION
-The X509 ASN.1 allocation routines allocate and free an
-.Vt X509
-structure, which represents an X509 certificate.
-.Pp
 .Fn X509_new
-allocates and initializes an X509 structure with reference count 1.
+allocates and initializes an empty
+.Vt X509
+object with reference count 1.
+It represents an ASN.1 Certificate structure
+defined in RFC 5280 section 4.1.
+It can hold a public key together with information about the person,
+organization, device, or function the associated private key belongs to.
 .Pp
 .Fn X509_free
 decrements the reference count of the
@@ -95,6 +97,11 @@ This function is useful if a certificate structure is being used
 by several different operations each of which will free it up after
 use: this avoids the need to duplicate the entire certificate
 structure.
+.Pp
+The object
+.Vt X509_INFO ,
+which can hold a certificate, the corresponding private key,
+and a certificate revocation list, is not yet documented.
 .Sh RETURN VALUES
 If the allocation fails,
 .Fn X509_new
@@ -107,8 +114,18 @@ Otherwise it returns a pointer to the newly allocated structure.
 .Fn X509_up_ref
 returns 1 for success or 0 for failure.
 .Sh SEE ALSO
+.Xr crypto 3 ,
 .Xr d2i_X509 3 ,
-.Xr ERR_get_error 3
+.Xr ERR_get_error 3 ,
+.Xr X509_ALGOR_new 3 ,
+.Xr X509_CRL_new 3 ,
+.Xr X509_EXTENSION_new 3 ,
+.Xr X509_NAME_new 3 ,
+.Xr X509_REQ_new 3 ,
+.Xr X509_SIG_new 3
+.Sh STANDARDS
+RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
+Certificate Revocation List (CRL) Profile
 .Sh HISTORY
 .Fn X509_new
 and
diff --git a/src/lib/libcrypto/man/x509.3 b/src/lib/libcrypto/man/x509.3
deleted file mode 100644
index 93221c0250..0000000000
--- a/src/lib/libcrypto/man/x509.3
+++ /dev/null
@@ -1,125 +0,0 @@
-.\"     $OpenBSD: x509.3,v 1.7 2016/12/15 15:22:17 schwarze Exp $
-.\"     OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100
-.\"
-.\" This file was written by Richard Levitte <levitte@openssl.org>
-.\" Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: December 15 2016 $
-.Dt X509 3
-.Os
-.Sh NAME
-.Nm x509
-.Nd X.509 certificate handling
-.Sh SYNOPSIS
-.In openssl/x509.h
-.Sh DESCRIPTION
-An X.509 certificate is a structured grouping of information about an
-individual, a device, or anything one can imagine.
-An X.509 CRL (certificate revocation list) is a tool to help determine if
-a certificate is still valid.
-The exact definition of those can be found in the X.509 document from
-ITU-T, or in RFC 3280 from PKIX.
-In OpenSSL, the type
-.Vt X509
-is used to express such a certificate, and the type
-.Vt X509_CRL
-is used to express a CRL.
-.Pp
-A related structure is a certificate request, defined in PKCS#10 from
-RSA Security, Inc., also reflected in RFC 2896.
-In OpenSSL, the type
-.Vt X509_REQ
-is used to express such a certificate request.
-.Pp
-Finally, there's the supertype
-.Vt X509_INFO ,
-which can contain a CRL, a certificate, and a corresponding private key.
-.Pp
-The functions
-.Fa X509_* ,
-.Fa d2i_X509_* ,
-and
-.Fa i2d_X509_*
-handle X.509 certificates, with some exceptions shown below.
-.Pp
-.Fa X509_CRL_* ,
-.Fa d2i_X509_CRL_* ,
-and
-.Fa i2d_X509_CRL_*
-handle X.509 CRLs.
-.Pp
-.Fa X509_REQ_* ,
-.Fa d2i_X509_REQ_* ,
-and
-.Fa i2d_X509_REQ_*
-handle PKCS#10 certificate requests.
-.Pp
-The object type
-.Vt X509_NAME
-and the functions documented in
-.Xr X509_NAME_new 3
-and in the manual pages referenced from there handle certificate
-and issuer names.
-.Pp
-.Fa X509_ATTRIBUTE_*
-handle certificate attributes.
-.Pp
-The object type
-.Vt X509_EXTENSION
-and the functions documented in
-.Xr X509_EXTENSION_new 3
-and in the manual pages referenced from there handle certificate
-extensions and certificate revocation list extensions.
-.Sh SEE ALSO
-.Xr crypto 3 ,
-.Xr d2i_X509 3 ,
-.Xr d2i_X509_ALGOR 3 ,
-.Xr d2i_X509_CRL 3 ,
-.Xr d2i_X509_REQ 3 ,
-.Xr d2i_X509_SIG 3 ,
-.Xr X509_EXTENSION_new 3 ,
-.Xr X509_NAME_new 3
author	schwarze <>	2016-12-22 13:05:59 +0000
committer	schwarze <>	2016-12-22 13:05:59 +0000
commit	e803f754b531bde55b4988bcbd5eaa095ab488b6 (patch)
tree	b84773e72d1fa0e5fcc6a1ddad83f3c39a877bf6 /src/lib
parent	97a2c3b99cd490a5541b176735b6b0ff0561ecb3 (diff)
download	openbsd-e803f754b531bde55b4988bcbd5eaa095ab488b6.tar.gz openbsd-e803f754b531bde55b4988bcbd5eaa095ab488b6.tar.bz2 openbsd-e803f754b531bde55b4988bcbd5eaa095ab488b6.zip

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 6cbab45168..8a5e9419a9 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.86 2016/12/22 12:21:19 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.87 2016/12/22 13:05:59 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -230,7 +230,6 @@ MAN= \
230	i2d_PKCS7_bio_stream.3 \	230	i2d_PKCS7_bio_stream.3 \
231	lh_new.3 \	231	lh_new.3 \
232	lh_stats.3 \	232	lh_stats.3 \
233	x509.3 \
234	openssl.cnf.5 \	233	openssl.cnf.5 \
235	x509v3.cnf.5	234	x509v3.cnf.5
236		235


diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3 index 605d1db7be..6520aaf477 100644 --- a/src/lib/libcrypto/man/X509_new.3 +++ b/src/lib/libcrypto/man/X509_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_new.3,v 1.6 2016/12/12 22:02:55 jmc Exp $	1	.\" $OpenBSD: X509_new.3,v 1.7 2016/12/22 13:05:59 schwarze Exp $
2	.\" OpenSSL 3a59ad98 Dec 11 00:36:06 2015 +0000	2	.\" OpenSSL 3a59ad98 Dec 11 00:36:06 2015 +0000
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,14 +48,14 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: December 12 2016 $	51	.Dd $Mdocdate: December 22 2016 $
52	.Dt X509_NEW 3	52	.Dt X509_NEW 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
55	.Nm X509_new ,	55	.Nm X509_new ,
56	.Nm X509_free ,	56	.Nm X509_free ,
57	.Nm X509_up_ref	57	.Nm X509_up_ref
58	.Nd X509 certificate ASN.1 allocation functions	58	.Nd X.509 certificate object
59	.Sh SYNOPSIS	59	.Sh SYNOPSIS
60	.In openssl/x509.h	60	.In openssl/x509.h
61	.Ft X509 *	61	.Ft X509 *
@@ -69,12 +69,14 @@
69	.Fa "X509 *a"	69	.Fa "X509 *a"
70	.Fc	70	.Fc
71	.Sh DESCRIPTION	71	.Sh DESCRIPTION
72	The X509 ASN.1 allocation routines allocate and free an
73	.Vt X509
74	structure, which represents an X509 certificate.
75	.Pp
76	.Fn X509_new	72	.Fn X509_new
77	allocates and initializes an X509 structure with reference count 1.	73	allocates and initializes an empty
		74	.Vt X509
		75	object with reference count 1.
		76	It represents an ASN.1 Certificate structure
		77	defined in RFC 5280 section 4.1.
		78	It can hold a public key together with information about the person,
		79	organization, device, or function the associated private key belongs to.
78	.Pp	80	.Pp
79	.Fn X509_free	81	.Fn X509_free
80	decrements the reference count of the	82	decrements the reference count of the
@@ -95,6 +97,11 @@ This function is useful if a certificate structure is being used
95	by several different operations each of which will free it up after	97	by several different operations each of which will free it up after
96	use: this avoids the need to duplicate the entire certificate	98	use: this avoids the need to duplicate the entire certificate
97	structure.	99	structure.
		100	.Pp
		101	The object
		102	.Vt X509_INFO ,
		103	which can hold a certificate, the corresponding private key,
		104	and a certificate revocation list, is not yet documented.
98	.Sh RETURN VALUES	105	.Sh RETURN VALUES
99	If the allocation fails,	106	If the allocation fails,
100	.Fn X509_new	107	.Fn X509_new
@@ -107,8 +114,18 @@ Otherwise it returns a pointer to the newly allocated structure.
107	.Fn X509_up_ref	114	.Fn X509_up_ref
108	returns 1 for success or 0 for failure.	115	returns 1 for success or 0 for failure.
109	.Sh SEE ALSO	116	.Sh SEE ALSO
		117	.Xr crypto 3 ,
110	.Xr d2i_X509 3 ,	118	.Xr d2i_X509 3 ,
111	.Xr ERR_get_error 3	119	.Xr ERR_get_error 3 ,
		120	.Xr X509_ALGOR_new 3 ,
		121	.Xr X509_CRL_new 3 ,
		122	.Xr X509_EXTENSION_new 3 ,
		123	.Xr X509_NAME_new 3 ,
		124	.Xr X509_REQ_new 3 ,
		125	.Xr X509_SIG_new 3
		126	.Sh STANDARDS
		127	RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
		128	Certificate Revocation List (CRL) Profile
112	.Sh HISTORY	129	.Sh HISTORY
113	.Fn X509_new	130	.Fn X509_new
114	and	131	and


diff --git a/src/lib/libcrypto/man/x509.3 b/src/lib/libcrypto/man/x509.3 deleted file mode 100644 index 93221c0250..0000000000 --- a/src/lib/libcrypto/man/x509.3 +++ /dev/null
@@ -1,125 +0,0 @@
1	.\" $OpenBSD: x509.3,v 1.7 2016/12/15 15:22:17 schwarze Exp $
2	.\" OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100
3	.\"
4	.\" This file was written by Richard Levitte <levitte@openssl.org>
5	.\" Copyright (c) 2003 The OpenSSL Project. All rights reserved.
6	.\"
7	.\" Redistribution and use in source and binary forms, with or without
8	.\" modification, are permitted provided that the following conditions
9	.\" are met:
10	.\"
11	.\" 1. Redistributions of source code must retain the above copyright
12	.\" notice, this list of conditions and the following disclaimer.
13	.\"
14	.\" 2. Redistributions in binary form must reproduce the above copyright
15	.\" notice, this list of conditions and the following disclaimer in
16	.\" the documentation and/or other materials provided with the
17	.\" distribution.
18	.\"
19	.\" 3. All advertising materials mentioning features or use of this
20	.\" software must display the following acknowledgment:
21	.\" "This product includes software developed by the OpenSSL Project
22	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
23	.\"
24	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25	.\" endorse or promote products derived from this software without
26	.\" prior written permission. For written permission, please contact
27	.\" openssl-core@openssl.org.
28	.\"
29	.\" 5. Products derived from this software may not be called "OpenSSL"
30	.\" nor may "OpenSSL" appear in their names without prior written
31	.\" permission of the OpenSSL Project.
32	.\"
33	.\" 6. Redistributions of any form whatsoever must retain the following
34	.\" acknowledgment:
35	.\" "This product includes software developed by the OpenSSL Project
36	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
37	.\"
38	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"
51	.Dd $Mdocdate: December 15 2016 $
52	.Dt X509 3
53	.Os
54	.Sh NAME
55	.Nm x509
56	.Nd X.509 certificate handling
57	.Sh SYNOPSIS
58	.In openssl/x509.h
59	.Sh DESCRIPTION
60	An X.509 certificate is a structured grouping of information about an
61	individual, a device, or anything one can imagine.
62	An X.509 CRL (certificate revocation list) is a tool to help determine if
63	a certificate is still valid.
64	The exact definition of those can be found in the X.509 document from
65	ITU-T, or in RFC 3280 from PKIX.
66	In OpenSSL, the type
67	.Vt X509
68	is used to express such a certificate, and the type
69	.Vt X509_CRL
70	is used to express a CRL.
71	.Pp
72	A related structure is a certificate request, defined in PKCS#10 from
73	RSA Security, Inc., also reflected in RFC 2896.
74	In OpenSSL, the type
75	.Vt X509_REQ
76	is used to express such a certificate request.
77	.Pp
78	Finally, there's the supertype
79	.Vt X509_INFO ,
80	which can contain a CRL, a certificate, and a corresponding private key.
81	.Pp
82	The functions
83	.Fa X509_* ,
84	.Fa d2i_X509_* ,
85	and
86	.Fa i2d_X509_*
87	handle X.509 certificates, with some exceptions shown below.
88	.Pp
89	.Fa X509_CRL_* ,
90	.Fa d2i_X509_CRL_* ,
91	and
92	.Fa i2d_X509_CRL_*
93	handle X.509 CRLs.
94	.Pp
95	.Fa X509_REQ_* ,
96	.Fa d2i_X509_REQ_* ,
97	and
98	.Fa i2d_X509_REQ_*
99	handle PKCS#10 certificate requests.
100	.Pp
101	The object type
102	.Vt X509_NAME
103	and the functions documented in
104	.Xr X509_NAME_new 3
105	and in the manual pages referenced from there handle certificate
106	and issuer names.
107	.Pp
108	.Fa X509_ATTRIBUTE_*
109	handle certificate attributes.
110	.Pp
111	The object type
112	.Vt X509_EXTENSION
113	and the functions documented in
114	.Xr X509_EXTENSION_new 3
115	and in the manual pages referenced from there handle certificate
116	extensions and certificate revocation list extensions.
117	.Sh SEE ALSO
118	.Xr crypto 3 ,
119	.Xr d2i_X509 3 ,
120	.Xr d2i_X509_ALGOR 3 ,
121	.Xr d2i_X509_CRL 3 ,
122	.Xr d2i_X509_REQ 3 ,
123	.Xr d2i_X509_SIG 3 ,
124	.Xr X509_EXTENSION_new 3 ,
125	.Xr X509_NAME_new 3