Write OCSP_CRLID_new(3) and OCSP_SERVICELOC_new(3) from scratch.

These two and OCSP_CRLID_free(3) and OCSP_SERVICELOC_free(3) are public by being in OpenSSL doc/man3/X509_dup.pod. OCSP_crlID_new(3) and OCSP_url_svcloc_new(3) are related and, even though completely undocumented in OpenSSL, obviously much more important. If you had told me a year ago that i would ever write such text, i would have called you crazy.
author: schwarze <> 2016-12-12 22:48:02 +0000
committer: schwarze <> 2016-12-12 22:48:02 +0000
commit: eed13e64effc819dc3515c637c3f057cfa1abcbb (patch)
tree: ffb356e84b85c9e590c8455fd6f516c311489ad1 /src/lib
parent: d9e7f6c929cacb184976d2c298bcbd059299393f (diff)
download: openbsd-eed13e64effc819dc3515c637c3f057cfa1abcbb.tar.gz
openbsd-eed13e64effc819dc3515c637c3f057cfa1abcbb.tar.bz2
openbsd-eed13e64effc819dc3515c637c3f057cfa1abcbb.zip
5 files changed, 196 insertions, 4 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 89533851fb..300051f921 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.74 2016/12/11 18:06:09 schwarze Exp $
+# $OpenBSD: Makefile,v 1.75 2016/12/12 22:48:02 schwarze Exp $
 .include <bsd.own.mk>
@@ -122,7 +122,9 @@ MAN=	\
        HMAC.3 \
        MD5.3 \
        OBJ_nid2obj.3 \
+        OCSP_CRLID_new.3 \
        OCSP_REQUEST_new.3 \
+        OCSP_SERVICELOC_new.3 \
        OCSP_cert_to_id.3 \
        OCSP_request_add1_nonce.3 \
        OCSP_resp_find_status.3 \
diff --git a/src/lib/libcrypto/man/OCSP_CRLID_new.3 b/src/lib/libcrypto/man/OCSP_CRLID_new.3
new file mode 100644
index 0000000000..556ec7f20e
--- /dev/null
+++ b/src/lib/libcrypto/man/OCSP_CRLID_new.3
@@ -0,0 +1,97 @@
+.\"     $OpenBSD: OCSP_CRLID_new.3,v 1.1 2016/12/12 22:48:02 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 12 2016 $
+.Dt OCSP_CRLID_NEW 3
+.Os
+.Sh NAME
+.Nm OCSP_CRLID_new ,
+.Nm OCSP_CRLID_free ,
+.Nm OCSP_crlID_new
+.Nd OCSP CRL extension
+.Sh SYNOPSIS
+.In opsenssl/ocsp.h
+.Ft OCSP_CRLID *
+.Fn OCSP_CRLID_new void
+.Ft void
+.Fn OCSP_CRLID_free "OCSP_CRLID *crlid"
+.Ft X509_EXTENSION *
+.Fo OCSP_crlID_new
+.Fa "char *url"
+.Fa "long *number"
+.Fa "char *time"
+.Fc
+.Sh DESCRIPTION
+If a client asks about the validity of a certificate and it turns
+out to be invalid, the responder may optionally communicate which
+certificate revocation list the certificate was found on.
+The required data is stored as an ASN.1 CrlID structure in the
+singleExtensions field of the SingleResponse structure.
+The CrlID is represented by an
+.Vt OCSP_CRLID
+object, which will be stored inside the
+.Vt OCSP_SINGLERESP
+object documented in
+.Xr OCSP_SINGLERESP_new 3 .
+.Pp
+.Fn OCSP_CRLID_new
+allocates and initializes an empty
+.Vt OCSP_CRLID
+object.
+.Fn OCSP_CRLID_free
+frees
+.Fa crlid .
+.Pp
+.Fn OCSP_crlID_new
+accepts the
+.Fa url
+at which the CRL is available, the CRL
+.Fa number ,
+and/or the
+.Fa time
+at which the CRL was created.
+Each argument can be
+.Dv NULL ,
+in which case the respective field is omitted.
+The resulting CrlID structure is encoded in ASN.1 using
+.Xr X509V3_EXT_i2d 3
+with criticality 0.
+.Sh RETURN VALUES
+.Fn OCSP_CRLID_new
+returns a new
+.Vt OCSP_CRLID
+object or
+.Dv NULL
+if an error occurred.
+.Pp
+.Fn OCSP_crlID_new
+returns a new
+.Vt X509_EXTENSION
+object or
+.Dv NULL
+if an error occurred.
+.Sh SEE ALSO
+.Xr OCSP_resp_find_status 3 ,
+.Xr OCSP_response_status 3
+.Sh STANDARDS
+RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
+Status Protocol, section 4.4.2: CRL References
+.Sh CAVEATS
+The function names
+.Fn OCSP_CRLID_new
+and
+.Fn OCSP_crlID_new
+only differ in case.
diff --git a/src/lib/libcrypto/man/OCSP_REQUEST_new.3 b/src/lib/libcrypto/man/OCSP_REQUEST_new.3
index deac9104d9..58f1bc1935 100644
--- a/src/lib/libcrypto/man/OCSP_REQUEST_new.3
+++ b/src/lib/libcrypto/man/OCSP_REQUEST_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: OCSP_REQUEST_new.3,v 1.4 2016/12/12 17:46:23 schwarze Exp $
+.\"     $OpenBSD: OCSP_REQUEST_new.3,v 1.5 2016/12/12 22:48:02 schwarze Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -303,7 +303,8 @@ OCSP_REQUEST_free(req);
 .Xr OCSP_request_add1_nonce 3 ,
 .Xr OCSP_resp_find_status 3 ,
 .Xr OCSP_response_status 3 ,
-.Xr OCSP_sendreq_new 3
+.Xr OCSP_sendreq_new 3 ,
+.Xr OCSP_SERVICELOC_new 3
 .Sh STANDARDS
 RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
 Status Protocol, section 4.1: Request Syntax
diff --git a/src/lib/libcrypto/man/OCSP_SERVICELOC_new.3 b/src/lib/libcrypto/man/OCSP_SERVICELOC_new.3
new file mode 100644
index 0000000000..07200114e5
--- /dev/null
+++ b/src/lib/libcrypto/man/OCSP_SERVICELOC_new.3
@@ -0,0 +1,91 @@
+.\"     $OpenBSD: OCSP_SERVICELOC_new.3,v 1.1 2016/12/12 22:48:02 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 12 2016 $
+.Dt OCSP_SERVICELOC_NEW 3
+.Os
+.Sh NAME
+.Nm OCSP_SERVICELOC_new ,
+.Nm OCSP_SERVICELOC_free ,
+.Nm OCSP_url_svcloc_new
+.Nd OCSP service locator extension
+.Sh SYNOPSIS
+.In openssl/ocsp.h
+.Ft OCSP_SERVICELOC *
+.Fn OCSP_SERVICELOC_new void
+.Ft void
+.Fn OCSP_SERVICELOC_free "OCSP_SERVICELOC *sloc"
+.Ft X509_EXTENSION *
+.Fo OCSP_url_svcloc_new
+.Fa "X509_NAME *issuer"
+.Fa "char **urls"
+.Fc
+.Sh DESCRIPTION
+Due to restrictions of network routing, a client may be unable to
+directly contact the authoritative OCSP server for a certificate
+that needs to be checked.
+In that case, the request can be sent via a proxy server.
+An ASN.1 ServiceLocator structure is included in the
+singleRequestExtensions field of the Request structure to indicate
+where to forward the request.
+The ServiceLocator is represented by a
+.Vt OCSP_SERVICELOC
+object, which will be stored inside the
+.Vt OCSP_ONEREQ
+object documented in
+.Xr OCSP_ONEREQ_new 3 .
+.Pp
+.Fn OCSP_SERVICELOC_new
+allocates and initializes an empty
+.Vt OCSP_SERVICELOC
+object.
+.Fn OCSP_SERVICELOC_free
+frees
+.Fa sloc .
+.Pp
+.Fn OCSP_url_svcloc_new
+requires an
+.Fa issuer
+name and optionally accepts an array or
+.Fa urls .
+If
+.Fa urls
+or its first element is
+.Dv NULL ,
+the locator field is omitted from the ServiceLocator structure
+and only the issuer is included.
+The resulting ServiceLocator structure is encoded in ASN.1 using
+.Xr X509V3_EXT_i2d 3
+with criticality 0.
+.Sh RETURN VALUES
+.Fn OCSP_SERVICELOC_new
+returns a new
+.Vt OCSP_SERVICELOC
+object or
+.Dv NULL
+if an error occurred.
+.Pp
+.Fn OCSP_url_svcloc_new
+returns a new
+.Vt X509_EXTENSION
+object or
+.Dv NULL
+if an error occurred.
+.Sh SEE ALSO
+.Xr OCSP_REQUEST_new 3
+.Sh STANDARDS
+RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
+Status Protocol, section 4.4.6: Service Locator
diff --git a/src/lib/libcrypto/man/OCSP_resp_find_status.3 b/src/lib/libcrypto/man/OCSP_resp_find_status.3
index eca0a2c15f..23aaa26e38 100644
--- a/src/lib/libcrypto/man/OCSP_resp_find_status.3
+++ b/src/lib/libcrypto/man/OCSP_resp_find_status.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: OCSP_resp_find_status.3,v 1.3 2016/12/12 20:10:04 schwarze Exp $
+.\"     $OpenBSD: OCSP_resp_find_status.3,v 1.4 2016/12/12 22:48:02 schwarze Exp $
 .\"     OpenSSL c952780c Jun 21 07:03:34 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -362,6 +362,7 @@ returns the status of
 or -1 if an error occurred.
 .Sh SEE ALSO
 .Xr OCSP_cert_to_id 3 ,
+.Xr OCSP_CRLID_new 3 ,
 .Xr OCSP_request_add1_nonce 3 ,
 .Xr OCSP_REQUEST_new 3 ,
 .Xr OCSP_response_status 3 ,
author	schwarze <>	2016-12-12 22:48:02 +0000
committer	schwarze <>	2016-12-12 22:48:02 +0000
commit	eed13e64effc819dc3515c637c3f057cfa1abcbb (patch)
tree	ffb356e84b85c9e590c8455fd6f516c311489ad1 /src/lib
parent	d9e7f6c929cacb184976d2c298bcbd059299393f (diff)
download	openbsd-eed13e64effc819dc3515c637c3f057cfa1abcbb.tar.gz openbsd-eed13e64effc819dc3515c637c3f057cfa1abcbb.tar.bz2 openbsd-eed13e64effc819dc3515c637c3f057cfa1abcbb.zip

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 89533851fb..300051f921 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.74 2016/12/11 18:06:09 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.75 2016/12/12 22:48:02 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -122,7 +122,9 @@ MAN= \
122	HMAC.3 \	122	HMAC.3 \
123	MD5.3 \	123	MD5.3 \
124	OBJ_nid2obj.3 \	124	OBJ_nid2obj.3 \
		125	OCSP_CRLID_new.3 \
125	OCSP_REQUEST_new.3 \	126	OCSP_REQUEST_new.3 \
		127	OCSP_SERVICELOC_new.3 \
126	OCSP_cert_to_id.3 \	128	OCSP_cert_to_id.3 \
127	OCSP_request_add1_nonce.3 \	129	OCSP_request_add1_nonce.3 \
128	OCSP_resp_find_status.3 \	130	OCSP_resp_find_status.3 \


diff --git a/src/lib/libcrypto/man/OCSP_CRLID_new.3 b/src/lib/libcrypto/man/OCSP_CRLID_new.3 new file mode 100644 index 0000000000..556ec7f20e --- /dev/null +++ b/src/lib/libcrypto/man/OCSP_CRLID_new.3
@@ -0,0 +1,97 @@
		1	.\" $OpenBSD: OCSP_CRLID_new.3,v 1.1 2016/12/12 22:48:02 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: December 12 2016 $
		18	.Dt OCSP_CRLID_NEW 3
		19	.Os
		20	.Sh NAME
		21	.Nm OCSP_CRLID_new ,
		22	.Nm OCSP_CRLID_free ,
		23	.Nm OCSP_crlID_new
		24	.Nd OCSP CRL extension
		25	.Sh SYNOPSIS
		26	.In opsenssl/ocsp.h
		27	.Ft OCSP_CRLID *
		28	.Fn OCSP_CRLID_new void
		29	.Ft void
		30	.Fn OCSP_CRLID_free "OCSP_CRLID *crlid"
		31	.Ft X509_EXTENSION *
		32	.Fo OCSP_crlID_new
		33	.Fa "char *url"
		34	.Fa "long *number"
		35	.Fa "char *time"
		36	.Fc
		37	.Sh DESCRIPTION
		38	If a client asks about the validity of a certificate and it turns
		39	out to be invalid, the responder may optionally communicate which
		40	certificate revocation list the certificate was found on.
		41	The required data is stored as an ASN.1 CrlID structure in the
		42	singleExtensions field of the SingleResponse structure.
		43	The CrlID is represented by an
		44	.Vt OCSP_CRLID
		45	object, which will be stored inside the
		46	.Vt OCSP_SINGLERESP
		47	object documented in
		48	.Xr OCSP_SINGLERESP_new 3 .
		49	.Pp
		50	.Fn OCSP_CRLID_new
		51	allocates and initializes an empty
		52	.Vt OCSP_CRLID
		53	object.
		54	.Fn OCSP_CRLID_free
		55	frees
		56	.Fa crlid .
		57	.Pp
		58	.Fn OCSP_crlID_new
		59	accepts the
		60	.Fa url
		61	at which the CRL is available, the CRL
		62	.Fa number ,
		63	and/or the
		64	.Fa time
		65	at which the CRL was created.
		66	Each argument can be
		67	.Dv NULL ,
		68	in which case the respective field is omitted.
		69	The resulting CrlID structure is encoded in ASN.1 using
		70	.Xr X509V3_EXT_i2d 3
		71	with criticality 0.
		72	.Sh RETURN VALUES
		73	.Fn OCSP_CRLID_new
		74	returns a new
		75	.Vt OCSP_CRLID
		76	object or
		77	.Dv NULL
		78	if an error occurred.
		79	.Pp
		80	.Fn OCSP_crlID_new
		81	returns a new
		82	.Vt X509_EXTENSION
		83	object or
		84	.Dv NULL
		85	if an error occurred.
		86	.Sh SEE ALSO
		87	.Xr OCSP_resp_find_status 3 ,
		88	.Xr OCSP_response_status 3
		89	.Sh STANDARDS
		90	RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
		91	Status Protocol, section 4.4.2: CRL References
		92	.Sh CAVEATS
		93	The function names
		94	.Fn OCSP_CRLID_new
		95	and
		96	.Fn OCSP_crlID_new
		97	only differ in case.


diff --git a/src/lib/libcrypto/man/OCSP_REQUEST_new.3 b/src/lib/libcrypto/man/OCSP_REQUEST_new.3 index deac9104d9..58f1bc1935 100644 --- a/src/lib/libcrypto/man/OCSP_REQUEST_new.3 +++ b/src/lib/libcrypto/man/OCSP_REQUEST_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: OCSP_REQUEST_new.3,v 1.4 2016/12/12 17:46:23 schwarze Exp $	1	.\" $OpenBSD: OCSP_REQUEST_new.3,v 1.5 2016/12/12 22:48:02 schwarze Exp $
2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100	2	.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -303,7 +303,8 @@ OCSP_REQUEST_free(req);
303	.Xr OCSP_request_add1_nonce 3 ,	303	.Xr OCSP_request_add1_nonce 3 ,
304	.Xr OCSP_resp_find_status 3 ,	304	.Xr OCSP_resp_find_status 3 ,
305	.Xr OCSP_response_status 3 ,	305	.Xr OCSP_response_status 3 ,
306	.Xr OCSP_sendreq_new 3	306	.Xr OCSP_sendreq_new 3 ,
		307	.Xr OCSP_SERVICELOC_new 3
307	.Sh STANDARDS	308	.Sh STANDARDS
308	RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate	309	RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
309	Status Protocol, section 4.1: Request Syntax	310	Status Protocol, section 4.1: Request Syntax


diff --git a/src/lib/libcrypto/man/OCSP_SERVICELOC_new.3 b/src/lib/libcrypto/man/OCSP_SERVICELOC_new.3 new file mode 100644 index 0000000000..07200114e5 --- /dev/null +++ b/src/lib/libcrypto/man/OCSP_SERVICELOC_new.3
@@ -0,0 +1,91 @@
		1	.\" $OpenBSD: OCSP_SERVICELOC_new.3,v 1.1 2016/12/12 22:48:02 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: December 12 2016 $
		18	.Dt OCSP_SERVICELOC_NEW 3
		19	.Os
		20	.Sh NAME
		21	.Nm OCSP_SERVICELOC_new ,
		22	.Nm OCSP_SERVICELOC_free ,
		23	.Nm OCSP_url_svcloc_new
		24	.Nd OCSP service locator extension
		25	.Sh SYNOPSIS
		26	.In openssl/ocsp.h
		27	.Ft OCSP_SERVICELOC *
		28	.Fn OCSP_SERVICELOC_new void
		29	.Ft void
		30	.Fn OCSP_SERVICELOC_free "OCSP_SERVICELOC *sloc"
		31	.Ft X509_EXTENSION *
		32	.Fo OCSP_url_svcloc_new
		33	.Fa "X509_NAME *issuer"
		34	.Fa "char **urls"
		35	.Fc
		36	.Sh DESCRIPTION
		37	Due to restrictions of network routing, a client may be unable to
		38	directly contact the authoritative OCSP server for a certificate
		39	that needs to be checked.
		40	In that case, the request can be sent via a proxy server.
		41	An ASN.1 ServiceLocator structure is included in the
		42	singleRequestExtensions field of the Request structure to indicate
		43	where to forward the request.
		44	The ServiceLocator is represented by a
		45	.Vt OCSP_SERVICELOC
		46	object, which will be stored inside the
		47	.Vt OCSP_ONEREQ
		48	object documented in
		49	.Xr OCSP_ONEREQ_new 3 .
		50	.Pp
		51	.Fn OCSP_SERVICELOC_new
		52	allocates and initializes an empty
		53	.Vt OCSP_SERVICELOC
		54	object.
		55	.Fn OCSP_SERVICELOC_free
		56	frees
		57	.Fa sloc .
		58	.Pp
		59	.Fn OCSP_url_svcloc_new
		60	requires an
		61	.Fa issuer
		62	name and optionally accepts an array or
		63	.Fa urls .
		64	If
		65	.Fa urls
		66	or its first element is
		67	.Dv NULL ,
		68	the locator field is omitted from the ServiceLocator structure
		69	and only the issuer is included.
		70	The resulting ServiceLocator structure is encoded in ASN.1 using
		71	.Xr X509V3_EXT_i2d 3
		72	with criticality 0.
		73	.Sh RETURN VALUES
		74	.Fn OCSP_SERVICELOC_new
		75	returns a new
		76	.Vt OCSP_SERVICELOC
		77	object or
		78	.Dv NULL
		79	if an error occurred.
		80	.Pp
		81	.Fn OCSP_url_svcloc_new
		82	returns a new
		83	.Vt X509_EXTENSION
		84	object or
		85	.Dv NULL
		86	if an error occurred.
		87	.Sh SEE ALSO
		88	.Xr OCSP_REQUEST_new 3
		89	.Sh STANDARDS
		90	RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
		91	Status Protocol, section 4.4.6: Service Locator


diff --git a/src/lib/libcrypto/man/OCSP_resp_find_status.3 b/src/lib/libcrypto/man/OCSP_resp_find_status.3 index eca0a2c15f..23aaa26e38 100644 --- a/src/lib/libcrypto/man/OCSP_resp_find_status.3 +++ b/src/lib/libcrypto/man/OCSP_resp_find_status.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: OCSP_resp_find_status.3,v 1.3 2016/12/12 20:10:04 schwarze Exp $	1	.\" $OpenBSD: OCSP_resp_find_status.3,v 1.4 2016/12/12 22:48:02 schwarze Exp $
2	.\" OpenSSL c952780c Jun 21 07:03:34 2016 -0400	2	.\" OpenSSL c952780c Jun 21 07:03:34 2016 -0400
3	.\"	3	.\"
4	.\" This file is a derived work.	4	.\" This file is a derived work.
@@ -362,6 +362,7 @@ returns the status of
362	or -1 if an error occurred.	362	or -1 if an error occurred.
363	.Sh SEE ALSO	363	.Sh SEE ALSO
364	.Xr OCSP_cert_to_id 3 ,	364	.Xr OCSP_cert_to_id 3 ,
		365	.Xr OCSP_CRLID_new 3 ,
365	.Xr OCSP_request_add1_nonce 3 ,	366	.Xr OCSP_request_add1_nonce 3 ,
366	.Xr OCSP_REQUEST_new 3 ,	367	.Xr OCSP_REQUEST_new 3 ,
367	.Xr OCSP_response_status 3 ,	368	.Xr OCSP_response_status 3 ,