Write GENERAL_NAME_new(3) manual page from scratch - as if plain X.501

Name structures weren't already complicated enough, see X509_NAME_new(3). All these functions are listed in <openssl/x509v3.h> and in OpenSSL doc/man3/X509_dup.pod. OpenSSL documentation specifies the wrong header file.
author: schwarze <> 2016-12-23 00:40:16 +0000
committer: schwarze <> 2016-12-23 00:40:16 +0000
commit: f188f6bd44b2c5213baa9288812e40d6480ca387 (patch)
tree: 4001df8589312693e4336ca2a61622373c6a2e85 /src/lib
parent: 867da3b40474288c6085c1151107759b20ce4d9e (diff)
download: openbsd-f188f6bd44b2c5213baa9288812e40d6480ca387.tar.gz
openbsd-f188f6bd44b2c5213baa9288812e40d6480ca387.tar.bz2
openbsd-f188f6bd44b2c5213baa9288812e40d6480ca387.zip
2 files changed, 138 insertions, 1 deletions
diff --git a/src/lib/libcrypto/man/GENERAL_NAME_new.3 b/src/lib/libcrypto/man/GENERAL_NAME_new.3
new file mode 100644
index 0000000000..c4e8fce764
--- /dev/null
+++ b/src/lib/libcrypto/man/GENERAL_NAME_new.3
@@ -0,0 +1,136 @@
+.\"     $OpenBSD: GENERAL_NAME_new.3,v 1.1 2016/12/23 00:40:16 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 23 2016 $
+.Dt GENERAL_NAME_NEW 3
+.Os
+.Sh NAME
+.Nm GENERAL_NAME_new ,
+.Nm GENERAL_NAME_free ,
+.Nm GENERAL_NAMES_new ,
+.Nm GENERAL_NAMES_free ,
+.Nm EDIPARTYNAME_new ,
+.Nm EDIPARTYNAME_free ,
+.Nm OTHERNAME_new ,
+.Nm OTHERNAME_free
+.Nd names for use in X.509 extensions
+.Sh SYNOPSIS
+.In openssl/x509v3.h
+.Ft GENERAL_NAME *
+.Fn GENERAL_NAME_new void
+.Ft void
+.Fn GENERAL_NAME_free "GENERAL_NAME *name"
+.Ft GENERAL_NAMES *
+.Fn GENERAL_NAMES_new void
+.Ft void
+.Fn GENERAL_NAMES_free "GENERAL_NAMES *names"
+.Ft EDIPARTYNAME *
+.Fn EDIPARTYNAME_new void
+.Ft void
+.Fn EDIPARTYNAME_free "EDIPARTYNAME *name"
+.Ft OTHERNAME *
+.Fn OTHERNAME_new void
+.Ft void
+.Fn OTHERNAME_free "OTHERNAME *name"
+.Sh DESCRIPTION
+Even though the X.501 Name documented in
+.Xr X509_NAME_new 3
+is a complicated multi-layered structure, it is very rigid and not
+flexible enough to represent various entities that many people want
+to use as names in certificates.
+For that reason, X.509 extensions use the X.509 GeneralName
+wrapper structure rather than using the X.501 Name structure
+directly, at the expense of adding one or two additional layers
+of indirection.
+.Pp
+.Fn GENERAL_NAME_new
+allocates and initializes an empty
+.Vt GENERAL_NAME
+object, representing the ASN.1 GeneralName structure
+defined in RFC 5280 section 4.2.1.6.
+It can for example hold an
+.Vt X509_name
+object, an IP address, a DNS host name, a uniform resource identifier,
+an email address, or an
+.Vt EDIPARTYNAME
+or
+.Vt OTHERNAME
+object described below.
+.Fn GENERAL_NAME_free
+frees
+.Fa name .
+.Pp
+.Fn GENERAL_NAMES_new
+allocates and initializes an empty
+.Vt GENERAL_NAMES
+object, which is a
+.Vt STACK_OF(GENERAL_NAME)
+and represents the ASN.1 GeneralNames structure
+defined in RFC 5280 section 4.2.1.6.
+It is used by extension structures that can contain multiple names,
+for example key identifier, alternative name, and distribution point
+extensions.
+.Fn GENERAL_NAMES_free
+frees
+.Fa names .
+.Pp
+.Fn EDIPARTYNAME_new
+allocates and initializes an empty
+.Vt EDIPARTYNAME
+object, representing the ASN.1 EDIPartyName structure
+defined in RFC 5280 section 4.2.1.6, where
+.Dq EDI
+stands for
+.Dq electronic data identifier .
+It can hold two strings, the name itself and the name of the authority
+that assigned that name.
+.Fn EDIPARTYNAME_free
+frees
+.Fa name .
+.Pp
+.Fn OTHERNAME_new
+allocates and initializes an empty
+.Vt OTHERNAME
+object, representing the ASN.1 OtherName structure
+defined in RFC 5280 section 4.2.1.6.
+It can hold data of any
+.Vt ASN1_TYPE
+together with a type identifier.
+.Fn OTHERNAME_free
+frees
+.Fa name .
+.Sh RETURN VALUES
+.Fn GENERAL_NAME_new ,
+.Fn GENERAL_NAMES_new ,
+.Fn EDIPARTYNAME_new ,
+and
+.Fn OTHERNAME_new
+return a new
+.Vt GENERAL_NAME ,
+.Vt GENERAL_NAMES ,
+.Vt EDIPARTYNAME ,
+or
+.Vt OTHERNAME
+object or
+.Dv NULL
+if an error occurs.
+.Sh SEE ALSO
+.Xr X509_EXTENSION_new 3 ,
+.Xr X509_NAME_new 3
+.Sh STANDARDS
+RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
+Certificate Revocation List (CRL) Profile,
+section 4.2: Certificate Extensions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index d76403010d..f3910f74dd 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.89 2016/12/22 16:05:22 schwarze Exp $
+# $OpenBSD: Makefile,v 1.90 2016/12/23 00:40:16 schwarze Exp $
 .include <bsd.own.mk>
@@ -120,6 +120,7 @@ MAN=	\
        EVP_SealInit.3 \
        EVP_SignInit.3 \
        EVP_VerifyInit.3 \
+        GENERAL_NAME_new.3 \
        HMAC.3 \
        MD5.3 \
        OBJ_nid2obj.3 \
author	schwarze <>	2016-12-23 00:40:16 +0000
committer	schwarze <>	2016-12-23 00:40:16 +0000
commit	f188f6bd44b2c5213baa9288812e40d6480ca387 (patch)
tree	4001df8589312693e4336ca2a61622373c6a2e85 /src/lib
parent	867da3b40474288c6085c1151107759b20ce4d9e (diff)
download	openbsd-f188f6bd44b2c5213baa9288812e40d6480ca387.tar.gz openbsd-f188f6bd44b2c5213baa9288812e40d6480ca387.tar.bz2 openbsd-f188f6bd44b2c5213baa9288812e40d6480ca387.zip

diff --git a/src/lib/libcrypto/man/GENERAL_NAME_new.3 b/src/lib/libcrypto/man/GENERAL_NAME_new.3 new file mode 100644 index 0000000000..c4e8fce764 --- /dev/null +++ b/src/lib/libcrypto/man/GENERAL_NAME_new.3
@@ -0,0 +1,136 @@
		1	.\" $OpenBSD: GENERAL_NAME_new.3,v 1.1 2016/12/23 00:40:16 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: December 23 2016 $
		18	.Dt GENERAL_NAME_NEW 3
		19	.Os
		20	.Sh NAME
		21	.Nm GENERAL_NAME_new ,
		22	.Nm GENERAL_NAME_free ,
		23	.Nm GENERAL_NAMES_new ,
		24	.Nm GENERAL_NAMES_free ,
		25	.Nm EDIPARTYNAME_new ,
		26	.Nm EDIPARTYNAME_free ,
		27	.Nm OTHERNAME_new ,
		28	.Nm OTHERNAME_free
		29	.Nd names for use in X.509 extensions
		30	.Sh SYNOPSIS
		31	.In openssl/x509v3.h
		32	.Ft GENERAL_NAME *
		33	.Fn GENERAL_NAME_new void
		34	.Ft void
		35	.Fn GENERAL_NAME_free "GENERAL_NAME *name"
		36	.Ft GENERAL_NAMES *
		37	.Fn GENERAL_NAMES_new void
		38	.Ft void
		39	.Fn GENERAL_NAMES_free "GENERAL_NAMES *names"
		40	.Ft EDIPARTYNAME *
		41	.Fn EDIPARTYNAME_new void
		42	.Ft void
		43	.Fn EDIPARTYNAME_free "EDIPARTYNAME *name"
		44	.Ft OTHERNAME *
		45	.Fn OTHERNAME_new void
		46	.Ft void
		47	.Fn OTHERNAME_free "OTHERNAME *name"
		48	.Sh DESCRIPTION
		49	Even though the X.501 Name documented in
		50	.Xr X509_NAME_new 3
		51	is a complicated multi-layered structure, it is very rigid and not
		52	flexible enough to represent various entities that many people want
		53	to use as names in certificates.
		54	For that reason, X.509 extensions use the X.509 GeneralName
		55	wrapper structure rather than using the X.501 Name structure
		56	directly, at the expense of adding one or two additional layers
		57	of indirection.
		58	.Pp
		59	.Fn GENERAL_NAME_new
		60	allocates and initializes an empty
		61	.Vt GENERAL_NAME
		62	object, representing the ASN.1 GeneralName structure
		63	defined in RFC 5280 section 4.2.1.6.
		64	It can for example hold an
		65	.Vt X509_name
		66	object, an IP address, a DNS host name, a uniform resource identifier,
		67	an email address, or an
		68	.Vt EDIPARTYNAME
		69	or
		70	.Vt OTHERNAME
		71	object described below.
		72	.Fn GENERAL_NAME_free
		73	frees
		74	.Fa name .
		75	.Pp
		76	.Fn GENERAL_NAMES_new
		77	allocates and initializes an empty
		78	.Vt GENERAL_NAMES
		79	object, which is a
		80	.Vt STACK_OF(GENERAL_NAME)
		81	and represents the ASN.1 GeneralNames structure
		82	defined in RFC 5280 section 4.2.1.6.
		83	It is used by extension structures that can contain multiple names,
		84	for example key identifier, alternative name, and distribution point
		85	extensions.
		86	.Fn GENERAL_NAMES_free
		87	frees
		88	.Fa names .
		89	.Pp
		90	.Fn EDIPARTYNAME_new
		91	allocates and initializes an empty
		92	.Vt EDIPARTYNAME
		93	object, representing the ASN.1 EDIPartyName structure
		94	defined in RFC 5280 section 4.2.1.6, where
		95	.Dq EDI
		96	stands for
		97	.Dq electronic data identifier .
		98	It can hold two strings, the name itself and the name of the authority
		99	that assigned that name.
		100	.Fn EDIPARTYNAME_free
		101	frees
		102	.Fa name .
		103	.Pp
		104	.Fn OTHERNAME_new
		105	allocates and initializes an empty
		106	.Vt OTHERNAME
		107	object, representing the ASN.1 OtherName structure
		108	defined in RFC 5280 section 4.2.1.6.
		109	It can hold data of any
		110	.Vt ASN1_TYPE
		111	together with a type identifier.
		112	.Fn OTHERNAME_free
		113	frees
		114	.Fa name .
		115	.Sh RETURN VALUES
		116	.Fn GENERAL_NAME_new ,
		117	.Fn GENERAL_NAMES_new ,
		118	.Fn EDIPARTYNAME_new ,
		119	and
		120	.Fn OTHERNAME_new
		121	return a new
		122	.Vt GENERAL_NAME ,
		123	.Vt GENERAL_NAMES ,
		124	.Vt EDIPARTYNAME ,
		125	or
		126	.Vt OTHERNAME
		127	object or
		128	.Dv NULL
		129	if an error occurs.
		130	.Sh SEE ALSO
		131	.Xr X509_EXTENSION_new 3 ,
		132	.Xr X509_NAME_new 3
		133	.Sh STANDARDS
		134	RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
		135	Certificate Revocation List (CRL) Profile,
		136	section 4.2: Certificate Extensions


diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index d76403010d..f3910f74dd 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.89 2016/12/22 16:05:22 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.90 2016/12/23 00:40:16 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -120,6 +120,7 @@ MAN= \
120	EVP_SealInit.3 \	120	EVP_SealInit.3 \
121	EVP_SignInit.3 \	121	EVP_SignInit.3 \
122	EVP_VerifyInit.3 \	122	EVP_VerifyInit.3 \
		123	GENERAL_NAME_new.3 \
123	HMAC.3 \	124	HMAC.3 \
124	MD5.3 \	125	MD5.3 \
125	OBJ_nid2obj.3 \	126	OBJ_nid2obj.3 \