Explain the meaning of the policy_oids input argument, correct the

description of the *pexplicit_policy output argument and make it less technical, and drop the mention of the expected_policy_set because the library provides no accessor function for it.
author: schwarze <> 2021-07-28 13:39:20 +0000
committer: schwarze <> 2021-07-28 13:39:20 +0000
commit: 553a7c3a1283ddd8dec313cbc040c9aa086b6c13 (patch)
tree: db95bb3d5174191684d5a791f27c65221d579df8 /src
parent: 03a9ceb3ec186900c4013d7ef08eefac4badd114 (diff)
download: openbsd-553a7c3a1283ddd8dec313cbc040c9aa086b6c13.tar.gz
openbsd-553a7c3a1283ddd8dec313cbc040c9aa086b6c13.tar.bz2
openbsd-553a7c3a1283ddd8dec313cbc040c9aa086b6c13.zip
1 files changed, 12 insertions, 14 deletions
diff --git a/src/lib/libcrypto/man/X509_policy_check.3 b/src/lib/libcrypto/man/X509_policy_check.3
index f245099228..d6932b5244 100644
--- a/src/lib/libcrypto/man/X509_policy_check.3
+++ b/src/lib/libcrypto/man/X509_policy_check.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_policy_check.3,v 1.1 2021/07/27 13:27:46 schwarze Exp $
+.\" $OpenBSD: X509_policy_check.3,v 1.2 2021/07/28 13:39:20 schwarze Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 27 2021 $
+.Dd $Mdocdate: July 28 2021 $
 .Dt X509_POLICY_CHECK 3
 .Os
 .Sh NAME
@@ -50,6 +50,7 @@ The
 input argument contains the
 .Va user-initial-policy-set
 according to RFC 5280 section 6.1.1(c).
+It specifies a set of certificate policies acceptable to the certificate user.
 .Pp
 The
 .Fa flags
@@ -86,19 +87,16 @@ the last level corresponds to the target certificate.
 Level 0 is initialized to contain a single node with a
 .Fa valid_policy
 of
-.Sy anyPolicy ,
+.Sy anyPolicy
-an empty
+and an empty
-.Fa qualifier_set ,
+.Fa qualifier_set .
-and an
-.Fa expected_policy_set
-containing only
-.Sy anyPolicy .
 .Pp
-The storage location pointed to by
+Upon success and in some cases of failure, the storage location pointed to by
 .Fa pexplicit_policy
-is set as specified in RFC 5280 paragraphs 6.1.2(d), 6.1.4(h), 6.1.4(i),
+is set to 1 if
-6.1.5(a), and 6.1.5(b).
+.Dv X509_V_FLAG_EXPLICIT_POLICY
-In case of failure, it may or may not get set, representing a partial result.
+was requested.
+Otherwise, it is set to 0.
 .Sh RETURN VALUES
 .Fn X509_policy_check
 returns these values:
@@ -135,7 +133,7 @@ is set to
 .Dv NULL
 and
 .Pf * Fa pexplicit_policy
-may be set to 0 or to a partial result.
+may or may not be set.
 .It 1
 Validation succeeded and
 .Pf * Fa ptree
author	schwarze <>	2021-07-28 13:39:20 +0000
committer	schwarze <>	2021-07-28 13:39:20 +0000
commit	553a7c3a1283ddd8dec313cbc040c9aa086b6c13 (patch)
tree	db95bb3d5174191684d5a791f27c65221d579df8 /src
parent	03a9ceb3ec186900c4013d7ef08eefac4badd114 (diff)
download	openbsd-553a7c3a1283ddd8dec313cbc040c9aa086b6c13.tar.gz openbsd-553a7c3a1283ddd8dec313cbc040c9aa086b6c13.tar.bz2 openbsd-553a7c3a1283ddd8dec313cbc040c9aa086b6c13.zip

diff --git a/src/lib/libcrypto/man/X509_policy_check.3 b/src/lib/libcrypto/man/X509_policy_check.3 index f245099228..d6932b5244 100644 --- a/src/lib/libcrypto/man/X509_policy_check.3 +++ b/src/lib/libcrypto/man/X509_policy_check.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_policy_check.3,v 1.1 2021/07/27 13:27:46 schwarze Exp $	1	.\" $OpenBSD: X509_policy_check.3,v 1.2 2021/07/28 13:39:20 schwarze Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>	3	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: July 27 2021 $	17	.Dd $Mdocdate: July 28 2021 $
18	.Dt X509_POLICY_CHECK 3	18	.Dt X509_POLICY_CHECK 3
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -50,6 +50,7 @@ The
50	input argument contains the	50	input argument contains the
51	.Va user-initial-policy-set	51	.Va user-initial-policy-set
52	according to RFC 5280 section 6.1.1(c).	52	according to RFC 5280 section 6.1.1(c).
		53	It specifies a set of certificate policies acceptable to the certificate user.
53	.Pp	54	.Pp
54	The	55	The
55	.Fa flags	56	.Fa flags
@@ -86,19 +87,16 @@ the last level corresponds to the target certificate.
86	Level 0 is initialized to contain a single node with a	87	Level 0 is initialized to contain a single node with a
87	.Fa valid_policy	88	.Fa valid_policy
88	of	89	of
89	.Sy anyPolicy ,	90	.Sy anyPolicy
90	an empty	91	and an empty
91	.Fa qualifier_set ,	92	.Fa qualifier_set .
92	and an
93	.Fa expected_policy_set
94	containing only
95	.Sy anyPolicy .
96	.Pp	93	.Pp
97	The storage location pointed to by	94	Upon success and in some cases of failure, the storage location pointed to by
98	.Fa pexplicit_policy	95	.Fa pexplicit_policy
99	is set as specified in RFC 5280 paragraphs 6.1.2(d), 6.1.4(h), 6.1.4(i),	96	is set to 1 if
100	6.1.5(a), and 6.1.5(b).	97	.Dv X509_V_FLAG_EXPLICIT_POLICY
101	In case of failure, it may or may not get set, representing a partial result.	98	was requested.
		99	Otherwise, it is set to 0.
102	.Sh RETURN VALUES	100	.Sh RETURN VALUES
103	.Fn X509_policy_check	101	.Fn X509_policy_check
104	returns these values:	102	returns these values:
@@ -135,7 +133,7 @@ is set to
135	.Dv NULL	133	.Dv NULL
136	and	134	and
137	.Pf * Fa pexplicit_policy	135	.Pf * Fa pexplicit_policy
138	may be set to 0 or to a partial result.	136	may or may not be set.
139	.It 1	137	.It 1
140	Validation succeeded and	138	Validation succeeded and
141	.Pf * Fa ptree	139	.Pf * Fa ptree