diff options
| author | tb <> | 2023-09-29 15:41:06 +0000 |
|---|---|---|
| committer | tb <> | 2023-09-29 15:41:06 +0000 |
| commit | f4f0e4daf1dec6165cb0996274d1ce8cd63b6dc6 (patch) | |
| tree | 63e15c99a23f4b49eb7f6868e72d6079b33652e3 /src | |
| parent | c460d602798f2c07ec07290ff4c37f76094717bb (diff) | |
| download | openbsd-f4f0e4daf1dec6165cb0996274d1ce8cd63b6dc6.tar.gz openbsd-f4f0e4daf1dec6165cb0996274d1ce8cd63b6dc6.tar.bz2 openbsd-f4f0e4daf1dec6165cb0996274d1ce8cd63b6dc6.zip | |
Some wording tweaks to make things a bit more precise.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/man/X509v3_addr_validate_path.3 | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/lib/libcrypto/man/X509v3_addr_validate_path.3 b/src/lib/libcrypto/man/X509v3_addr_validate_path.3 index 109cab3f52..d3c088c916 100644 --- a/src/lib/libcrypto/man/X509v3_addr_validate_path.3 +++ b/src/lib/libcrypto/man/X509v3_addr_validate_path.3 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: X509v3_addr_validate_path.3,v 1.2 2023/09/29 09:28:21 tb Exp $ | 1 | .\" $OpenBSD: X509v3_addr_validate_path.3,v 1.3 2023/09/29 15:41:06 tb Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org> | 3 | .\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org> |
| 4 | .\" | 4 | .\" |
| @@ -47,20 +47,21 @@ path validation. | |||
| 47 | .Bl -enum | 47 | .Bl -enum |
| 48 | .It | 48 | .It |
| 49 | The initial set of allowed IP address and AS number resources is defined in | 49 | The initial set of allowed IP address and AS number resources is defined in |
| 50 | the trust anchor; inheritance is not allowed in the trust anchor. | 50 | the trust anchor, where inheritance is not allowed. |
| 51 | .It | 51 | .It |
| 52 | All IP address delegation or AS number delegation extensions | 52 | All IP address delegation or AS number delegation extensions |
| 53 | must be in canonical form according to | 53 | appearing in the validation path must be in canonical form |
| 54 | according to | ||
| 54 | .Xr X509v3_addr_is_canonical 3 | 55 | .Xr X509v3_addr_is_canonical 3 |
| 55 | and | 56 | and |
| 56 | .Xr X509v3_asid_is_canonical 3 . | 57 | .Xr X509v3_asid_is_canonical 3 . |
| 57 | .It | 58 | .It |
| 58 | If the IP address delegation extension is present in a certificate, | 59 | If the IP address delegation extension is present in a certificate, |
| 59 | it must also be present in its issuer. | 60 | it must also be present in its issuer. |
| 60 | Similarly for AS identifiers. | 61 | Similarly for the AS identifiers delegation extension. |
| 61 | .It | 62 | .It |
| 62 | An issuer may only delegate resources present in its | 63 | An issuer may only delegate subsets of resources present in its |
| 63 | RFC 3779 extensions. | 64 | RFC 3779 extensions or subsets of resources inherited from its issuer. |
| 64 | .El | 65 | .El |
| 65 | .Pp | 66 | .Pp |
| 66 | .Fn X509v3_addr_validate_path | 67 | .Fn X509v3_addr_validate_path |