diff options
| -rw-r--r-- | src/lib/libcrypto/doc/PKCS12_create.pod | 40 | ||||
| -rw-r--r-- | src/lib/libssl/src/doc/crypto/PKCS12_create.pod | 40 |
2 files changed, 38 insertions, 42 deletions
diff --git a/src/lib/libcrypto/doc/PKCS12_create.pod b/src/lib/libcrypto/doc/PKCS12_create.pod index 382193ec95..12fbd20b8a 100644 --- a/src/lib/libcrypto/doc/PKCS12_create.pod +++ b/src/lib/libcrypto/doc/PKCS12_create.pod | |||
| @@ -8,8 +8,9 @@ PKCS12_create - create a PKCS#12 structure | |||
| 8 | 8 | ||
| 9 | #include <openssl/pkcs12.h> | 9 | #include <openssl/pkcs12.h> |
| 10 | 10 | ||
| 11 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, | 11 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, |
| 12 | int nid_key, int nid_cert, int iter, int mac_iter, int keytype); | 12 | X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, |
| 13 | int iter, int mac_iter, int keytype); | ||
| 13 | 14 | ||
| 14 | =head1 DESCRIPTION | 15 | =head1 DESCRIPTION |
| 15 | 16 | ||
| @@ -17,12 +18,19 @@ PKCS12_create() creates a PKCS#12 structure. | |||
| 17 | 18 | ||
| 18 | B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for | 19 | B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for |
| 19 | the supplied certifictate and key. B<pkey> is the private key to include in | 20 | the supplied certifictate and key. B<pkey> is the private key to include in |
| 20 | the structure and B<cert> its corresponding certificates. B<ca>, if not B<NULL> | 21 | the structure and B<cert> its corresponding certificates. B<ca> is an optional |
| 21 | is an optional set of certificates to also include in the structure. | 22 | set of certificates to also include in the structure. |
| 23 | Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or | ||
| 24 | certficate is required. | ||
| 22 | 25 | ||
| 23 | B<nid_key> and B<nid_cert> are the encryption algorithms that should be used | 26 | B<nid_key> and B<nid_cert> are the encryption algorithms that should be used |
| 24 | for the key and certificate respectively. B<iter> is the encryption algorithm | 27 | for the key and certificate respectively. If either B<nid_key> or B<nid_cert> |
| 25 | iteration count to use and B<mac_iter> is the MAC iteration count to use. | 28 | is set to -1, no encryption will be used. |
| 29 | |||
| 30 | B<iter> is the encryption algorithm iteration count to use and B<mac_iter> is | ||
| 31 | the MAC iteration count to use. If B<mac_iter> is set to -1, the MAC will be | ||
| 32 | omitted entirely. | ||
| 33 | |||
| 26 | B<keytype> is the type of key. | 34 | B<keytype> is the type of key. |
| 27 | 35 | ||
| 28 | =head1 NOTES | 36 | =head1 NOTES |
| @@ -46,30 +54,20 @@ for old export grade software which could use signing only keys of arbitrary | |||
| 46 | size but had restrictions on the permissible sizes of keys which could be used | 54 | size but had restrictions on the permissible sizes of keys which could be used |
| 47 | for encryption. | 55 | for encryption. |
| 48 | 56 | ||
| 49 | =head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8 | ||
| 50 | |||
| 51 | Some additional functionality was added to PKCS12_create() in OpenSSL | ||
| 52 | 0.9.8. These extensions are detailed below. | ||
| 53 | |||
| 54 | If a certificate contains an B<alias> or B<keyid> then this will be | 57 | If a certificate contains an B<alias> or B<keyid> then this will be |
| 55 | used for the corresponding B<friendlyName> or B<localKeyID> in the | 58 | used for the corresponding B<friendlyName> or B<localKeyID> in the |
| 56 | PKCS12 structure. | 59 | PKCS12 structure. |
| 57 | 60 | ||
| 58 | Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or | ||
| 59 | certficate is required. In previous versions both had to be present or | ||
| 60 | a fatal error is returned. | ||
| 61 | |||
| 62 | B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption | ||
| 63 | should be used. | ||
| 64 | |||
| 65 | B<mac_iter> can be set to -1 and the MAC will then be omitted entirely. | ||
| 66 | |||
| 67 | =head1 SEE ALSO | 61 | =head1 SEE ALSO |
| 68 | 62 | ||
| 69 | L<d2i_PKCS12(3)|d2i_PKCS12(3)> | 63 | L<d2i_PKCS12(3)|d2i_PKCS12(3)> |
| 70 | 64 | ||
| 71 | =head1 HISTORY | 65 | =head1 HISTORY |
| 72 | 66 | ||
| 73 | PKCS12_create was added in OpenSSL 0.9.3 | 67 | PKCS12_create was added in OpenSSL 0.9.3. |
| 68 | |||
| 69 | Before OpenSSL 0.9.8, neither B<pkey> nor B<cert> were allowed to be B<NULL>, | ||
| 70 | and a value of B<-1> was not allowed for B<nid_key>, B<nid_cert> and | ||
| 71 | B<mac_iter>. | ||
| 74 | 72 | ||
| 75 | =cut | 73 | =cut |
diff --git a/src/lib/libssl/src/doc/crypto/PKCS12_create.pod b/src/lib/libssl/src/doc/crypto/PKCS12_create.pod index 382193ec95..12fbd20b8a 100644 --- a/src/lib/libssl/src/doc/crypto/PKCS12_create.pod +++ b/src/lib/libssl/src/doc/crypto/PKCS12_create.pod | |||
| @@ -8,8 +8,9 @@ PKCS12_create - create a PKCS#12 structure | |||
| 8 | 8 | ||
| 9 | #include <openssl/pkcs12.h> | 9 | #include <openssl/pkcs12.h> |
| 10 | 10 | ||
| 11 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, | 11 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, |
| 12 | int nid_key, int nid_cert, int iter, int mac_iter, int keytype); | 12 | X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, |
| 13 | int iter, int mac_iter, int keytype); | ||
| 13 | 14 | ||
| 14 | =head1 DESCRIPTION | 15 | =head1 DESCRIPTION |
| 15 | 16 | ||
| @@ -17,12 +18,19 @@ PKCS12_create() creates a PKCS#12 structure. | |||
| 17 | 18 | ||
| 18 | B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for | 19 | B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for |
| 19 | the supplied certifictate and key. B<pkey> is the private key to include in | 20 | the supplied certifictate and key. B<pkey> is the private key to include in |
| 20 | the structure and B<cert> its corresponding certificates. B<ca>, if not B<NULL> | 21 | the structure and B<cert> its corresponding certificates. B<ca> is an optional |
| 21 | is an optional set of certificates to also include in the structure. | 22 | set of certificates to also include in the structure. |
| 23 | Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or | ||
| 24 | certficate is required. | ||
| 22 | 25 | ||
| 23 | B<nid_key> and B<nid_cert> are the encryption algorithms that should be used | 26 | B<nid_key> and B<nid_cert> are the encryption algorithms that should be used |
| 24 | for the key and certificate respectively. B<iter> is the encryption algorithm | 27 | for the key and certificate respectively. If either B<nid_key> or B<nid_cert> |
| 25 | iteration count to use and B<mac_iter> is the MAC iteration count to use. | 28 | is set to -1, no encryption will be used. |
| 29 | |||
| 30 | B<iter> is the encryption algorithm iteration count to use and B<mac_iter> is | ||
| 31 | the MAC iteration count to use. If B<mac_iter> is set to -1, the MAC will be | ||
| 32 | omitted entirely. | ||
| 33 | |||
| 26 | B<keytype> is the type of key. | 34 | B<keytype> is the type of key. |
| 27 | 35 | ||
| 28 | =head1 NOTES | 36 | =head1 NOTES |
| @@ -46,30 +54,20 @@ for old export grade software which could use signing only keys of arbitrary | |||
| 46 | size but had restrictions on the permissible sizes of keys which could be used | 54 | size but had restrictions on the permissible sizes of keys which could be used |
| 47 | for encryption. | 55 | for encryption. |
| 48 | 56 | ||
| 49 | =head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8 | ||
| 50 | |||
| 51 | Some additional functionality was added to PKCS12_create() in OpenSSL | ||
| 52 | 0.9.8. These extensions are detailed below. | ||
| 53 | |||
| 54 | If a certificate contains an B<alias> or B<keyid> then this will be | 57 | If a certificate contains an B<alias> or B<keyid> then this will be |
| 55 | used for the corresponding B<friendlyName> or B<localKeyID> in the | 58 | used for the corresponding B<friendlyName> or B<localKeyID> in the |
| 56 | PKCS12 structure. | 59 | PKCS12 structure. |
| 57 | 60 | ||
| 58 | Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or | ||
| 59 | certficate is required. In previous versions both had to be present or | ||
| 60 | a fatal error is returned. | ||
| 61 | |||
| 62 | B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption | ||
| 63 | should be used. | ||
| 64 | |||
| 65 | B<mac_iter> can be set to -1 and the MAC will then be omitted entirely. | ||
| 66 | |||
| 67 | =head1 SEE ALSO | 61 | =head1 SEE ALSO |
| 68 | 62 | ||
| 69 | L<d2i_PKCS12(3)|d2i_PKCS12(3)> | 63 | L<d2i_PKCS12(3)|d2i_PKCS12(3)> |
| 70 | 64 | ||
| 71 | =head1 HISTORY | 65 | =head1 HISTORY |
| 72 | 66 | ||
| 73 | PKCS12_create was added in OpenSSL 0.9.3 | 67 | PKCS12_create was added in OpenSSL 0.9.3. |
| 68 | |||
| 69 | Before OpenSSL 0.9.8, neither B<pkey> nor B<cert> were allowed to be B<NULL>, | ||
| 70 | and a value of B<-1> was not allowed for B<nid_key>, B<nid_cert> and | ||
| 71 | B<mac_iter>. | ||
| 74 | 72 | ||
| 75 | =cut | 73 | =cut |