19 files changed, 0 insertions, 1805 deletions
diff --git a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod b/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
deleted file mode 100644
index 4603202db8..0000000000
--- a/src/lib/libcrypto/doc/X509_NAME_ENTRY_get_object.pod
+++ /dev/null
@@ -1,70 +0,0 @@
-=pod
-=head1 NAME
-X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
-X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data,
-X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID,
-X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
- ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
- int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
- int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
-=head1 DESCRIPTION
-X509_NAME_ENTRY_get_object() retrieves the field name of B<ne> in
-and B<ASN1_OBJECT> structure.
-X509_NAME_ENTRY_get_data() retrieves the field value of B<ne> in
-and B<ASN1_STRING> structure.
-X509_NAME_ENTRY_set_object() sets the field name of B<ne> to B<obj>.
-X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
-B<type> and value determined by B<bytes> and B<len>.
-X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
-and X509_NAME_ENTRY_create_by_OBJ() create and return an
-B<X509_NAME_ENTRY> structure.
-=head1 NOTES
-X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
-used to examine an B<X509_NAME_ENTRY> function as returned by
-X509_NAME_get_entry() for example.
-X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
-and X509_NAME_ENTRY_create_by_OBJ() create and return an
-X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
-X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
-are seldom used in practice because B<X509_NAME_ENTRY> structures
-are almost always part of B<X509_NAME> structures and the
-corresponding B<X509_NAME> functions are typically used to
-create and add new entries in a single operation.
-The arguments of these functions support similar options to the similarly
-named ones of the corresponding B<X509_NAME> functions such as
-X509_NAME_add_entry_by_txt(). So for example B<type> can be set to
-B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
-set first so the relevant field information can be looked up internally.
-=head1 RETURN VALUES
-=head1 SEE ALSO
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
-L<OBJ_nid2obj(3)|OBJ_nid2obj(3)>
-=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod b/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
deleted file mode 100644
index f97e05e683..0000000000
--- a/src/lib/libcrypto/doc/X509_NAME_add_entry_by_txt.pod
+++ /dev/null
@@ -1,117 +0,0 @@
-=pod
-=head1 NAME
-X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ,
-X509_NAME_add_entry_by_NID, X509_NAME_add_entry, X509_NAME_delete_entry -
-X509_NAME modification functions
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
- int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
- int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
- int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
- X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-=head1 DESCRIPTION
-X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and
-X509_NAME_add_entry_by_NID() add a field whose name is defined
-by a string B<field>, an object B<obj> or a NID B<nid> respectively.
-The field value to be added is in B<bytes> of length B<len>. If
-B<len> is -1 then the field length is calculated internally using
-strlen(bytes).
-The type of field is determined by B<type> which can either be a
-definition of the type of B<bytes> (such as B<MBSTRING_ASC>) or a
-standard ASN1 type (such as B<V_ASN1_IA5STRING>). The new entry is
-added to a position determined by B<loc> and B<set>.
-X509_NAME_add_entry() adds a copy of B<X509_NAME_ENTRY> structure B<ne>
-to B<name>. The new entry is added to a position determined by B<loc>
-and B<set>. Since a copy of B<ne> is added B<ne> must be freed up after
-the call.
-X509_NAME_delete_entry() deletes an entry from B<name> at position
-B<loc>. The deleted entry is returned and must be freed up.
-=head1 NOTES
-The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8>
-is strongly recommended for the B<type> parameter. This allows the
-internal code to correctly determine the type of the field and to
-apply length checks according to the relevant standards. This is
-done using ASN1_STRING_set_by_NID().
-If instead an ASN1 type is used no checks are performed and the
-supplied data in B<bytes> is used directly.
-In X509_NAME_add_entry_by_txt() the B<field> string represents
-the field name using OBJ_txt2obj(field, 0).
-The B<loc> and B<set> parameters determine where a new entry should
-be added. For almost all applications B<loc> can be set to -1 and B<set>
-to 0. This adds a new entry to the end of B<name> as a single valued
-RelativeDistinguishedName (RDN).
-B<loc> actually determines the index where the new entry is inserted:
-if it is -1 it is appended.
-B<set> determines how the new type is added. If it is zero a
-new RDN is created.
-If B<set> is -1 or 1 it is added to the previous or next RDN
-structure respectively. This will then be a multivalued RDN:
-since multivalues RDNs are very seldom used B<set> is almost
-always set to zero.
-=head1 EXAMPLES
-Create an B<X509_NAME> structure:
-"C=UK, O=Disorganized Organization, CN=Joe Bloggs"
- X509_NAME *nm;
- nm = X509_NAME_new();
- if (nm == NULL)
-        /* Some error */
- if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
-                        "C", "UK", -1, -1, 0))
-        /* Error */
- if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
-                        "O", "Disorganized Organization", -1, -1, 0))
-        /* Error */
- if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
-                        "CN", "Joe Bloggs", -1, -1, 0))
-        /* Error */
-=head1 RETURN VALUES
-X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(),
-X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for
-success of 0 if an error occurred.
-X509_NAME_delete_entry() returns either the deleted B<X509_NAME_ENTRY>
-structure of B<NULL> if an error occurred.
-=head1 BUGS
-B<type> can still be set to B<V_ASN1_APP_CHOOSE> to use a
-different algorithm to determine field types. Since this form does
-not understand multicharacter types, performs no length checks and
-can result in invalid field types its use is strongly discouraged.
-=head1 SEE ALSO
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
-=head1 HISTORY
-=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod b/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
deleted file mode 100644
index 48510890e8..0000000000
--- a/src/lib/libcrypto/doc/X509_NAME_get_index_by_NID.pod
+++ /dev/null
@@ -1,102 +0,0 @@
-=pod
-=head1 NAME
-X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
-X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ -
-X509_NAME lookup and enumeration functions
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
- int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
- int X509_NAME_entry_count(X509_NAME *name);
- X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
- int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
- int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
-=head1 DESCRIPTION
-These functions allow an B<X509_NAME> structure to be examined. The
-B<X509_NAME> structure is the same as the B<Name> type defined in
-RFC2459 (and elsewhere) and used for example in certificate subject
-and issuer names.
-X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve
-the next index matching B<nid> or B<obj> after B<lastpos>. B<lastpos>
-should initially be set to -1. If there are no more entries -1 is returned.
-X509_NAME_entry_count() returns the total number of entries in B<name>.
-X509_NAME_get_entry() retrieves the B<X509_NAME_ENTRY> from B<name>
-corresponding to index B<loc>. Acceptable values for B<loc> run from
-0 to (X509_NAME_entry_count(name) - 1). The value returned is an
-internal pointer which must not be freed.
-X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve
-the "text" from the first entry in B<name> which matches B<nid> or
-B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
-will be written and the text written to B<buf> will be null
-terminated. The length of the output string written is returned
-excluding the terminating null. If B<buf> is <NULL> then the amount
-of space needed in B<buf> (excluding the final null) is returned.
-=head1 NOTES
-X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are
-legacy functions which have various limitations which make them
-of minimal use in practice. They can only find the first matching
-entry and will copy the contents of the field verbatim: this can
-be highly confusing if the target is a multicharacter string type
-like a BMPString or a UTF8String.
-For a more general solution X509_NAME_get_index_by_NID() or
-X509_NAME_get_index_by_OBJ() should be used followed by
-X509_NAME_get_entry() on any matching indices and then the
-various B<X509_NAME_ENTRY> utility functions on the result.
-=head1 EXAMPLES
-Process all entries:
- int i;
- X509_NAME_ENTRY *e;
- for (i = 0; i < X509_NAME_entry_count(nm); i++) {
-        e = X509_NAME_get_entry(nm, i);
-        /* Do something with e */
- }
-Process all commonName entries:
- int loc;
- X509_NAME_ENTRY *e;
- loc = -1;
- for (;;) {
-        lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
-        if (lastpos == -1)
-                break;
-        e = X509_NAME_get_entry(nm, lastpos);
-        /* Do something with e */
- }
-=head1 RETURN VALUES
-X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ()
-return the index of the next matching entry or -1 if not found.
-X509_NAME_entry_count() returns the total number of entries.
-X509_NAME_get_entry() returns an B<X509_NAME> pointer to the
-requested entry or B<NULL> if the index is invalid.
-=head1 SEE ALSO
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
-=cut
diff --git a/src/lib/libcrypto/doc/X509_NAME_print_ex.pod b/src/lib/libcrypto/doc/X509_NAME_print_ex.pod
deleted file mode 100644
index 5cdf636c16..0000000000
--- a/src/lib/libcrypto/doc/X509_NAME_print_ex.pod
+++ /dev/null
@@ -1,103 +0,0 @@
-=pod
-=head1 NAME
-X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
-X509_NAME_oneline - X509_NAME printing routines.
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
- int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
- char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
- int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-=head1 DESCRIPTION
-X509_NAME_print_ex() prints a human readable version of B<nm> to BIO B<out>.
-Each line (for multiline formats) is indented by B<indent> spaces. The output
-format can be extensively customised by use of the B<flags> parameter.
-X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output
-is written to FILE pointer B<fp>.
-X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size>
-bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically
-allocated and returned, otherwise B<buf> is returned.
-X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase>
-characters. Multiple lines are used if the output (including indent) exceeds
-80 characters.
-=head1 NOTES
-The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions
-which produce a non standard output form, they don't handle multi character
-fields and have various quirks and inconsistencies. Their use is strongly
-discouraged in new applications.
-Although there are a large number of possible flags for most purposes
-B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice.
-As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page
-for UTF8 terminals the B<ASN1_STRFLGS_ESC_MSB> should be unset: so for example
-B<XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB> would be used.
-The complete set of the flags supported by X509_NAME_print_ex() is listed below.
-Several options can be ored together.
-The options B<XN_FLAG_SEP_COMMA_PLUS>, B<XN_FLAG_SEP_CPLUS_SPC>,
-B<XN_FLAG_SEP_SPLUS_SPC> and B<XN_FLAG_SEP_MULTILINE> determine the field
-separators to use. Two distinct separators are used between distinct
-RelativeDistinguishedName components and separate values in the same RDN for a
-multi-valued RDN. Multi-valued RDNs are currently very rare so the second
-separator will hardly ever be used.
-B<XN_FLAG_SEP_COMMA_PLUS> uses comma and plus as separators.
-B<XN_FLAG_SEP_CPLUS_SPC> uses comma and plus with spaces: this is more readable
-that plain comma and plus.  B<XN_FLAG_SEP_SPLUS_SPC> uses spaced semicolon and
-plus. B<XN_FLAG_SEP_MULTILINE> uses spaced newline and plus respectively.
-If B<XN_FLAG_DN_REV> is set the whole DN is printed in reversed order.
-The fields B<XN_FLAG_FN_SN>, B<XN_FLAG_FN_LN>, B<XN_FLAG_FN_OID>,
-B<XN_FLAG_FN_NONE> determine how a field name is displayed. It will
-use the short name (e.g. CN) the long name (e.g. commonName) always
-use OID numerical form (normally OIDs are only used if the field name is not
-recognised) and no field name respectively.
-If B<XN_FLAG_SPC_EQ> is set then spaces will be placed around the '=' character
-separating field names and values.
-If B<XN_FLAG_DUMP_UNKNOWN_FIELDS> is set then the encoding of unknown fields is
-printed instead of the values.
-If B<XN_FLAG_FN_ALIGN> is set then field names are padded to 20 characters: this
-is only of use for multiline format.
-Additionally all the options supported by ASN1_STRING_print_ex() can be used to
-control how each field value is displayed.
-In addition a number options can be set for commonly used formats.
-B<XN_FLAG_RFC2253> sets options which produce an output compatible with RFC2253 it
-is equivalent to:
- B<ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS>
-B<XN_FLAG_ONELINE> is a more readable one line format which is the same as:
- B<ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN>
-B<XN_FLAG_MULTILINE> is a multiline format which is the same as:
- B<ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN>
-B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it
-calls X509_NAME_print() internally.
-=head1 SEE ALSO
-L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)>
-=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod
deleted file mode 100644
index 270b265ce5..0000000000
--- a/src/lib/libcrypto/doc/X509_STORE_CTX_get_error.pod
+++ /dev/null
@@ -1,323 +0,0 @@
-=pod
-=head1 NAME
-X509_STORE_CTX_get_error, X509_STORE_CTX_set_error,
-X509_STORE_CTX_get_error_depth, X509_STORE_CTX_get_current_cert,
-X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set
-certificate verification status information
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- #include <openssl/x509_vfy.h>
- int    X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
- void   X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
- int    X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
- X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
- STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
- const char *X509_verify_cert_error_string(long n);
-=head1 DESCRIPTION
-These functions are typically called after X509_verify_cert() has indicated
-an error or in a verification callback to determine the nature of an error.
-X509_STORE_CTX_get_error() returns the error code of B<ctx>, see
-the B<ERROR CODES> section for a full description of all error codes.
-X509_STORE_CTX_set_error() sets the error code of B<ctx> to B<s>. For example
-it might be used in a verification callback to set an error based on additional
-checks.
-X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a
-non-negative integer representing where in the certificate chain the error
-occurred. If it is zero it occurred in the end entity certificate, one if
-it is the certificate which signed the end entity certificate and so on.
-X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which
-caused the error or B<NULL> if no certificate is relevant.
-X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous
-call to X509_verify_cert() is successful. If the call to X509_verify_cert()
-is B<not> successful the returned chain may be incomplete or invalid. The
-returned chain persists after the B<ctx> structure is freed, when it is
-no longer needed it should be free up using:
-  sk_X509_pop_free(chain, X509_free);
-X509_verify_cert_error_string() returns a human readable error string for
-verification error B<n>.
-=head1 RETURN VALUES
-X509_STORE_CTX_get_error() returns B<X509_V_OK> or an error code.
-X509_STORE_CTX_get_error_depth() returns a non-negative error depth.
-X509_STORE_CTX_get_current_cert() returns the certificate which caused the
-error or B<NULL> if no certificate is relevant to the error.
-X509_verify_cert_error_string() returns a human readable error string for
-verification error B<n>.
-=head1 ERROR CODES
-A list of error codes and messages is shown below.  Some of the
-error codes are defined but currently never returned: these are described as
-"unused".
-=over 4
-=item B<X509_V_OK: ok>
-the operation was successful.
-=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
-the issuer certificate could not be found: this occurs if the issuer certificate
-of an untrusted certificate cannot be found.
-=item B<X509_V_ERR_UNABLE_TO_GET_CRL: unable to get certificate CRL>
-the CRL of a certificate could not be found.
-=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt
-certificate's signature>
-the certificate signature could not be decrypted. This means that the actual
-signature value could not be determined rather than it not matching the
-expected value, this is only meaningful for RSA keys.
-=item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's
-signature>
-the CRL signature could not be decrypted: this means that the actual signature
-value could not be determined rather than it not matching the expected value.
-Unused.
-=item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer
-public key>
-the public key in the certificate SubjectPublicKeyInfo could not be read.
-=item B<X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
-the signature of the certificate is invalid.
-=item B<X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
-the signature of the certificate is invalid.
-=item B<X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
-the certificate is not yet valid: the notBefore date is after the current time.
-=item B<X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
-the certificate has expired: that is the notAfter date is before the current
-time.
-=item B<X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
-the CRL is not yet valid.
-=item B<X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
-the CRL has expired.
-=item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in
-certificate's notBefore field>
-the certificate notBefore field contains an invalid time.
-=item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's
-notAfter field>
-the certificate notAfter field contains an invalid time.
-=item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's
-lastUpdate field>
-the CRL lastUpdate field contains an invalid time.
-=item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's
-nextUpdate field>
-the CRL nextUpdate field contains an invalid time.
-=item B<X509_V_ERR_OUT_OF_MEM: out of memory>
-an error occurred trying to allocate memory. This should never happen.
-=item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
-the passed certificate is self signed and the same certificate cannot be found
-in the list of trusted certificates.
-=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in
-certificate chain>
-the certificate chain could be built up using the untrusted certificates but
-the root could not be found locally.
-=item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local
-issuer certificate>
-the issuer certificate of a locally looked up certificate could not be found.
-This normally means the list of trusted certificates is not complete.
-=item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first
-certificate>
-no signatures could be verified because the chain contains only one certificate
-and it is not self signed.
-=item B<X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
-the certificate chain length is greater than the supplied maximum depth. Unused.
-=item B<X509_V_ERR_CERT_REVOKED: certificate revoked>
-the certificate has been revoked.
-=item B<X509_V_ERR_INVALID_CA: invalid CA certificate>
-a CA certificate is invalid. Either it is not a CA or its extensions are not
-consistent with the supplied purpose.
-=item B<X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
-the basicConstraints pathlength parameter has been exceeded.
-=item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
-the supplied certificate cannot be used for the specified purpose.
-=item B<X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
-the root CA is not marked as trusted for the specified purpose.
-=item B<X509_V_ERR_CERT_REJECTED: certificate rejected>
-the root CA is marked to reject the specified purpose.
-=item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
-the current candidate issuer certificate was rejected because its subject name
-did not match the issuer name of the current certificate. This is only set
-if issuer check debugging is enabled it is used for status notification and
-is B<not> in itself an error.
-=item B<X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier
-mismatch>
-the current candidate issuer certificate was rejected because its subject key
-identifier was present and did not match the authority key identifier current
-certificate. This is only set if issuer check debugging is enabled it is used
-for status notification and is B<not> in itself an error.
-=item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial
-number mismatch>
-the current candidate issuer certificate was rejected because its issuer name
-and serial number was present and did not match the authority key identifier of
-the current certificate. This is only set if issuer check debugging is enabled
-it is used for status notification and is B<not> in itself an error.
-=item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate
-signing>
-the current candidate issuer certificate was rejected because its keyUsage
-extension does not permit certificate signing. This is only set if issuer check
-debugging is enabled it is used for status notification and is B<not> in itself
-an error.
-=item B<X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate
-extension>
-A certificate extension had an invalid value (for example an incorrect
-encoding) or some value inconsistent with other extensions.
-=item B<X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent
-certificate policy extension>
-A certificate policies extension had an invalid value (for example an incorrect
-encoding) or some value inconsistent with other extensions. This error only
-occurs if policy processing is enabled.
-=item B<X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy>
-The verification flags were set to require and explicit policy but none was
-present.
-=item B<X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope>
-The only CRLs that could be found did not match the scope of the certificate.
-=item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature>
-Some feature of a certificate extension is not supported. Unused.
-=item B<X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation>
-A name constraint violation occurred in the permitted subtrees.
-=item B<X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation>
-A name constraint violation occurred in the excluded subtrees.
-=item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not
-supported>
-A certificate name constraints extension included a minimum or maximum field:
-this is not supported.
-=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint
-type>
-An unsupported name constraint type was encountered. OpenSSL currently only
-supports directory name, DNS name, email and URI types.
-=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name
-constraint syntax>
-The format of the name constraint is not recognised: for example an email
-address format of a form not mentioned in RFC3280. This could be caused by
-a garbage extension or some new feature not currently supported.
-=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error>
-An error occurred when attempting to verify the CRL path. This error can only
-happen if extended CRL checking is enabled.
-=item B<X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
-an application specific error. This will never be returned unless explicitly
-set by an application.
-=back
-=head1 NOTES
-The above functions should be used instead of directly referencing the fields
-in the B<X509_VERIFY_CTX> structure.
-In versions of OpenSSL before 1.0 the current certificate returned by
-X509_STORE_CTX_get_current_cert() was never B<NULL>. Applications should
-check the return value before printing out any debugging information relating
-to the current certificate.
-If an unrecognised error code is passed to X509_verify_cert_error_string() the
-numerical value of the unknown code is returned in a static buffer. This is not
-thread safe but will never happen unless an invalid code is passed.
-=head1 SEE ALSO
-L<X509_verify_cert(3)|X509_verify_cert(3)>
-=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod
deleted file mode 100644
index 25224cef1b..0000000000
--- a/src/lib/libcrypto/doc/X509_STORE_CTX_get_ex_new_index.pod
+++ /dev/null
@@ -1,43 +0,0 @@
-=pod
-=head1 NAME
-X509_STORE_CTX_get_ex_new_index, X509_STORE_CTX_set_ex_data,
-X509_STORE_CTX_get_ex_data - add application specific data to X509_STORE_CTX
-structures
-=head1 SYNOPSIS
- #include <openssl/x509_vfy.h>
- int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
-                CRYPTO_EX_new *new_func,
-                CRYPTO_EX_dup *dup_func,
-                CRYPTO_EX_free *free_func);
- int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *d, int idx, void *arg);
- void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *d, int idx);
-=head1 DESCRIPTION
-These functions handle application specific data in X509_STORE_CTX structures.
-Their usage is identical to that of RSA_get_ex_new_index(), RSA_set_ex_data()
-and RSA_get_ex_data() as described in L<RSA_get_ex_new_index(3)>.
-=head1 NOTES
-This mechanism is used internally by the B<ssl> library to store the B<SSL>
-structure associated with a verification operation in an B<X509_STORE_CTX>
-structure.
-=head1 SEE ALSO
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>
-=head1 HISTORY
-X509_STORE_CTX_get_ex_new_index(), X509_STORE_CTX_set_ex_data() and
-X509_STORE_CTX_get_ex_data() are available since OpenSSL 0.9.5.
-=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod
deleted file mode 100644
index 66c0da04d2..0000000000
--- a/src/lib/libcrypto/doc/X509_STORE_CTX_new.pod
+++ /dev/null
@@ -1,126 +0,0 @@
-=pod
-=head1 NAME
-X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free,
-X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert,
-X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param,
-X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default - X509_STORE_CTX
-initialisation
-=head1 SYNOPSIS
- #include <openssl/x509_vfy.h>
- X509_STORE_CTX *X509_STORE_CTX_new(void);
- void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
- void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
- int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
-                         X509 *x509, STACK_OF(X509) *chain);
- void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
- void   X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
- void   X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk);
- void   X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
- X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
- void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
- int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
-=head1 DESCRIPTION
-These functions initialise an B<X509_STORE_CTX> structure for subsequent use
-by X509_verify_cert().
-X509_STORE_CTX_new() returns a newly initialised B<X509_STORE_CTX> structure.
-X509_STORE_CTX_cleanup() internally cleans up an B<X509_STORE_CTX> structure.
-The context can then be reused with an new call to X509_STORE_CTX_init().
-X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx>
-is no longer valid.
-X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
-The trusted certificate store is set to B<store>, the end entity certificate
-to be verified is set to B<x509> and a set of additional certificates (which
-will be untrusted but may be used to build the chain) in B<chain>. Any or
-all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
-X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
-to B<sk>. This is an alternative way of specifying trusted certificates
-instead of using an B<X509_STORE>.
-X509_STORE_CTX_set_cert() sets the certificate to be verified in B<ctx> to
-B<x>.
-X509_STORE_CTX_set_chain() sets the additional certificate chain used by B<ctx>
-to B<sk>.
-X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate
-verification to B<sk>. These CRLs will only be used if CRL verification is
-enabled in the associated B<X509_VERIFY_PARAM> structure. This might be
-used where additional "useful" CRLs are supplied as part of a protocol,
-for example in a PKCS#7 structure.
-X509_VERIFY_PARAM *X509_STORE_CTX_get0_param() retrieves an internal pointer
-to the verification parameters associated with B<ctx>.
-X509_STORE_CTX_set0_param() sets the internal verification parameter pointer
-to B<param>. After this call B<param> should not be used.
-X509_STORE_CTX_set_default() looks up and sets the default verification
-method to B<name>. This uses the function X509_VERIFY_PARAM_lookup() to
-find an appropriate set of parameters from B<name>.
-=head1 NOTES
-The certificates and CRLs in a store are used internally and should B<not>
-be freed up until after the associated B<X509_STORE_CTX> is freed. Legacy
-applications might implicitly use an B<X509_STORE_CTX> like this:
-  X509_STORE_CTX ctx;
-  X509_STORE_CTX_init(&ctx, store, cert, chain);
-this is B<not> recommended in new applications they should instead do:
-  X509_STORE_CTX *ctx;
-  ctx = X509_STORE_CTX_new();
-  if (ctx == NULL)
-        /* Bad error */
-  X509_STORE_CTX_init(ctx, store, cert, chain);
-=head1 BUGS
-The certificates and CRLs in a context are used internally and should B<not>
-be freed up until after the associated B<X509_STORE_CTX> is freed. Copies
-should be made or reference counts increased instead.
-=head1 RETURN VALUES
-X509_STORE_CTX_new() returns an newly allocates context or B<NULL> is an
-error occurred.
-X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred.
-X509_STORE_CTX_get0_param() returns a pointer to an B<X509_VERIFY_PARAM>
-structure or B<NULL> if an error occurred.
-X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(), X509_STORE_CTX_trusted_stack(),
-X509_STORE_CTX_set_cert(), X509_STORE_CTX_set_chain(),
-X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return
-values.
-X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
-=head1 SEE ALSO
-L<X509_verify_cert(3)|X509_verify_cert(3)>
-L<X509_VERIFY_PARAM_set_flags(3)|X509_VERIFY_PARAM_set_flags(3)>
-=head1 HISTORY
-X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
-=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod b/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
deleted file mode 100644
index 7dfe430c4c..0000000000
--- a/src/lib/libcrypto/doc/X509_STORE_CTX_set_verify_cb.pod
+++ /dev/null
@@ -1,165 +0,0 @@
-=pod
-=head1 NAME
-X509_STORE_CTX_set_verify_cb - set verification callback
-=head1 SYNOPSIS
- #include <openssl/x509_vfy.h>
- void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
-=head1 DESCRIPTION
-X509_STORE_CTX_set_verify_cb() sets the verification callback of B<ctx> to
-B<verify_cb> overwriting any existing callback.
-The verification callback can be used to customise the operation of certificate
-verification, either by overriding error conditions or logging errors for
-debugging purposes.
-However a verification callback is B<not> essential and the default operation
-is often sufficient.
-The B<ok> parameter to the callback indicates the value the callback should
-return to retain the default behaviour. If it is zero then and error condition
-is indicated. If it is 1 then no error occurred. If the flag
-B<X509_V_FLAG_NOTIFY_POLICY> is set then B<ok> is set to 2 to indicate the
-policy checking is complete.
-The B<ctx> parameter to the callback is the B<X509_STORE_CTX> structure that
-is performing the verification operation. A callback can examine this
-structure and receive additional information about the error, for example
-by calling X509_STORE_CTX_get_current_cert(). Additional application data can
-be passed to the callback via the B<ex_data> mechanism.
-=head1 WARNING
-In general a verification callback should B<NOT> unconditionally return 1 in
-all circumstances because this will allow verification to succeed no matter
-what the error. This effectively removes all security from the application
-because B<any> certificate (including untrusted generated ones) will be
-accepted.
-=head1 NOTES
-The verification callback can be set and inherited from the parent structure
-performing the operation. In some cases (such as S/MIME verification) the
-B<X509_STORE_CTX> structure is created and destroyed internally and the
-only way to set a custom verification callback is by inheriting it from the
-associated B<X509_STORE>.
-=head1 RETURN VALUES
-X509_STORE_CTX_set_verify_cb() does not return a value.
-=head1 EXAMPLES
-Default callback operation:
- int
- verify_callback(int ok, X509_STORE_CTX *ctx)
- {
-        return ok;
- }
-Simple example, suppose a certificate in the chain is expired and we wish
-to continue after this error:
- int
- verify_callback(int ok, X509_STORE_CTX *ctx)
- {
-        /* Tolerate certificate expiration */
-        if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED)
-                return 1;
-        /* Otherwise don't override */
-        return ok;
- }
-More complex example, we don't wish to continue after B<any> certificate has
-expired just one specific case:
- int
- verify_callback(int ok, X509_STORE_CTX *ctx)
- {
-        int err = X509_STORE_CTX_get_error(ctx);
-        X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx);
-        if (err == X509_V_ERR_CERT_HAS_EXPIRED) {
-                if (check_is_acceptable_expired_cert(err_cert)
-                        return 1;
-        }
-        return ok;
- }
-Full featured logging callback. In this case the B<bio_err> is assumed to be
-a global logging B<BIO>, an alternative would to store a BIO in B<ctx> using
-B<ex_data>.
- int
- verify_callback(int ok, X509_STORE_CTX *ctx)
- {
-        X509 *err_cert;
-        int err,depth;
-        err_cert = X509_STORE_CTX_get_current_cert(ctx);
-        err =   X509_STORE_CTX_get_error(ctx);
-        depth = X509_STORE_CTX_get_error_depth(ctx);
-        BIO_printf(bio_err,"depth=%d ",depth);
-        if (err_cert) {
-                X509_NAME_print_ex(bio_err,
-                    X509_get_subject_name(err_cert), 0,
-                    XN_FLAG_ONELINE);
-                BIO_puts(bio_err, "\n");
-        } else
-                BIO_puts(bio_err, "<no cert>\n");
-        if (!ok)
-                BIO_printf(bio_err, "verify error:num=%d:%s\n",
-                    err, X509_verify_cert_error_string(err));
-        switch (err) {
-        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-                BIO_puts(bio_err, "issuer= ");
-                X509_NAME_print_ex(bio_err,
-                    X509_get_issuer_name(err_cert), 0,
-                    XN_FLAG_ONELINE);
-                BIO_puts(bio_err, "\n");
-                break;
-        case X509_V_ERR_CERT_NOT_YET_VALID:
-        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-                BIO_printf(bio_err, "notBefore=");
-                ASN1_TIME_print(bio_err,
-                    X509_get_notBefore(err_cert));
-                BIO_printf(bio_err, "\n");
-                break;
-        case X509_V_ERR_CERT_HAS_EXPIRED:
-        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-                BIO_printf(bio_err, "notAfter=");
-                ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert));
-                BIO_printf(bio_err, "\n");
-                break;
-        case X509_V_ERR_NO_EXPLICIT_POLICY:
-                policies_print(bio_err, ctx);
-                break;
-        }
-        if (err == X509_V_OK && ok == 2)
-                /* print out policies */
-        BIO_printf(bio_err,"verify return:%d\n",ok);
-        return(ok);
- }
-=head1 SEE ALSO
-L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)>
-L<X509_STORE_set_verify_cb_func(3)|X509_STORE_set_verify_cb_func(3)>
-L<X509_STORE_CTX_get_ex_new_index(3)|X509_STORE_CTX_get_ex_new_index(3)>
-=head1 HISTORY
-X509_STORE_CTX_set_verify_cb() is available in all versions of SSLeay and
-OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod b/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod
deleted file mode 100644
index 754512341c..0000000000
--- a/src/lib/libcrypto/doc/X509_STORE_set_verify_cb_func.pod
+++ /dev/null
@@ -1,54 +0,0 @@
-=pod
-=head1 NAME
-X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb - set verification
-callback
-=head1 SYNOPSIS
- #include <openssl/x509_vfy.h>
- void X509_STORE_set_verify_cb(X509_STORE *st,
-                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
- void X509_STORE_set_verify_cb_func(X509_STORE *st,
-                                int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
-=head1 DESCRIPTION
-X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
-B<verify_cb> overwriting any existing callback.
-X509_STORE_set_verify_cb_func() also sets the verification callback but it
-is implemented as a macro.
-=head1 NOTES
-The verification callback from an B<X509_STORE> is inherited by
-the corresponding B<X509_STORE_CTX> structure when it is initialized. This can
-be used to set the verification callback when the B<X509_STORE_CTX> is
-otherwise inaccessible (for example during S/MIME verification).
-=head1 BUGS
-The macro version of this function was the only one available before
-OpenSSL 1.0.0.
-=head1 RETURN VALUES
-X509_STORE_set_verify_cb() and X509_STORE_set_verify_cb_func() do not return
-a value.
-=head1 SEE ALSO
-L<X509_STORE_CTX_set_verify_cb(3)|X509_STORE_CTX_set_verify_cb(3)>
-=head1 HISTORY
-X509_STORE_set_verify_cb_func() is available in all versions of SSLeay and
-OpenSSL.
-X509_STORE_set_verify_cb() was added to OpenSSL 1.0.0.
-=cut
diff --git a/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod b/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
deleted file mode 100644
index 6c88aec49e..0000000000
--- a/src/lib/libcrypto/doc/X509_VERIFY_PARAM_set_flags.pod
+++ /dev/null
@@ -1,172 +0,0 @@
-=pod
-=head1 NAME
-X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags,
-X509_VERIFY_PARAM_get_flags, X509_VERIFY_PARAM_set_purpose,
-X509_VERIFY_PARAM_set_trust, X509_VERIFY_PARAM_set_depth,
-X509_VERIFY_PARAM_get_depth, X509_VERIFY_PARAM_set_time,
-X509_VERIFY_PARAM_add0_policy, X509_VERIFY_PARAM_set1_policies - X509
-verification parameters
-=head1 SYNOPSIS
- #include <openssl/x509_vfy.h>
- int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags);
- int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
-                                                        unsigned long flags);
- unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
- int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
- int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
- void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
- int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
-                                                ASN1_OBJECT *policy);
- int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
-                                        STACK_OF(ASN1_OBJECT) *policies);
- void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
- int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
-=head1 DESCRIPTION
-These functions manipulate the B<X509_VERIFY_PARAM> structure associated with
-a certificate verification operation.
-The X509_VERIFY_PARAM_set_flags() function sets the flags in B<param> by oring
-it with B<flags>. See the B<VERIFICATION FLAGS> section for a complete
-description of values the B<flags> parameter can take.
-X509_VERIFY_PARAM_get_flags() returns the flags in B<param>.
-X509_VERIFY_PARAM_clear_flags() clears the flags B<flags> in B<param>.
-X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B<param>
-to B<purpose>. This determines the acceptable purpose of the certificate
-chain, for example SSL client or SSL server.
-X509_VERIFY_PARAM_set_trust() sets the trust setting in B<param> to
-B<trust>.
-X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
-B<t>. Normally the current time is used.
-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
-by default) and adds B<policy> to the acceptable policy set.
-X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
-by default) and sets the acceptable policy set to B<policies>. Any existing
-policy set is cleared. The B<policies> parameter can be B<NULL> to clear
-an existing policy set.
-X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to B<depth>.
-That is the maximum number of untrusted CA certificates that can appear in a
-chain.
-=head1 RETURN VALUES
-X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_clear_flags(),
-X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(),
-X509_VERIFY_PARAM_add0_policy() and X509_VERIFY_PARAM_set1_policies() return 1
-for success and 0 for failure.
-X509_VERIFY_PARAM_get_flags() returns the current verification flags.
-X509_VERIFY_PARAM_set_time() and X509_VERIFY_PARAM_set_depth() do not return
-values.
-X509_VERIFY_PARAM_get_depth() returns the current verification depth.
-=head1 VERIFICATION FLAGS
-The verification flags consists of zero or more of the following flags
-ored together.
-B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf
-certificate. An error occurs if a suitable CRL cannot be found.
-B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate
-chain.
-B<X509_V_FLAG_IGNORE_CRITICAL> disabled critical extension checking. By default
-any unhandled critical extensions in certificates or (if checked) CRLs results
-in a fatal error. If this flag is set unhandled critical extensions are
-ignored. B<WARNING> setting this option for anything other than debugging
-purposes can be a security risk. Finer control over which extensions are
-supported can be performed in the verification callback.
-THe B<X509_V_FLAG_X509_STRICT> flag disables workarounds for some broken
-certificates and makes the verification strictly apply B<X509> rules.
-B<X509_V_FLAG_ALLOW_PROXY_CERTS> enables proxy certificate verification.
-B<X509_V_FLAG_POLICY_CHECK> enables certificate policy checking, by default
-no policy checking is performed. Additional information is sent to the
-verification callback relating to policy checking.
-B<X509_V_FLAG_EXPLICIT_POLICY>, B<X509_V_FLAG_INHIBIT_ANY> and
-B<X509_V_FLAG_INHIBIT_MAP> set the B<require explicit policy>, B<inhibit any
-policy> and B<inhibit policy mapping> flags respectively as defined in
-B<RFC3280>. Policy checking is automatically enabled if any of these flags
-are set.
-If B<X509_V_FLAG_NOTIFY_POLICY> is set and the policy checking is successful
-a special status code is set to the verification callback. This permits it
-to examine the valid policy tree and perform additional checks or simply
-log it for debugging purposes.
-By default some additional features such as indirect CRLs and CRLs signed by
-different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set
-they are enabled.
-If B<X509_V_FLAG_USE_DELTAS> ise set delta CRLs (if present) are used to
-determine certificate status. If not set deltas are ignored.
-B<X509_V_FLAG_CHECK_SS_SIGNATURE> enables checking of the root CA self signed
-certificate signature. By default this check is disabled because it doesn't
-add any additional security but in some cases applications might want to
-check the signature anyway. A side effect of not checking the root CA
-signature is that disabled or unsupported message digests on the root CA
-are not treated as fatal errors.
-The B<X509_V_FLAG_CB_ISSUER_CHECK> flag enables debugging of certificate
-issuer checks. It is B<not> needed unless you are logging certificate
-verification. If this flag is set then additional status codes will be sent
-to the verification callback and it B<must> be prepared to handle such cases
-without assuming they are hard errors.
-=head1 NOTES
-The above functions should be used to manipulate verification parameters
-instead of legacy functions which work in specific structures such as
-X509_STORE_CTX_set_flags().
-=head1 BUGS
-Delta CRL checking is currently primitive. Only a single delta can be used and
-(partly due to limitations of B<X509_STORE>) constructed CRLs are not
-maintained.
-If CRLs checking is enable CRLs are expected to be available in the
-corresponding B<X509_STORE> structure. No attempt is made to download
-CRLs from the CRL distribution points extension.
-=head1 EXAMPLE
-Enable CRL checking when performing certificate verification during SSL
-connections associated with an B<SSL_CTX> structure B<ctx>:
-  X509_VERIFY_PARAM *param;
-  param = X509_VERIFY_PARAM_new();
-  X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
-  SSL_CTX_set1_param(ctx, param);
-  X509_VERIFY_PARAM_free(param);
-=head1 SEE ALSO
-L<X509_verify_cert(3)|X509_verify_cert(3)>
-=cut
diff --git a/src/lib/libcrypto/doc/X509_new.pod b/src/lib/libcrypto/doc/X509_new.pod
deleted file mode 100644
index a36808b825..0000000000
--- a/src/lib/libcrypto/doc/X509_new.pod
+++ /dev/null
@@ -1,38 +0,0 @@
-=pod
-=head1 NAME
-X509_new, X509_free - X509 certificate ASN1 allocation functions
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- X509 *X509_new(void);
- void X509_free(X509 *a);
-=head1 DESCRIPTION
-The X509 ASN1 allocation routines, allocate and free an
-X509 structure, which represents an X509 certificate.
-X509_new() allocates and initializes a X509 structure.
-X509_free() frees up the B<X509> structure B<a>.
-If B<a> is a B<NULL> pointer, no action occurs.
-=head1 RETURN VALUES
-If the allocation fails, X509_new() returns B<NULL> and sets an error
-code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-Otherwise it returns a pointer to the newly allocated structure.
-=head1 SEE ALSO
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509(3)|d2i_X509(3)>
-=head1 HISTORY
-X509_new() and X509_free() are available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/X509_verify_cert.pod b/src/lib/libcrypto/doc/X509_verify_cert.pod
deleted file mode 100644
index f05edd8333..0000000000
--- a/src/lib/libcrypto/doc/X509_verify_cert.pod
+++ /dev/null
@@ -1,53 +0,0 @@
-=pod
-=head1 NAME
-X509_verify_cert - discover and verify X509 certificate chain
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- int X509_verify_cert(X509_STORE_CTX *ctx);
-=head1 DESCRIPTION
-The X509_verify_cert() function attempts to discover and validate a
-certificate chain based on parameters in B<ctx>. A complete description of
-the process is contained in the L<verify(1)|verify(1)> manual page.
-=head1 RETURN VALUES
-If a complete chain can be built and validated this function returns 1,
-otherwise it return zero, in exceptional circumstances it can also
-return a negative code.
-If the function fails additional error information can be obtained by
-examining B<ctx> using, for example X509_STORE_CTX_get_error().
-=head1 NOTES
-Applications rarely call this function directly but it is used by
-OpenSSL internally for certificate validation, in both the S/MIME and
-SSL/TLS code.
-The negative return value from X509_verify_cert() can only occur if no
-certificate is set in B<ctx> (due to a programming error) or if a retry
-operation is requested during internal lookups (which never happens with
-standard lookup methods). It is however recommended that application check
-for <= 0 return value on error.
-=head1 BUGS
-This function uses the header B<x509.h> as opposed to most chain verification
-functions which use B<x509_vfy.h>.
-=head1 SEE ALSO
-L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)>
-=head1 HISTORY
-X509_verify_cert() is available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509.pod b/src/lib/libcrypto/doc/d2i_X509.pod
deleted file mode 100644
index fad4e8c35b..0000000000
--- a/src/lib/libcrypto/doc/d2i_X509.pod
+++ /dev/null
@@ -1,231 +0,0 @@
-=pod
-=head1 NAME
-d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
-i2d_X509_fp - X509 encode and decode functions
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
- int i2d_X509(X509 *x, unsigned char **out);
- X509 *d2i_X509_bio(BIO *bp, X509 **x);
- X509 *d2i_X509_fp(FILE *fp, X509 **x);
- int i2d_X509_bio(BIO *bp, X509 *x);
- int i2d_X509_fp(FILE *fp, X509 *x);
-=head1 DESCRIPTION
-The X509 encode and decode routines encode and parse an
-B<X509> structure, which represents an X509 certificate.
-d2i_X509() attempts to decode B<len> bytes at B<*in>. If
-successful a pointer to the B<X509> structure is returned. If an error
-occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
-returned structure is written to B<*px>. If B<*px> is not B<NULL>
-then it is assumed that B<*px> contains a valid B<X509>
-structure and an attempt is made to reuse it. If the call is
-successful B<*in> is incremented to the byte following the
-parsed data.
-i2d_X509() encodes the structure pointed to by B<x> into DER format.
-If B<out> is not B<NULL> is writes the DER encoded data to the buffer
-at B<*out>, and increments it to point after the data just written.
-If the return value is negative an error occurred, otherwise it
-returns the length of the encoded data.
-For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
-allocated for a buffer and the encoded data written to it. In this
-case B<*out> is not incremented and it points to the start of the
-data just written.
-d2i_X509_bio() is similar to d2i_X509() except it attempts
-to parse data from BIO B<bp>.
-d2i_X509_fp() is similar to d2i_X509() except it attempts
-to parse data from FILE pointer B<fp>.
-i2d_X509_bio() is similar to i2d_X509() except it writes
-the encoding of the structure B<x> to BIO B<bp> and it
-returns 1 for success and 0 for failure.
-i2d_X509_fp() is similar to i2d_X509() except it writes
-the encoding of the structure B<x> to BIO B<bp> and it
-returns 1 for success and 0 for failure.
-=head1 NOTES
-The letters B<i> and B<d> in for example B<i2d_X509> stand for
-"internal" (that is an internal C structure) and "DER". So that
-B<i2d_X509> converts from internal to DER.
-The functions can also understand B<BER> forms.
-The actual X509 structure passed to i2d_X509() must be a valid
-populated B<X509> structure it can B<not> simply be fed with an
-empty structure such as that returned by X509_new().
-The encoded data is in binary form and may contain embedded zeroes.
-Therefore any FILE pointers or BIOs should be opened in binary mode.
-Functions such as B<strlen()> will B<not> return the correct length
-of the encoded structure.
-The ways that B<*in> and B<*out> are incremented after the operation
-can trap the unwary. See the B<WARNINGS> section for some common
-errors.
-The reason for the auto increment behaviour is to reflect a typical
-usage of ASN1 functions: after one structure is encoded or decoded
-another will processed after it.
-=head1 EXAMPLES
-Allocate and encode the DER encoding of an X509 structure:
- int len;
- unsigned char *buf, *p;
- len = i2d_X509(x, NULL);
- buf = malloc(len);
- if (buf == NULL)
-        /* error */
- p = buf;
- i2d_X509(x, &p);
-If you are using OpenSSL 0.9.7 or later then this can be
-simplified to:
- int len;
- unsigned char *buf;
- buf = NULL;
- len = i2d_X509(x, &buf);
- if (len < 0)
-        /* error */
-Attempt to decode a buffer:
- X509 *x;
- unsigned char *buf, *p;
- int len;
- /* Something to setup buf and len */
- p = buf;
- x = d2i_X509(NULL, &p, len);
- if (x == NULL)
-    /* Some error */
-Alternative technique:
- X509 *x;
- unsigned char *buf, *p;
- int len;
- /* Something to setup buf and len */
- p = buf;
- x = NULL;
- if(!d2i_X509(&x, &p, len))
-    /* Some error */
-=head1 WARNINGS
-The use of temporary variable is mandatory. A common
-mistake is to attempt to use a buffer directly as follows:
- int len;
- unsigned char *buf;
- len = i2d_X509(x, NULL);
- buf = malloc(len);
- if (buf == NULL)
-        /* error */
- i2d_X509(x, &buf);
- /* Other stuff ... */
- free(buf);
-This code will result in B<buf> apparently containing garbage because
-it was incremented after the call to point after the data just written.
-Also B<buf> will no longer contain the pointer allocated by B<malloc()>
-and the subsequent call to B<free()> may well crash.
-The auto allocation feature (setting buf to NULL) only works on OpenSSL
-0.9.7 and later. Attempts to use it on earlier versions will typically
-cause a segmentation violation.
-Another trap to avoid is misuse of the B<xp> argument to B<d2i_X509()>:
- X509 *x;
- if (!d2i_X509(&x, &p, len))
-        /* Some error */
-This will probably crash somewhere in B<d2i_X509()>. The reason for this
-is that the variable B<x> is uninitialized and an attempt will be made to
-interpret its (invalid) value as an B<X509> structure, typically causing
-a segmentation violation. If B<x> is set to NULL first then this will not
-happen.
-=head1 BUGS
-In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when
-B<*px> is valid is broken and some parts of the reused structure may
-persist if they are not present in the new one. As a result the use
-of this "reuse" behaviour is strongly discouraged.
-i2d_X509() will not return an error in many versions of OpenSSL,
-if mandatory fields are not initialized due to a programming error
-then the encoded structure may contain invalid data or omit the
-fields entirely and will not be parsed by d2i_X509(). This may be
-fixed in future so code should not assume that i2d_X509() will
-always succeed.
-=head1 RETURN VALUES
-d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
-or B<NULL> if an error occurs. The error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
-i2d_X509() returns the number of bytes successfully encoded or a negative
-value if an error occurs. The error code can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
-i2d_X509_bio() and i2d_X509_fp() return 1 for success and 0 if an error
-occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-=head1 SEE ALSO
-L<ERR_get_error(3)|ERR_get_error(3)>
-=head1 HISTORY
-d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp
-are available in all versions of SSLeay and OpenSSL.
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_ALGOR.pod b/src/lib/libcrypto/doc/d2i_X509_ALGOR.pod
deleted file mode 100644
index 68011679fd..0000000000
--- a/src/lib/libcrypto/doc/d2i_X509_ALGOR.pod
+++ /dev/null
@@ -1,26 +0,0 @@
-=pod
-=head1 NAME
-d2i_X509_ALGOR, i2d_X509_ALGOR - AlgorithmIdentifier functions.
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length);
- int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp);
-=head1 DESCRIPTION
-These functions decode and encode an B<X509_ALGOR> structure which is
-equivalent to the B<AlgorithmIdentifier> structure.
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-=head1 SEE ALSO
-L<d2i_X509(3)|d2i_X509(3)>
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_CRL.pod b/src/lib/libcrypto/doc/d2i_X509_CRL.pod
deleted file mode 100644
index 563e4de8e0..0000000000
--- a/src/lib/libcrypto/doc/d2i_X509_CRL.pod
+++ /dev/null
@@ -1,33 +0,0 @@
-=pod
-=head1 NAME
-d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_X509_CRL_fp,
-i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions.
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- X509_CRL *d2i_X509_CRL(X509_CRL **a, const unsigned char **pp, long length);
- int i2d_X509_CRL(X509_CRL *a, unsigned char **pp);
- X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
- X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
- int i2d_X509_CRL_bio(BIO *bp, X509_CRL *x);
- int i2d_X509_CRL_fp(FILE *fp, X509_CRL *x);
-=head1 DESCRIPTION
-These functions decode and encode an X509 CRL (certificate revocation
-list).
-Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-=head1 SEE ALSO
-L<d2i_X509(3)|d2i_X509(3)>
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_NAME.pod b/src/lib/libcrypto/doc/d2i_X509_NAME.pod
deleted file mode 100644
index 2219885338..0000000000
--- a/src/lib/libcrypto/doc/d2i_X509_NAME.pod
+++ /dev/null
@@ -1,27 +0,0 @@
-=pod
-=head1 NAME
-d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);
- int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
-=head1 DESCRIPTION
-These functions decode and encode an B<X509_NAME> structure which is the
-same as the B<Name> type defined in RFC2459 (and elsewhere) and used
-for example in certificate subject and issuer names.
-Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-=head1 SEE ALSO
-L<d2i_X509(3)|d2i_X509(3)>
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_REQ.pod b/src/lib/libcrypto/doc/d2i_X509_REQ.pod
deleted file mode 100644
index baa8ae391e..0000000000
--- a/src/lib/libcrypto/doc/d2i_X509_REQ.pod
+++ /dev/null
@@ -1,32 +0,0 @@
-=pod
-=head1 NAME
-d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
-i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions.
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- X509_REQ *d2i_X509_REQ(X509_REQ **a, const unsigned char **pp, long length);
- int i2d_X509_REQ(X509_REQ *a, unsigned char **pp);
- X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
- X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
- int i2d_X509_REQ_bio(BIO *bp, X509_REQ *x);
- int i2d_X509_REQ_fp(FILE *fp, X509_REQ *x);
-=head1 DESCRIPTION
-These functions decode and encode a PKCS#10 certificate request.
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-=head1 SEE ALSO
-L<d2i_X509(3)|d2i_X509(3)>
-=cut
diff --git a/src/lib/libcrypto/doc/d2i_X509_SIG.pod b/src/lib/libcrypto/doc/d2i_X509_SIG.pod
deleted file mode 100644
index 00d03f5ba1..0000000000
--- a/src/lib/libcrypto/doc/d2i_X509_SIG.pod
+++ /dev/null
@@ -1,26 +0,0 @@
-=pod
-=head1 NAME
-d2i_X509_SIG, i2d_X509_SIG - DigestInfo functions.
-=head1 SYNOPSIS
- #include <openssl/x509.h>
- X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
- int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
-=head1 DESCRIPTION
-These functions decode and encode an X509_SIG structure which is
-equivalent to the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-=head1 SEE ALSO
-L<d2i_X509(3)|d2i_X509(3)>
-=cut
diff --git a/src/lib/libcrypto/doc/x509.pod b/src/lib/libcrypto/doc/x509.pod
deleted file mode 100644
index f9e58e0e41..0000000000
--- a/src/lib/libcrypto/doc/x509.pod
+++ /dev/null
@@ -1,64 +0,0 @@
-=pod
-=head1 NAME
-x509 - X.509 certificate handling
-=head1 SYNOPSIS
- #include <openssl/x509.h>
-=head1 DESCRIPTION
-A X.509 certificate is a structured grouping of information about
-an individual, a device, or anything one can imagine.  A X.509 CRL
-(certificate revocation list) is a tool to help determine if a
-certificate is still valid.  The exact definition of those can be
-found in the X.509 document from ITU-T, or in RFC3280 from PKIX.
-In OpenSSL, the type X509 is used to express such a certificate, and
-the type X509_CRL is used to express a CRL.
-A related structure is a certificate request, defined in PKCS#10 from
-RSA Security, Inc, also reflected in RFC2896.  In OpenSSL, the type
-X509_REQ is used to express such a certificate request.
-To handle some complex parts of a certificate, there are the types
-X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
-a certificate attributes), X509_EXTENSION (to express a certificate
-extension) and a few more.
-Finally, there's the supertype X509_INFO, which can contain a CRL, a
-certificate and a corresponding private key.
-B<X509_>I<...>, B<d2i_X509_>I<...> and B<i2d_X509_>I<...> handle X.509
-certificates, with some exceptions, shown below.
-B<X509_CRL_>I<...>, B<d2i_X509_CRL_>I<...> and B<i2d_X509_CRL_>I<...>
-handle X.509 CRLs.
-B<X509_REQ_>I<...>, B<d2i_X509_REQ_>I<...> and B<i2d_X509_REQ_>I<...>
-handle PKCS#10 certificate requests.
-B<X509_NAME_>I<...> handle certificate names.
-B<X509_ATTRIBUTE_>I<...> handle certificate attributes.
-B<X509_EXTENSION_>I<...> handle certificate extensions.
-=head1 SEE ALSO
-L<X509_NAME_ENTRY_get_object(3)|X509_NAME_ENTRY_get_object(3)>,
-L<X509_NAME_add_entry_by_txt(3)|X509_NAME_add_entry_by_txt(3)>,
-L<X509_NAME_add_entry_by_NID(3)|X509_NAME_add_entry_by_NID(3)>,
-L<X509_NAME_print_ex(3)|X509_NAME_print_ex(3)>,
-L<X509_NAME_new(3)|X509_NAME_new(3)>,
-L<d2i_X509(3)|d2i_X509(3)>,
-L<d2i_X509_ALGOR(3)|d2i_X509_ALGOR(3)>,
-L<d2i_X509_CRL(3)|d2i_X509_CRL(3)>,
-L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
-L<d2i_X509_REQ(3)|d2i_X509_REQ(3)>,
-L<d2i_X509_SIG(3)|d2i_X509_SIG(3)>,
-L<crypto(3)|crypto(3)>,
-L<x509v3(3)|x509v3(3)>
-=cut