1 files changed, 0 insertions, 285 deletions
diff --git a/src/lib/libcrypto/man/CONF_modules_load_file.3 b/src/lib/libcrypto/man/CONF_modules_load_file.3
deleted file mode 100644
index bd419ef3e3..0000000000
--- a/src/lib/libcrypto/man/CONF_modules_load_file.3
+++ /dev/null
@@ -1,285 +0,0 @@
-.\" $OpenBSD: CONF_modules_load_file.3,v 1.10 2021/08/03 18:49:30 schwarze Exp $
-.\" full merge up to: e9b77246 Jan 20 19:58:49 2017 +0100
-.\" selective merge up to: d090fc00 Feb 26 13:11:10 2019 +0800
-.\"
-.\" This file is a derived work.
-.\" The changes are covered by the following Copyright and license:
-.\"
-.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
-.\" Copyright (c) 2000, 2015 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: August 3 2021 $
-.Dt CONF_MODULES_LOAD_FILE 3
-.Os
-.Sh NAME
-.Nm CONF_modules_load_file ,
-.Nm CONF_modules_load ,
-.Nm X509_get_default_cert_area
-.Nd OpenSSL configuration functions
-.Sh SYNOPSIS
-.In openssl/conf.h
-.Ft int
-.Fo CONF_modules_load_file
-.Fa "const char *filename"
-.Fa "const char *appname"
-.Fa "unsigned long flags"
-.Fc
-.Ft int
-.Fo CONF_modules_load
-.Fa "const CONF *cnf"
-.Fa "const char *appname"
-.Fa "unsigned long flags"
-.Fc
-.In openssl/x509.h
-.Ft const char *
-.Fn X509_get_default_cert_area void
-.Sh DESCRIPTION
-The function
-.Fn CONF_modules_load_file
-configures OpenSSL using the file
-.Fa filename
-in
-.Xr openssl.cnf 5
-format and the application name
-.Fa appname .
-If
-.Fa filename
-is
-.Dv NULL ,
-the standard OpenSSL configuration file
-.Pa /etc/ssl/openssl.cnf
-is used.
-If
-.Fa appname
-is
-.Dv NULL ,
-the standard OpenSSL application name
-.Qq openssl_conf
-is used.
-The behaviour can be customized using
-.Fa flags .
-.Pp
-See the
-.Sx EXAMPLES
-section for additional functions that may need to be called.
-Calling configuration functions in the right order for the intended
-effect can be tricky because many configuration functions internally
-call each other.
-.Pp
-.Fn CONF_modules_load
-is identical to
-.Fn CONF_modules_load_file
-except it reads configuration information from
-.Fa cnf .
-.Pp
-The following
-.Fa flags
-are currently recognized:
-.Bl -tag -width Ds
-.It Dv CONF_MFLAGS_IGNORE_ERRORS
-Ignore errors returned by individual configuration modules.
-By default, the first module error is considered fatal and no further
-modules are loaded.
-.It Dv CONF_MFLAGS_SILENT
-Do not add any error information.
-By default, all module errors add error information to the error queue.
-.It Dv CONF_MFLAGS_NO_DSO
-Disable loading of configuration modules from DSOs.
-.It Dv CONF_MFLAGS_IGNORE_MISSING_FILE
-Let
-.Fn CONF_modules_load_file
-ignore missing configuration files.
-By default, a missing configuration file returns an error.
-.It CONF_MFLAGS_DEFAULT_SECTION
-If
-.Fa appname
-is not
-.Dv NULL
-but does not exist, fall back to the default section
-.Qq openssl_conf .
-.El
-.Pp
-By using
-.Fn CONF_modules_load_file
-with appropriate flags, an application can customise application
-configuration to best suit its needs.
-In some cases the use of a configuration file is optional and its
-absence is not an error: in this case
-.Dv CONF_MFLAGS_IGNORE_MISSING_FILE
-would be set.
-.Pp
-Errors during configuration may also be handled differently by
-different applications.
-For example in some cases an error may simply print out a warning
-message and the application may continue.
-In other cases an application might consider a configuration file
-error fatal and exit immediately.
-.Pp
-Applications can use the
-.Fn CONF_modules_load
-function if they wish to load a configuration file themselves and
-have finer control over how errors are treated.
-.Sh RETURN VALUES
-.Fn CONF_modules_load_file
-and
-.Fn CONF_modules_load
-return 1 for success and zero or a negative value for failure.
-If module errors are not ignored, the return code will reflect the return
-value of the failing module (this will always be zero or negative).
-.Pp
-.Fn X509_get_default_cert_area
-returns a pointer to the constant string
-.Qq "/etc/ssl" .
-.Sh FILES
-.Bl -tag -width /etc/ssl/openssl.cnf -compact
-.It Pa /etc/ssl
-standard configuration directory
-.It Pa /etc/ssl/openssl.cnf
-standard configuration file
-.El
-.Sh EXAMPLES
-Load a configuration file and print out any errors and exit (missing
-file considered fatal):
-.Bd -literal
-if (CONF_modules_load_file(NULL, NULL, 0) <= 0) {
-        fprintf(stderr, "FATAL: error loading configuration file\en");
-        ERR_print_errors_fp(stderr);
-        exit(1);
-}
-.Ed
-.Pp
-Load default configuration file using the section indicated
-by "myapp", tolerate missing files, but exit on other errors:
-.Bd -literal
-if (CONF_modules_load_file(NULL, "myapp",
-    CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
-        fprintf(stderr, "FATAL: error loading configuration file\en");
-        ERR_print_errors_fp(stderr);
-        exit(1);
-}
-.Ed
-.Pp
-Load custom configuration file and section instead of the standard one,
-only print warnings on error, missing configuration file ignored:
-.Bd -literal
-OPENSSL_no_config();
-ENGINE_load_builtin_engines();
-OPENSSL_load_builtin_modules();
-if (CONF_modules_load_file("/something/app.cnf", "myapp",
-    CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
-        fprintf(stderr, "WARNING: error loading configuration file\en");
-        ERR_print_errors_fp(stderr);
-}
-.Ed
-.Pp
-In the previous example, the call to
-.Xr OPENSSL_no_config 3
-is required first to suppress automatic loading
-of the standard configuration file, and the calls to
-.Xr ENGINE_load_builtin_engines 3
-and
-.Xr OPENSSL_load_builtin_modules 3
-are needed so that the configuration of builtin modules and engines
-is also loaded in addition to the configuration of
-.Qq myapp .
-.Pp
-Load and parse configuration file manually, custom error handling:
-.Bd -literal
-FILE    *fp;
-CONF    *cnf = NULL;
-long     eline;
-fp = fopen("/somepath/app.cnf", "r");
-if (fp == NULL) {
-        fprintf(stderr, "Error opening configuration file\en");
-        /* Other missing configuration file behaviour */
-} else {
-        cnf = NCONF_new(NULL);
-        if (NCONF_load_fp(cnf, fp, &eline) == 0) {
-                fprintf(stderr, "Error on line %ld of configuration file\en",
-                    eline);
-                ERR_print_errors_fp(stderr);
-                /* Other malformed configuration file behaviour */
-        } else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
-                fprintf(stderr, "Error configuring application\en");
-                ERR_print_errors_fp(stderr);
-                /* Other configuration error behaviour */
-        }
-        fclose(fp);
-        NCONF_free(cnf);
-}
-.Ed
-.Sh SEE ALSO
-.Xr CONF_modules_free 3 ,
-.Xr ENGINE_load_builtin_engines 3 ,
-.Xr ERR 3 ,
-.Xr OPENSSL_config 3 ,
-.Xr OPENSSL_load_builtin_modules 3
-.Sh HISTORY
-.Fn X509_get_default_cert_area
-first appeared in SSLeay 0.4.1 and has been available since
-.Ox 2.4 .
-.Pp
-.Fn CONF_modules_load_file
-and
-.Fn CONF_modules_load
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .

diff --git a/src/lib/libcrypto/man/CONF_modules_load_file.3 b/src/lib/libcrypto/man/CONF_modules_load_file.3 deleted file mode 100644 index bd419ef3e3..0000000000 --- a/src/lib/libcrypto/man/CONF_modules_load_file.3 +++ /dev/null
@@ -1,285 +0,0 @@
1	.\" $OpenBSD: CONF_modules_load_file.3,v 1.10 2021/08/03 18:49:30 schwarze Exp $
2	.\" full merge up to: e9b77246 Jan 20 19:58:49 2017 +0100
3	.\" selective merge up to: d090fc00 Feb 26 13:11:10 2019 +0800
4	.\"
5	.\" This file is a derived work.
6	.\" The changes are covered by the following Copyright and license:
7	.\"
8	.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
9	.\"
10	.\" Permission to use, copy, modify, and distribute this software for any
11	.\" purpose with or without fee is hereby granted, provided that the above
12	.\" copyright notice and this permission notice appear in all copies.
13	.\"
14	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
15	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
16	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
17	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
18	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
20	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
21	.\"
22	.\" The original file was written by Dr. Stephen Henson <steve@openssl.org>.
23	.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved.
24	.\"
25	.\" Redistribution and use in source and binary forms, with or without
26	.\" modification, are permitted provided that the following conditions
27	.\" are met:
28	.\"
29	.\" 1. Redistributions of source code must retain the above copyright
30	.\" notice, this list of conditions and the following disclaimer.
31	.\"
32	.\" 2. Redistributions in binary form must reproduce the above copyright
33	.\" notice, this list of conditions and the following disclaimer in
34	.\" the documentation and/or other materials provided with the
35	.\" distribution.
36	.\"
37	.\" 3. All advertising materials mentioning features or use of this
38	.\" software must display the following acknowledgment:
39	.\" "This product includes software developed by the OpenSSL Project
40	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
41	.\"
42	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
43	.\" endorse or promote products derived from this software without
44	.\" prior written permission. For written permission, please contact
45	.\" openssl-core@openssl.org.
46	.\"
47	.\" 5. Products derived from this software may not be called "OpenSSL"
48	.\" nor may "OpenSSL" appear in their names without prior written
49	.\" permission of the OpenSSL Project.
50	.\"
51	.\" 6. Redistributions of any form whatsoever must retain the following
52	.\" acknowledgment:
53	.\" "This product includes software developed by the OpenSSL Project
54	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
55	.\"
56	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
57	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
58	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
59	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
60	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
61	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
62	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
63	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
64	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
65	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
66	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
67	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
68	.\"
69	.Dd $Mdocdate: August 3 2021 $
70	.Dt CONF_MODULES_LOAD_FILE 3
71	.Os
72	.Sh NAME
73	.Nm CONF_modules_load_file ,
74	.Nm CONF_modules_load ,
75	.Nm X509_get_default_cert_area
76	.Nd OpenSSL configuration functions
77	.Sh SYNOPSIS
78	.In openssl/conf.h
79	.Ft int
80	.Fo CONF_modules_load_file
81	.Fa "const char *filename"
82	.Fa "const char *appname"
83	.Fa "unsigned long flags"
84	.Fc
85	.Ft int
86	.Fo CONF_modules_load
87	.Fa "const CONF *cnf"
88	.Fa "const char *appname"
89	.Fa "unsigned long flags"
90	.Fc
91	.In openssl/x509.h
92	.Ft const char *
93	.Fn X509_get_default_cert_area void
94	.Sh DESCRIPTION
95	The function
96	.Fn CONF_modules_load_file
97	configures OpenSSL using the file
98	.Fa filename
99	in
100	.Xr openssl.cnf 5
101	format and the application name
102	.Fa appname .
103	If
104	.Fa filename
105	is
106	.Dv NULL ,
107	the standard OpenSSL configuration file
108	.Pa /etc/ssl/openssl.cnf
109	is used.
110	If
111	.Fa appname
112	is
113	.Dv NULL ,
114	the standard OpenSSL application name
115	.Qq openssl_conf
116	is used.
117	The behaviour can be customized using
118	.Fa flags .
119	.Pp
120	See the
121	.Sx EXAMPLES
122	section for additional functions that may need to be called.
123	Calling configuration functions in the right order for the intended
124	effect can be tricky because many configuration functions internally
125	call each other.
126	.Pp
127	.Fn CONF_modules_load
128	is identical to
129	.Fn CONF_modules_load_file
130	except it reads configuration information from
131	.Fa cnf .
132	.Pp
133	The following
134	.Fa flags
135	are currently recognized:
136	.Bl -tag -width Ds
137	.It Dv CONF_MFLAGS_IGNORE_ERRORS
138	Ignore errors returned by individual configuration modules.
139	By default, the first module error is considered fatal and no further
140	modules are loaded.
141	.It Dv CONF_MFLAGS_SILENT
142	Do not add any error information.
143	By default, all module errors add error information to the error queue.
144	.It Dv CONF_MFLAGS_NO_DSO
145	Disable loading of configuration modules from DSOs.
146	.It Dv CONF_MFLAGS_IGNORE_MISSING_FILE
147	Let
148	.Fn CONF_modules_load_file
149	ignore missing configuration files.
150	By default, a missing configuration file returns an error.
151	.It CONF_MFLAGS_DEFAULT_SECTION
152	If
153	.Fa appname
154	is not
155	.Dv NULL
156	but does not exist, fall back to the default section
157	.Qq openssl_conf .
158	.El
159	.Pp
160	By using
161	.Fn CONF_modules_load_file
162	with appropriate flags, an application can customise application
163	configuration to best suit its needs.
164	In some cases the use of a configuration file is optional and its
165	absence is not an error: in this case
166	.Dv CONF_MFLAGS_IGNORE_MISSING_FILE
167	would be set.
168	.Pp
169	Errors during configuration may also be handled differently by
170	different applications.
171	For example in some cases an error may simply print out a warning
172	message and the application may continue.
173	In other cases an application might consider a configuration file
174	error fatal and exit immediately.
175	.Pp
176	Applications can use the
177	.Fn CONF_modules_load
178	function if they wish to load a configuration file themselves and
179	have finer control over how errors are treated.
180	.Sh RETURN VALUES
181	.Fn CONF_modules_load_file
182	and
183	.Fn CONF_modules_load
184	return 1 for success and zero or a negative value for failure.
185	If module errors are not ignored, the return code will reflect the return
186	value of the failing module (this will always be zero or negative).
187	.Pp
188	.Fn X509_get_default_cert_area
189	returns a pointer to the constant string
190	.Qq "/etc/ssl" .
191	.Sh FILES
192	.Bl -tag -width /etc/ssl/openssl.cnf -compact
193	.It Pa /etc/ssl
194	standard configuration directory
195	.It Pa /etc/ssl/openssl.cnf
196	standard configuration file
197	.El
198	.Sh EXAMPLES
199	Load a configuration file and print out any errors and exit (missing
200	file considered fatal):
201	.Bd -literal
202	if (CONF_modules_load_file(NULL, NULL, 0) <= 0) {
203	fprintf(stderr, "FATAL: error loading configuration file\en");
204	ERR_print_errors_fp(stderr);
205	exit(1);
206	}
207	.Ed
208	.Pp
209	Load default configuration file using the section indicated
210	by "myapp", tolerate missing files, but exit on other errors:
211	.Bd -literal
212	if (CONF_modules_load_file(NULL, "myapp",
213	CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
214	fprintf(stderr, "FATAL: error loading configuration file\en");
215	ERR_print_errors_fp(stderr);
216	exit(1);
217	}
218	.Ed
219	.Pp
220	Load custom configuration file and section instead of the standard one,
221	only print warnings on error, missing configuration file ignored:
222	.Bd -literal
223	OPENSSL_no_config();
224	ENGINE_load_builtin_engines();
225	OPENSSL_load_builtin_modules();
226	if (CONF_modules_load_file("/something/app.cnf", "myapp",
227	CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
228	fprintf(stderr, "WARNING: error loading configuration file\en");
229	ERR_print_errors_fp(stderr);
230	}
231	.Ed
232	.Pp
233	In the previous example, the call to
234	.Xr OPENSSL_no_config 3
235	is required first to suppress automatic loading
236	of the standard configuration file, and the calls to
237	.Xr ENGINE_load_builtin_engines 3
238	and
239	.Xr OPENSSL_load_builtin_modules 3
240	are needed so that the configuration of builtin modules and engines
241	is also loaded in addition to the configuration of
242	.Qq myapp .
243	.Pp
244	Load and parse configuration file manually, custom error handling:
245	.Bd -literal
246	FILE *fp;
247	CONF *cnf = NULL;
248	long eline;
249
250	fp = fopen("/somepath/app.cnf", "r");
251	if (fp == NULL) {
252	fprintf(stderr, "Error opening configuration file\en");
253	/* Other missing configuration file behaviour */
254	} else {
255	cnf = NCONF_new(NULL);
256	if (NCONF_load_fp(cnf, fp, &eline) == 0) {
257	fprintf(stderr, "Error on line %ld of configuration file\en",
258	eline);
259	ERR_print_errors_fp(stderr);
260	/* Other malformed configuration file behaviour */
261	} else if (CONF_modules_load(cnf, "appname", 0) <= 0) {
262	fprintf(stderr, "Error configuring application\en");
263	ERR_print_errors_fp(stderr);
264	/* Other configuration error behaviour */
265	}
266	fclose(fp);
267	NCONF_free(cnf);
268	}
269	.Ed
270	.Sh SEE ALSO
271	.Xr CONF_modules_free 3 ,
272	.Xr ENGINE_load_builtin_engines 3 ,
273	.Xr ERR 3 ,
274	.Xr OPENSSL_config 3 ,
275	.Xr OPENSSL_load_builtin_modules 3
276	.Sh HISTORY
277	.Fn X509_get_default_cert_area
278	first appeared in SSLeay 0.4.1 and has been available since
279	.Ox 2.4 .
280	.Pp
281	.Fn CONF_modules_load_file
282	and
283	.Fn CONF_modules_load
284	first appeared in OpenSSL 0.9.7 and have been available since
285	.Ox 3.2 .