1 files changed, 79 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/x509.3 b/src/lib/libcrypto/man/x509.3
new file mode 100644
index 0000000000..1f7b7f4128
--- /dev/null
+++ b/src/lib/libcrypto/man/x509.3
@@ -0,0 +1,79 @@
+.Dd $Mdocdate: November 4 2016 $
+.Dt X509 3
+.Os
+.Sh NAME
+.Nm x509
+.Nd X.509 certificate handling
+.Sh SYNOPSIS
+.In openssl/x509.h
+.Sh DESCRIPTION
+A X.509 certificate is a structured grouping of information about an
+individual, a device, or anything one can imagine.
+A X.509 CRL (certificate revocation list) is a tool to help determine if
+a certificate is still valid.
+The exact definition of those can be found in the X.509 document from
+ITU-T, or in RFC3280 from PKIX.
+In OpenSSL, the type
+.Vt X509
+is used to express such a certificate, and the type
+.Vt X509_CRL
+is used to express a CRL.
+.Pp
+A related structure is a certificate request, defined in PKCS#10 from
+RSA Security, Inc., also reflected in RFC2896.
+In OpenSSL, the type
+.Vt X509_REQ
+is used to express such a certificate request.
+.Pp
+To handle some complex parts of a certificate, there are the types
+.Vt X509_NAME
+to express a certificate name,
+.Vt X509_ATTRIBUTE
+to express a certificate attribute,
+.Vt X509_EXTENSION
+to express a certificate extension, and a few more.
+.Pp
+Finally, there's the supertype
+.Vt X509_INFO ,
+which can contain a CRL, a certificate, and a corresponding private key.
+.Pp
+The functions
+.Fa X509_* ,
+.Fa d2i_X509_* ,
+and
+.Fa i2d_X509_*
+handle X.509 certificates, with some exceptions shown below.
+.Pp
+.Fa X509_CRL_* ,
+.Fa d2i_X509_CRL_* ,
+and
+.Fa i2d_X509_CRL_*
+handle X.509 CRLs.
+.Pp
+.Fa X509_REQ_* ,
+.Fa d2i_X509_REQ_* ,
+and
+.Fa i2d_X509_REQ_*
+handle PKCS#10 certificate requests.
+.Pp
+.Fa X509_NAME_*
+handle certificate names.
+.Pp
+.Fa X509_ATTRIBUTE_*
+handle certificate attributes.
+.Pp
+.Fa X509_EXTENSION_*
+handle certificate extensions.
+.Sh SEE ALSO
+.Xr crypto 3 ,
+.Xr d2i_X509 3 ,
+.Xr d2i_X509_ALGOR 3 ,
+.Xr d2i_X509_CRL 3 ,
+.Xr d2i_X509_NAME 3 ,
+.Xr d2i_X509_REQ 3 ,
+.Xr d2i_X509_SIG 3 ,
+.Xr X509_NAME_add_entry_by_NID 3 ,
+.Xr X509_NAME_add_entry_by_txt 3 ,
+.Xr X509_NAME_ENTRY_get_object 3 ,
+.Xr X509_NAME_new 3 ,
+.Xr X509_NAME_print_ex 3

diff --git a/src/lib/libcrypto/man/x509.3 b/src/lib/libcrypto/man/x509.3 new file mode 100644 index 0000000000..1f7b7f4128 --- /dev/null +++ b/src/lib/libcrypto/man/x509.3
@@ -0,0 +1,79 @@
	1	.Dd $Mdocdate: November 4 2016 $
	2	.Dt X509 3
	3	.Os
	4	.Sh NAME
	5	.Nm x509
	6	.Nd X.509 certificate handling
	7	.Sh SYNOPSIS
	8	.In openssl/x509.h
	9	.Sh DESCRIPTION
	10	A X.509 certificate is a structured grouping of information about an
	11	individual, a device, or anything one can imagine.
	12	A X.509 CRL (certificate revocation list) is a tool to help determine if
	13	a certificate is still valid.
	14	The exact definition of those can be found in the X.509 document from
	15	ITU-T, or in RFC3280 from PKIX.
	16	In OpenSSL, the type
	17	.Vt X509
	18	is used to express such a certificate, and the type
	19	.Vt X509_CRL
	20	is used to express a CRL.
	21	.Pp
	22	A related structure is a certificate request, defined in PKCS#10 from
	23	RSA Security, Inc., also reflected in RFC2896.
	24	In OpenSSL, the type
	25	.Vt X509_REQ
	26	is used to express such a certificate request.
	27	.Pp
	28	To handle some complex parts of a certificate, there are the types
	29	.Vt X509_NAME
	30	to express a certificate name,
	31	.Vt X509_ATTRIBUTE
	32	to express a certificate attribute,
	33	.Vt X509_EXTENSION
	34	to express a certificate extension, and a few more.
	35	.Pp
	36	Finally, there's the supertype
	37	.Vt X509_INFO ,
	38	which can contain a CRL, a certificate, and a corresponding private key.
	39	.Pp
	40	The functions
	41	.Fa X509_* ,
	42	.Fa d2i_X509_* ,
	43	and
	44	.Fa i2d_X509_*
	45	handle X.509 certificates, with some exceptions shown below.
	46	.Pp
	47	.Fa X509_CRL_* ,
	48	.Fa d2i_X509_CRL_* ,
	49	and
	50	.Fa i2d_X509_CRL_*
	51	handle X.509 CRLs.
	52	.Pp
	53	.Fa X509_REQ_* ,
	54	.Fa d2i_X509_REQ_* ,
	55	and
	56	.Fa i2d_X509_REQ_*
	57	handle PKCS#10 certificate requests.
	58	.Pp
	59	.Fa X509_NAME_*
	60	handle certificate names.
	61	.Pp
	62	.Fa X509_ATTRIBUTE_*
	63	handle certificate attributes.
	64	.Pp
	65	.Fa X509_EXTENSION_*
	66	handle certificate extensions.
	67	.Sh SEE ALSO
	68	.Xr crypto 3 ,
	69	.Xr d2i_X509 3 ,
	70	.Xr d2i_X509_ALGOR 3 ,
	71	.Xr d2i_X509_CRL 3 ,
	72	.Xr d2i_X509_NAME 3 ,
	73	.Xr d2i_X509_REQ 3 ,
	74	.Xr d2i_X509_SIG 3 ,
	75	.Xr X509_NAME_add_entry_by_NID 3 ,
	76	.Xr X509_NAME_add_entry_by_txt 3 ,
	77	.Xr X509_NAME_ENTRY_get_object 3 ,
	78	.Xr X509_NAME_new 3 ,
	79	.Xr X509_NAME_print_ex 3