1 files changed, 23 insertions, 4 deletions
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
index 432a17b66c..f8817b0a71 100644
--- a/src/lib/libssl/doc/openssl.txt
+++ b/src/lib/libssl/doc/openssl.txt
@@ -154,8 +154,22 @@ for example contain data in multiple sections. The correct syntax to
 use is defined by the extension code itself: check out the certificate
 policies extension for an example.
-In addition it is also possible to use the word DER to include arbitrary
+There are two ways to encode arbitrary extensions.
-data in any extension.
+The first way is to use the word ASN1 followed by the extension content
+using the same syntax as ASN1_generate_nconf(). For example:
+1.2.3.4=critical,ASN1:UTF8String:Some random data
+1.2.3.4=ASN1:SEQUENCE:seq_sect
+[seq_sect]
+field1 = UTF8:field1
+field2 = UTF8:field2
+It is also possible to use the word DER to include arbitrary data in any
+extension.
 1.2.3.4=critical,DER:01:02:03:04
 1.2.3.4=DER:01020304
@@ -336,16 +350,21 @@ Subject Alternative Name.
 The subject alternative name extension allows various literal values to be
 included in the configuration file. These include "email" (an email address)
 "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
-registered ID: OBJECT IDENTIFIER) and IP (and IP address).
+registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
 Also the email option include a special 'copy' value. This will automatically
 include and email addresses contained in the certificate subject name in
 the extension.
+otherName can include arbitrary data associated with an OID: the value
+should be the OID followed by a semicolon and the content in standard
+ASN1_generate_nconf() format.
 Examples:
 subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
 subjectAltName=email:my@other.address,RID:1.2.3.4
+subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
 Issuer Alternative Name.
@@ -759,7 +778,7 @@ called.
 The X509V3_EXT_METHOD structure is described below.
-strut {
+struct {
 int ext_nid;
 int ext_flags;
 X509V3_EXT_NEW ext_new;

diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt index 432a17b66c..f8817b0a71 100644 --- a/src/lib/libssl/doc/openssl.txt +++ b/src/lib/libssl/doc/openssl.txt
@@ -154,8 +154,22 @@ for example contain data in multiple sections. The correct syntax to
154	use is defined by the extension code itself: check out the certificate	154	use is defined by the extension code itself: check out the certificate
155	policies extension for an example.	155	policies extension for an example.
156		156
157	In addition it is also possible to use the word DER to include arbitrary	157	There are two ways to encode arbitrary extensions.
158	data in any extension.	158
		159	The first way is to use the word ASN1 followed by the extension content
		160	using the same syntax as ASN1_generate_nconf(). For example:
		161
		162	1.2.3.4=critical,ASN1:UTF8String:Some random data
		163
		164	1.2.3.4=ASN1:SEQUENCE:seq_sect
		165
		166	[seq_sect]
		167
		168	field1 = UTF8:field1
		169	field2 = UTF8:field2
		170
		171	It is also possible to use the word DER to include arbitrary data in any
		172	extension.
159		173
160	1.2.3.4=critical,DER:01:02:03:04	174	1.2.3.4=critical,DER:01:02:03:04
161	1.2.3.4=DER:01020304	175	1.2.3.4=DER:01020304
@@ -336,16 +350,21 @@ Subject Alternative Name.
336	The subject alternative name extension allows various literal values to be	350	The subject alternative name extension allows various literal values to be
337	included in the configuration file. These include "email" (an email address)	351	included in the configuration file. These include "email" (an email address)
338	"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a	352	"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
339	registered ID: OBJECT IDENTIFIER) and IP (and IP address).	353	registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
340		354
341	Also the email option include a special 'copy' value. This will automatically	355	Also the email option include a special 'copy' value. This will automatically
342	include and email addresses contained in the certificate subject name in	356	include and email addresses contained in the certificate subject name in
343	the extension.	357	the extension.
344		358
		359	otherName can include arbitrary data associated with an OID: the value
		360	should be the OID followed by a semicolon and the content in standard
		361	ASN1_generate_nconf() format.
		362
345	Examples:	363	Examples:
346		364
347	subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/	365	subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
348	subjectAltName=email:my@other.address,RID:1.2.3.4	366	subjectAltName=email:my@other.address,RID:1.2.3.4
		367	subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
349		368
350	Issuer Alternative Name.	369	Issuer Alternative Name.
351		370
@@ -759,7 +778,7 @@ called.
759		778
760	The X509V3_EXT_METHOD structure is described below.	779	The X509V3_EXT_METHOD structure is described below.
761		780
762	strut {	781	struct {
763	int ext_nid;	782	int ext_nid;
764	int ext_flags;	783	int ext_flags;
765	X509V3_EXT_NEW ext_new;	784	X509V3_EXT_NEW ext_new;