1 files changed, 59 insertions, 0 deletions
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
index 880eace4da..5da519e7e4 100644
--- a/src/lib/libssl/doc/openssl.txt
+++ b/src/lib/libssl/doc/openssl.txt
@@ -355,6 +355,24 @@ that would not make sense. It does support an additional issuer:copy option
 that will copy all the subject alternative name values from the issuer 
 certificate (if possible).
+Example:
+issuserAltName = issuer:copy
+Authority Info Access.
+The authority information access extension gives details about how to access
+certain information relating to the CA. Its syntax is accessOID;location
+where 'location' has the same syntax as subject alternative name (except
+that email:copy is not supported). accessOID can be any valid OID but only
+certain values are meaningful for example OCSP and caIssuers. OCSP gives the
+location of an OCSP responder: this is used by Netscape PSM and other software.
+Example:
+authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
 CRL distribution points.
 This is a multi-valued extension that supports all the literal options of
@@ -489,6 +507,47 @@ details about the structures returned. The returned structure should be freed
 after use using the relevant free function, BASIC_CONSTRAINTS_free() for 
 example.
+void    *       X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+void    *       X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+void    *       X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+void    *       X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
+These functions combine the operations of searching for extensions and
+parsing them. They search a certificate, a CRL a CRL entry or a stack
+of extensions respectively for extension whose NID is 'nid' and return
+the parsed result of NULL if an error occurred. For example:
+BASIC_CONSTRAINTS *bs;
+bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
+This will search for the basicConstraints extension and either return
+it value or NULL. NULL can mean either the extension was not found, it
+occurred more than once or it could not be parsed.
+If 'idx' is NULL then an extension is only parsed if it occurs precisely
+once. This is standard behaviour because extensions normally cannot occur
+more than once. If however more than one extension of the same type can
+occur it can be used to parse successive extensions for example:
+int i;
+void *ext;
+i = -1;
+for(;;) {
+        ext = X509_get_ext_d2i(x, nid, crit, &idx);
+        if(ext == NULL) break;
+         /* Do something with ext */
+}
+If 'crit' is not NULL and the extension was found then the int it points to
+is set to 1 for critical extensions and 0 for non critical. Therefore if the
+function returns NULL but 'crit' is set to 0 or 1 then the extension was
+found but it could not be parsed.
+The int pointed to by crit will be set to -1 if the extension was not found
+and -2 if the extension occurred more than once (this will only happen if
+idx is NULL). In both cases the function will return NULL.
 3. Generating extensions.
 An extension will typically be generated from a configuration file, or some

diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt index 880eace4da..5da519e7e4 100644 --- a/src/lib/libssl/doc/openssl.txt +++ b/src/lib/libssl/doc/openssl.txt
@@ -355,6 +355,24 @@ that would not make sense. It does support an additional issuer:copy option
355	that will copy all the subject alternative name values from the issuer	355	that will copy all the subject alternative name values from the issuer
356	certificate (if possible).	356	certificate (if possible).
357		357
		358	Example:
		359
		360	issuserAltName = issuer:copy
		361
		362	Authority Info Access.
		363
		364	The authority information access extension gives details about how to access
		365	certain information relating to the CA. Its syntax is accessOID;location
		366	where 'location' has the same syntax as subject alternative name (except
		367	that email:copy is not supported). accessOID can be any valid OID but only
		368	certain values are meaningful for example OCSP and caIssuers. OCSP gives the
		369	location of an OCSP responder: this is used by Netscape PSM and other software.
		370
		371	Example:
		372
		373	authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
		374	authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
		375
358	CRL distribution points.	376	CRL distribution points.
359		377
360	This is a multi-valued extension that supports all the literal options of	378	This is a multi-valued extension that supports all the literal options of
@@ -489,6 +507,47 @@ details about the structures returned. The returned structure should be freed
489	after use using the relevant free function, BASIC_CONSTRAINTS_free() for	507	after use using the relevant free function, BASIC_CONSTRAINTS_free() for
490	example.	508	example.
491		509
		510	void * X509_get_ext_d2i(X509 x, int nid, int crit, int *idx);
		511	void * X509_CRL_get_ext_d2i(X509_CRL x, int nid, int crit, int *idx);
		512	void * X509_REVOKED_get_ext_d2i(X509_REVOKED x, int nid, int crit, int *idx);
		513	void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) x, int nid, int crit, int *idx);
		514
		515	These functions combine the operations of searching for extensions and
		516	parsing them. They search a certificate, a CRL a CRL entry or a stack
		517	of extensions respectively for extension whose NID is 'nid' and return
		518	the parsed result of NULL if an error occurred. For example:
		519
		520	BASIC_CONSTRAINTS *bs;
		521	bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
		522
		523	This will search for the basicConstraints extension and either return
		524	it value or NULL. NULL can mean either the extension was not found, it
		525	occurred more than once or it could not be parsed.
		526
		527	If 'idx' is NULL then an extension is only parsed if it occurs precisely
		528	once. This is standard behaviour because extensions normally cannot occur
		529	more than once. If however more than one extension of the same type can
		530	occur it can be used to parse successive extensions for example:
		531
		532	int i;
		533	void *ext;
		534
		535	i = -1;
		536	for(;;) {
		537	ext = X509_get_ext_d2i(x, nid, crit, &idx);
		538	if(ext == NULL) break;
		539	/* Do something with ext */
		540	}
		541
		542	If 'crit' is not NULL and the extension was found then the int it points to
		543	is set to 1 for critical extensions and 0 for non critical. Therefore if the
		544	function returns NULL but 'crit' is set to 0 or 1 then the extension was
		545	found but it could not be parsed.
		546
		547	The int pointed to by crit will be set to -1 if the extension was not found
		548	and -2 if the extension occurred more than once (this will only happen if
		549	idx is NULL). In both cases the function will return NULL.
		550
492	3. Generating extensions.	551	3. Generating extensions.
493		552
494	An extension will typically be generated from a configuration file, or some	553	An extension will typically be generated from a configuration file, or some