2 files changed, 180 insertions, 0 deletions
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
index 880eace4da..5da519e7e4 100644
--- a/src/lib/libssl/doc/openssl.txt
+++ b/src/lib/libssl/doc/openssl.txt
@@ -355,6 +355,24 @@ that would not make sense. It does support an additional issuer:copy option
 that will copy all the subject alternative name values from the issuer 
 certificate (if possible).
+Example:
+issuserAltName = issuer:copy
+Authority Info Access.
+The authority information access extension gives details about how to access
+certain information relating to the CA. Its syntax is accessOID;location
+where 'location' has the same syntax as subject alternative name (except
+that email:copy is not supported). accessOID can be any valid OID but only
+certain values are meaningful for example OCSP and caIssuers. OCSP gives the
+location of an OCSP responder: this is used by Netscape PSM and other software.
+Example:
+authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
 CRL distribution points.
 This is a multi-valued extension that supports all the literal options of
@@ -489,6 +507,47 @@ details about the structures returned. The returned structure should be freed
 after use using the relevant free function, BASIC_CONSTRAINTS_free() for 
 example.
+void    *       X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+void    *       X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+void    *       X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+void    *       X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
+These functions combine the operations of searching for extensions and
+parsing them. They search a certificate, a CRL a CRL entry or a stack
+of extensions respectively for extension whose NID is 'nid' and return
+the parsed result of NULL if an error occurred. For example:
+BASIC_CONSTRAINTS *bs;
+bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
+This will search for the basicConstraints extension and either return
+it value or NULL. NULL can mean either the extension was not found, it
+occurred more than once or it could not be parsed.
+If 'idx' is NULL then an extension is only parsed if it occurs precisely
+once. This is standard behaviour because extensions normally cannot occur
+more than once. If however more than one extension of the same type can
+occur it can be used to parse successive extensions for example:
+int i;
+void *ext;
+i = -1;
+for(;;) {
+        ext = X509_get_ext_d2i(x, nid, crit, &idx);
+        if(ext == NULL) break;
+         /* Do something with ext */
+}
+If 'crit' is not NULL and the extension was found then the int it points to
+is set to 1 for critical extensions and 0 for non critical. Therefore if the
+function returns NULL but 'crit' is set to 0 or 1 then the extension was
+found but it could not be parsed.
+The int pointed to by crit will be set to -1 if the extension was not found
+and -2 if the extension occurred more than once (this will only happen if
+idx is NULL). In both cases the function will return NULL.
 3. Generating extensions.
 An extension will typically be generated from a configuration file, or some
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
new file mode 100644
index 0000000000..61ccc5d7e0
--- /dev/null
+++ b/src/lib/libssl/doc/standards.txt
@@ -0,0 +1,121 @@
+Standards related to OpenSSL
+============================
+[Please, this is currently a draft.  I made a first try at finding
+ documents that describe parts of what OpenSSL implements.  There are
+ big gaps, and I've most certainly done something wrong.  Please
+ correct whatever is...  Also, this note should be removed when this
+ file is reaching a somewhat correct state.        -- Richard Levitte]
+All pointers in here will be either URL's or blobs of text borrowed
+from miscellaneous indexes, like rfc-index.txt (index of RFCs),
+1id-index.txt (index of Internet drafts) and the like.
+To find the latest possible RFCs, it's recommended to either browse
+ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
+use the search mechanism found there.
+To find the latest possible Internet drafts, it's recommended to
+browse ftp://ftp.isi.edu/internet-drafts/.
+To find the latest possible PKCS, it's recommended to browse
+http://www.rsasecurity.com/rsalabs/pkcs/.
+Implemented:
+------------
+These are documents that describe things that are implemented in OpenSSL.
+1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
+     (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
+1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
+     TXT=32407 bytes) (Status: INFORMATIONAL)
+1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
+     TXT=35222 bytes) (Status: INFORMATIONAL)
+2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
+     (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
+2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
+     January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
+2314 PKCS 10: Certification Request Syntax Version 1.5. B. Kaliski.
+     March 1998. (Format: TXT=15814 bytes) (Status: INFORMATIONAL)
+2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
+     March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
+2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski,
+     J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes
+     RFC2313) (Status: INFORMATIONAL)
+2459 Internet X.509 Public Key Infrastructure Certificate and CRL
+     Profile. R. Housley, W. Ford, W. Polk, D. Solo. January 1999.
+     (Format: TXT=278438 bytes) (Status: PROPOSED STANDARD)
+PKCS#8: Private-Key Information Syntax Standard
+PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
+Related:
+--------
+These are documents that are close to OpenSSL, for example the
+STARTTLS documents.
+1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
+     Encryption and Authentication Procedures. J. Linn. February 1993.
+     (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
+     STANDARD)
+1422 Privacy Enhancement for Internet Electronic Mail: Part II:
+     Certificate-Based Key Management. S. Kent. February 1993. (Format:
+     TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
+1423 Privacy Enhancement for Internet Electronic Mail: Part III:
+     Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
+     (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
+     STANDARD)
+1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
+     Certification and Related Services. B. Kaliski. February 1993.
+     (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
+2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman.
+     January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD)
+2585 Internet X.509 Public Key Infrastructure Operational Protocols:
+     FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
+     bytes) (Status: PROPOSED STANDARD)
+2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
+     (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
+2712 Addition of Kerberos Cipher Suites to Transport Layer Security
+     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
+     (Status: PROPOSED STANDARD)
+2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
+     2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
+     STANDARD)
+2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
+     (Status: INFORMATIONAL)
+  "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
+ 
+To be implemented:
+------------------
+These are documents that describe things that are planed to be
+implemented in the hopefully short future.
+2560 X.509 Internet Public Key Infrastructure Online Certificate
+     Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
+     C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
+     STANDARD)

diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt index 880eace4da..5da519e7e4 100644 --- a/src/lib/libssl/doc/openssl.txt +++ b/src/lib/libssl/doc/openssl.txt
@@ -355,6 +355,24 @@ that would not make sense. It does support an additional issuer:copy option
355	that will copy all the subject alternative name values from the issuer	355	that will copy all the subject alternative name values from the issuer
356	certificate (if possible).	356	certificate (if possible).
357		357
		358	Example:
		359
		360	issuserAltName = issuer:copy
		361
		362	Authority Info Access.
		363
		364	The authority information access extension gives details about how to access
		365	certain information relating to the CA. Its syntax is accessOID;location
		366	where 'location' has the same syntax as subject alternative name (except
		367	that email:copy is not supported). accessOID can be any valid OID but only
		368	certain values are meaningful for example OCSP and caIssuers. OCSP gives the
		369	location of an OCSP responder: this is used by Netscape PSM and other software.
		370
		371	Example:
		372
		373	authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
		374	authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
		375
358	CRL distribution points.	376	CRL distribution points.
359		377
360	This is a multi-valued extension that supports all the literal options of	378	This is a multi-valued extension that supports all the literal options of
@@ -489,6 +507,47 @@ details about the structures returned. The returned structure should be freed
489	after use using the relevant free function, BASIC_CONSTRAINTS_free() for	507	after use using the relevant free function, BASIC_CONSTRAINTS_free() for
490	example.	508	example.
491		509
		510	void * X509_get_ext_d2i(X509 x, int nid, int crit, int *idx);
		511	void * X509_CRL_get_ext_d2i(X509_CRL x, int nid, int crit, int *idx);
		512	void * X509_REVOKED_get_ext_d2i(X509_REVOKED x, int nid, int crit, int *idx);
		513	void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) x, int nid, int crit, int *idx);
		514
		515	These functions combine the operations of searching for extensions and
		516	parsing them. They search a certificate, a CRL a CRL entry or a stack
		517	of extensions respectively for extension whose NID is 'nid' and return
		518	the parsed result of NULL if an error occurred. For example:
		519
		520	BASIC_CONSTRAINTS *bs;
		521	bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
		522
		523	This will search for the basicConstraints extension and either return
		524	it value or NULL. NULL can mean either the extension was not found, it
		525	occurred more than once or it could not be parsed.
		526
		527	If 'idx' is NULL then an extension is only parsed if it occurs precisely
		528	once. This is standard behaviour because extensions normally cannot occur
		529	more than once. If however more than one extension of the same type can
		530	occur it can be used to parse successive extensions for example:
		531
		532	int i;
		533	void *ext;
		534
		535	i = -1;
		536	for(;;) {
		537	ext = X509_get_ext_d2i(x, nid, crit, &idx);
		538	if(ext == NULL) break;
		539	/* Do something with ext */
		540	}
		541
		542	If 'crit' is not NULL and the extension was found then the int it points to
		543	is set to 1 for critical extensions and 0 for non critical. Therefore if the
		544	function returns NULL but 'crit' is set to 0 or 1 then the extension was
		545	found but it could not be parsed.
		546
		547	The int pointed to by crit will be set to -1 if the extension was not found
		548	and -2 if the extension occurred more than once (this will only happen if
		549	idx is NULL). In both cases the function will return NULL.
		550
492	3. Generating extensions.	551	3. Generating extensions.
493		552
494	An extension will typically be generated from a configuration file, or some	553	An extension will typically be generated from a configuration file, or some


diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt new file mode 100644 index 0000000000..61ccc5d7e0 --- /dev/null +++ b/src/lib/libssl/doc/standards.txt
@@ -0,0 +1,121 @@
		1	Standards related to OpenSSL
		2	============================
		3
		4	[Please, this is currently a draft. I made a first try at finding
		5	documents that describe parts of what OpenSSL implements. There are
		6	big gaps, and I've most certainly done something wrong. Please
		7	correct whatever is... Also, this note should be removed when this
		8	file is reaching a somewhat correct state. -- Richard Levitte]
		9
		10
		11	All pointers in here will be either URL's or blobs of text borrowed
		12	from miscellaneous indexes, like rfc-index.txt (index of RFCs),
		13	1id-index.txt (index of Internet drafts) and the like.
		14
		15	To find the latest possible RFCs, it's recommended to either browse
		16	ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
		17	use the search mechanism found there.
		18	To find the latest possible Internet drafts, it's recommended to
		19	browse ftp://ftp.isi.edu/internet-drafts/.
		20	To find the latest possible PKCS, it's recommended to browse
		21	http://www.rsasecurity.com/rsalabs/pkcs/.
		22
		23
		24	Implemented:
		25	------------
		26
		27	These are documents that describe things that are implemented in OpenSSL.
		28
		29	1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
		30	(Format: TXT=25661 bytes) (Status: INFORMATIONAL)
		31
		32	1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
		33	TXT=32407 bytes) (Status: INFORMATIONAL)
		34
		35	1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
		36	TXT=35222 bytes) (Status: INFORMATIONAL)
		37
		38	2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
		39	(Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
		40
		41	2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
		42	January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
		43
		44	2314 PKCS 10: Certification Request Syntax Version 1.5. B. Kaliski.
		45	March 1998. (Format: TXT=15814 bytes) (Status: INFORMATIONAL)
		46
		47	2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
		48	March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
		49
		50	2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski,
		51	J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes
		52	RFC2313) (Status: INFORMATIONAL)
		53
		54	2459 Internet X.509 Public Key Infrastructure Certificate and CRL
		55	Profile. R. Housley, W. Ford, W. Polk, D. Solo. January 1999.
		56	(Format: TXT=278438 bytes) (Status: PROPOSED STANDARD)
		57
		58	PKCS#8: Private-Key Information Syntax Standard
		59
		60	PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
		61
		62
		63	Related:
		64	--------
		65
		66	These are documents that are close to OpenSSL, for example the
		67	STARTTLS documents.
		68
		69	1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
		70	Encryption and Authentication Procedures. J. Linn. February 1993.
		71	(Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
		72	STANDARD)
		73
		74	1422 Privacy Enhancement for Internet Electronic Mail: Part II:
		75	Certificate-Based Key Management. S. Kent. February 1993. (Format:
		76	TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
		77
		78	1423 Privacy Enhancement for Internet Electronic Mail: Part III:
		79	Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
		80	(Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
		81	STANDARD)
		82
		83	1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
		84	Certification and Related Services. B. Kaliski. February 1993.
		85	(Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
		86
		87	2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman.
		88	January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD)
		89
		90	2585 Internet X.509 Public Key Infrastructure Operational Protocols:
		91	FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
		92	bytes) (Status: PROPOSED STANDARD)
		93
		94	2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
		95	(Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
		96
		97	2712 Addition of Kerberos Cipher Suites to Transport Layer Security
		98	(TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
		99	(Status: PROPOSED STANDARD)
		100
		101	2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
		102	2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
		103	STANDARD)
		104
		105	2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
		106	(Status: INFORMATIONAL)
		107
		108	"Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>
		109
		110
		111	To be implemented:
		112	------------------
		113
		114	These are documents that describe things that are planed to be
		115	implemented in the hopefully short future.
		116
		117	2560 X.509 Internet Public Key Infrastructure Online Certificate
		118	Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
		119	C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
		120	STANDARD)
		121