8 files changed, 35 insertions, 41 deletions
diff --git a/src/lib/libcrypto/man/X509V3_get_d2i.3 b/src/lib/libcrypto/man/X509V3_get_d2i.3
index cd3bb844b5..b883bde099 100644
--- a/src/lib/libcrypto/man/X509V3_get_d2i.3
+++ b/src/lib/libcrypto/man/X509V3_get_d2i.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509V3_get_d2i.3,v 1.1 2016/12/04 20:51:47 schwarze Exp $
+.\"     $OpenBSD: X509V3_get_d2i.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 047dd81e Jul 4 23:03:17 2014 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 4 2016 $
+.Dd $Mdocdate: December 5 2016 $
 .Dt X509V3_GET_D2I 3
 .Os
 .Sh NAME
@@ -201,7 +201,7 @@ and
 .Fn X509_add1_ext_i2d
 operate on the extensions of certificate
 .Fa x ,
-they are otherwise identical to
+and are otherwise identical to
 .Fn X509V3_get_d2i
 and
 .Fn X509V3_add1_i2d 3 .
@@ -211,7 +211,7 @@ and
 .Fn X509_CRL_add1_ext_i2d
 operate on the extensions of CRL
 .Fa crl ,
-they are otherwise identical to
+and are otherwise identical to
 .Fn X509V3_get_d2i
 and
 .Fn X509V3_add1_i2d 3 .
@@ -223,7 +223,7 @@ operate on the extensions of the
 .Vt X509_REVOKED
 structure
 .Fa r
-(i.e. for CRL entry extensions), they are otherwise identical to
+(i.e. for CRL entry extensions), and are otherwise identical to
 .Fn X509V3_get_d2i
 and
 .Fn X509V3_add1_i2d 3 .
@@ -265,7 +265,7 @@ No new extension is added.
 .Pp
 If
 .Dv X509V3_ADD_SILENT
-is ored with
+is OR'd with
 .Fa flags ,
 any error returned will not be added to the error queue.
 .Pp
@@ -282,7 +282,7 @@ The following sections contain a list of all supported extensions
 including their name and NID.
 .Ss PKIX Certificate Extensions
 The following certificate extensions are defined in PKIX standards such
-as RFC5280.
+as RFC 5280.
 .Bl -column 30n 30n
 .It Basic Constraints             Ta Dv NID_basic_constraints
 .It Key Usage                     Ta Dv NID_key_usage
@@ -318,7 +318,7 @@ The following are (largely obsolete) Netscape certificate extensions.
 .It Proxy Certificate Information Ta Dv NID_proxyCertInfo
 .El
 .Ss PKIX CRL Extensions
-The following are CRL extensions from PKIX standards such as RFC5280.
+The following are CRL extensions from PKIX standards such as RFC 5280.
 .Bl -column 30n 30n
 .It CRL Number                    Ta Dv NID_crl_number
 .It CRL Distribution Points       Ta Dv NID_crl_distribution_points
@@ -329,7 +329,7 @@ The following are CRL extensions from PKIX standards such as RFC5280.
 .El
 .Pp
 The following are CRL entry extensions from PKIX standards such as
-RFC5280.
+RFC 5280.
 .Bl -column 30n 30n
 .It CRL Reason Code               Ta Dv NID_crl_reason
 .It Certificate Issuer            Ta Dv NID_certificate_issuer
@@ -345,7 +345,7 @@ RFC5280.
 .It Hold Instruction Code         Ta Dv NID_hold_instruction_code
 .El
 .Ss Certificate Transparency Extensions
-The following extensions are used by certificate transparency, RFC6962
+The following extensions are used by certificate transparency, RFC 6962
 .Bl -column 30n 30n
 .It CT Precertificate SCTs        Ta Dv NID_ct_precert_scts
 .It CT Certificate SCTs           Ta Dv NID_ct_cert_scts
diff --git a/src/lib/libcrypto/man/X509_ALGOR_dup.3 b/src/lib/libcrypto/man/X509_ALGOR_dup.3
index 00d87592c7..5ca80dc3f8 100644
--- a/src/lib/libcrypto/man/X509_ALGOR_dup.3
+++ b/src/lib/libcrypto/man/X509_ALGOR_dup.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_ALGOR_dup.3,v 1.1 2016/12/04 20:51:47 schwarze Exp $
+.\"     $OpenBSD: X509_ALGOR_dup.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 4692340e Jun 7 15:49:08 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 4 2016 $
+.Dd $Mdocdate: December 5 2016 $
 .Dt X509_ALGOR_DUP 3
 .Os
 .Sh NAME
@@ -146,12 +146,3 @@ compares
 and
 .Fa b
 and returns 0 if they have identical encodings and non-zero otherwise.
-.Sh COPYRIGHT
-Copyright 2002-2016 The OpenSSL Project Authors.
-All Rights Reserved.
-.Pp
-Licensed under the OpenSSL license (the "License").
-You may not use this file except in compliance with the License.
-You can obtain a copy in the file LICENSE in the source distribution or
-at
-.Lk https://www.openssl.org/source/license.html .
diff --git a/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 b/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
index 4b06525994..886b3d303a 100644
--- a/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
+++ b/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.1 2016/12/04 20:51:47 schwarze Exp $
+.\"     $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 4 2016 $
+.Dd $Mdocdate: December 5 2016 $
 .Dt X509_LOOKUP_HASH_DIR 3
 .Os
 .Sh NAME
@@ -89,7 +89,7 @@ and
 .Fn X509_LOOKUP_file
 are two certificate lookup methods to use with
 .Vt X509_STORE ,
-provided by OpenSSL library.
+provided by the OpenSSL library.
 .Pp
 Users of the library typically do not need to create instances of these
 methods manually.
@@ -99,7 +99,7 @@ or
 .Xr SSL_CTX_load_verify_locations 3
 functions.
 .Pp
-Internally loading of certificates and CRLs is implemented via functions
+Internally, loading of certificates and CRLs is implemented via the functions
 .Fn X509_load_cert_crl_file ,
 .Fn X509_load_cert_file
 and
@@ -137,7 +137,7 @@ The constant
 .Dv FILETYPE_DEFAULT
 with
 .Dv NULL
-filename causes these functions to load default certificate
+filename causes these functions to load the default certificate
 store file (see
 .Xr X509_STORE_set_default_paths 3 ) .
 .Pp
@@ -162,7 +162,7 @@ This method should be used by applications which work with a small set
 of CAs.
 .Ss Hashed Directory Method
 .Fa X509_LOOKUP_hash_dir
-is a more advanced method, which loads certificates and CRLs on demand,
+is a more advanced method which loads certificates and CRLs on demand,
 and caches them in memory once they are loaded.
 As of OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so
 that newer CRLs are used as soon as they appear in the directory.
@@ -182,7 +182,7 @@ name for CRLs.
 The hash can also be obtained via the
 .Fl hash
 option of the
-.Xr openssl
+.Xr openssl 1
 .Cm x509
 or
 .Cm crl
diff --git a/src/lib/libcrypto/man/X509_PUBKEY_new.3 b/src/lib/libcrypto/man/X509_PUBKEY_new.3
index 59dc2fbf7a..7ed923ac21 100644
--- a/src/lib/libcrypto/man/X509_PUBKEY_new.3
+++ b/src/lib/libcrypto/man/X509_PUBKEY_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_PUBKEY_new.3,v 1.1 2016/12/05 12:50:07 schwarze Exp $
+.\"     $OpenBSD: X509_PUBKEY_new.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -172,7 +172,7 @@ returns the public key contained in
 .Fa key .
 The reference
 count on the returned key is incremented so it must be freed using
-.Xr EVP_PKEY_free
+.Xr EVP_PKEY_free 3
 after use.
 .Pp
 .Fn d2i_PUBKEY
@@ -226,6 +226,7 @@ is set to the associated OID and the encoding consists of
 .Pf * Fa ppklen
 bytes at
 .Pf * Fa pk ,
+and
 .Pf * Fa pa
 is set to the associated AlgorithmIdentifier for the public key.
 If the value of any of these parameters is not required,
diff --git a/src/lib/libcrypto/man/X509_STORE_set1_param.3 b/src/lib/libcrypto/man/X509_STORE_set1_param.3
index abd1b872f3..93455893d5 100644
--- a/src/lib/libcrypto/man/X509_STORE_set1_param.3
+++ b/src/lib/libcrypto/man/X509_STORE_set1_param.3
@@ -1,4 +1,4 @@
-.\"     $OpenSSL$
+.\"     $OpenBSD: X509_STORE_set1_param.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 99d63d46
 .\"
 .\" This file was written by Christian Heimes <cheimes@redhat.com>.
diff --git a/src/lib/libcrypto/man/X509_check_ca.3 b/src/lib/libcrypto/man/X509_check_ca.3
index 67aac693e6..7d31c145c0 100644
--- a/src/lib/libcrypto/man/X509_check_ca.3
+++ b/src/lib/libcrypto/man/X509_check_ca.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_check_ca.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $
+.\"     $OpenBSD: X509_check_ca.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>.
@@ -63,7 +63,7 @@
 .Sh DESCRIPTION
 This function checks whether the given certificate is a CA certificate,
 that is, whether it can be used to sign other certificates.
-.Sh RETURN VALUE
+.Sh RETURN VALUES
 This functions returns non-zero if
 .Fa cert
 is a CA certificate or 0 otherwise.
diff --git a/src/lib/libcrypto/man/X509_check_host.3 b/src/lib/libcrypto/man/X509_check_host.3
index 1e6a44ffe1..5990670acb 100644
--- a/src/lib/libcrypto/man/X509_check_host.3
+++ b/src/lib/libcrypto/man/X509_check_host.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_check_host.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $
+.\"     $OpenBSD: X509_check_host.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Florian Weimer <fweimer@redhat.com> and
@@ -99,7 +99,7 @@ checks if the certificate Subject Alternative Name (SAN) or Subject
 CommonName (CN) matches the specified host name, which must be encoded
 in the preferred name syntax described in section 3.5 of RFC 1034.
 By default, wildcards are supported and they match only in the
-left-most label; but they may match part of that label with an
+left-most label; they may match part of that label with an
 explicit prefix or suffix.
 For example, by default, the host
 .Fa name
@@ -124,7 +124,8 @@ When
 starts with a dot (e.g.\&
 .Qq .example.com ) ,
 it will be matched by a certificate valid for any sub-domain of
-.Fa name ; see also
+.Fa name ;
+see also
 .Fa X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
 below.
 .Pp
@@ -142,11 +143,12 @@ when it is no longer needed.
 .Fn X509_check_email
 checks if the certificate matches the specified email
 .Fa address .
-Only the mailbox syntax of RFC 822 is supported, comments are not
+Only the mailbox syntax of RFC 822 is supported.
-allowed, and no attempt is made to normalize quoted characters.
+Comments are not allowed,
+and no attempt is made to normalize quoted characters.
 The
 .Fa addresslen
-argument must be the number of characters in the address string or zero
+argument must be the number of characters in the address string or zero,
 in which case the length is calculated with
 .Fn strlen address .
 .Pp
diff --git a/src/lib/libcrypto/man/X509_check_issued.3 b/src/lib/libcrypto/man/X509_check_issued.3
index 997dfe12f1..a6696123ac 100644
--- a/src/lib/libcrypto/man/X509_check_issued.3
+++ b/src/lib/libcrypto/man/X509_check_issued.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_check_issued.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $
+.\"     $OpenBSD: X509_check_issued.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>.
@@ -89,7 +89,7 @@ check the
 field of
 .Fa issuer .
 .El
-.Sh RETURN VALUE
+.Sh RETURN VALUES
 This function returns
 .Dv X509_V_OK
 if the certificate

diff --git a/src/lib/libcrypto/man/X509V3_get_d2i.3 b/src/lib/libcrypto/man/X509V3_get_d2i.3 index cd3bb844b5..b883bde099 100644 --- a/src/lib/libcrypto/man/X509V3_get_d2i.3 +++ b/src/lib/libcrypto/man/X509V3_get_d2i.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509V3_get_d2i.3,v 1.1 2016/12/04 20:51:47 schwarze Exp $	1	.\" $OpenBSD: X509V3_get_d2i.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
2	.\" OpenSSL 047dd81e Jul 4 23:03:17 2014 +0100	2	.\" OpenSSL 047dd81e Jul 4 23:03:17 2014 +0100
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: December 4 2016 $	51	.Dd $Mdocdate: December 5 2016 $
52	.Dt X509V3_GET_D2I 3	52	.Dt X509V3_GET_D2I 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -201,7 +201,7 @@ and
201	.Fn X509_add1_ext_i2d	201	.Fn X509_add1_ext_i2d
202	operate on the extensions of certificate	202	operate on the extensions of certificate
203	.Fa x ,	203	.Fa x ,
204	they are otherwise identical to	204	and are otherwise identical to
205	.Fn X509V3_get_d2i	205	.Fn X509V3_get_d2i
206	and	206	and
207	.Fn X509V3_add1_i2d 3 .	207	.Fn X509V3_add1_i2d 3 .
@@ -211,7 +211,7 @@ and
211	.Fn X509_CRL_add1_ext_i2d	211	.Fn X509_CRL_add1_ext_i2d
212	operate on the extensions of CRL	212	operate on the extensions of CRL
213	.Fa crl ,	213	.Fa crl ,
214	they are otherwise identical to	214	and are otherwise identical to
215	.Fn X509V3_get_d2i	215	.Fn X509V3_get_d2i
216	and	216	and
217	.Fn X509V3_add1_i2d 3 .	217	.Fn X509V3_add1_i2d 3 .
@@ -223,7 +223,7 @@ operate on the extensions of the
223	.Vt X509_REVOKED	223	.Vt X509_REVOKED
224	structure	224	structure
225	.Fa r	225	.Fa r
226	(i.e. for CRL entry extensions), they are otherwise identical to	226	(i.e. for CRL entry extensions), and are otherwise identical to
227	.Fn X509V3_get_d2i	227	.Fn X509V3_get_d2i
228	and	228	and
229	.Fn X509V3_add1_i2d 3 .	229	.Fn X509V3_add1_i2d 3 .
@@ -265,7 +265,7 @@ No new extension is added.
265	.Pp	265	.Pp
266	If	266	If
267	.Dv X509V3_ADD_SILENT	267	.Dv X509V3_ADD_SILENT
268	is ored with	268	is OR'd with
269	.Fa flags ,	269	.Fa flags ,
270	any error returned will not be added to the error queue.	270	any error returned will not be added to the error queue.
271	.Pp	271	.Pp
@@ -282,7 +282,7 @@ The following sections contain a list of all supported extensions
282	including their name and NID.	282	including their name and NID.
283	.Ss PKIX Certificate Extensions	283	.Ss PKIX Certificate Extensions
284	The following certificate extensions are defined in PKIX standards such	284	The following certificate extensions are defined in PKIX standards such
285	as RFC5280.	285	as RFC 5280.
286	.Bl -column 30n 30n	286	.Bl -column 30n 30n
287	.It Basic Constraints Ta Dv NID_basic_constraints	287	.It Basic Constraints Ta Dv NID_basic_constraints
288	.It Key Usage Ta Dv NID_key_usage	288	.It Key Usage Ta Dv NID_key_usage
@@ -318,7 +318,7 @@ The following are (largely obsolete) Netscape certificate extensions.
318	.It Proxy Certificate Information Ta Dv NID_proxyCertInfo	318	.It Proxy Certificate Information Ta Dv NID_proxyCertInfo
319	.El	319	.El
320	.Ss PKIX CRL Extensions	320	.Ss PKIX CRL Extensions
321	The following are CRL extensions from PKIX standards such as RFC5280.	321	The following are CRL extensions from PKIX standards such as RFC 5280.
322	.Bl -column 30n 30n	322	.Bl -column 30n 30n
323	.It CRL Number Ta Dv NID_crl_number	323	.It CRL Number Ta Dv NID_crl_number
324	.It CRL Distribution Points Ta Dv NID_crl_distribution_points	324	.It CRL Distribution Points Ta Dv NID_crl_distribution_points
@@ -329,7 +329,7 @@ The following are CRL extensions from PKIX standards such as RFC5280.
329	.El	329	.El
330	.Pp	330	.Pp
331	The following are CRL entry extensions from PKIX standards such as	331	The following are CRL entry extensions from PKIX standards such as
332	RFC5280.	332	RFC 5280.
333	.Bl -column 30n 30n	333	.Bl -column 30n 30n
334	.It CRL Reason Code Ta Dv NID_crl_reason	334	.It CRL Reason Code Ta Dv NID_crl_reason
335	.It Certificate Issuer Ta Dv NID_certificate_issuer	335	.It Certificate Issuer Ta Dv NID_certificate_issuer
@@ -345,7 +345,7 @@ RFC5280.
345	.It Hold Instruction Code Ta Dv NID_hold_instruction_code	345	.It Hold Instruction Code Ta Dv NID_hold_instruction_code
346	.El	346	.El
347	.Ss Certificate Transparency Extensions	347	.Ss Certificate Transparency Extensions
348	The following extensions are used by certificate transparency, RFC6962	348	The following extensions are used by certificate transparency, RFC 6962
349	.Bl -column 30n 30n	349	.Bl -column 30n 30n
350	.It CT Precertificate SCTs Ta Dv NID_ct_precert_scts	350	.It CT Precertificate SCTs Ta Dv NID_ct_precert_scts
351	.It CT Certificate SCTs Ta Dv NID_ct_cert_scts	351	.It CT Certificate SCTs Ta Dv NID_ct_cert_scts


diff --git a/src/lib/libcrypto/man/X509_ALGOR_dup.3 b/src/lib/libcrypto/man/X509_ALGOR_dup.3 index 00d87592c7..5ca80dc3f8 100644 --- a/src/lib/libcrypto/man/X509_ALGOR_dup.3 +++ b/src/lib/libcrypto/man/X509_ALGOR_dup.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_ALGOR_dup.3,v 1.1 2016/12/04 20:51:47 schwarze Exp $	1	.\" $OpenBSD: X509_ALGOR_dup.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
2	.\" OpenSSL 4692340e Jun 7 15:49:08 2016 -0400	2	.\" OpenSSL 4692340e Jun 7 15:49:08 2016 -0400
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	48	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	49	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
50	.\"	50	.\"
51	.Dd $Mdocdate: December 4 2016 $	51	.Dd $Mdocdate: December 5 2016 $
52	.Dt X509_ALGOR_DUP 3	52	.Dt X509_ALGOR_DUP 3
53	.Os	53	.Os
54	.Sh NAME	54	.Sh NAME
@@ -146,12 +146,3 @@ compares
146	and	146	and
147	.Fa b	147	.Fa b
148	and returns 0 if they have identical encodings and non-zero otherwise.	148	and returns 0 if they have identical encodings and non-zero otherwise.
149	.Sh COPYRIGHT
150	Copyright 2002-2016 The OpenSSL Project Authors.
151	All Rights Reserved.
152	.Pp
153	Licensed under the OpenSSL license (the "License").
154	You may not use this file except in compliance with the License.
155	You can obtain a copy in the file LICENSE in the source distribution or
156	at
157	.Lk https://www.openssl.org/source/license.html .


diff --git a/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 b/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 index 4b06525994..886b3d303a 100644 --- a/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 +++ b/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.1 2016/12/04 20:51:47 schwarze Exp $	1	.\" $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>	4	.\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>
@@ -49,7 +49,7 @@
49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51	.\"	51	.\"
52	.Dd $Mdocdate: December 4 2016 $	52	.Dd $Mdocdate: December 5 2016 $
53	.Dt X509_LOOKUP_HASH_DIR 3	53	.Dt X509_LOOKUP_HASH_DIR 3
54	.Os	54	.Os
55	.Sh NAME	55	.Sh NAME
@@ -89,7 +89,7 @@ and
89	.Fn X509_LOOKUP_file	89	.Fn X509_LOOKUP_file
90	are two certificate lookup methods to use with	90	are two certificate lookup methods to use with
91	.Vt X509_STORE ,	91	.Vt X509_STORE ,
92	provided by OpenSSL library.	92	provided by the OpenSSL library.
93	.Pp	93	.Pp
94	Users of the library typically do not need to create instances of these	94	Users of the library typically do not need to create instances of these
95	methods manually.	95	methods manually.
@@ -99,7 +99,7 @@ or
99	.Xr SSL_CTX_load_verify_locations 3	99	.Xr SSL_CTX_load_verify_locations 3
100	functions.	100	functions.
101	.Pp	101	.Pp
102	Internally loading of certificates and CRLs is implemented via functions	102	Internally, loading of certificates and CRLs is implemented via the functions
103	.Fn X509_load_cert_crl_file ,	103	.Fn X509_load_cert_crl_file ,
104	.Fn X509_load_cert_file	104	.Fn X509_load_cert_file
105	and	105	and
@@ -137,7 +137,7 @@ The constant
137	.Dv FILETYPE_DEFAULT	137	.Dv FILETYPE_DEFAULT
138	with	138	with
139	.Dv NULL	139	.Dv NULL
140	filename causes these functions to load default certificate	140	filename causes these functions to load the default certificate
141	store file (see	141	store file (see
142	.Xr X509_STORE_set_default_paths 3 ) .	142	.Xr X509_STORE_set_default_paths 3 ) .
143	.Pp	143	.Pp
@@ -162,7 +162,7 @@ This method should be used by applications which work with a small set
162	of CAs.	162	of CAs.
163	.Ss Hashed Directory Method	163	.Ss Hashed Directory Method
164	.Fa X509_LOOKUP_hash_dir	164	.Fa X509_LOOKUP_hash_dir
165	is a more advanced method, which loads certificates and CRLs on demand,	165	is a more advanced method which loads certificates and CRLs on demand,
166	and caches them in memory once they are loaded.	166	and caches them in memory once they are loaded.
167	As of OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so	167	As of OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so
168	that newer CRLs are used as soon as they appear in the directory.	168	that newer CRLs are used as soon as they appear in the directory.
@@ -182,7 +182,7 @@ name for CRLs.
182	The hash can also be obtained via the	182	The hash can also be obtained via the
183	.Fl hash	183	.Fl hash
184	option of the	184	option of the
185	.Xr openssl	185	.Xr openssl 1
186	.Cm x509	186	.Cm x509
187	or	187	or
188	.Cm crl	188	.Cm crl


diff --git a/src/lib/libcrypto/man/X509_PUBKEY_new.3 b/src/lib/libcrypto/man/X509_PUBKEY_new.3 index 59dc2fbf7a..7ed923ac21 100644 --- a/src/lib/libcrypto/man/X509_PUBKEY_new.3 +++ b/src/lib/libcrypto/man/X509_PUBKEY_new.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_PUBKEY_new.3,v 1.1 2016/12/05 12:50:07 schwarze Exp $	1	.\" $OpenBSD: X509_PUBKEY_new.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.	4	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -172,7 +172,7 @@ returns the public key contained in
172	.Fa key .	172	.Fa key .
173	The reference	173	The reference
174	count on the returned key is incremented so it must be freed using	174	count on the returned key is incremented so it must be freed using
175	.Xr EVP_PKEY_free	175	.Xr EVP_PKEY_free 3
176	after use.	176	after use.
177	.Pp	177	.Pp
178	.Fn d2i_PUBKEY	178	.Fn d2i_PUBKEY
@@ -226,6 +226,7 @@ is set to the associated OID and the encoding consists of
226	.Pf * Fa ppklen	226	.Pf * Fa ppklen
227	bytes at	227	bytes at
228	.Pf * Fa pk ,	228	.Pf * Fa pk ,
		229	and
229	.Pf * Fa pa	230	.Pf * Fa pa
230	is set to the associated AlgorithmIdentifier for the public key.	231	is set to the associated AlgorithmIdentifier for the public key.
231	If the value of any of these parameters is not required,	232	If the value of any of these parameters is not required,


diff --git a/src/lib/libcrypto/man/X509_STORE_set1_param.3 b/src/lib/libcrypto/man/X509_STORE_set1_param.3 index abd1b872f3..93455893d5 100644 --- a/src/lib/libcrypto/man/X509_STORE_set1_param.3 +++ b/src/lib/libcrypto/man/X509_STORE_set1_param.3
@@ -1,4 +1,4 @@
1	.\" $OpenSSL$	1	.\" $OpenBSD: X509_STORE_set1_param.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
2	.\" OpenSSL 99d63d46	2	.\" OpenSSL 99d63d46
3	.\"	3	.\"
4	.\" This file was written by Christian Heimes <cheimes@redhat.com>.	4	.\" This file was written by Christian Heimes <cheimes@redhat.com>.


diff --git a/src/lib/libcrypto/man/X509_check_ca.3 b/src/lib/libcrypto/man/X509_check_ca.3 index 67aac693e6..7d31c145c0 100644 --- a/src/lib/libcrypto/man/X509_check_ca.3 +++ b/src/lib/libcrypto/man/X509_check_ca.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_check_ca.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $	1	.\" $OpenBSD: X509_check_ca.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>.	4	.\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>.
@@ -63,7 +63,7 @@
63	.Sh DESCRIPTION	63	.Sh DESCRIPTION
64	This function checks whether the given certificate is a CA certificate,	64	This function checks whether the given certificate is a CA certificate,
65	that is, whether it can be used to sign other certificates.	65	that is, whether it can be used to sign other certificates.
66	.Sh RETURN VALUE	66	.Sh RETURN VALUES
67	This functions returns non-zero if	67	This functions returns non-zero if
68	.Fa cert	68	.Fa cert
69	is a CA certificate or 0 otherwise.	69	is a CA certificate or 0 otherwise.


diff --git a/src/lib/libcrypto/man/X509_check_host.3 b/src/lib/libcrypto/man/X509_check_host.3 index 1e6a44ffe1..5990670acb 100644 --- a/src/lib/libcrypto/man/X509_check_host.3 +++ b/src/lib/libcrypto/man/X509_check_host.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_check_host.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $	1	.\" $OpenBSD: X509_check_host.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file was written by Florian Weimer <fweimer@redhat.com> and	4	.\" This file was written by Florian Weimer <fweimer@redhat.com> and
@@ -99,7 +99,7 @@ checks if the certificate Subject Alternative Name (SAN) or Subject
99	CommonName (CN) matches the specified host name, which must be encoded	99	CommonName (CN) matches the specified host name, which must be encoded
100	in the preferred name syntax described in section 3.5 of RFC 1034.	100	in the preferred name syntax described in section 3.5 of RFC 1034.
101	By default, wildcards are supported and they match only in the	101	By default, wildcards are supported and they match only in the
102	left-most label; but they may match part of that label with an	102	left-most label; they may match part of that label with an
103	explicit prefix or suffix.	103	explicit prefix or suffix.
104	For example, by default, the host	104	For example, by default, the host
105	.Fa name	105	.Fa name
@@ -124,7 +124,8 @@ When
124	starts with a dot (e.g.\&	124	starts with a dot (e.g.\&
125	.Qq .example.com ) ,	125	.Qq .example.com ) ,
126	it will be matched by a certificate valid for any sub-domain of	126	it will be matched by a certificate valid for any sub-domain of
127	.Fa name ; see also	127	.Fa name ;
		128	see also
128	.Fa X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS	129	.Fa X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
129	below.	130	below.
130	.Pp	131	.Pp
@@ -142,11 +143,12 @@ when it is no longer needed.
142	.Fn X509_check_email	143	.Fn X509_check_email
143	checks if the certificate matches the specified email	144	checks if the certificate matches the specified email
144	.Fa address .	145	.Fa address .
145	Only the mailbox syntax of RFC 822 is supported, comments are not	146	Only the mailbox syntax of RFC 822 is supported.
146	allowed, and no attempt is made to normalize quoted characters.	147	Comments are not allowed,
		148	and no attempt is made to normalize quoted characters.
147	The	149	The
148	.Fa addresslen	150	.Fa addresslen
149	argument must be the number of characters in the address string or zero	151	argument must be the number of characters in the address string or zero,
150	in which case the length is calculated with	152	in which case the length is calculated with
151	.Fn strlen address .	153	.Fn strlen address .
152	.Pp	154	.Pp


diff --git a/src/lib/libcrypto/man/X509_check_issued.3 b/src/lib/libcrypto/man/X509_check_issued.3 index 997dfe12f1..a6696123ac 100644 --- a/src/lib/libcrypto/man/X509_check_issued.3 +++ b/src/lib/libcrypto/man/X509_check_issued.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509_check_issued.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $	1	.\" $OpenBSD: X509_check_issued.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	2	.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
3	.\"	3	.\"
4	.\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>.	4	.\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>.
@@ -89,7 +89,7 @@ check the
89	field of	89	field of
90	.Fa issuer .	90	.Fa issuer .
91	.El	91	.El
92	.Sh RETURN VALUE	92	.Sh RETURN VALUES
93	This function returns	93	This function returns
94	.Dv X509_V_OK	94	.Dv X509_V_OK
95	if the certificate	95	if the certificate