2 files changed, 142 insertions, 1 deletions
diff --git a/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3
new file mode 100644
index 0000000000..18e50e24c0
--- /dev/null
+++ b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3
@@ -0,0 +1,140 @@
+.\"     $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.1 2016/12/23 22:21:40 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 23 2016 $
+.Dt ACCESS_DESCRIPTION_NEW 3
+.Os
+.Sh NAME
+.Nm ACCESS_DESCRIPTION_new ,
+.Nm ACCESS_DESCRIPTION_free ,
+.Nm AUTHORITY_INFO_ACCESS_new ,
+.Nm AUTHORITY_INFO_ACCESS_free
+.Nd X.509 information access extensions
+.Sh SYNOPSIS
+.In openssl/x509v3.h
+.Ft ACCESS_DESCRIPTION *
+.Fn ACCESS_DESCRIPTION_new void
+.Ft void
+.Fn ACCESS_DESCRIPTION_free "ACCESS_DESCRIPTION *ad"
+.Ft AUTHORITY_INFO_ACCESS
+.Fn AUTHORITY_INFO_ACCESS_new void
+.Ft void
+.Fn AUTHORITY_INFO_ACCESS_free "AUTHORITY_INFO_ACCESS *aia"
+.Sh DESCRIPTION
+Using the information access extensions, certificates and certificate
+revocation lists can point to auxiliary information and services
+available online, for example online validation services or CA
+policy data.
+.Pp
+.Fn ACCESS_DESCRIPTION_new
+allocates and initializes an empty
+.Vt ACCESS_DESCRIPTION
+object, representing an ASN.1 AccessDescription structure
+defined in RFC 5280 section 4.2.2.1.
+It can hold a pointer to a
+.Vt GENERAL_NAME
+object documented in
+.Xr GENERAL_NAME_new 3
+and an access method identifier.
+.Fn ACCESS_DESCRIPTION_free
+frees
+.Fa ad .
+.Pp
+The access method identifier is somewhat misnamed; it identifies
+the type and format of the information provided.
+How to access that information is often obvious from the
+.Vt GENERAL_NAME
+which may for example include a uniform resource identifier.
+.Pp
+Four standard access method identifiers are defined in RFC 5280:
+.Bl -bullet
+.It
+.Qq id-ad-caIssuers
+can occur in the authority information access extension of certificates
+and certificate revocation lists and provides access to certificates
+issued to the CA that issued the certificate, or provides access
+to certificates used for signing the CRL, in order to help constructing
+a certification path.
+.It
+.Qq id-ad-ocsp
+can occur in the authority information access extension of certificates
+and provides access to revocation information via the Online
+Certificate Status Protocol (OCSP) defined in RFC 6960.
+.It
+.Qq id-ad-caRepository
+can occur in the subject information access extension of CA
+certificates and provides access to an online repository of
+certificates issued by the CA.
+.It
+.Qq id-ad-timeStamping
+can occur in the subject information access extension of end entity
+certificates and indicates that the subject offers timestamping
+services using the Time Stamp Protocol defined in RFC 3161.
+.El
+.Pp
+.Fn AUTHORITY_INFO_ACCESS_new
+allocates and initializes an empty
+.Vt AUTHORITY_INFO_ACCESS
+object, which is a
+.Vt STACK_OF(ACCESS_DESCRIPTION)
+and represents an ASN.1 AuthorityInfoAccessSyntax structure
+defined in RFC 5280 section 4.2.2.1.
+If can be used for the authority information access extension of
+certificates and certificate revocation lists and for the subject
+information access extension of certificates.
+.Fn AUTHORITY_INFO_ACCESS_free
+frees
+.Fa aia .
+.Sh RETURN VALUE
+.Fn ACCESS_DESCRIPTION_new
+and
+.Fn AUTHORITY_INFO_ACCESS_new
+return the new
+.Vt ACCESS_DESCRIPTION
+or
+.Vt AUTHORITY_INFO_ACCESS
+object, respectively, or
+.Dv NULL
+if an error occurs.
+.Sh SEE ALSO
+.Xr DIST_POINT_new 3 ,
+.Xr GENERAL_NAME_new 3 ,
+.Xr OCSP_REQUEST_new 3 ,
+.Xr TS_REQ_new 3 ,
+.Xr X509_CRL_new 3 ,
+.Xr X509_EXTENSION_new 3 ,
+.Xr X509_new 3
+.Sh STANDARDS
+These extensions are only defined in the following RFC and not
+specified in the underlying X.509 standard.
+.Pp
+RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
+Certificate Revocation List (CRL) Profile:
+.Bl -dash -compact
+.It
+section 4.2.2.1: Certificate Extensions: Authority Information Access
+.It
+section 4.2.2.2: Certificate Extensions: Subject Information Access
+.It
+section 5.2.7: CRL Extensions: Authority Information Access
+.El
+.Pp
+Regarding OCSP and TSP, see:
+.Pp
+RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
+Status Protocol
+.Pp
+RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 57122993b9..065a87b0ee 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.96 2016/12/23 20:43:02 schwarze Exp $
+# $OpenBSD: Makefile,v 1.97 2016/12/23 22:21:40 schwarze Exp $
 .include <bsd.own.mk>
 MAN=    \
+        ACCESS_DESCRIPTION_new.3 \
        ASN1_OBJECT_new.3 \
        ASN1_STRING_length.3 \
        ASN1_STRING_new.3 \

diff --git a/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 new file mode 100644 index 0000000000..18e50e24c0 --- /dev/null +++ b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3
@@ -0,0 +1,140 @@
		1	.\" $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.1 2016/12/23 22:21:40 schwarze Exp $
		2	.\"
		3	.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
		4	.\"
		5	.\" Permission to use, copy, modify, and distribute this software for any
		6	.\" purpose with or without fee is hereby granted, provided that the above
		7	.\" copyright notice and this permission notice appear in all copies.
		8	.\"
		9	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	.\"
		17	.Dd $Mdocdate: December 23 2016 $
		18	.Dt ACCESS_DESCRIPTION_NEW 3
		19	.Os
		20	.Sh NAME
		21	.Nm ACCESS_DESCRIPTION_new ,
		22	.Nm ACCESS_DESCRIPTION_free ,
		23	.Nm AUTHORITY_INFO_ACCESS_new ,
		24	.Nm AUTHORITY_INFO_ACCESS_free
		25	.Nd X.509 information access extensions
		26	.Sh SYNOPSIS
		27	.In openssl/x509v3.h
		28	.Ft ACCESS_DESCRIPTION *
		29	.Fn ACCESS_DESCRIPTION_new void
		30	.Ft void
		31	.Fn ACCESS_DESCRIPTION_free "ACCESS_DESCRIPTION *ad"
		32	.Ft AUTHORITY_INFO_ACCESS
		33	.Fn AUTHORITY_INFO_ACCESS_new void
		34	.Ft void
		35	.Fn AUTHORITY_INFO_ACCESS_free "AUTHORITY_INFO_ACCESS *aia"
		36	.Sh DESCRIPTION
		37	Using the information access extensions, certificates and certificate
		38	revocation lists can point to auxiliary information and services
		39	available online, for example online validation services or CA
		40	policy data.
		41	.Pp
		42	.Fn ACCESS_DESCRIPTION_new
		43	allocates and initializes an empty
		44	.Vt ACCESS_DESCRIPTION
		45	object, representing an ASN.1 AccessDescription structure
		46	defined in RFC 5280 section 4.2.2.1.
		47	It can hold a pointer to a
		48	.Vt GENERAL_NAME
		49	object documented in
		50	.Xr GENERAL_NAME_new 3
		51	and an access method identifier.
		52	.Fn ACCESS_DESCRIPTION_free
		53	frees
		54	.Fa ad .
		55	.Pp
		56	The access method identifier is somewhat misnamed; it identifies
		57	the type and format of the information provided.
		58	How to access that information is often obvious from the
		59	.Vt GENERAL_NAME
		60	which may for example include a uniform resource identifier.
		61	.Pp
		62	Four standard access method identifiers are defined in RFC 5280:
		63	.Bl -bullet
		64	.It
		65	.Qq id-ad-caIssuers
		66	can occur in the authority information access extension of certificates
		67	and certificate revocation lists and provides access to certificates
		68	issued to the CA that issued the certificate, or provides access
		69	to certificates used for signing the CRL, in order to help constructing
		70	a certification path.
		71	.It
		72	.Qq id-ad-ocsp
		73	can occur in the authority information access extension of certificates
		74	and provides access to revocation information via the Online
		75	Certificate Status Protocol (OCSP) defined in RFC 6960.
		76	.It
		77	.Qq id-ad-caRepository
		78	can occur in the subject information access extension of CA
		79	certificates and provides access to an online repository of
		80	certificates issued by the CA.
		81	.It
		82	.Qq id-ad-timeStamping
		83	can occur in the subject information access extension of end entity
		84	certificates and indicates that the subject offers timestamping
		85	services using the Time Stamp Protocol defined in RFC 3161.
		86	.El
		87	.Pp
		88	.Fn AUTHORITY_INFO_ACCESS_new
		89	allocates and initializes an empty
		90	.Vt AUTHORITY_INFO_ACCESS
		91	object, which is a
		92	.Vt STACK_OF(ACCESS_DESCRIPTION)
		93	and represents an ASN.1 AuthorityInfoAccessSyntax structure
		94	defined in RFC 5280 section 4.2.2.1.
		95	If can be used for the authority information access extension of
		96	certificates and certificate revocation lists and for the subject
		97	information access extension of certificates.
		98	.Fn AUTHORITY_INFO_ACCESS_free
		99	frees
		100	.Fa aia .
		101	.Sh RETURN VALUE
		102	.Fn ACCESS_DESCRIPTION_new
		103	and
		104	.Fn AUTHORITY_INFO_ACCESS_new
		105	return the new
		106	.Vt ACCESS_DESCRIPTION
		107	or
		108	.Vt AUTHORITY_INFO_ACCESS
		109	object, respectively, or
		110	.Dv NULL
		111	if an error occurs.
		112	.Sh SEE ALSO
		113	.Xr DIST_POINT_new 3 ,
		114	.Xr GENERAL_NAME_new 3 ,
		115	.Xr OCSP_REQUEST_new 3 ,
		116	.Xr TS_REQ_new 3 ,
		117	.Xr X509_CRL_new 3 ,
		118	.Xr X509_EXTENSION_new 3 ,
		119	.Xr X509_new 3
		120	.Sh STANDARDS
		121	These extensions are only defined in the following RFC and not
		122	specified in the underlying X.509 standard.
		123	.Pp
		124	RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
		125	Certificate Revocation List (CRL) Profile:
		126	.Bl -dash -compact
		127	.It
		128	section 4.2.2.1: Certificate Extensions: Authority Information Access
		129	.It
		130	section 4.2.2.2: Certificate Extensions: Subject Information Access
		131	.It
		132	section 5.2.7: CRL Extensions: Authority Information Access
		133	.El
		134	.Pp
		135	Regarding OCSP and TSP, see:
		136	.Pp
		137	RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate
		138	Status Protocol
		139	.Pp
		140	RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol


diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 57122993b9..065a87b0ee 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,8 +1,9 @@
1	# $OpenBSD: Makefile,v 1.96 2016/12/23 20:43:02 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.97 2016/12/23 22:21:40 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
5	MAN= \	5	MAN= \
		6	ACCESS_DESCRIPTION_new.3 \
6	ASN1_OBJECT_new.3 \	7	ASN1_OBJECT_new.3 \
7	ASN1_STRING_length.3 \	8	ASN1_STRING_length.3 \
8	ASN1_STRING_new.3 \	9	ASN1_STRING_new.3 \