From 1ef41217daa208a53c36a9d3bdedf17b05de6eb6 Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Sat, 24 Dec 2016 01:00:48 +0000 Subject: Write new SXNET_new(3) manual page from scratch. All four functions are listed in and in OpenSSL doc/man3/X509_dup.pod. OpenSSL documentation specifies the wrong header file. I consider the quotation from http://www-03.ibm.com/security/library/wp_pki0730.shtml fair use because (1) it is a very brief extract from a long text, (2) no other source of information is available, (3) it is quoted for the purpose of education and research, (4) republishing happens in a not-for-profit context. I'm not including the URI into the manual page because large corporate websites are notorious for changing URIs during each spring cleaning. --- src/lib/libcrypto/man/Makefile | 3 +- src/lib/libcrypto/man/SXNET_new.3 | 91 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+), 1 deletion(-) create mode 100644 src/lib/libcrypto/man/SXNET_new.3 (limited to 'src/lib') diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 191f3f2882..7d013ab44b 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.99 2016/12/23 23:50:04 schwarze Exp $ +# $OpenBSD: Makefile,v 1.100 2016/12/24 01:00:48 schwarze Exp $ .include @@ -186,6 +186,7 @@ MAN= \ SHA1.3 \ SMIME_read_PKCS7.3 \ SMIME_write_PKCS7.3 \ + SXNET_new.3 \ TS_REQ_new.3 \ UI_new.3 \ X509V3_get_d2i.3 \ diff --git a/src/lib/libcrypto/man/SXNET_new.3 b/src/lib/libcrypto/man/SXNET_new.3 new file mode 100644 index 0000000000..1484970113 --- /dev/null +++ b/src/lib/libcrypto/man/SXNET_new.3 @@ -0,0 +1,91 @@ +.\" $OpenBSD: SXNET_new.3,v 1.1 2016/12/24 01:00:48 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: December 24 2016 $ +.Dt SXNET_NEW 3 +.Os +.Sh NAME +.Nm SXNET_new , +.Nm SXNET_free , +.Nm SXNETID_new , +.Nm SXNETID_free +.Nd Thawte strong extranet X.509 extension +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft SXNET * +.Fn SXNET_new void +.Ft void +.Fn SXNET_free "SXNET *sxnet" +.Ft SXNETID * +.Fn SXNETID_new void +.Ft void +.Fn SXNETID_free "SXNETID *sxnetid" +.Sh DESCRIPTION +.Fn SXNET_new +allocates and initializes an empty +.Vt SXNET +object representing a non-standard proprietary Thawte strong extranet +X.509 extension. +.Fn SXNET_free +frees +.Fa sxnet . +.Pp +.Fn SXNETID_new +allocates and initializes an empty +.Vt SXNETID +object. +It is used inside +.Vt SXNET . +.Fn SXNETID_free +frees +.Fa sxnetid . +.Sh RETURN VALUES +.Fn SXNET_new +and +.Fn SXNETID_new +return the new +.Vt SXNET +or +.Vt SXNETID +object, respectively, or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr X509_EXTENSION_new 3 , +.Xr X509_new 3 +.Rs +.%A M. Shuttleworth +.%R The Strong Extranet: real-world personal certification +.%Q Thawte Consulting +.%C South Africa +.%D 1998 +.Re +.Sh BUGS +This manual page does not explain what the extension actually does +because no authoritative information was found online so far. +.Pp +The only hint was found in an ancient white paper "Securing IBM +Applications with Public Key Infrastructure" on the IBM website, +dated June 13, 2001: "Thawte also has a technology called Strong +Extranet that allows institutions to encode customer information +in the extensions to their customer's certificates. +Because multiple institutions can add information, the user needs +only one certificate, making renewal and revocation simpler, although +the issue of modifying an extension to an existing certificate is +not addressed." +.Pp +It is unclear whether that explanation is accurate, but in any case, +it is not very specific. -- cgit v1.2.3-55-g6feb