From 553a7c3a1283ddd8dec313cbc040c9aa086b6c13 Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Wed, 28 Jul 2021 13:39:20 +0000 Subject: Explain the meaning of the policy_oids input argument, correct the description of the *pexplicit_policy output argument and make it less technical, and drop the mention of the expected_policy_set because the library provides no accessor function for it. --- src/lib/libcrypto/man/X509_policy_check.3 | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/man/X509_policy_check.3 b/src/lib/libcrypto/man/X509_policy_check.3 index f245099228..d6932b5244 100644 --- a/src/lib/libcrypto/man/X509_policy_check.3 +++ b/src/lib/libcrypto/man/X509_policy_check.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_policy_check.3,v 1.1 2021/07/27 13:27:46 schwarze Exp $ +.\" $OpenBSD: X509_policy_check.3,v 1.2 2021/07/28 13:39:20 schwarze Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: July 27 2021 $ +.Dd $Mdocdate: July 28 2021 $ .Dt X509_POLICY_CHECK 3 .Os .Sh NAME @@ -50,6 +50,7 @@ The input argument contains the .Va user-initial-policy-set according to RFC 5280 section 6.1.1(c). +It specifies a set of certificate policies acceptable to the certificate user. .Pp The .Fa flags @@ -86,19 +87,16 @@ the last level corresponds to the target certificate. Level 0 is initialized to contain a single node with a .Fa valid_policy of -.Sy anyPolicy , -an empty -.Fa qualifier_set , -and an -.Fa expected_policy_set -containing only -.Sy anyPolicy . +.Sy anyPolicy +and an empty +.Fa qualifier_set . .Pp -The storage location pointed to by +Upon success and in some cases of failure, the storage location pointed to by .Fa pexplicit_policy -is set as specified in RFC 5280 paragraphs 6.1.2(d), 6.1.4(h), 6.1.4(i), -6.1.5(a), and 6.1.5(b). -In case of failure, it may or may not get set, representing a partial result. +is set to 1 if +.Dv X509_V_FLAG_EXPLICIT_POLICY +was requested. +Otherwise, it is set to 0. .Sh RETURN VALUES .Fn X509_policy_check returns these values: @@ -135,7 +133,7 @@ is set to .Dv NULL and .Pf * Fa pexplicit_policy -may be set to 0 or to a partial result. +may or may not be set. .It 1 Validation succeeded and .Pf * Fa ptree -- cgit v1.2.3-55-g6feb