From 65ee9813d993aabe751741f1d76871c991f56508 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 12 May 2024 17:44:11 +0000
Subject: Be more specific about X509V3_ADD_APPEND and X509V3_ADD_DELETE

---
 src/lib/libcrypto/man/X509V3_get_d2i.3 | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/man/X509V3_get_d2i.3 b/src/lib/libcrypto/man/X509V3_get_d2i.3
index ed9e150c9b..6c406190a7 100644
--- a/src/lib/libcrypto/man/X509V3_get_d2i.3
+++ b/src/lib/libcrypto/man/X509V3_get_d2i.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509V3_get_d2i.3,v 1.21 2023/09/25 07:47:52 tb Exp $
+.\" $OpenBSD: X509V3_get_d2i.3,v 1.22 2024/05/12 17:44:11 tb Exp $
 .\" full merge up to: OpenSSL ff7fbfd5 Nov 2 11:52:01 2015 +0000
 .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 25 2023 $
+.Dd $Mdocdate: May 12 2024 $
 .Dt X509V3_GET_D2I 3
 .Os
 .Sh NAME
@@ -275,6 +275,8 @@ An error is returned if the extension does already exist.
 .Pp
 .Dv X509V3_ADD_APPEND
 appends a new extension, ignoring whether the extension already exists.
+This is a misfeature and should not be used because certificates must
+not include the same extension more than once.
 .Pp
 .Dv X509V3_ADD_REPLACE
 replaces an extension if it exists otherwise appends a new extension.
@@ -290,7 +292,8 @@ returned if the extension does already exist.
 .Pp
 .Dv X509V3_ADD_DELETE
 deletes extension
-.Fa nid .
+.Fa nid
+if it exists and errors otherwise.
 No new extension is added.
 .Pp
 If
-- 
cgit v1.2.3-55-g6feb