From 7f3dde9cdc415f9a66486001377d723ce4500622 Mon Sep 17 00:00:00 2001
From: jmc <>
Date: Wed, 2 Nov 2016 17:32:42 +0000
Subject: tweak previous;

---
 src/lib/libtls/tls_init.3 | 58 +++++++++++++++++++++--------------------------
 1 file changed, 26 insertions(+), 32 deletions(-)

(limited to 'src')

diff --git a/src/lib/libtls/tls_init.3 b/src/lib/libtls/tls_init.3
index 2f6ca3d802..75c37e641b 100644
--- a/src/lib/libtls/tls_init.3
+++ b/src/lib/libtls/tls_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: tls_init.3,v 1.73 2016/11/02 15:18:42 beck Exp $
+.\" $OpenBSD: tls_init.3,v 1.74 2016/11/02 17:32:42 jmc Exp $
 .\"
 .\" Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -50,7 +50,7 @@
 .Nm tls_config_verify ,
 .Nm tls_config_verify_client ,
 .Nm tls_config_verify_client_optional ,
-.Nm tls_ocsp_process_response,
+.Nm tls_ocsp_process_response ,
 .Nm tls_peer_cert_provided ,
 .Nm tls_peer_cert_contains_name ,
 .Nm tls_peer_cert_issuer ,
@@ -58,14 +58,14 @@
 .Nm tls_peer_cert_hash ,
 .Nm tls_peer_cert_notbefore ,
 .Nm tls_peer_cert_notafter ,
-.Nm tls_peer_ocsp_cert_status,
-.Nm tls_peer_ocsp_crl_reason,
-.Nm tls_peer_ocsp_next_update,
-.Nm tls_peer_ocsp_response_status,
-.Nm tls_peer_ocsp_result_msg,
-.Nm tls_peer_ocsp_revocation_time,
-.Nm tls_peer_ocsp_this_update,
-.Nm tls_peer_ocsp_url,
+.Nm tls_peer_ocsp_cert_status ,
+.Nm tls_peer_ocsp_crl_reason ,
+.Nm tls_peer_ocsp_next_update ,
+.Nm tls_peer_ocsp_response_status ,
+.Nm tls_peer_ocsp_result_msg ,
+.Nm tls_peer_ocsp_revocation_time ,
+.Nm tls_peer_ocsp_this_update ,
+.Nm tls_peer_ocsp_url ,
 .Nm tls_conn_alpn_selected ,
 .Nm tls_conn_cipher ,
 .Nm tls_conn_servername ,
@@ -540,50 +540,44 @@ the peer certificate from
 returns the time corresponding to the end of the validity period of
 the peer certificate from
 .Ar ctx .
-.Ed
 .It
 .Fn tls_ocsp_process_response
-processes a raw ocsp response in 
+processes a raw OCSP response in
 .Ar response
 of size
 .Ar size
 to check the revocation status of the peer certificate from
 .Ar ctx .
-A successful return code of 0 indicates that the certificate has not been revoked. 
-.Ed
+A successful return code of 0 indicates that the certificate
+has not been revoked.
 .It
 .Fn tls_peer_ocsp_url
 returns the URL for OCSP validation of the peer certificate from
 .Ar ctx
 .El
 .Pp
-The following functions return informaiton about the peer certificate from 
+The following functions return information about the peer certificate from
 .Ar ctx
-tha was obtained by validating a stapled OCSP response during the handshake, or
-via a previous call to
-.Xr tls_ocsp_process_response
+that was obtained by validating a stapled OCSP response during the handshake,
+or via a previous call to
+.Fn tls_ocsp_process_response
 .Bl -bullet -offset four
 .It
 .Fn tls_peer_ocsp_cert_status
-returns the OCSP certificate status code as per RFC 6960 section 2.2 
-.Ed
+returns the OCSP certificate status code as per RFC 6960 section 2.2
 .It
 .Fn tls_peer_ocsp_crl_reason
 returns the OCSP certificate revocation reason status code as per RFC 5280
 section 5.3.1
-.Ed
 .It
 .Fn tls_peer_ocsp_next_update
 returns the OCSP next update time
-.Ed
 .It
 .Fn tls_peer_ocsp_response_status
 returns the OCSP response status as per RFC 6960 section 2.3
-.Ed
 .It
 .Fn tls_peer_ocsp_revocation_time
 returns the OCSP revocation time
-.Ed
 .It
 .Fn tls_peer_ocsp_this_update
 returns the OCSP this update time
@@ -699,40 +693,40 @@ Functions that return a
 .Vt ssize_t
 will return a size on success, and -1 on error.
 .Pp
-The 
+The
 .Fn tls_peer_ocsp_response_status
-function returns one of 
+function returns one of
 .Ar TLS_OCSP_RESPONSE_SUCCESSFUL ,
 .Ar TLS_OCSP_RESPONSE_MALFORMED ,
 .Ar TLS_OCSP_RESPONSE_INTERNALERROR ,
 .Ar TLS_OCSP_RESPONSE_TRYLATER ,
 .Ar TLS_OCSP_RESPONSE_SIGREQUIRED ,
 or
-.AR TLS_OCSP_RESPONSE_UNAUTHORIZED
+.Ar TLS_OCSP_RESPONSE_UNAUTHORIZED
 on success, and -1 on error.
 .Pp
-The 
+The
 .Fn tls_peer_ocsp_cert_status
 function returns one of
 .Ar TLS_OCSP_CERT_GOOD ,
 .Ar TLS_OCSP_CERT_REVOKED ,
-or 
+or
 .Ar TLS_OCSP_CERT_UNKNOWN
 on success, and -1 on error.
 .Pp
-The 
+The
 .Fn tls_peer_ocsp_crl_reason
 function returns one of
 .Ar TLS_CRL_REASON_UNSPECIFIED ,
 .Ar TLS_CRL_REASON_KEY_COMPROMISE ,
-.Ar TLS_CRL_REASON_CA_COMPROMISE , 
+.Ar TLS_CRL_REASON_CA_COMPROMISE ,
 .Ar TLS_CRL_REASON_AFFILIATION_CHANGED ,
 .Ar TLS_CRL_REASON_SUPERSEDED ,
 .Ar TLS_CRL_REASON_CESSATION_OF_OPERATION ,
 .Ar TLS_CRL_REASON_CERTIFICATE_HOLD ,
 .Ar TLS_CRL_REASON_REMOVE_FROM_CRL ,
 .Ar TLS_CRL_REASON_PRIVILEGE_WITHDRAWN ,
-or 
+or
 .Ar  TLS_CRL_REASON_AA_COMPROMISE
 on success, and -1 on error.
 .Pp
-- 
cgit v1.2.3-55-g6feb