From e803f754b531bde55b4988bcbd5eaa095ab488b6 Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Thu, 22 Dec 2016 13:05:59 +0000 Subject: Delete the x509(3) manual page and merge what little content remained into X509_new(3). Add information about STANDARDS. --- src/lib/libcrypto/man/Makefile | 3 +- src/lib/libcrypto/man/X509_new.3 | 35 ++++++++--- src/lib/libcrypto/man/x509.3 | 125 --------------------------------------- 3 files changed, 27 insertions(+), 136 deletions(-) delete mode 100644 src/lib/libcrypto/man/x509.3 (limited to 'src') diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 6cbab45168..8a5e9419a9 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.86 2016/12/22 12:21:19 schwarze Exp $ +# $OpenBSD: Makefile,v 1.87 2016/12/22 13:05:59 schwarze Exp $ .include @@ -230,7 +230,6 @@ MAN= \ i2d_PKCS7_bio_stream.3 \ lh_new.3 \ lh_stats.3 \ - x509.3 \ openssl.cnf.5 \ x509v3.cnf.5 diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3 index 605d1db7be..6520aaf477 100644 --- a/src/lib/libcrypto/man/X509_new.3 +++ b/src/lib/libcrypto/man/X509_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509_new.3,v 1.6 2016/12/12 22:02:55 jmc Exp $ +.\" $OpenBSD: X509_new.3,v 1.7 2016/12/22 13:05:59 schwarze Exp $ .\" OpenSSL 3a59ad98 Dec 11 00:36:06 2015 +0000 .\" .\" This file was written by Dr. Stephen Henson . @@ -48,14 +48,14 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 12 2016 $ +.Dd $Mdocdate: December 22 2016 $ .Dt X509_NEW 3 .Os .Sh NAME .Nm X509_new , .Nm X509_free , .Nm X509_up_ref -.Nd X509 certificate ASN.1 allocation functions +.Nd X.509 certificate object .Sh SYNOPSIS .In openssl/x509.h .Ft X509 * @@ -69,12 +69,14 @@ .Fa "X509 *a" .Fc .Sh DESCRIPTION -The X509 ASN.1 allocation routines allocate and free an -.Vt X509 -structure, which represents an X509 certificate. -.Pp .Fn X509_new -allocates and initializes an X509 structure with reference count 1. +allocates and initializes an empty +.Vt X509 +object with reference count 1. +It represents an ASN.1 Certificate structure +defined in RFC 5280 section 4.1. +It can hold a public key together with information about the person, +organization, device, or function the associated private key belongs to. .Pp .Fn X509_free decrements the reference count of the @@ -95,6 +97,11 @@ This function is useful if a certificate structure is being used by several different operations each of which will free it up after use: this avoids the need to duplicate the entire certificate structure. +.Pp +The object +.Vt X509_INFO , +which can hold a certificate, the corresponding private key, +and a certificate revocation list, is not yet documented. .Sh RETURN VALUES If the allocation fails, .Fn X509_new @@ -107,8 +114,18 @@ Otherwise it returns a pointer to the newly allocated structure. .Fn X509_up_ref returns 1 for success or 0 for failure. .Sh SEE ALSO +.Xr crypto 3 , .Xr d2i_X509 3 , -.Xr ERR_get_error 3 +.Xr ERR_get_error 3 , +.Xr X509_ALGOR_new 3 , +.Xr X509_CRL_new 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_NAME_new 3 , +.Xr X509_REQ_new 3 , +.Xr X509_SIG_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile .Sh HISTORY .Fn X509_new and diff --git a/src/lib/libcrypto/man/x509.3 b/src/lib/libcrypto/man/x509.3 deleted file mode 100644 index 93221c0250..0000000000 --- a/src/lib/libcrypto/man/x509.3 +++ /dev/null @@ -1,125 +0,0 @@ -.\" $OpenBSD: x509.3,v 1.7 2016/12/15 15:22:17 schwarze Exp $ -.\" OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100 -.\" -.\" This file was written by Richard Levitte -.\" Copyright (c) 2003 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: December 15 2016 $ -.Dt X509 3 -.Os -.Sh NAME -.Nm x509 -.Nd X.509 certificate handling -.Sh SYNOPSIS -.In openssl/x509.h -.Sh DESCRIPTION -An X.509 certificate is a structured grouping of information about an -individual, a device, or anything one can imagine. -An X.509 CRL (certificate revocation list) is a tool to help determine if -a certificate is still valid. -The exact definition of those can be found in the X.509 document from -ITU-T, or in RFC 3280 from PKIX. -In OpenSSL, the type -.Vt X509 -is used to express such a certificate, and the type -.Vt X509_CRL -is used to express a CRL. -.Pp -A related structure is a certificate request, defined in PKCS#10 from -RSA Security, Inc., also reflected in RFC 2896. -In OpenSSL, the type -.Vt X509_REQ -is used to express such a certificate request. -.Pp -Finally, there's the supertype -.Vt X509_INFO , -which can contain a CRL, a certificate, and a corresponding private key. -.Pp -The functions -.Fa X509_* , -.Fa d2i_X509_* , -and -.Fa i2d_X509_* -handle X.509 certificates, with some exceptions shown below. -.Pp -.Fa X509_CRL_* , -.Fa d2i_X509_CRL_* , -and -.Fa i2d_X509_CRL_* -handle X.509 CRLs. -.Pp -.Fa X509_REQ_* , -.Fa d2i_X509_REQ_* , -and -.Fa i2d_X509_REQ_* -handle PKCS#10 certificate requests. -.Pp -The object type -.Vt X509_NAME -and the functions documented in -.Xr X509_NAME_new 3 -and in the manual pages referenced from there handle certificate -and issuer names. -.Pp -.Fa X509_ATTRIBUTE_* -handle certificate attributes. -.Pp -The object type -.Vt X509_EXTENSION -and the functions documented in -.Xr X509_EXTENSION_new 3 -and in the manual pages referenced from there handle certificate -extensions and certificate revocation list extensions. -.Sh SEE ALSO -.Xr crypto 3 , -.Xr d2i_X509 3 , -.Xr d2i_X509_ALGOR 3 , -.Xr d2i_X509_CRL 3 , -.Xr d2i_X509_REQ 3 , -.Xr d2i_X509_SIG 3 , -.Xr X509_EXTENSION_new 3 , -.Xr X509_NAME_new 3 -- cgit v1.2.3-55-g6feb