Write new SXNET_new(3) manual page from scratch. All four functions

are listed in <openssl/x509v3.h> and in OpenSSL doc/man3/X509_dup.pod. OpenSSL documentation specifies the wrong header file. I consider the quotation from http://www-03.ibm.com/security/library/wp_pki0730.shtml fair use because (1) it is a very brief extract from a long text, (2) no other source of information is available, (3) it is quoted for the purpose of education and research, (4) republishing happens in a not-for-profit context. I'm not including the URI into the manual page because large corporate websites are notorious for changing URIs during each spring cleaning.
author: schwarze <schwarze@openbsd.org> 2016-12-24 01:00:48 +0000
committer: schwarze <schwarze@openbsd.org> 2016-12-24 01:00:48 +0000
commit: 4623faba32025241c6360706f8bb8dc33020c1a9 (patch)
tree: bfe7004153483d79134189283033587a5a7ea6e9
parent: Write new PKEY_USAGE_PERIOD_new(3) manual page from scratch, (diff)
download: wireguard-openbsd-4623faba32025241c6360706f8bb8dc33020c1a9.tar.xz
wireguard-openbsd-4623faba32025241c6360706f8bb8dc33020c1a9.zip
2 files changed, 93 insertions, 1 deletions
diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile
index 191f3f2882d..7d013ab44b6 100644
--- a/lib/libcrypto/man/Makefile
+++ b/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.99 2016/12/23 23:50:04 schwarze Exp $
+# $OpenBSD: Makefile,v 1.100 2016/12/24 01:00:48 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -186,6 +186,7 @@ MAN=	\
 	SHA1.3 \
 	SMIME_read_PKCS7.3 \
 	SMIME_write_PKCS7.3 \
+	SXNET_new.3 \
 	TS_REQ_new.3 \
 	UI_new.3 \
 	X509V3_get_d2i.3 \
diff --git a/lib/libcrypto/man/SXNET_new.3 b/lib/libcrypto/man/SXNET_new.3
new file mode 100644
index 00000000000..14849701137
--- /dev/null
+++ b/lib/libcrypto/man/SXNET_new.3
@@ -0,0 +1,91 @@
+.\"	$OpenBSD: SXNET_new.3,v 1.1 2016/12/24 01:00:48 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 24 2016 $
+.Dt SXNET_NEW 3
+.Os
+.Sh NAME
+.Nm SXNET_new ,
+.Nm SXNET_free ,
+.Nm SXNETID_new ,
+.Nm SXNETID_free
+.Nd Thawte strong extranet X.509 extension
+.Sh SYNOPSIS
+.In openssl/x509v3.h
+.Ft SXNET *
+.Fn SXNET_new void
+.Ft void
+.Fn SXNET_free "SXNET *sxnet"
+.Ft SXNETID *
+.Fn SXNETID_new void
+.Ft void
+.Fn SXNETID_free "SXNETID *sxnetid"
+.Sh DESCRIPTION
+.Fn SXNET_new
+allocates and initializes an empty
+.Vt SXNET
+object representing a non-standard proprietary Thawte strong extranet
+X.509 extension.
+.Fn SXNET_free
+frees
+.Fa sxnet .
+.Pp
+.Fn SXNETID_new
+allocates and initializes an empty
+.Vt SXNETID
+object.
+It is used inside
+.Vt SXNET .
+.Fn SXNETID_free
+frees
+.Fa sxnetid .
+.Sh RETURN VALUES
+.Fn SXNET_new
+and
+.Fn SXNETID_new
+return the new
+.Vt SXNET
+or
+.Vt SXNETID
+object, respectively, or
+.Dv NULL
+if an error occurs.
+.Sh SEE ALSO
+.Xr X509_EXTENSION_new 3 ,
+.Xr X509_new 3
+.Rs
+.%A M. Shuttleworth
+.%R The Strong Extranet: real-world personal certification
+.%Q Thawte Consulting
+.%C South Africa
+.%D 1998
+.Re
+.Sh BUGS
+This manual page does not explain what the extension actually does
+because no authoritative information was found online so far.
+.Pp
+The only hint was found in an ancient white paper "Securing IBM
+Applications with Public Key Infrastructure" on the IBM website,
+dated June 13, 2001: "Thawte also has a technology called Strong
+Extranet that allows institutions to encode customer information
+in the extensions to their customer's certificates.
+Because multiple institutions can add information, the user needs
+only one certificate, making renewal and revocation simpler, although
+the issue of modifying an extension to an existing certificate is
+not addressed."
+.Pp
+It is unclear whether that explanation is accurate, but in any case,
+it is not very specific.
author	schwarze <schwarze@openbsd.org>	2016-12-24 01:00:48 +0000
committer	schwarze <schwarze@openbsd.org>	2016-12-24 01:00:48 +0000
commit	4623faba32025241c6360706f8bb8dc33020c1a9 (patch)
tree	bfe7004153483d79134189283033587a5a7ea6e9
parent	Write new PKEY_USAGE_PERIOD_new(3) manual page from scratch, (diff)
download	wireguard-openbsd-4623faba32025241c6360706f8bb8dc33020c1a9.tar.xz wireguard-openbsd-4623faba32025241c6360706f8bb8dc33020c1a9.zip