Write new PKEY_USAGE_PERIOD_new(3) manual page from scratch,

documenting the dubious RFC 3280 PrivateKeyUsagePeriod extension.
Both functions are listed in <openssl/x509v3.h>
and in OpenSSL doc/man3/X509_dup.pod.
OpenSSL documentation specifies the wrong header file.

2 files changed, 67 insertions, 1 deletions

diff --git a/lib/libcrypto/man/Makefile b/lib/libcrypto/man/Makefile
index 5f6719c73af..191f3f2882d 100644
--- a/lib/libcrypto/man/Makefile
+++ b/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.98 2016/12/23 23:19:57 schwarze Exp $
+# $OpenBSD: Makefile,v 1.99 2016/12/23 23:50:04 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -160,6 +160,7 @@ MAN=	\
 	PKCS7_sign_add_signer.3 \
 	PKCS7_verify.3 \
 	PKCS8_PRIV_KEY_INFO_new.3 \
+	PKEY_USAGE_PERIOD_new.3 \
 	POLICYINFO_new.3 \
 	PROXY_POLICY_new.3 \
 	RAND_add.3 \
diff --git a/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 b/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3
new file mode 100644
index 00000000000..fff35198a97
--- /dev/null
+++ b/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3
@@ -0,0 +1,65 @@
+.\"	$OpenBSD: PKEY_USAGE_PERIOD_new.3,v 1.1 2016/12/23 23:50:04 schwarze Exp $
+.\"
+.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: December 23 2016 $
+.Dt PKEY_USAGE_PERIOD_NEW 3
+.Os
+.Sh NAME
+.Nm PKEY_USAGE_PERIOD_new ,
+.Nm PKEY_USAGE_PERIOD_free
+.Nd X.509 certificate private key usage period extension
+.Sh SYNOPSIS
+.In openssl/x509v3.h
+.Ft PKEY_USAGE_PERIOD *
+.Fn PKEY_USAGE_PERIOD_new void
+.Ft void
+.Fn PKEY_USAGE_PERIOD_free "PKEY_USAGE_PERIOD *period"
+.Sh DESCRIPTION
+.Fn PKEY_USAGE_PERIOD_new
+allocates and initializes an empty
+.Vt PKEY_USAGE_PERIOD
+object, representing an ASN.1 PrivateKeyUsagePeriod structure
+defined in RFC 3280 section 4.2.1.4.
+It could be used in
+.Vt X509
+certificates to specifiy a validity period for the private key
+that differed from the validity period of the certificate.
+.Pp
+.Fn PKEY_USAGE_PERIOD_free
+frees
+.Fa period .
+.Sh RETURN VALUES
+.Fn PKEY_USAGE_PERIOD_new
+returns the new
+.Vt PKEY_USAGE_PERIOD
+object or
+.Dv NULL
+if an error occurs.
+.Sh SEE ALSO
+.Xr EXTENDED_KEY_USAGE_new 3 ,
+.Xr X509_CINF_new 3 ,
+.Xr X509_EXTENSION_new 3 ,
+.Xr X509_new 3
+.Sh STANDARDS
+RFC 3280: Internet X.509 Public Key Infrastructure Certificate and
+Certificate Revocation List (CRL) Profile,
+section 4.2.1.4: Private Key Usage Period
+.Pp
+RFC 3280 was obsoleted by RFC 5280, which says: "Section 4.2.1.4
+in RFC 3280, which specified the PrivateKeyUsagePeriod certificate
+extension but deprecated its use, was removed.  Use of this ISO
+standard extension is neither deprecated nor recommended for use
+in the Internet PKI."