diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-11-10 09:31:11 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-12-07 15:13:26 +0100 |
commit | 15ac84e603678140ba32832c288e5f1745a258f8 (patch) | |
tree | 5023d8ce814b2c8ff9f5bcbc5325183ea95e8582 /doc | |
parent | e819b5727312477f8c1f56bf928e611ad7e78315 (diff) | |
download | openssl-15ac84e603678140ba32832c288e5f1745a258f8.tar.gz |
X509V3_set_ctx(): Clarify use of subject/req parameter for constructing SKID by hash of pubkey
This does not change the semantics of expected usage because only either one may be given.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/X509V3_set_ctx.pod | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/doc/man3/X509V3_set_ctx.pod b/doc/man3/X509V3_set_ctx.pod index 1fc5111de4..820052ba98 100644 --- a/doc/man3/X509V3_set_ctx.pod +++ b/doc/man3/X509V3_set_ctx.pod @@ -18,12 +18,14 @@ X509V3_set_issuer_pkey - X.509 v3 extension generation utilities X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>, providing details potentially needed by functions producing X509 v3 extensions, e.g., to look up values for filling in authority key identifiers. -Any of I<subj>, I<req>, or I<crl> may be provided, pointing to a certificate, +Any of I<subject>, I<req>, or I<crl> may be provided, pointing to a certificate, certification request, or certificate revocation list, respectively. -If I<subj> or I<crl> is provided, I<issuer> should point to its issuer, +When constructing the subject key identifier of a certificate by computing a +hash value of its public key, the public key is taken from I<subject> or I<req>. +If I<subject> or I<crl> is provided, I<issuer> should point to its issuer, for instance to help generating an authority key identifier extension. -Note that if I<subj> is provided, I<issuer> may be the same as I<subj>, -which means that I<subj> is self-issued (or even self-signed). +Note that if I<subject> is provided, I<issuer> may be the same as I<subject>, +which means that I<subject> is self-issued (or even self-signed). I<flags> may be 0 or contain B<X509V3_CTX_TEST>, which means that just the syntax of extension definitions is to be checked without actually producing an extension, |