-.\" $OpenBSD: ASIdentifiers_new.3,v 1.7 2023/09/27 08:46:46 tb Exp $
+.\" $OpenBSD: ASIdentifiers_new.3,v 1.8 2023/09/28 12:35:31 tb Exp $
.\"
.\" Copyright (c) 2021 Theo Buehler <tb@openbsd.org>
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: September 27 2023 $
+.Dd $Mdocdate: September 28 2023 $
.Dt ASIDENTIFIERS_NEW 3
.Os
.Sh NAME
.Sh DESCRIPTION
RFC 3779 defines two X.509v3 certificate extensions that allow the
delegation of
-IP address blocks and autonomous system (AS) identifiers
+IP addresses and autonomous system (AS) identifiers
from the issuer to the subject of the certificate.
An
.Vt ASIdentifiers
.Xr crypto 3 ,
.Xr IPAddressRange_new 3 ,
.Xr X509_new 3 ,
-.Xr X509v3_asid_add_id_or_range 3 ,
-.Xr X509v3_asid_inherits 3
+.Xr X509v3_addr_add_inherit 3 ,
+.Xr X509v3_addr_get_range 3 ,
+.Xr X509v3_addr_inherits 3 ,
+.Xr X509v3_addr_subset 3 ,
+.Xr X509v3_asid_add_id_or_range 3
.Sh STANDARDS
RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
.Bl -dash -compact
.Ox 7.1 .
.Sh BUGS
There are no corresponding functions for the RFC 3779
-IP address blocks delegation extension represented by
+IP address delegation extension represented by
.Vt IPAddrBlocks .
-.\" $OpenBSD: ASRange_new.3,v 1.5 2023/09/27 08:46:46 tb Exp $
+.\" $OpenBSD: ASRange_new.3,v 1.6 2023/09/28 12:35:31 tb Exp $
.\"
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: September 27 2023 $
+.Dd $Mdocdate: September 28 2023 $
.Dt ASRANGE_NEW 3
.Os
.Sh NAME
.Pp
All
.Vt ASN1_INTEGER Ns s
-in this manual should be representable as unsigned 32-bit integers.
+in this manual must be representable as unsigned 32-bit integers.
The API performs no corresponding checks.
The library provides no convenient way of setting the value of an
.Vt ASN1_INTEGER
.Xr crypto 3 ,
.Xr IPAddressRange_new 3 ,
.Xr s2i_ASN1_INTEGER 3 ,
+.Xr STACK_OF 3 ,
.Xr X509_new 3 ,
.Xr X509v3_asid_add_id_or_range 3
.Sh STANDARDS
-.\" $OpenBSD: IPAddressRange_new.3,v 1.4 2023/09/27 08:46:46 tb Exp $
+.\" $OpenBSD: IPAddressRange_new.3,v 1.5 2023/09/28 12:35:31 tb Exp $
.\"
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: September 27 2023 $
+.Dd $Mdocdate: September 28 2023 $
.Dt IPADDRESSRANGE_NEW 3
.Os
.Sh NAME
Per RFC 3779, section 2.1.1,
an IPv4 or an IPv6 address is encoded in network byte order in an
ASN.1 BIT STRING of bit size 32 or 128 bits, respectively.
-The bit size of a prefix is its prefix length.
-In other words, all insignificant zero bits are omitted
+The bit size of a prefix is its prefix length;
+all insignificant zero bits are omitted
from the encoding.
An address range is expressed as a pair of BIT STRINGs
-where all least significant zero bits of the lower bound
-and the all least significant one bits of the upper bound are omitted.
+where all the least significant zero bits of the lower bound
+and all the least significant one bits of the upper bound are omitted.
.Pp
The library provides no API for directly converting an IP address or
prefix (in any form) to and from an
context of the RFC 3779 API is discouraged.
The bit size of an
.Vt ASN1_BIT_STRING
-representing an IP address prefix or range is eight times its length
-member minus the lowest three bits of its flags, provided the
+representing an IP address prefix or range is eight times its
+.Fa length
+member minus the lowest three bits of its
+.Fa flags ,
+provided the
.Dv ASN1_STRING_FLAG_BITS_LEFT
flag is set.
.Pp
.Xr crypto 3 ,
.Xr X509_new 3 ,
.Xr X509v3_addr_add_inherit 3 ,
-.Xr X509v3_addr_inherits 3
+.Xr X509v3_addr_inherits 3 ,
+.Xr X509v3_addr_subset 3
.Sh STANDARDS
RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
.Bl -dash -compact
.It
section 2.2.3.8: Element addressPrefix and Type IPAddress
.It
-section 2.2.3.9: Elements addressRange and Type IPAddressRange
+section 2.2.3.9: Element addressRange and Type IPAddressRange
.El
.Pp
ITU-T Recommendation X.690, also known as ISO/IEC 8825-1:
-# $OpenBSD: Makefile,v 1.274 2023/09/26 20:42:45 tb Exp $
+# $OpenBSD: Makefile,v 1.275 2023/09/28 12:35:31 tb Exp $
.include <bsd.own.mk>
X509v3_addr_add_inherit.3 \
X509v3_addr_get_range.3 \
X509v3_addr_inherits.3 \
+ X509v3_addr_subset.3 \
X509v3_asid_add_id_or_range.3 \
X509v3_asid_add_id_or_range.3 \
X509v3_get_ext_by_NID.3 \
-.\" $OpenBSD: X509_new.3,v 1.41 2023/09/26 20:42:45 tb Exp $
+.\" $OpenBSD: X509_new.3,v 1.42 2023/09/28 12:35:31 tb Exp $
.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
.\"
.\" This file is a derived work.
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: September 26 2023 $
+.Dd $Mdocdate: September 28 2023 $
.Dt X509_NEW 3
.Os
.Sh NAME
.Xr X509v3_addr_add_inherit 3 ,
.Xr X509v3_addr_get_range 3 ,
.Xr X509v3_addr_inherits 3 ,
+.Xr X509v3_addr_subset 3 ,
.Xr X509v3_asid_add_id_or_range 3
.Sh STANDARDS
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and
-.\" $OpenBSD: X509v3_addr_add_inherit.3,v 1.5 2023/09/27 08:46:46 tb Exp $
+.\" $OpenBSD: X509v3_addr_add_inherit.3,v 1.6 2023/09/28 12:35:31 tb Exp $
.\"
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: September 27 2023 $
+.Dd $Mdocdate: September 28 2023 $
.Dt X509V3_ADDR_ADD_INHERIT 3
.Os
.Sh NAME
An
.Vt IPAddrBlocks
object represents the content of
-an X509v3 IP address blocks delegation extension
+an IP address delegation extension
as defined in RFC 3779, section 2.2.3.1.
It holds lists of IP address prefixes and IP address ranges
delegated from the issuer to the subject of the certificate.
.Xr inet_ntop 3 ,
.Xr IPAddressRange_new 3 ,
.Xr X509_new 3 ,
-.Xr X509v3_asid_add_id_or_range 3 ,
-.Xr X509v3_addr_get_range 3
+.Xr X509v3_addr_get_range 3 ,
+.Xr X509v3_asid_add_id_or_range 3
.Sh STANDARDS
RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers:
.Bl -dash -compact
-.\" $OpenBSD: X509v3_asid_add_id_or_range.3,v 1.5 2023/09/27 08:46:46 tb Exp $
+.\" $OpenBSD: X509v3_asid_add_id_or_range.3,v 1.6 2023/09/28 12:35:31 tb Exp $
.\"
.\" Copyright (c) 2021-2023 Theo Buehler <tb@openbsd.org>
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: September 27 2023 $
+.Dd $Mdocdate: September 28 2023 $
.Dt X509V3_ASID_ADD_ID_OR_RANGE 3
.Os
.Sh NAME
.Sh DESCRIPTION
An
.Vt ASIdentifiers
-object represents the content of the X509v3 certificate extension
+object represents the content of the certificate extension
defined in RFC 3779, section 3.2.3.1.
It can be instantiated with
.Xr ASIdentifiers_new 3
projects / openbsd / commitdiff