From: tb Date: Sun, 12 May 2024 17:44:11 +0000 (+0000) Subject: Be more specific about X509V3_ADD_APPEND and X509V3_ADD_DELETE X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=44d5f513381dc0002f95feefa58933365f3f3a55;p=openbsd Be more specific about X509V3_ADD_APPEND and X509V3_ADD_DELETE --- diff --git a/lib/libcrypto/man/X509V3_get_d2i.3 b/lib/libcrypto/man/X509V3_get_d2i.3 index ed9e150c9b9..6c406190a7f 100644 --- a/lib/libcrypto/man/X509V3_get_d2i.3 +++ b/lib/libcrypto/man/X509V3_get_d2i.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509V3_get_d2i.3,v 1.21 2023/09/25 07:47:52 tb Exp $ +.\" $OpenBSD: X509V3_get_d2i.3,v 1.22 2024/05/12 17:44:11 tb Exp $ .\" full merge up to: OpenSSL ff7fbfd5 Nov 2 11:52:01 2015 +0000 .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 25 2023 $ +.Dd $Mdocdate: May 12 2024 $ .Dt X509V3_GET_D2I 3 .Os .Sh NAME @@ -275,6 +275,8 @@ An error is returned if the extension does already exist. .Pp .Dv X509V3_ADD_APPEND appends a new extension, ignoring whether the extension already exists. +This is a misfeature and should not be used because certificates must +not include the same extension more than once. .Pp .Dv X509V3_ADD_REPLACE replaces an extension if it exists otherwise appends a new extension. @@ -290,7 +292,8 @@ returned if the extension does already exist. .Pp .Dv X509V3_ADD_DELETE deletes extension -.Fa nid . +.Fa nid +if it exists and errors otherwise. No new extension is added. .Pp If