From: tb <tb@openbsd.org>
Date: Wed, 22 May 2024 09:34:40 +0000 (+0000)
Subject: Fix incorrect X509v3_get_ext_by_NID(3) return values
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=e53768b396085977efb762e46dbce12496dd7bcf;p=openbsd

Fix incorrect X509v3_get_ext_by_NID(3) return values

This error comes from upstream, where it is still wrong.
---

diff --git a/lib/libcrypto/man/X509v3_get_ext_by_NID.3 b/lib/libcrypto/man/X509v3_get_ext_by_NID.3
index 54e4b583f77..640a72a1358 100644
--- a/lib/libcrypto/man/X509v3_get_ext_by_NID.3
+++ b/lib/libcrypto/man/X509v3_get_ext_by_NID.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509v3_get_ext_by_NID.3,v 1.13 2021/07/12 14:54:00 schwarze Exp $
+.\" $OpenBSD: X509v3_get_ext_by_NID.3,v 1.14 2024/05/22 09:34:40 tb Exp $
 .\" full merge up to: OpenSSL fd38836b Jun 20 15:25:43 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 12 2021 $
+.Dd $Mdocdate: May 22 2024 $
 .Dt X509V3_GET_EXT_BY_NID 3
 .Os
 .Sh NAME
@@ -248,7 +248,7 @@ from
 The index
 .Fa loc
 can take any value from 0 to
-.Fn X509_get_ext_count x No - 1 .
+.Fn X509_get_ext_count x No \- 1 .
 The returned extension is an internal pointer which must not be
 freed up by the application.
 .Pp
@@ -265,9 +265,9 @@ The search starts from the extension after
 .Fa lastpos
 or from the beginning if
 .Fa lastpos
-is -1.
-If the extension is found, its index is returned; otherwise, -1 is
-returned.
+is \-1.
+If the extension is found, its index is returned; otherwise, a negative
+value is returned.
 .Pp
 .Fn X509v3_get_ext_by_critical
 is similar to
@@ -300,7 +300,7 @@ at position
 .Fa loc .
 If
 .Fa loc
-is -1, the new extension is added to the end.
+is \-1, the new extension is added to the end.
 If
 .Pf * Fa x
 is
@@ -358,7 +358,7 @@ These search functions start from the extension
 .Em after
 the
 .Fa lastpos
-parameter, so it should initially be set to -1.
+parameter, so it should initially be set to \-1.
 If it is set to 0, the initial extension will not be checked.
 .Sh RETURN VALUES
 .Fn X509v3_get_ext_count
@@ -378,7 +378,14 @@ if an error occurs.
 .Fn X509v3_get_ext_by_OBJ ,
 and
 .Fn X509v3_get_ext_by_critical
-return the extension index or -1 if an error occurs.
+return the extension index or \-1 if an error occurs.
+In addition
+.Fn X509v3_get_ext_by_NID
+returns \-2 if
+.Xr OBJ_nid2obj 3
+fails, which happens if
+.Fa nid
+has no corresponding table object.
 .Pp
 .Fn X509v3_add_ext
 returns a stack of extensions or
@@ -388,6 +395,7 @@ on error.
 .Fn X509_add_ext
 returns 1 on success or 0 on error.
 .Sh SEE ALSO
+.Xr OBJ_nid2obj 3 ,
 .Xr X509_CRL_new 3 ,
 .Xr X509_EXTENSION_new 3 ,
 .Xr X509_new 3 ,