From 44d5f513381dc0002f95feefa58933365f3f3a55 Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 12 May 2024 17:44:11 +0000 Subject: [PATCH] Be more specific about X509V3_ADD_APPEND and X509V3_ADD_DELETE --- lib/libcrypto/man/X509V3_get_d2i.3 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/libcrypto/man/X509V3_get_d2i.3 b/lib/libcrypto/man/X509V3_get_d2i.3 index ed9e150c9b9..6c406190a7f 100644 --- a/lib/libcrypto/man/X509V3_get_d2i.3 +++ b/lib/libcrypto/man/X509V3_get_d2i.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: X509V3_get_d2i.3,v 1.21 2023/09/25 07:47:52 tb Exp $ +.\" $OpenBSD: X509V3_get_d2i.3,v 1.22 2024/05/12 17:44:11 tb Exp $ .\" full merge up to: OpenSSL ff7fbfd5 Nov 2 11:52:01 2015 +0000 .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 .\" @@ -49,7 +49,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 25 2023 $ +.Dd $Mdocdate: May 12 2024 $ .Dt X509V3_GET_D2I 3 .Os .Sh NAME @@ -275,6 +275,8 @@ An error is returned if the extension does already exist. .Pp .Dv X509V3_ADD_APPEND appends a new extension, ignoring whether the extension already exists. +This is a misfeature and should not be used because certificates must +not include the same extension more than once. .Pp .Dv X509V3_ADD_REPLACE replaces an extension if it exists otherwise appends a new extension. @@ -290,7 +292,8 @@ returned if the extension does already exist. .Pp .Dv X509V3_ADD_DELETE deletes extension -.Fa nid . +.Fa nid +if it exists and errors otherwise. No new extension is added. .Pp If -- 2.20.1