Add documentetion for noCheck extension and add a few cross references to

the extension documentation.

5 files changed, 26 insertions, 8 deletions

diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod
index 5618c2dc9d..d97133ad37 100644
--- a/doc/apps/ca.pod
+++ b/doc/apps/ca.pod
@@ -205,7 +205,9 @@ the section of the configuration file containing certificate extensions
 to be added when a certificate is issued (defaults to B<x509_extensions>
 unless the B<-extfile> option is used). If no extension section is
 present then, a V1 certificate is created. If the extension section
-is present (even if it is empty), then a V3 certificate is created.
+is present (even if it is empty), then a V3 certificate is created. See the:w
+L<x509v3_config(5)|x509v3_config(5)> manual page for details of the
+extension section format.
 
 =item B<-extfile file>
 
@@ -299,7 +301,9 @@ include. If no CRL extension section is present then a V1 CRL is
 created, if the CRL extension section is present (even if it is
 empty) then a V2 CRL is created. The CRL extensions specified are
 CRL extensions and B<not> CRL entry extensions.  It should be noted
-that some software (for example Netscape) can't handle V2 CRLs. 
+that some software (for example Netscape) can't handle V2 CRLs. See
+L<x509v3_config(5)|x509v3_config(5)> manual page for details of the
+extension section format.
 
 =back
 
diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod
index 7f2504bbbc..42533dd6e6 100644
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@@ -366,7 +366,7 @@ L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
 L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
 L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
 L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
-L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)> 
+L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>, L<x509v3_config(5)|x509v3_config(5)> 
 
 =head1 HISTORY
 
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 65584d1de2..2ba16b45d6 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -356,7 +356,9 @@ problems with BMPStrings and UTF8Strings: in particular Netscape.
 
 this specifies the configuration file section containing a list of
 extensions to add to the certificate request. It can be overridden
-by the B<-reqexts> command line switch.
+by the B<-reqexts> command line switch. See the 
+L<x509v3_config(5)|x509v3_config(5)> manual page for details of the
+extension section format.
 
 =item B<x509_extensions>
 
@@ -618,6 +620,7 @@ address in subjectAltName should be input by the user.
 =head1 SEE ALSO
 
 L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
-L<gendsa(1)|gendsa(1)>, L<config(5)|config(5)>
+L<gendsa(1)|gendsa(1)>, L<config(5)|config(5)>,
+L<x509v3_config(5)|x509v3_config(5)> 
 
 =cut
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index a46378f0ba..dfed9bcd53 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -376,7 +376,9 @@ no extensions are added to the certificate.
 the section to add certificate extensions from. If this option is not
 specified then the extensions should either be contained in the unnamed
 (default) section or the default section should contain a variable called
-"extensions" which contains the section to use.
+"extensions" which contains the section to use. See the
+L<x509v3_config(5)|x509v3_config(5)> manual page for details of the
+extension section format.
 
 =back
 
diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod
index 22bb62436b..ac735d6f19 100644
--- a/doc/apps/x509v3_config.pod
+++ b/doc/apps/x509v3_config.pod
@@ -178,7 +178,7 @@ preceeding the name with a B<+> character.
 
 otherName can include arbitrary data associated with an OID: the value
 should be the OID followed by a semicolon and the content in standard
-ASN1_generate_nconf() format.
+L<ASN1_generate_nconf(1)|ASN1_generate_nconf(1)> format.
 
 Examples:
 
@@ -392,6 +392,14 @@ Examples:
  nameConstraints=excluded;email:.com
 issuingDistributionPoint = idp_section
 
+=head2 OCSP No Check
+
+The OCSP No Check extension is a string extension but its value is ignored.
+
+Example:
+
+ noCheck = ignored
+
 
 =head1 DEPRECATED EXTENSIONS
 
@@ -513,7 +521,8 @@ for arbitrary extensions was added in OpenSSL 0.9.8
 
 =head1 SEE ALSO
 
-L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>
+L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>,
+L<ASN1_generate_nconf(1)|ASN1_generate_nconf(1)>
 
 
 =cut