diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-11-10 09:31:11 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-12-07 15:21:07 +0100 |
commit | eff06fe5a02cf35782c626231aba43e79f34a87a (patch) | |
tree | 5f1bf24c81d6025afe1dad44e2a50173371dda24 /doc | |
parent | bf17b7b18d11d4005c0ff760405744c3e7da2e0d (diff) |
X509V3_set_ctx(): Clarify use of subject/req parameter for constructing SKID by hash of pubkey
This does not change the semantics of expected usage because only either one may be given.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17145)
(cherry picked from commit 15ac84e603678140ba32832c288e5f1745a258f8)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/X509V3_set_ctx.pod | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/doc/man3/X509V3_set_ctx.pod b/doc/man3/X509V3_set_ctx.pod index 1fc5111de4..820052ba98 100644 --- a/doc/man3/X509V3_set_ctx.pod +++ b/doc/man3/X509V3_set_ctx.pod @@ -18,12 +18,14 @@ X509V3_set_issuer_pkey - X.509 v3 extension generation utilities X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>, providing details potentially needed by functions producing X509 v3 extensions, e.g., to look up values for filling in authority key identifiers. -Any of I<subj>, I<req>, or I<crl> may be provided, pointing to a certificate, +Any of I<subject>, I<req>, or I<crl> may be provided, pointing to a certificate, certification request, or certificate revocation list, respectively. -If I<subj> or I<crl> is provided, I<issuer> should point to its issuer, +When constructing the subject key identifier of a certificate by computing a +hash value of its public key, the public key is taken from I<subject> or I<req>. +If I<subject> or I<crl> is provided, I<issuer> should point to its issuer, for instance to help generating an authority key identifier extension. -Note that if I<subj> is provided, I<issuer> may be the same as I<subj>, -which means that I<subj> is self-issued (or even self-signed). +Note that if I<subject> is provided, I<issuer> may be the same as I<subject>, +which means that I<subject> is self-issued (or even self-signed). I<flags> may be 0 or contain B<X509V3_CTX_TEST>, which means that just the syntax of extension definitions is to be checked without actually producing an extension, |