Added support for adding extensions to CRLs, also fix a memory leak and

make 'req' check the config file syntax before it adds extensions. Added
info in the documentation as well.

2 files changed, 14 insertions, 3 deletions

diff --git a/doc/README b/doc/README
index 81c59803fd..669106854b 100644
--- a/doc/README
+++ b/doc/README
@@ -3,4 +3,5 @@
  crypto.pod ...... Documentation of OpenSSL crypto.h+libcrypto.a
  ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a
  ssleay.txt ...... Assembled documentation files of ancestor SSLeay [obsolete}
-
+ ext-conf.txt .... Text documentation about configuring new extension code.
+ buffer.txt ...... Text documentation about the buffer library.
diff --git a/doc/ext-conf.txt b/doc/ext-conf.txt
index b9cf5a5ab9..1d0f6fb3c3 100644
--- a/doc/ext-conf.txt
+++ b/doc/ext-conf.txt
@@ -14,8 +14,8 @@ PRINTING EXTENSIONS.
 
 Extension values are automatically printed out for supported extensions.
 
-x509 -in cert.pem -text
-crl -in crl.pem -text
+openssl x509 -in cert.pem -text
+openssl crl -in crl.pem -text
 
 will give information in the extension printout, for example:
 
@@ -43,6 +43,16 @@ indicates which section contains the extensions. In the case of 'req' the
 extension section is used when the -x509 option is present to create a
 self signed root certificate.
 
+You can also add extensions to CRLs: a line
+
+crl_extensions = crl_extension_section
+
+will include extensions when the -gencrl option is used with the 'ca' utility.
+You can add any extension to a CRL but of the supported extensions only
+issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
+CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
+CRL entry extensions can be displayed.
+
 EXTENSION SYNTAX.
 
 Extensions have the basic form: