From 132e9e750274e6de29e32a18344edc3513ee14d5 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 3 Jan 2024 11:03:03 +0000 Subject: Clarify the PKCS12 docs Issue #23151 asks a question about the meaning of the PKCS12 documentation. This PR attempts to clarify how friendlyName and localKeyID are added to the PKCS12 structure. Fixes #23151 Reviewed-by: Tomas Mraz Reviewed-by: Neil Horman Reviewed-by: Tom Cosgrove (Merged from https://github.com/openssl/openssl/pull/23188) (cherry picked from commit 3348713ad390372ba5a0a0f98b46b2f637475e47) --- doc/man3/PKCS12_create.pod | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'doc') diff --git a/doc/man3/PKCS12_create.pod b/doc/man3/PKCS12_create.pod index 92e588062a..9d5403113a 100644 --- a/doc/man3/PKCS12_create.pod +++ b/doc/man3/PKCS12_create.pod @@ -57,9 +57,15 @@ export grade software which could use signing only keys of arbitrary size but had restrictions on the permissible sizes of keys which could be used for encryption. -If a certificate contains an I or I then this will be -used for the corresponding B or B in the -PKCS12 structure. +If I is B and I contains an I then this will be +used for the corresponding B in the PKCS12 structure instead. +Similarly, if I is NULL and I contains a I then this will be +used for the corresponding B in the PKCS12 structure instead of the +id calculated from the I. + +For all certificates in I then if a certificate contains an I or +I then this will be used for the corresponding B or +B in the PKCS12 structure. Either I, I or both can be B to indicate that no key or certificate is required. In previous versions both had to be present or -- cgit v1.2.3