sync code with last improvements from OpenBSD
This commit is contained in:
parent
b13fe1161c
commit
0095d6bf71
@ -1,6 +1,6 @@
|
|||||||
.\" $OpenBSD: ASIdentifiers_new.3,v 1.9 2023/09/29 08:57:49 tb Exp $
|
.\" $OpenBSD: ASIdentifiers_new.3,v 1.11 2023/09/30 18:16:44 tb Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2021 Theo Buehler <tb@openbsd.org>
|
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
||||||
.\"
|
.\"
|
||||||
.\" Permission to use, copy, modify, and distribute this software for any
|
.\" Permission to use, copy, modify, and distribute this software for any
|
||||||
.\" purpose with or without fee is hereby granted, provided that the above
|
.\" purpose with or without fee is hereby granted, provided that the above
|
||||||
@ -14,7 +14,7 @@
|
|||||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: September 29 2023 $
|
.Dd $Mdocdate: September 30 2023 $
|
||||||
.Dt ASIDENTIFIERS_NEW 3
|
.Dt ASIDENTIFIERS_NEW 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -95,14 +95,14 @@ returns a new
|
|||||||
.Vt ASIdentifiers
|
.Vt ASIdentifiers
|
||||||
object or
|
object or
|
||||||
.Dv NULL
|
.Dv NULL
|
||||||
on if an error occurs.
|
if an error occurs.
|
||||||
.Pp
|
.Pp
|
||||||
.Fn d2i_ASIdentifiers
|
.Fn d2i_ASIdentifiers
|
||||||
returns an
|
returns an
|
||||||
.Vt ASIdentifiers
|
.Vt ASIdentifiers
|
||||||
object or
|
object or
|
||||||
.Dv NULL
|
.Dv NULL
|
||||||
on if a decoding or memory allocation error occurs.
|
if a decoding or memory allocation error occurs.
|
||||||
.Pp
|
.Pp
|
||||||
.Fn i2d_ASIdentifiers
|
.Fn i2d_ASIdentifiers
|
||||||
returns the number of bytes successfully encoded
|
returns the number of bytes successfully encoded
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.\" $OpenBSD: IPAddressRange_new.3,v 1.5 2023/09/28 12:35:31 tb Exp $
|
.\" $OpenBSD: IPAddressRange_new.3,v 1.6 2023/09/30 13:58:29 schwarze Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
||||||
.\"
|
.\"
|
||||||
@ -14,7 +14,7 @@
|
|||||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: September 28 2023 $
|
.Dd $Mdocdate: September 30 2023 $
|
||||||
.Dt IPADDRESSRANGE_NEW 3
|
.Dt IPADDRESSRANGE_NEW 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -240,7 +240,7 @@ typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
|
|||||||
Since an
|
Since an
|
||||||
.Vt IPAddressOrRanges
|
.Vt IPAddressOrRanges
|
||||||
object should be sorted in a specific way (see
|
object should be sorted in a specific way (see
|
||||||
.Xr X509v3_addr_canonize 3 Ns ),
|
.Xr X509v3_addr_canonize 3 ) ,
|
||||||
a comparison function is needed for a correct instantiation
|
a comparison function is needed for a correct instantiation
|
||||||
with
|
with
|
||||||
.Xr sk_new 3 .
|
.Xr sk_new 3 .
|
||||||
@ -383,7 +383,7 @@ and related functions.
|
|||||||
.Fn i2d_IPAddressChoice ,
|
.Fn i2d_IPAddressChoice ,
|
||||||
.Fn d2i_IPAddressFamily ,
|
.Fn d2i_IPAddressFamily ,
|
||||||
and
|
and
|
||||||
.Fn i2d_IPAddressFamily ,
|
.Fn i2d_IPAddressFamily
|
||||||
decode and encode ASN.1
|
decode and encode ASN.1
|
||||||
.Vt IPAddressRange ,
|
.Vt IPAddressRange ,
|
||||||
.Vt IPAddressOrRange ,
|
.Vt IPAddressOrRange ,
|
||||||
@ -428,12 +428,12 @@ object with allocated, empty members, or
|
|||||||
.Dv NULL
|
.Dv NULL
|
||||||
if an error occurs.
|
if an error occurs.
|
||||||
.Pp
|
.Pp
|
||||||
The encoding functions
|
The decoding functions
|
||||||
.Fn d2i_IPAddressRange ,
|
.Fn d2i_IPAddressRange ,
|
||||||
.Fn d2i_IPAddressOrRange ,
|
.Fn d2i_IPAddressOrRange ,
|
||||||
.Fn d2i_IPAddressChoice ,
|
.Fn d2i_IPAddressChoice ,
|
||||||
and
|
and
|
||||||
.Fn d2i_IPAddressFamily ,
|
.Fn d2i_IPAddressFamily
|
||||||
return an
|
return an
|
||||||
.Vt IPAddressRange ,
|
.Vt IPAddressRange ,
|
||||||
an
|
an
|
||||||
@ -452,7 +452,7 @@ The encoding functions
|
|||||||
.Fn i2d_IPAddressOrRange ,
|
.Fn i2d_IPAddressOrRange ,
|
||||||
.Fn i2d_IPAddressChoice ,
|
.Fn i2d_IPAddressChoice ,
|
||||||
and
|
and
|
||||||
.Fn i2d_IPAddressFamily ,
|
.Fn i2d_IPAddressFamily
|
||||||
return the number of bytes successfully encoded
|
return the number of bytes successfully encoded
|
||||||
or a value <= 0 if an error occurs.
|
or a value <= 0 if an error occurs.
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.\" $OpenBSD: X509v3_addr_add_inherit.3,v 1.7 2023/09/29 08:57:49 tb Exp $
|
.\" $OpenBSD: X509v3_addr_add_inherit.3,v 1.9 2023/09/30 16:01:18 tb Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
||||||
.\"
|
.\"
|
||||||
@ -14,7 +14,7 @@
|
|||||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: September 29 2023 $
|
.Dd $Mdocdate: September 30 2023 $
|
||||||
.Dt X509V3_ADDR_ADD_INHERIT 3
|
.Dt X509V3_ADDR_ADD_INHERIT 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -128,9 +128,11 @@ the call fails.
|
|||||||
is expected to be a byte array in network byte order.
|
is expected to be a byte array in network byte order.
|
||||||
It should point at enough memory to accommodate
|
It should point at enough memory to accommodate
|
||||||
.Fa prefixlen
|
.Fa prefixlen
|
||||||
bits and it is recommended that all the bits not covered by
|
bits and it is recommended that all the bits not covered by the
|
||||||
the prefixlen be set to 0.
|
.Fa prefixlen
|
||||||
It is the caller's responsibility to ensure that the prefix
|
be set to 0.
|
||||||
|
It is the caller's responsibility to ensure that the
|
||||||
|
.Fa prefix
|
||||||
has no address in common with any of
|
has no address in common with any of
|
||||||
the prefixes or ranges already in the list.
|
the prefixes or ranges already in the list.
|
||||||
If
|
If
|
||||||
@ -281,7 +283,7 @@ hexdump(const unsigned char *buf, size_t len)
|
|||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
for (i = 1; i <= len; i++)
|
for (i = 1; i <= len; i++)
|
||||||
printf(" 0x%02x,%s", buf[i - 1], i % 8 ? "" : "\en");
|
printf(" 0x%02x,%s", buf[i \- 1], i % 8 ? "" : "\en");
|
||||||
if (len % 8)
|
if (len % 8)
|
||||||
printf("\en");
|
printf("\en");
|
||||||
}
|
}
|
||||||
@ -295,7 +297,7 @@ main(void)
|
|||||||
int der_len;
|
int der_len;
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
if (pledge("stdio", NULL) == -1)
|
if (pledge("stdio", NULL) == \-1)
|
||||||
err(1, "pledge");
|
err(1, "pledge");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -319,7 +321,7 @@ main(void)
|
|||||||
|
|
||||||
len = inet_net_pton(AF_INET, prefixes[i], addr,
|
len = inet_net_pton(AF_INET, prefixes[i], addr,
|
||||||
sizeof(addr));
|
sizeof(addr));
|
||||||
if (len == -1)
|
if (len == \-1)
|
||||||
errx(1, "inet_net_pton(%s)", prefixes[i]);
|
errx(1, "inet_net_pton(%s)", prefixes[i]);
|
||||||
if (!X509v3_addr_add_prefix(addrblocks, IANA_AFI_IPV4,
|
if (!X509v3_addr_add_prefix(addrblocks, IANA_AFI_IPV4,
|
||||||
&unicast, addr, len))
|
&unicast, addr, len))
|
||||||
@ -373,7 +375,7 @@ d2i_IPAddrBlocks(IPAddrBlocks **addrblocks, const unsigned char **in,
|
|||||||
if ((v3_addr = X509V3_EXT_get_nid(NID_sbgp_ipAddrBlock)) == NULL)
|
if ((v3_addr = X509V3_EXT_get_nid(NID_sbgp_ipAddrBlock)) == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
return (IPAddrBlocks *)ASN1_item_d2i((ASN1_VALUE **)addrblocks,
|
return (IPAddrBlocks *)ASN1_item_d2i((ASN1_VALUE **)addrblocks,
|
||||||
in, len, ASN1_ITEM_ptr(v3_addr->it));
|
in, len, ASN1_ITEM_ptr(v3_addr\->it));
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
@ -382,9 +384,9 @@ i2d_IPAddrBlocks(IPAddrBlocks *addrblocks, unsigned char **out)
|
|||||||
const X509V3_EXT_METHOD *v3_addr;
|
const X509V3_EXT_METHOD *v3_addr;
|
||||||
|
|
||||||
if ((v3_addr = X509V3_EXT_get_nid(NID_sbgp_ipAddrBlock)) == NULL)
|
if ((v3_addr = X509V3_EXT_get_nid(NID_sbgp_ipAddrBlock)) == NULL)
|
||||||
return -1;
|
return \-1;
|
||||||
return ASN1_item_i2d((ASN1_VALUE *)addrblocks, out,
|
return ASN1_item_i2d((ASN1_VALUE *)addrblocks, out,
|
||||||
ASN1_ITEM_ptr(v3_addr->it));
|
ASN1_ITEM_ptr(v3_addr\->it));
|
||||||
}
|
}
|
||||||
.Ed
|
.Ed
|
||||||
.Pp
|
.Pp
|
||||||
@ -415,12 +417,12 @@ RFC 7249: Internet Number Registries
|
|||||||
.Pp
|
.Pp
|
||||||
.Rs
|
.Rs
|
||||||
.%T Address Family Numbers
|
.%T Address Family Numbers
|
||||||
.%U https://www.iana.org/assignments/address-family-numbers
|
.%U https://www.iana.org/assignments/address\-family\-numbers
|
||||||
.Re
|
.Re
|
||||||
.Pp
|
.Pp
|
||||||
.Rs
|
.Rs
|
||||||
.%T Subsequent Address Family Identifiers (SAFI) Parameters
|
.%T Subsequent Address Family Identifiers (SAFI) Parameters
|
||||||
.%U https://www.iana.org/assignments/safi-namespace
|
.%U https://www.iana.org/assignments/safi\-namespace
|
||||||
.Re
|
.Re
|
||||||
.Sh HISTORY
|
.Sh HISTORY
|
||||||
These functions first appeared in OpenSSL 0.9.8e
|
These functions first appeared in OpenSSL 0.9.8e
|
||||||
@ -441,7 +443,7 @@ with public API.
|
|||||||
.Fn X509v3_addr_add_range
|
.Fn X509v3_addr_add_range
|
||||||
should check for inverted range bounds and overlaps
|
should check for inverted range bounds and overlaps
|
||||||
on insertion and fail instead of creating a nonsensical
|
on insertion and fail instead of creating a nonsensical
|
||||||
.Fa addr
|
.Fa addrblocks
|
||||||
that fails to be canonized by
|
that fails to be canonized by
|
||||||
.Fn X509v3_addr_canonize .
|
.Fn X509v3_addr_canonize .
|
||||||
.Pp
|
.Pp
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.\" $OpenBSD: X509v3_addr_get_range.3,v 1.1 2023/09/26 18:35:34 tb Exp $
|
.\" $OpenBSD: X509v3_addr_get_range.3,v 1.2 2023/09/30 14:12:40 schwarze Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
||||||
.\"
|
.\"
|
||||||
@ -14,7 +14,7 @@
|
|||||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: September 26 2023 $
|
.Dd $Mdocdate: September 30 2023 $
|
||||||
.Dt X509V3_ADDR_GET_RANGE 3
|
.Dt X509V3_ADDR_GET_RANGE 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -53,15 +53,13 @@ The
|
|||||||
.Fa length
|
.Fa length
|
||||||
must be large enough to accommodate an address for
|
must be large enough to accommodate an address for
|
||||||
.Fa afi ,
|
.Fa afi ,
|
||||||
which for
|
which is at least 4 for
|
||||||
.Dv IANA_AFI_IPV4 ,
|
.Dv IANA_AFI_IPV4
|
||||||
is at least 4,
|
and at least 16 for
|
||||||
and for
|
.Dv IANA_AFI_IPV6 .
|
||||||
.Dv IANA_AFI_IPV6
|
|
||||||
at least 16.
|
|
||||||
.Sh RETURN VALUES
|
.Sh RETURN VALUES
|
||||||
.Fn X509v3_addr_get_afi
|
.Fn X509v3_addr_get_afi
|
||||||
returns the afi encoded in
|
returns the AFI encoded in
|
||||||
.Fa af
|
.Fa af
|
||||||
or 0 if
|
or 0 if
|
||||||
.Fa af
|
.Fa af
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.\" $OpenBSD: X509v3_addr_inherits.3,v 1.2 2023/09/27 08:46:46 tb Exp $
|
.\" $OpenBSD: X509v3_addr_inherits.3,v 1.3 2023/09/30 14:21:57 schwarze Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
||||||
.\"
|
.\"
|
||||||
@ -14,7 +14,7 @@
|
|||||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: September 27 2023 $
|
.Dd $Mdocdate: September 30 2023 $
|
||||||
.Dt X509V3_ADDR_INHERITS 3
|
.Dt X509V3_ADDR_INHERITS 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -65,9 +65,7 @@ or the
|
|||||||
lists has
|
lists has
|
||||||
.Fa type
|
.Fa type
|
||||||
.Dv ASIdentifierChoice_inherit .
|
.Dv ASIdentifierChoice_inherit .
|
||||||
Otherwise
|
Otherwise it returns 0.
|
||||||
.Fn X509v3_asid_inherits 3
|
|
||||||
returns 0.
|
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr ASIdentifiers_new 3 ,
|
.Xr ASIdentifiers_new 3 ,
|
||||||
.Xr ASRange_new 3 ,
|
.Xr ASRange_new 3 ,
|
||||||
@ -102,5 +100,5 @@ There is no API that determines whether all lists contained in an
|
|||||||
.Vt ASIdentifiers
|
.Vt ASIdentifiers
|
||||||
or an
|
or an
|
||||||
.Vt IPAddrBlocks
|
.Vt IPAddrBlocks
|
||||||
objects inherit.
|
object inherit.
|
||||||
See RFC 9287, 5.1.2 for an example where this is relevant.
|
See RFC 9287, 5.1.2 for an example where this is relevant.
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.\" $OpenBSD: X509v3_addr_subset.3,v 1.1 2023/09/28 12:36:36 tb Exp $
|
.\" $OpenBSD: X509v3_addr_subset.3,v 1.2 2023/09/30 14:24:00 schwarze Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
||||||
.\"
|
.\"
|
||||||
@ -14,7 +14,7 @@
|
|||||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: September 28 2023 $
|
.Dd $Mdocdate: September 30 2023 $
|
||||||
.Dt X509V3_ADDR_SUBSET 3
|
.Dt X509V3_ADDR_SUBSET 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -62,12 +62,12 @@ then
|
|||||||
.Fa child
|
.Fa child
|
||||||
is a subset of
|
is a subset of
|
||||||
.Fa parent .
|
.Fa parent .
|
||||||
(In particular, a
|
In particular, a
|
||||||
.Dv NULL
|
.Dv NULL
|
||||||
.Fa parent
|
.Fa parent
|
||||||
is allowed for a
|
is allowed for a
|
||||||
.Dv NULL
|
.Dv NULL
|
||||||
.Fa child Ns .)
|
.Fa child .
|
||||||
.It
|
.It
|
||||||
If
|
If
|
||||||
.Fa parent
|
.Fa parent
|
||||||
@ -159,7 +159,7 @@ If both
|
|||||||
and
|
and
|
||||||
.Fa parent
|
.Fa parent
|
||||||
are in canonical form,
|
are in canonical form,
|
||||||
they cannot fail.
|
these functions cannot fail.
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
.Xr ASIdentifiers_new 3 ,
|
.Xr ASIdentifiers_new 3 ,
|
||||||
.Xr ASRange_new 3 ,
|
.Xr ASRange_new 3 ,
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.\" $OpenBSD: X509v3_addr_validate_path.3,v 1.3 2023/09/29 15:41:06 tb Exp $
|
.\" $OpenBSD: X509v3_addr_validate_path.3,v 1.5 2023/09/30 19:07:38 tb Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
||||||
.\"
|
.\"
|
||||||
@ -14,7 +14,7 @@
|
|||||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: September 29 2023 $
|
.Dd $Mdocdate: September 30 2023 $
|
||||||
.Dt X509V3_ADDR_VALIDATE_PATH 3
|
.Dt X509V3_ADDR_VALIDATE_PATH 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -31,7 +31,7 @@
|
|||||||
.Fo X509v3_addr_validate_resource_set
|
.Fo X509v3_addr_validate_resource_set
|
||||||
.Fa "STACK_OF(X509) *chain"
|
.Fa "STACK_OF(X509) *chain"
|
||||||
.Fa "IPAddrBlocks *addrblocks"
|
.Fa "IPAddrBlocks *addrblocks"
|
||||||
.Fa "int allow_inheritance"
|
.Fa "int allow_inherit"
|
||||||
.Fc
|
.Fc
|
||||||
.Ft int
|
.Ft int
|
||||||
.Fn X509v3_asid_validate_path "X509_STORE_CTX *ctx"
|
.Fn X509v3_asid_validate_path "X509_STORE_CTX *ctx"
|
||||||
@ -39,7 +39,7 @@
|
|||||||
.Fo X509v3_asid_validate_resource_set
|
.Fo X509v3_asid_validate_resource_set
|
||||||
.Fa "STACK_OF(X509) *chain"
|
.Fa "STACK_OF(X509) *chain"
|
||||||
.Fa "ASIdentifiers *asid"
|
.Fa "ASIdentifiers *asid"
|
||||||
.Fa "int allow_inheritance"
|
.Fa "int allow_inherit"
|
||||||
.Fc
|
.Fc
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
Both RFC 3779 extensions require additional checking in the certification
|
Both RFC 3779 extensions require additional checking in the certification
|
||||||
@ -49,19 +49,18 @@ path validation.
|
|||||||
The initial set of allowed IP address and AS number resources is defined in
|
The initial set of allowed IP address and AS number resources is defined in
|
||||||
the trust anchor, where inheritance is not allowed.
|
the trust anchor, where inheritance is not allowed.
|
||||||
.It
|
.It
|
||||||
All IP address delegation or AS number delegation extensions
|
An issuer may only delegate subsets of resources present in its
|
||||||
|
RFC 3779 extensions or subsets of resources inherited from its issuer.
|
||||||
|
.It
|
||||||
|
If an RFC 3779 extension is present in a certificate,
|
||||||
|
the same type of extension must also be present in its issuer.
|
||||||
|
.It
|
||||||
|
All RFC 3779 extensions
|
||||||
appearing in the validation path must be in canonical form
|
appearing in the validation path must be in canonical form
|
||||||
according to
|
according to
|
||||||
.Xr X509v3_addr_is_canonical 3
|
.Xr X509v3_addr_is_canonical 3
|
||||||
and
|
and
|
||||||
.Xr X509v3_asid_is_canonical 3 .
|
.Xr X509v3_asid_is_canonical 3 .
|
||||||
.It
|
|
||||||
If the IP address delegation extension is present in a certificate,
|
|
||||||
it must also be present in its issuer.
|
|
||||||
Similarly for the AS identifiers delegation extension.
|
|
||||||
.It
|
|
||||||
An issuer may only delegate subsets of resources present in its
|
|
||||||
RFC 3779 extensions or subsets of resources inherited from its issuer.
|
|
||||||
.El
|
.El
|
||||||
.Pp
|
.Pp
|
||||||
.Fn X509v3_addr_validate_path
|
.Fn X509v3_addr_validate_path
|
||||||
@ -157,7 +156,7 @@ is
|
|||||||
.Dv NULL
|
.Dv NULL
|
||||||
or empty.
|
or empty.
|
||||||
If
|
If
|
||||||
.Fa allow_inheritance
|
.Fa allow_inherit
|
||||||
is 0,
|
is 0,
|
||||||
.Fa addrblocks
|
.Fa addrblocks
|
||||||
or
|
or
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
.\" $OpenBSD: X509v3_asid_add_id_or_range.3,v 1.7 2023/09/29 08:57:49 tb Exp $
|
.\" $OpenBSD: X509v3_asid_add_id_or_range.3,v 1.9 2023/09/30 18:16:44 tb Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2021-2023 Theo Buehler <tb@openbsd.org>
|
.\" Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
|
||||||
.\"
|
.\"
|
||||||
.\" Permission to use, copy, modify, and distribute this software for any
|
.\" Permission to use, copy, modify, and distribute this software for any
|
||||||
.\" purpose with or without fee is hereby granted, provided that the above
|
.\" purpose with or without fee is hereby granted, provided that the above
|
||||||
@ -14,7 +14,7 @@
|
|||||||
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||||
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: September 29 2023 $
|
.Dd $Mdocdate: September 30 2023 $
|
||||||
.Dt X509V3_ASID_ADD_ID_OR_RANGE 3
|
.Dt X509V3_ASID_ADD_ID_OR_RANGE 3
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -163,6 +163,7 @@ Ranges must not overlap,
|
|||||||
.\" contain at least two elements,
|
.\" contain at least two elements,
|
||||||
and adjacent ranges must be fully merged.
|
and adjacent ranges must be fully merged.
|
||||||
.El
|
.El
|
||||||
|
.Pp
|
||||||
.Fn X509v3_asid_canonize
|
.Fn X509v3_asid_canonize
|
||||||
merges adjacent ranges
|
merges adjacent ranges
|
||||||
but refuses to merge overlapping ranges or to discard duplicates.
|
but refuses to merge overlapping ranges or to discard duplicates.
|
||||||
@ -286,8 +287,12 @@ arguments on failure.
|
|||||||
.Pp
|
.Pp
|
||||||
RFC 3779 does not explicitly disallow ranges where the minimum
|
RFC 3779 does not explicitly disallow ranges where the minimum
|
||||||
is equal to the maximum.
|
is equal to the maximum.
|
||||||
The isolated AS identifier a and
|
The isolated AS identifier
|
||||||
the AS range [a,a] where the minimum and the maximum are equal to a
|
.Fa min
|
||||||
|
and the AS range
|
||||||
|
.Bq Fa min , Ns Fa min
|
||||||
|
where the minimum and the maximum are equal to
|
||||||
|
.Fa min
|
||||||
have the same semantics.
|
have the same semantics.
|
||||||
.Fn X509v3_asid_is_canonical
|
.Fn X509v3_asid_is_canonical
|
||||||
accepts both representations as valid and
|
accepts both representations as valid and
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.\" $OpenBSD: kdump.1,v 1.37 2023/04/17 05:43:12 jmc Exp $
|
.\" $OpenBSD: kdump.1,v 1.38 2023/09/30 13:03:40 naddy Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 1990, 1993
|
.\" Copyright (c) 1990, 1993
|
||||||
.\" The Regents of the University of California. All rights reserved.
|
.\" The Regents of the University of California. All rights reserved.
|
||||||
@ -29,7 +29,7 @@
|
|||||||
.\"
|
.\"
|
||||||
.\" from: @(#)kdump.1 8.1 (Berkeley) 6/6/93
|
.\" from: @(#)kdump.1 8.1 (Berkeley) 6/6/93
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: April 17 2023 $
|
.Dd $Mdocdate: September 30 2023 $
|
||||||
.Dt KDUMP 1
|
.Dt KDUMP 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -100,13 +100,39 @@ Display absolute timestamps for each entry (seconds since the Epoch).
|
|||||||
If both options are specified, display timestamps relative to trace start.
|
If both options are specified, display timestamps relative to trace start.
|
||||||
.It Fl t Ar trstr
|
.It Fl t Ar trstr
|
||||||
Select which tracepoints to display.
|
Select which tracepoints to display.
|
||||||
The argument can contain one or more of the letters
|
The argument can contain one or more of the following letters.
|
||||||
.Cm cinpstuxX+ .
|
By default all trace points except for
|
||||||
See the
|
.Cm X
|
||||||
.Fl t
|
are enabled.
|
||||||
option of
|
.Pp
|
||||||
.Xr ktrace 1
|
.Bl -tag -width flag -offset indent -compact
|
||||||
for the meaning of the letters.
|
.\" Keep this list in sync with ktrace(1) and ltrace(1).
|
||||||
|
.It Cm c
|
||||||
|
trace system calls
|
||||||
|
.It Cm i
|
||||||
|
trace I/O
|
||||||
|
.It Cm n
|
||||||
|
trace namei translations
|
||||||
|
.It Cm p
|
||||||
|
trace violation of
|
||||||
|
.Xr pledge 2
|
||||||
|
restrictions
|
||||||
|
.It Cm s
|
||||||
|
trace signal processing
|
||||||
|
.It Cm t
|
||||||
|
trace various structures
|
||||||
|
.It Cm u
|
||||||
|
trace user data coming from
|
||||||
|
.Xr utrace 2
|
||||||
|
.It Cm x
|
||||||
|
trace argument vector in
|
||||||
|
.Xr execve 2
|
||||||
|
.It Cm X
|
||||||
|
trace environment in
|
||||||
|
.Xr execve 2
|
||||||
|
.It Cm +
|
||||||
|
trace the default points
|
||||||
|
.El
|
||||||
.It Fl u Ar label
|
.It Fl u Ar label
|
||||||
Display
|
Display
|
||||||
.Xr utrace 2
|
.Xr utrace 2
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.\" $OpenBSD: ktrace.1,v 1.32 2022/07/30 07:19:30 jsg Exp $
|
.\" $OpenBSD: ktrace.1,v 1.33 2023/09/30 13:03:40 naddy Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 1990, 1993
|
.\" Copyright (c) 1990, 1993
|
||||||
.\" The Regents of the University of California. All rights reserved.
|
.\" The Regents of the University of California. All rights reserved.
|
||||||
@ -29,7 +29,7 @@
|
|||||||
.\"
|
.\"
|
||||||
.\" from: @(#)ktrace.1 8.1 (Berkeley) 6/6/93
|
.\" from: @(#)ktrace.1 8.1 (Berkeley) 6/6/93
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: July 30 2022 $
|
.Dd $Mdocdate: September 30 2023 $
|
||||||
.Dt KTRACE 1
|
.Dt KTRACE 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -119,6 +119,7 @@ By default all trace points except for
|
|||||||
are enabled.
|
are enabled.
|
||||||
.Pp
|
.Pp
|
||||||
.Bl -tag -width flag -offset indent -compact
|
.Bl -tag -width flag -offset indent -compact
|
||||||
|
.\" Keep this list in sync with kdump(1) and ltrace(1).
|
||||||
.It Cm c
|
.It Cm c
|
||||||
trace system calls
|
trace system calls
|
||||||
.It Cm i
|
.It Cm i
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
.\" $OpenBSD: ltrace.1,v 1.10 2016/07/18 09:36:50 guenther Exp $
|
.\" $OpenBSD: ltrace.1,v 1.11 2023/09/30 13:03:40 naddy Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2013 Miodrag Vallat.
|
.\" Copyright (c) 2013 Miodrag Vallat.
|
||||||
.\"
|
.\"
|
||||||
@ -43,7 +43,7 @@
|
|||||||
.\"
|
.\"
|
||||||
.\" from: @(#)ktrace.1 8.1 (Berkeley) 6/6/93
|
.\" from: @(#)ktrace.1 8.1 (Berkeley) 6/6/93
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: July 18 2016 $
|
.Dd $Mdocdate: September 30 2023 $
|
||||||
.Dt LTRACE 1
|
.Dt LTRACE 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -107,6 +107,7 @@ The default is just
|
|||||||
The following table equates the letters with the trace points:
|
The following table equates the letters with the trace points:
|
||||||
.Pp
|
.Pp
|
||||||
.Bl -tag -width flag -offset indent -compact
|
.Bl -tag -width flag -offset indent -compact
|
||||||
|
.\" Keep this list in sync with kdump(1) and ktrace(1).
|
||||||
.It Cm c
|
.It Cm c
|
||||||
trace system calls
|
trace system calls
|
||||||
.It Cm i
|
.It Cm i
|
||||||
|
Loading…
Reference in New Issue
Block a user