1 files changed, 21 insertions, 4 deletions

diff --git a/upstream/archlinux/man3/OSSL_CMP_CTX_new.3ssl b/upstream/archlinux/man3/OSSL_CMP_CTX_new.3ssl
index fdbc0c55..4ac855b0 100644
--- a/upstream/archlinux/man3/OSSL_CMP_CTX_new.3ssl
+++ b/upstream/archlinux/man3/OSSL_CMP_CTX_new.3ssl
@@ -55,7 +55,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OSSL_CMP_CTX_NEW 3ssl"
-.TH OSSL_CMP_CTX_NEW 3ssl 2024-01-30 3.2.1 OpenSSL
+.TH OSSL_CMP_CTX_NEW 3ssl 2024-04-28 3.3.0 OpenSSL
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -98,6 +98,7 @@ OSSL_CMP_CTX_set1_secretValue,
 OSSL_CMP_CTX_set1_recipient,
 OSSL_CMP_CTX_push0_geninfo_ITAV,
 OSSL_CMP_CTX_reset_geninfo_ITAVs,
+OSSL_CMP_CTX_get0_geninfo_ITAVs,
 OSSL_CMP_CTX_set1_extraCertsOut,
 OSSL_CMP_CTX_set0_newPkey,
 OSSL_CMP_CTX_get0_newPkey,
@@ -186,6 +187,8 @@ OSSL_CMP_CTX_set1_senderNonce
 \& int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
 \& int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
 \& int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx);
+\& STACK_OF(OSSL_CMP_ITAV)
+\&     *OSSL_CMP_CTX_get0_geninfo_ITAVs(const OSSL_CMP_CTX *ctx);
 \& int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
 \&                                     STACK_OF(X509) *extraCertsOut);
 \&
@@ -411,6 +414,12 @@ The following options can be set:
 \&        Allow retrieving a trust anchor from extraCerts and using that
 \&        to validate the certificate chain of an IP message.
 .Ve
+.IP \fBOSSL_CMP_OPT_NO_CACHE_EXTRACERTS\fR 4
+.IX Item "OSSL_CMP_OPT_NO_CACHE_EXTRACERTS"
+.Vb 2
+\&        Do not cache certificates received in the extraCerts CMP message field.
+\&        Otherwise they are stored to potentially help validate further messages.
+.Ve
 .PP
 \&\fBOSSL_CMP_CTX_get_option()\fR reads the current value of the given option
 (e.g., OSSL_CMP_OPT_IMPLICIT_CONFIRM) from the given OSSL_CMP_CTX structure.
@@ -542,6 +551,8 @@ of intermediate CAs that may be useful for path construction for the own CMP
 signer certificate, for the own TLS certificate (if any), when verifying peer
 CMP protection certificates, and when verifying newly enrolled certificates.
 The reference counts of those certificates handled successfully are increased.
+This list of untrusted certificates in \fIctx\fR will get augmented by extraCerts
+in received CMP messages unless \fBOSSL_CMP_OPT_NO_CACHE_EXTRACERTS\fR is set.
 .PP
 \&\fBOSSL_CMP_CTX_get0_untrusted()\fR returns a pointer to the
 list of untrusted certs in \fIctx\fR, which may be empty if unset.
@@ -613,12 +624,16 @@ the issuer of the CMP signer certificate,
 as far as any of those is present, else the NULL-DN as last resort.
 .PP
 \&\fBOSSL_CMP_CTX_push0_geninfo_ITAV()\fR adds \fIitav\fR to the stack in the \fIctx\fR to be
-added to the GeneralInfo field of the CMP PKIMessage header of a request
+added to the generalInfo field of the CMP PKIMessage header of a request
 message sent with this context.
 .PP
 \&\fBOSSL_CMP_CTX_reset_geninfo_ITAVs()\fR
 clears any ITAVs that were added by \fBOSSL_CMP_CTX_push0_geninfo_ITAV()\fR.
 .PP
+\&\fBOSSL_CMP_CTX_get0_geninfo_ITAVs()\fR returns the list of ITAVs set in \fIctx\fR
+for inclusion in the generalInfo field of the CMP PKIMessage header of requests
+or NULL if not set.
+.PP
 \&\fBOSSL_CMP_CTX_set1_extraCertsOut()\fR sets the stack of extraCerts that will be
 sent to remote.
 .PP
@@ -803,6 +818,7 @@ CMP is defined in RFC 4210 (and CRMF in RFC 4211).
 \&\fBOSSL_CMP_CTX_get_transfer_cb_arg()\fR,
 \&\fBOSSL_CMP_CTX_get0_trusted()\fR,
 \&\fBOSSL_CMP_CTX_get0_untrusted()\fR,
+\&\fBOSSL_CMP_CTX_get0_geninfo_ITAVs()\fR,
 \&\fBOSSL_CMP_CTX_get0_newPkey()\fR,
 \&\fBOSSL_CMP_CTX_get_certConf_cb_arg()\fR,
 \&\fBOSSL_CMP_CTX_get0_statusString()\fR,
@@ -920,13 +936,14 @@ in OpenSSL 3.2.
 .PP
 \&\fBOSSL_CMP_CTX_reset_geninfo_ITAVs()\fR was added in OpenSSL 3.0.8.
 .PP
+\&\fBOSSL_CMP_CTX_set1_serialNumber()\fR,
 \&\fBOSSL_CMP_CTX_get0_libctx()\fR, \fBOSSL_CMP_CTX_get0_propq()\fR, and
 \&\fBOSSL_CMP_CTX_get0_validatedSrvCert()\fR were added in OpenSSL 3.2.
 .PP
-\&\fBOSSL_CMP_CTX_set1_serialNumber()\fR was added in OpenSSL 3.2.
+\&\fBOSSL_CMP_CTX_get0_geninfo_ITAVs()\fR was added in OpenSSL 3.3.
 .SH COPYRIGHT
 .IX Header "COPYRIGHT"
-Copyright 2007\-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007\-2024 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy