1 files changed, 16 insertions, 13 deletions

diff --git a/upstream/debian-unstable/man3/CMS_add0_cert.3ssl b/upstream/debian-unstable/man3/CMS_add0_cert.3ssl
index f7bc97aa..60c224d9 100644
--- a/upstream/debian-unstable/man3/CMS_add0_cert.3ssl
+++ b/upstream/debian-unstable/man3/CMS_add0_cert.3ssl
@@ -55,13 +55,14 @@
 .\" ========================================================================
 .\"
 .IX Title "CMS_ADD0_CERT 3SSL"
-.TH CMS_ADD0_CERT 3SSL 2024-02-03 3.1.5 OpenSSL
+.TH CMS_ADD0_CERT 3SSL 2024-04-04 3.2.2-dev OpenSSL
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
 .nh
 .SH NAME
-CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls
+CMS_add0_cert, CMS_add1_cert, CMS_get1_certs,
+CMS_add0_crl, CMS_add1_crl, CMS_get1_crls
 \&\- CMS certificate and CRL utility functions
 .SH SYNOPSIS
 .IX Header "SYNOPSIS"
@@ -78,9 +79,13 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge
 .Ve
 .SH DESCRIPTION
 .IX Header "DESCRIPTION"
-\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fIcert\fR to \fIcms\fR.
+\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR add certificate \fIcert\fR to \fIcms\fR
+unless it is already present.
 This is used by \fBCMS_sign_ex\fR\|(3) and \fBCMS_sign\fR\|(3) and may be used before
 calling \fBCMS_verify\fR\|(3) to help chain building in certificate validation.
+As the 0 implies, \fBCMS_add0_cert()\fR adds \fIcert\fR internally to \fIcms\fR
+and on success it must not be freed up by the caller.
+In contrast, the caller of \fBCMS_add1_cert()\fR must free \fIcert\fR.
 \&\fIcms\fR must be of type signed data or (authenticated) enveloped data.
 For signed data, such a certificate can be used when signing or verifying
 to fill in the signer certificate or to provide an extra CA certificate
@@ -99,17 +104,11 @@ and when verifying a signed CMS message.
 .SH NOTES
 .IX Header "NOTES"
 The CMS_ContentInfo structure \fIcms\fR must be of type signed data or enveloped
-data or an error will be returned.
+data or authenticated enveloped data or an error will be returned.
 .PP
-For signed data certificates and CRLs are added to the \fIcertificates\fR and
-\&\fIcrls\fR fields of SignedData structure. For enveloped data they are added to
-\&\fBOriginatorInfo\fR.
-.PP
-As the \fI0\fR implies \fBCMS_add0_cert()\fR adds \fIcert\fR internally to \fIcms\fR and it
-must not be freed up after the call as opposed to \fBCMS_add1_cert()\fR where \fIcert\fR
-must be freed up.
-.PP
-The same certificate must not be added to the same cms structure more than once.
+For signed data, certificates and CRLs are added to the \fIcertificates\fR and
+\&\fIcrls\fR fields of SignedData structure.
+For enveloped data they are added to \fBOriginatorInfo\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 \&\fBCMS_add0_cert()\fR, \fBCMS_add1_cert()\fR and \fBCMS_add0_crl()\fR and \fBCMS_add1_crl()\fR return
@@ -123,6 +122,10 @@ in practice is if the \fIcms\fR type is invalid.
 \&\fBERR_get_error\fR\|(3),
 \&\fBCMS_sign\fR\|(3), \fBCMS_sign_ex\fR\|(3), \fBCMS_verify\fR\|(3),
 \&\fBCMS_encrypt\fR\|(3)
+.SH HISTORY
+.IX Header "HISTORY"
+\&\fBCMS_add0_cert()\fR and \fBCMS_add1_cert()\fR have been changed in OpenSSL 3.2
+not to throw an error if a certificate to be added is already present.
 .SH COPYRIGHT
 .IX Header "COPYRIGHT"
 Copyright 2008\-2023 The OpenSSL Project Authors. All Rights Reserved.