diff options
Diffstat (limited to 'upstream/debian-unstable/man5/x509v3_config.5ssl')
| -rw-r--r-- | upstream/debian-unstable/man5/x509v3_config.5ssl | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/upstream/debian-unstable/man5/x509v3_config.5ssl b/upstream/debian-unstable/man5/x509v3_config.5ssl index 99f3d1e6..52f49f69 100644 --- a/upstream/debian-unstable/man5/x509v3_config.5ssl +++ b/upstream/debian-unstable/man5/x509v3_config.5ssl @@ -55,7 +55,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 5SSL" -.TH X509V3_CONFIG 5SSL 2024-02-03 3.1.5 OpenSSL +.TH X509V3_CONFIG 5SSL 2024-04-04 3.2.2-dev OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -250,14 +250,21 @@ Examples: .SS "Subject Key Identifier" .IX Subsection "Subject Key Identifier" The SKID extension specification has a value with three choices. -If the value is the word \fBnone\fR then no SKID extension will be included. -If the value is the word \fBhash\fR, or by default for the \fBx509\fR, \fBreq\fR, and -\&\fBca\fR apps, the process specified in RFC 5280 section 4.2.1.2. (1) is followed: +.IP \fBnone\fR 4 +.IX Item "none" +No SKID extension will be included. +.IP \fBhash\fR 4 +.IX Item "hash" +The process specified in RFC 5280 section 4.2.1.2. (1) is followed: The keyIdentifier is composed of the 160\-bit SHA\-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits). +.ie n .IP "A hex string (possibly with "":"" separating bytes)" 4 +.el .IP "A hex string (possibly with \f(CW:\fR separating bytes)" 4 +.IX Item "A hex string (possibly with : separating bytes)" +The provided value is output directly. +This choice is strongly discouraged. .PP -Otherwise, the value must be a hex string (possibly with \f(CW\*(C`:\*(C'\fR separating bytes) -to output directly, however, this is strongly discouraged. +By default the \fBx509\fR, \fBreq\fR, and \fBca\fR apps behave as if \fBhash\fR was given. .PP Example: .PP @@ -273,8 +280,9 @@ or both of them, separated by \f(CW\*(C`,\*(C'\fR. Either or both can have the option \fBalways\fR, indicated by putting a colon \f(CW\*(C`:\*(C'\fR between the value and this option. For self-signed certificates the AKID is suppressed unless \fBalways\fR is present. -By default the \fBx509\fR, \fBreq\fR, and \fBca\fR apps behave as if -"none" was given for self-signed certificates and "keyid, issuer" otherwise. +.PP +By default the \fBx509\fR, \fBreq\fR, and \fBca\fR apps behave as if \fBnone\fR was given +for self-signed certificates and \fBkeyid\fR\f(CW\*(C`,\*(C'\fR \fBissuer\fR otherwise. .PP If \fBkeyid\fR is present, an attempt is made to copy the subject key identifier (SKID) from the issuer certificate except if @@ -286,6 +294,7 @@ If \fBalways\fR is present but no value can be obtained, an error is returned. If \fBissuer\fR is present, and in addition it has the option \fBalways\fR specified or \fBkeyid\fR is not present, then the issuer DN and serial number are copied from the issuer certificate. +If this fails, an error is returned. .PP Examples: .PP |