X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=doc%2Fopenssl.txt;h=73272509c0348041236cfba5ea43504bb2dc6042;hb=720b3598d6b5c6cac7807ef9121820d35bc0be1d;hp=2a84be420ac1fbea1dfec946853823da6427d95a;hpb=fd52057729fcf050734882069e6fa3f02b555cd2;p=oweals%2Fopenssl.git

diff --git a/doc/openssl.txt b/doc/openssl.txt
index 2a84be420a..73272509c0 100644
--- a/doc/openssl.txt
+++ b/doc/openssl.txt
@@ -320,7 +320,7 @@ Extended Key Usage.
 This extensions consists of a list of usages.
 
 These can either be object short names of the dotted numerical form of OIDs.
-While any OID can be used only certain values make sense. In partiular the
+While any OID can be used only certain values make sense. In particular the
 following PKIX, NS and MS values are meaningful:
 
 Value			Meaning
@@ -345,6 +345,11 @@ use, in particular some usages may only work for selected CAs. Don't for example
 expect just including msSGC or nsSGC will automatically mean that a certificate
 can be used for SGC ("step up" encryption) otherwise anyone could use it.
 
+Examples:
+
+extendedKeyUsage=critical,codeSigning,1.2.3.4
+extendedKeyUsage=nsSGC,msSGC
+
 Subject Key Identifier.
 
 This is really a string extension and can take two possible values. Either
@@ -489,16 +494,16 @@ extension in a human or machine readable form.
 
 1. Initialisation and cleanup.
 
-X509V3_add_standard_extensions();
-
-This function should be called before any other extension code. It adds support
-for some common PKIX and Netscape extensions. Additional custom extensions can
-be added as well (see later).
+No special initialisation is needed before calling the extension functions.
+You used to have to call X509V3_add_standard_extensions(); but this is no longer
+required and this function no longer does anything.
 
 void X509V3_EXT_cleanup(void);
 
-This function should be called last to cleanup the extension code. After this
-call no other extension calls should be made.
+This function should be called to cleanup the extension code if any custom
+extensions have been added. If no custom extensions have been added then this
+call does nothing. After this call all custom extension code is freed up but
+you can still use the standard extensions.
 
 2. Printing and parsing extensions.
 
@@ -542,7 +547,7 @@ or CRL is due to be signed. Both return 0 on error on non zero for success.
 In each case 'conf' is the LHASH pointer of the configuration file to use
 and 'section' is the section containing the extension details.
 
-See the 'context functions' section for a description of the ctx paramater.
+See the 'context functions' section for a description of the ctx parameter.
 
 
 X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
@@ -689,7 +694,7 @@ The same as above but for an unsigned character value.
 int X509V3_add_value_bool(const char *name, int asn1_bool,
 						STACK_OF(CONF_VALUE) **extlist);
 
-This adds either "TRUE" or "FALSE" depending on the value of 'ans1_bool'
+This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
 
 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
 						STACK_OF(CONF_VALUE) **extlist);
@@ -716,7 +721,7 @@ Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
 or return a STACK_OF(CONF_VALUE).
 
 Raw extensions are just passed a BIO or a value and it is the extensions
-responsiblity to handle all the necessary printing.
+responsibility to handle all the necessary printing.
 
 There are two ways to add an extension. One is simply as an alias to an already
 existing extension. An alias is an extension that is identical in ASN1 structure
@@ -841,7 +846,7 @@ int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
 
 This function is passed the internal extension structure in the ext parameter
 and sends out a human readable version of the extension to out. The 'indent'
-paremeter should be noted to determine the necessary amount of indentation
+parameter should be noted to determine the necessary amount of indentation
 needed on the output.
 
 void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
@@ -912,7 +917,7 @@ d2i_PKCS12_fp(fp, p12)
 
 This is the same but for a FILE pointer.
 
-3. Parsing and creation functions.
+3. High level functions.
 
 3.1 Parsing with PKCS12_parse().
 
@@ -950,6 +955,14 @@ p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
 i2d_PKCS12_fp(fp, p12);
 PKCS12_free(p12);
 
+3.3 Changing a PKCS#12 structure password.
+
+int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
+
+This changes the password of an already existing PKCS#12 structure. oldpass
+is the old password and newpass is the new one. An error occurs if the old
+password is incorrect.
+
 LOW LEVEL FUNCTIONS.
 
 In some cases the high level functions do not provide the necessary