Merge OpenSSL 1.0.2d.

1 files changed, 26 insertions, 3 deletions

diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3
index fc2a852..fa12c9f 100644
--- a/secure/lib/libcrypto/man/d2i_X509.3
+++ b/secure/lib/libcrypto/man/d2i_X509.3
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "d2i_X509 3"
-.TH d2i_X509 3 "2015-07-09" "1.0.1p" "OpenSSL"
+.TH d2i_X509 3 "2015-07-09" "1.0.2d" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -154,6 +154,8 @@ i2d_X509_fp \- X509 encode and decode functions
 \&
 \& int i2d_X509_bio(BIO *bp, X509 *x);
 \& int i2d_X509_fp(FILE *fp, X509 *x);
+\&
+\& int i2d_re_X509_tbs(X509 *x, unsigned char **out);
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
@@ -196,11 +198,17 @@ returns 1 for success and 0 for failure.
 \&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes
 the encoding of the structure \fBx\fR to \s-1BIO \s0\fBbp\fR and it
 returns 1 for success and 0 for failure.
+.PP
+\&\fIi2d_re_X509_tbs()\fR is similar to \fIi2d_X509()\fR except it encodes
+only the TBSCertificate portion of the certificate.
 .SH "NOTES"
 .IX Header "NOTES"
 The letters \fBi\fR and \fBd\fR in for example \fBi2d_X509\fR stand for
-\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\*(R".\s0 So that
-\&\fBi2d_X509\fR converts from internal to \s-1DER.\s0
+\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\*(R".\s0 So
+\&\fBi2d_X509\fR converts from internal to \s-1DER.\s0 The \*(L"re\*(R" in
+\&\fBi2d_re_X509_tbs\fR stands for \*(L"re-encode\*(R", and ensures that a fresh
+encoding is generated in case the object has been modified after
+creation (see the \s-1BUGS\s0 section).
 .PP
 The functions can also understand \fB\s-1BER\s0\fR forms.
 .PP
@@ -351,6 +359,21 @@ then the encoded structure may contain invalid data or omit the
 fields entirely and will not be parsed by \fId2i_X509()\fR. This may be
 fixed in future so code should not assume that \fIi2d_X509()\fR will
 always succeed.
+.PP
+The encoding of the TBSCertificate portion of a certificate is cached
+in the \fBX509\fR structure internally to improve encoding performance
+and to ensure certificate signatures are verified correctly in some
+certificates with broken (non-DER) encodings.
+.PP
+Any function which encodes an X509 structure such as \fIi2d_X509()\fR,
+\&\fIi2d_X509_fp()\fR or \fIi2d_X509_bio()\fR may return a stale encoding if the
+\&\fBX509\fR structure has been modified after deserialization or previous
+serialization.
+.PP
+If, after modification, the \fBX509\fR object is re-signed with \fIX509_sign()\fR,
+the encoding is automatically renewed. Otherwise, the encoding of the
+TBSCertificate portion of the \fBX509\fR can be manually renewed by calling
+\&\fIi2d_re_X509_tbs()\fR.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 \&\fId2i_X509()\fR, \fId2i_X509_bio()\fR and \fId2i_X509_fp()\fR return a valid \fBX509\fR structure