1 files changed, 45 insertions, 39 deletions

diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3
index d45fda3..b81f200 100644
--- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3
+++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -1,8 +1,7 @@
-.\" Automatically generated by Pod::Man version 1.15
-.\" Wed Feb 19 16:47:43 2003
+.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
 .\"
 .\" Standard preamble:
-.\" ======================================================================
+.\" ========================================================================
 .de Sh \" Subsection heading
 .br
 .if t .Sp
@@ -15,12 +14,6 @@
 .if t .sp .5v
 .if n .sp
 ..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
 .de Vb \" Begin verbatim text
 .ft CW
 .nf
@@ -28,15 +21,14 @@
 ..
 .de Ve \" End verbatim text
 .ft R
-
 .fi
 ..
 .\" Set up some character translations and predefined strings.  \*(-- will
 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
 .\" double quote, and \*(R" will give a right double quote.  | will give a
-.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used
-.\" to do unbreakable dashes and therefore won't be available.  \*(C` and
-.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
+.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used to
+.\" do unbreakable dashes and therefore won't be available.  \*(C` and \*(C'
+.\" expand to `' in nroff, nothing in troff, for use with C<>.
 .tr \(*W-|\(bv\*(Tr
 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
 .ie n \{\
@@ -56,10 +48,10 @@
 .    ds R" ''
 'br\}
 .\"
-.\" If the F register is turned on, we'll generate index entries on stderr
-.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
-.\" index entries marked with X<> in POD.  Of course, you'll have to process
-.\" the output yourself in some meaningful fashion.
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
+.\" entries marked with X<> in POD.  Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
 .if \nF \{\
 .    de IX
 .    tm Index:\\$1\t\\n%\t"\\$2"
@@ -68,14 +60,13 @@
 .    rr F
 .\}
 .\"
-.\" For nroff, turn off justification.  Always turn off hyphenation; it
-.\" makes way too many mistakes in technical documents.
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
 .hy 0
 .if n .na
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
-.bd B 3
 .    \" fudge factors for nroff and troff
 .if n \{\
 .    ds #H 0
@@ -135,11 +126,10 @@
 .    ds Ae AE
 .\}
 .rm #[ #] #H #V #F C
-.\" ======================================================================
+.\" ========================================================================
 .\"
 .IX Title "SSL_CTX_use_certificate 3"
-.TH SSL_CTX_use_certificate 3 "0.9.7a" "2003-02-19" "OpenSSL"
-.UC
+.TH SSL_CTX_use_certificate 3 "2006-07-29" "0.9.8b" "OpenSSL"
 .SH "NAME"
 SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data
 .SH "SYNOPSIS"
@@ -147,6 +137,7 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f
 .Vb 1
 \& #include <openssl/ssl.h>
 .Ve
+.PP
 .Vb 6
 \& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
 \& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
@@ -155,9 +146,11 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f
 \& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
 \& int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
 .Ve
+.PP
 .Vb 1
 \& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
 .Ve
+.PP
 .Vb 13
 \& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
 \& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
@@ -173,9 +166,10 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f
 \& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 \& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
 .Ve
+.PP
 .Vb 2
-\& int SSL_CTX_check_private_key(SSL_CTX *ctx);
-\& int SSL_check_private_key(SSL *ssl);
+\& int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+\& int SSL_check_private_key(const SSL *ssl);
 .Ve
 .SH "DESCRIPTION"
 .IX Header "DESCRIPTION"
@@ -184,18 +178,18 @@ or \s-1SSL\s0 object, respectively.
 .PP
 The SSL_CTX_* class of functions loads the certificates and keys into the
 \&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR
-created from \fBctx\fR with SSL_new(3) by copying, so that
+created from \fBctx\fR with \fISSL_new\fR\|(3) by copying, so that
 changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects.
 .PP
 The SSL_* class of functions only loads certificates and keys into a
 specific \s-1SSL\s0 object. The specific information is kept, when
-SSL_clear(3) is called for this \s-1SSL\s0 object.
+\&\fISSL_clear\fR\|(3) is called for this \s-1SSL\s0 object.
 .PP
 \&\fISSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR,
 \&\fISSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the
 certificates needed to form the complete certificate chain can be
 specified using the
-SSL_CTX_add_extra_chain_cert(3)
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
 function.
 .PP
 \&\fISSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from
@@ -211,13 +205,20 @@ should be preferred.
 .PP
 \&\fISSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from 
 \&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must
-be sorted starting with the certificate to the highest level (root \s-1CA\s0).
+be sorted starting with the subject's certificate (actual client or server
+certificate), followed by intermediate \s-1CA\s0 certificates if applicable, and
+ending at the highest level (root) \s-1CA\s0.
 There is no corresponding function working on a single \s-1SSL\s0 object.
 .PP
 \&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR.
 \&\fISSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0
 to \fBctx\fR. \fISSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR;
 \&\fISSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR.
+If a certificate has already been set and the private does not belong
+to the certificate an error is returned. To change a certificate, private
+key pair the new certificate needs to be set with \fISSL_use_certificate()\fR
+or \fISSL_CTX_use_certificate()\fR before setting the private key with
+\&\fISSL_CTX_use_PrivateKey()\fR or \fISSL_use_PrivateKey()\fR. 
 .PP
 \&\fISSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR
 stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR.
@@ -246,7 +247,7 @@ this \fBssl\fR, the last item added into \fBctx\fR will be checked.
 The internal certificate store of OpenSSL can hold two private key/certificate
 pairs at a time: one key/certificate of type \s-1RSA\s0 and one key/certificate
 of type \s-1DSA\s0. The certificate used depends on the cipher select, see
-also SSL_CTX_set_cipher_list(3).
+also \fISSL_CTX_set_cipher_list\fR\|(3).
 .PP
 When reading certificates and private keys from file, files of type
 \&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain
@@ -257,7 +258,7 @@ Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item.
 \&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found
 in the file to the certificate store. The other certificates are added
 to the store of chain certificates using
-SSL_CTX_add_extra_chain_cert(3).
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3).
 There exists only one extra chain store, so that the same chain is appended
 to both types of certificates, \s-1RSA\s0 and \s-1DSA\s0! If it is not intended to use
 both type of certificate at the same time, it is recommended to use the
@@ -270,12 +271,12 @@ when the \s-1CA\s0 issuing the certificate shall not be added to the trusted
 If additional certificates are needed to complete the chain during the
 \&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the
 locations of trusted \s-1CA\s0 certificates, see
-SSL_CTX_load_verify_locations(3).
+\&\fISSL_CTX_load_verify_locations\fR\|(3).
 .PP
 The private keys loaded from file can be encrypted. In order to successfully
 load encrypted keys, a function returning the passphrase must have been
 supplied, see
-SSL_CTX_set_default_passwd_cb(3).
+\&\fISSL_CTX_set_default_passwd_cb\fR\|(3).
 (Certificate files might be encrypted as well from the technical point
 of view, it however does not make sense as the data in the certificate
 is considered public anyway.)
@@ -285,9 +286,14 @@ On success, the functions return 1.
 Otherwise check out the error stack to find out the reason.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-ssl(3), SSL_new(3), SSL_clear(3),
-SSL_CTX_load_verify_locations(3),
-SSL_CTX_set_default_passwd_cb(3),
-SSL_CTX_set_cipher_list(3),
-SSL_CTX_set_client_cert_cb(3),
-SSL_CTX_add_extra_chain_cert(3)
+\&\fIssl\fR\|(3), \fISSL_new\fR\|(3), \fISSL_clear\fR\|(3),
+\&\fISSL_CTX_load_verify_locations\fR\|(3),
+\&\fISSL_CTX_set_default_passwd_cb\fR\|(3),
+\&\fISSL_CTX_set_cipher_list\fR\|(3),
+\&\fISSL_CTX_set_client_cert_cb\fR\|(3),
+\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+Support for \s-1DER\s0 encoded private keys (\s-1SSL_FILETYPE_ASN1\s0) in
+\&\fISSL_CTX_use_PrivateKey_file()\fR and \fISSL_use_PrivateKey_file()\fR was added
+in 0.9.8 .