RT2353: Add ipsec IKE OID

[openssl.git] / doc / apps / x509v3_config.pod

diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod
index 26b327c1849be0b984d2fc562bcce88b69d6aef7..72eec511a256775d502cfaea363dbfb9857bc4db 100644 (file)
--- a/doc/apps/x509v3_config.pod
+++ b/doc/apps/x509v3_config.pod
@@ -115,17 +115,17 @@ following PKIX, NS and MS values are meaningful:
  codeSigning           Code signing.
  emailProtection       E-mail Protection (S/MIME).
  timeStamping          Trusted Timestamping
+ OCSPSigning           OCSP Signing
+ ipsecIKE              ipsec Internet Key Exchnage
  msCodeInd             Microsoft Individual Code Signing (authenticode)
  msCodeCom             Microsoft Commercial Code Signing (authenticode)
  msCTLSign             Microsoft Trust List Signing
- msSGC                 Microsoft Server Gated Crypto
  msEFS                 Microsoft Encrypted File System
- nsSGC                 Netscape Server Gated Crypto
 
 Examples:
 
  extendedKeyUsage=critical,codeSigning,1.2.3.4
- extendedKeyUsage=nsSGC,msSGC
+ extendedKeyUsage=serverAuth,clientAuth
 
 
 =head2 Subject Key Identifier.
@@ -178,7 +178,7 @@ prefacing the name with a B<+> character.
 
 otherName can include arbitrary data associated with an OID: the value
 should be the OID followed by a semicolon and the content in standard
-L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> format.
+L<ASN1_generate_nconf(3)> format.
 
 Examples:
 
@@ -401,6 +401,20 @@ Example:
  noCheck = ignored
 
 
+=head2 TLS Feature (aka Must Staple)
+
+This is a multi-valued extension consisting of a list of TLS extension
+identifiers. Each identifier may be a number (0..65535) or a supported name.
+When a TLS client sends a listed extension, the TLS server is expected to
+include that extension in its reply.
+
+The supported names are: B<status_request> and B<status_request_v2>.
+
+Example:
+
+ tlsfeature = status_request
+
+
 =head1 DEPRECATED EXTENSIONS
 
 The following extensions are non standard, Netscape specific and largely
@@ -441,7 +455,7 @@ the data is formatted correctly for the given extension type.
 There are two ways to encode arbitrary extensions.
 
 The first way is to use the word ASN1 followed by the extension content
-using the same syntax as L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)>.
+using the same syntax as L<ASN1_generate_nconf(3)>.
 For example:
 
  1.2.3.4=critical,ASN1:UTF8String:Some random data
@@ -510,20 +524,10 @@ will only recognize the last value. This can be worked around by using the form:
  email.1=steve@here
  email.2=steve@there
 
-=head1 HISTORY
-
-The X509v3 extension code was first added to OpenSSL 0.9.2.
-
-Policy mappings, inhibit any policy and name constraints support was added in
-OpenSSL 0.9.8
-
-The B<directoryName> and B<otherName> option as well as the B<ASN1> option
-for arbitrary extensions was added in OpenSSL 0.9.8
-
 =head1 SEE ALSO
 
-L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>,
-L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)>
+L<req(1)>, L<ca(1)>, L<x509(1)>,
+L<ASN1_generate_nconf(3)>
 
 
 =cut