1 files changed, 47 insertions, 35 deletions
diff --git a/deps/openssl/openssl/doc/apps/x509v3_config.pod b/deps/openssl/openssl/doc/apps/x509v3_config.pod
index fb5f79c356..c0742c84da 100644
--- a/deps/openssl/openssl/doc/apps/x509v3_config.pod
+++ b/deps/openssl/openssl/doc/apps/x509v3_config.pod
@@ -88,7 +88,7 @@ only be used to sign end user certificates and not further CAs.
 Key usage is a multi valued extension consisting of a list of names of the
 permitted key usages.
 
-The supporte names are: digitalSignature, nonRepudiation, keyEncipherment,
+The supported names are: digitalSignature, nonRepudiation, keyEncipherment,
 dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly
 and decipherOnly.
 
@@ -108,24 +108,24 @@ These can either be object short names or the dotted numerical form of OIDs.
 While any OID can be used only certain values make sense. In particular the
 following PKIX, NS and MS values are meaningful:
 
- Value			Meaning
- -----			-------
- serverAuth		SSL/TLS Web Server Authentication.
- clientAuth		SSL/TLS Web Client Authentication.
- codeSigning		Code signing.
- emailProtection	E-mail Protection (S/MIME).
- timeStamping		Trusted Timestamping
- msCodeInd		Microsoft Individual Code Signing (authenticode)
- msCodeCom		Microsoft Commercial Code Signing (authenticode)
- msCTLSign		Microsoft Trust List Signing
- msSGC			Microsoft Server Gated Crypto
- msEFS			Microsoft Encrypted File System
- nsSGC			Netscape Server Gated Crypto
+ Value                  Meaning
+ -----                  -------
+ serverAuth             SSL/TLS Web Server Authentication.
+ clientAuth             SSL/TLS Web Client Authentication.
+ codeSigning            Code signing.
+ emailProtection        E-mail Protection (S/MIME).
+ timeStamping           Trusted Timestamping
+ OCSPSigning            OCSP Signing
+ ipsecIKE               ipsec Internet Key Exchange
+ msCodeInd              Microsoft Individual Code Signing (authenticode)
+ msCodeCom              Microsoft Commercial Code Signing (authenticode)
+ msCTLSign              Microsoft Trust List Signing
+ msEFS                  Microsoft Encrypted File System
 
 Examples:
 
  extendedKeyUsage=critical,codeSigning,1.2.3.4
- extendedKeyUsage=nsSGC,msSGC
+ extendedKeyUsage=serverAuth,clientAuth
 
 
 =head2 Subject Key Identifier.
@@ -167,7 +167,7 @@ registered ID: OBJECT IDENTIFIER), B<IP> (an IP address), B<dirName>
 (a distinguished name) and otherName.
 
 The email option include a special 'copy' value. This will automatically
-include and email addresses contained in the certificate subject name in
+include any email addresses contained in the certificate subject name in
 the extension.
 
 The IP address used in the B<IP> options can be in either IPv4 or IPv6 format.
@@ -178,7 +178,7 @@ prefacing the name with a B<+> character.
 
 otherName can include arbitrary data associated with an OID: the value
 should be the OID followed by a semicolon and the content in standard
-L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)> format.
+L<ASN1_generate_nconf(3)> format.
 
 Examples:
 
@@ -202,7 +202,7 @@ Examples:
 The issuer alternative name option supports all the literal options of
 subject alternative name. It does B<not> support the email:copy option because
 that would not make sense. It does support an additional issuer:copy option
-that will copy all the subject alternative name values from the issuer 
+that will copy all the subject alternative name values from the issuer
 certificate (if possible).
 
 Example:
@@ -224,7 +224,7 @@ Example:
  authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
 
 
-=head2 CRL distribution points.
+=head2 CRL distribution points
 
 This is a multi-valued extension whose options can be either in name:value pair
 using the same form as subject alternative name or a single value representing
@@ -352,13 +352,13 @@ Example:
  noticeNumbers=1,2,3,4
 
 The B<ia5org> option changes the type of the I<organization> field. In RFC2459
-it can only be of type DisplayText. In RFC3280 IA5Strring is also permissible.
+it can only be of type DisplayText. In RFC3280 IA5String is also permissible.
 Some software (for example some versions of MSIE) may require ia5org.
 
 =head2 Policy Constraints
 
 This is a multi-valued extension which consisting of the names
-B<requireExplicitPolicy> or B<inhibitPolicyMapping> and a non negative intger
+B<requireExplicitPolicy> or B<inhibitPolicyMapping> and a non negative integer
 value. At least one component must be present.
 
 Example:
@@ -380,7 +380,7 @@ Example:
 The name constraints extension is a multi-valued extension. The name should
 begin with the word B<permitted> or B<excluded> followed by a B<;>. The rest of
 the name and the value follows the syntax of subjectAltName except email:copy
-is not supported and the B<IP> form should consist of an IP addresses and 
+is not supported and the B<IP> form should consist of an IP addresses and
 subnet mask separated by a B</>.
 
 Examples:
@@ -401,6 +401,20 @@ Example:
  noCheck = ignored
 
 
+=head2 TLS Feature (aka Must Staple)
+
+This is a multi-valued extension consisting of a list of TLS extension
+identifiers. Each identifier may be a number (0..65535) or a supported name.
+When a TLS client sends a listed extension, the TLS server is expected to
+include that extension in its reply.
+
+The supported names are: B<status_request> and B<status_request_v2>.
+
+Example:
+
+ tlsfeature = status_request
+
+
 =head1 DEPRECATED EXTENSIONS
 
 The following extensions are non standard, Netscape specific and largely
@@ -441,7 +455,7 @@ the data is formatted correctly for the given extension type.
 There are two ways to encode arbitrary extensions.
 
 The first way is to use the word ASN1 followed by the extension content
-using the same syntax as L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)>.
+using the same syntax as L<ASN1_generate_nconf(3)>.
 For example:
 
  1.2.3.4=critical,ASN1:UTF8String:Some random data
@@ -491,7 +505,7 @@ will produce an error but the equivalent form:
  [subject_alt_section]
  subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
 
-is valid. 
+is valid.
 
 Due to the behaviour of the OpenSSL B<conf> library the same field name
 can only occur once in a section. This means that:
@@ -510,20 +524,18 @@ will only recognize the last value. This can be worked around by using the form:
  email.1=steve@here
  email.2=steve@there
 
-=head1 HISTORY
-
-The X509v3 extension code was first added to OpenSSL 0.9.2.
-
-Policy mappings, inhibit any policy and name constraints support was added in
-OpenSSL 0.9.8
+=head1 SEE ALSO
 
-The B<directoryName> and B<otherName> option as well as the B<ASN1> option
-for arbitrary extensions was added in OpenSSL 0.9.8
+L<req(1)>, L<ca(1)>, L<x509(1)>,
+L<ASN1_generate_nconf(3)>
 
-=head1 SEE ALSO
+=head1 COPYRIGHT
 
-L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>,
-L<ASN1_generate_nconf(3)|ASN1_generate_nconf(3)>
+Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
 
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
 
 =cut