mirror of https://github.com/openssl/openssl.git
Clarify the PKCS12 docs
Issue #23151 asks a question about the meaning of the PKCS12
documentation. This PR attempts to clarify how friendlyName and localKeyID
are added to the PKCS12 structure.
Fixes #23151
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23188)
(cherry picked from commit 3348713ad3)
This commit is contained in:
Matt Caswell
parent
d8bb9b7b91
commit
b4200aaf70
|
|
@ -72,9 +72,15 @@ export grade software which could use signing only keys of arbitrary size but
|
||||||
had restrictions on the permissible sizes of keys which could be used for
|
had restrictions on the permissible sizes of keys which could be used for
|
||||||
encryption.
|
encryption.
|
||||||
|
|
||||||
If a certificate contains an I<alias> or I<keyid> then this will be
|
If I<name> is B<NULL> and I<cert> contains an I<alias> then this will be
|
||||||
used for the corresponding B<friendlyName> or B<localKeyID> in the
|
used for the corresponding B<friendlyName> in the PKCS12 structure instead.
|
||||||
PKCS12 structure.
|
Similarly, if I<pkey> is NULL and I<cert> contains a I<keyid> then this will be
|
||||||
|
used for the corresponding B<localKeyID> in the PKCS12 structure instead of the
|
||||||
|
id calculated from the I<pkey>.
|
||||||
|
|
||||||
|
For all certificates in I<ca> then if a certificate contains an I<alias> or
|
||||||
|
I<keyid> then this will be used for the corresponding B<friendlyName> or
|
||||||
|
B<localKeyID> in the PKCS12 structure.
|
||||||
|
|
||||||
Either I<pkey>, I<cert> or both can be B<NULL> to indicate that no key or
|
Either I<pkey>, I<cert> or both can be B<NULL> to indicate that no key or
|
||||||
certificate is required. In previous versions both had to be present or
|
certificate is required. In previous versions both had to be present or
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue