The manual currently contains mentions of tls_peer_ocsp_result_msg(3), which doesn't exist.
I renamed these to tls_peer_ocsp_result(3) and made a stab at documenting lines 89-96 of tls_ocsp.c, the only place which sets the string `result_msg' that is later returned by tls_peer_ocsp_result(3). I refrained from giving detailed references to the relevant RFCs, as these are already given a few lines above. Index: lib/libtls/man/tls_ocsp_process_response.3 =================================================================== RCS file: /var/cvs/src/lib/libtls/man/tls_ocsp_process_response.3,v retrieving revision 1.4 diff -u -p -r1.4 tls_ocsp_process_response.3 --- lib/libtls/man/tls_ocsp_process_response.3 29 Jan 2017 18:00:21 -0000 1.4 +++ lib/libtls/man/tls_ocsp_process_response.3 18 Jul 2018 13:40:55 -0000 @@ -23,7 +23,7 @@ .Nm tls_peer_ocsp_crl_reason , .Nm tls_peer_ocsp_next_update , .Nm tls_peer_ocsp_response_status , -.Nm tls_peer_ocsp_result_msg , +.Nm tls_peer_ocsp_result , .Nm tls_peer_ocsp_revocation_time , .Nm tls_peer_ocsp_this_update , .Nm tls_peer_ocsp_url @@ -45,7 +45,7 @@ .Ft int .Fn tls_peer_ocsp_response_status "struct tls *ctx" .Ft const char * -.Fn tls_peer_ocsp_result_msg "struct tls *ctx" +.Fn tls_peer_ocsp_result "struct tls *ctx" .Ft time_t .Fn tls_peer_ocsp_revocation_time "struct tls *ctx" .Ft time_t @@ -86,7 +86,13 @@ returns the OCSP next update time. .Fn tls_peer_ocsp_response_status returns the OCSP response status as per RFC 6960 section 2.3. .Pp -.\" XXX Fn tls_peer_ocsp_result_msg does what? +.Fn tls_peer_ocsp_result +returns a string indicating the OCSP status. +If the OCSP response was successful and the OCSP certificate was not +revoked, the string indicates the OCSP certificate status. +Otherwise, the string indicates +the OCSP certificate revocation reason or the OCSP error. +.Pp .Fn tls_peer_ocsp_revocation_time returns the OCSP revocation time. .Pp @@ -139,7 +145,7 @@ and .Fn tls_peer_ocsp_this_update return a time in epoch-seconds on success or -1 on error. .Pp -.Fn tls_peer_ocsp_result_msg +.Fn tls_peer_ocsp_result and .Fn tls_peer_ocsp_url return
