Re: document tls_peer_ocsp_result(3)

Wed, 18 Jul 2018 07:01:27 -0700 

On Wed, Jul 18, 2018 at 03:49:56PM +0200, Theo Buehler wrote:
> The manual currently contains mentions of tls_peer_ocsp_result_msg(3),
> which doesn't exist.
> 
> I renamed these to tls_peer_ocsp_result(3) and made a stab at
> documenting lines 89-96 of tls_ocsp.c, the only place which sets the
> string `result_msg' that is later returned by tls_peer_ocsp_result(3).
> I refrained from giving detailed references to the relevant RFCs,
> as these are already given a few lines above.
> 

reads fine to me.
jmc

> Index: lib/libtls/man/tls_ocsp_process_response.3
> ===================================================================
> RCS file: /var/cvs/src/lib/libtls/man/tls_ocsp_process_response.3,v
> retrieving revision 1.4
> diff -u -p -r1.4 tls_ocsp_process_response.3
> --- lib/libtls/man/tls_ocsp_process_response.3        29 Jan 2017 18:00:21 
> -0000      1.4
> +++ lib/libtls/man/tls_ocsp_process_response.3        18 Jul 2018 13:40:55 
> -0000
> @@ -23,7 +23,7 @@
>  .Nm tls_peer_ocsp_crl_reason ,
>  .Nm tls_peer_ocsp_next_update ,
>  .Nm tls_peer_ocsp_response_status ,
> -.Nm tls_peer_ocsp_result_msg ,
> +.Nm tls_peer_ocsp_result ,
>  .Nm tls_peer_ocsp_revocation_time ,
>  .Nm tls_peer_ocsp_this_update ,
>  .Nm tls_peer_ocsp_url
> @@ -45,7 +45,7 @@
>  .Ft int
>  .Fn tls_peer_ocsp_response_status "struct tls *ctx"
>  .Ft const char *
> -.Fn tls_peer_ocsp_result_msg "struct tls *ctx"
> +.Fn tls_peer_ocsp_result "struct tls *ctx"
>  .Ft time_t
>  .Fn tls_peer_ocsp_revocation_time "struct tls *ctx"
>  .Ft time_t
> @@ -86,7 +86,13 @@ returns the OCSP next update time.
>  .Fn tls_peer_ocsp_response_status
>  returns the OCSP response status as per RFC 6960 section 2.3.
>  .Pp
> -.\" XXX Fn tls_peer_ocsp_result_msg does what?
> +.Fn tls_peer_ocsp_result
> +returns a string indicating the OCSP status.
> +If the OCSP response was successful and the OCSP certificate was not
> +revoked, the string indicates the OCSP certificate status.
> +Otherwise, the string indicates
> +the OCSP certificate revocation reason or the OCSP error.
> +.Pp
>  .Fn tls_peer_ocsp_revocation_time
>  returns the OCSP revocation time.
>  .Pp
> @@ -139,7 +145,7 @@ and
>  .Fn tls_peer_ocsp_this_update
>  return a time in epoch-seconds on success or -1 on error.
>  .Pp
> -.Fn tls_peer_ocsp_result_msg
> +.Fn tls_peer_ocsp_result
>  and
>  .Fn tls_peer_ocsp_url
>  return
>

Reply via email to