From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Mon, 27 Jun 2022 15:04:03 +0000 (+0200)
Subject: CMS_add0_cert.pod: various improvements of the description
X-Git-Tag: openssl-3.2.0-alpha1~2381
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4329a321c9f939f06e7705fa25ac55af3160acf6;p=thirdparty%2Fopenssl.git

CMS_add0_cert.pod: various improvements of the description

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18667)
---

diff --git a/doc/man3/CMS_add0_cert.pod b/doc/man3/CMS_add0_cert.pod
index 4c21361750f..b82604ad5ff 100644
--- a/doc/man3/CMS_add0_cert.pod
+++ b/doc/man3/CMS_add0_cert.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_get1_crls
+CMS_add0_cert, CMS_add1_cert, CMS_get1_certs,
+CMS_add0_crl, CMS_add1_crl, CMS_get1_crls
 - CMS certificate and CRL utility functions
 
 =head1 SYNOPSIS
@@ -19,25 +20,30 @@ CMS_add0_cert, CMS_add1_cert, CMS_get1_certs, CMS_add0_crl, CMS_add1_crl, CMS_ge
 
 =head1 DESCRIPTION
 
-CMS_add0_cert() and CMS_add1_cert() add certificate B<cert> to B<cms>.
-must be of type signed data or enveloped data.
+CMS_add0_cert() and CMS_add1_cert() add certificate I<cert> to I<cms>.
+I<cms> must be of type signed data or (authenticated) enveloped data.
+For signed data, such a certificate can be used to fill in the signer
+certificate and may also be helpful for chain building in certificate validation.
 
-CMS_get1_certs() returns all certificates in B<cms>.
+CMS_get1_certs() returns all certificates in I<cms>.
 
-CMS_add0_crl() and CMS_add1_crl() add CRL B<crl> to B<cms>. CMS_get1_crls()
-returns any CRLs in B<cms>.
+CMS_add0_crl() and CMS_add1_crl() add CRL I<crl> to I<cms>.
+I<cms> must be of type signed data or (authenticated) enveloped data.
+For signed data, such a CRL may be used in certificate validation.
+
+CMS_get1_crls() returns all CRLs in I<cms>.
 
 =head1 NOTES
 
-The CMS_ContentInfo structure B<cms> must be of type signed data or enveloped
-data or an error will be returned.
+The CMS_ContentInfo structure I<cms> must be of type signed data or enveloped
+data or authenticated enveloped data or an error will be returned.
 
-For signed data certificates and CRLs are added to the B<certificates> and
-B<crls> fields of SignedData structure. For enveloped data they are added to
-B<OriginatorInfo>.
+For signed data, certificates and CRLs are added to the I<certificates> and
+I<crls> fields of SignedData structure.
+For enveloped data they are added to B<OriginatorInfo>.
 
-As the B<0> implies CMS_add0_cert() adds B<cert> internally to B<cms> and it
-must not be freed up after the call as opposed to CMS_add1_cert() where B<cert>
+As the 0 implies, CMS_add0_cert() adds I<cert> internally to I<cms> and it
+must not be freed up after the call as opposed to CMS_add1_cert() where I<cert>
 must be freed up.
 
 The same certificate or CRL must not be added to the same cms structure more
@@ -50,7 +56,7 @@ CMS_add0_cert(), CMS_add1_cert() and CMS_add0_crl() and CMS_add1_crl() return
 
 CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs
 or NULL if there are none or an error occurs. The only error which will occur
-in practice is if the B<cms> type is invalid.
+in practice is if the I<cms> type is invalid.
 
 =head1 SEE ALSO