Document new functions

Reviewed-by: Tim Hudson <tjh@openssl.org>

doc/crypto/X509V3_get_d2i.pod

@@ -31,6 +31,10 @@ X509_REVOKED_add1_ext_i2d - X509 extension decode and encode functions
  int X509_REVOKED_add1_ext_i2d(X509_REVOKED *r, int nid, void *value, int crit,
                                unsigned long flags);
 
+ STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+ STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(X509_CRL *crl);
+ STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(X509_REVOKED *r);
+
 =head1 DESCRIPTION
 
 X509V3_get_ext_d2i() looks for an extension with OID B<nid> in the extensions
@@ -66,6 +70,10 @@ X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the
 extensions of B<X509_REVOKED> structure B<r> (i.e for CRL entry extensions),
 they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d().
 
+X509_get0_extensions(), X509_CRL_get0_extensions() and
+X509_REVOKED_get0_extensions() return a stack of all the extensions
+of a certificate a CRL or a CRL entry respectively.
+
 =head1 NOTES
 
 In almost all cases an extension can occur at most once and multiple
@@ -195,6 +203,10 @@ fails due to a non-fatal error (extension not found, already exists,
 cannot be encoded) or -1 due to a fatal error such as a memory allocation
 failure.
 
+X509_get0_extensions(), X509_CRL_get0_extensions() and
+X509_REVOKED_get0_extensions() return a stack of extensions. They can return
+NULL if no extensions are present.
+
 =head1 SEE ALSO
 
 L<d2i_X509(3)>,

doc/crypto/X509_get0_signature.pod

@@ -2,8 +2,8 @@
 
 =head1 NAME
 
-X509_get0_signature, X509_get_signature_nid, X509_REQ_get0_signature,
-X509_REQ_get_signature_nid, X509_CRL_get0_signature,
+X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
+X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
 X509_CRL_get_signature_nid - signature information.
 
 =head1 SYNOPSIS
@@ -13,6 +13,7 @@ X509_CRL_get_signature_nid - signature information.
  void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
                           const X509 *x);
  int X509_get_signature_nid(const X509 *x);
+ X509_ALGOR *X509_get0_tbs_sigalg(X509 *x);
 
  void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
                               const X509_REQ *crl);
@@ -28,6 +29,9 @@ X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
 to the signature algorithm of B<x>. The values returned are internal
 pointers which B<MUST NOT> be freed up after the call.
 
+X509_get0_tbs_sigalg() returns the signature algorithm in the signed
+portion of B<x>.
+
 X509_get_signature_nid() returns the NID corresponding to the signature
 algorithm of B<x>.
 

doc/crypto/X509_get0_uids.pod

@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+X509_get0_uids - get certificate unique identifiers
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ void X509_get0_uids(ASN1_BIT_STRING **piuid, ASN1_BIT_STRING **psuid, X509 *x);
+
+=head1 DESCRIPTION
+
+X509_get0_uids() sets B<*piuid> and B<*psuid> to the issuer and subject unique
+identifiers of certificate B<x> or NULL if the fields are not present.
+
+=head1 NOTES
+
+The issuer and subject unique identifier fields are very rarely encountered in
+practice outside test cases.
+
+=head1 RETURN VALUES
+
+X509_get0_uids() does not return a value.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)>,
+L<ERR_get_error(3)>,
+L<X509_CRL_get0_by_serial(3)>,
+L<X509_get0_signature(3)>,
+L<X509_get_ext_d2i(3)>,
+L<X509_get_extension_flags(3)>,
+L<X509_get_pubkey(3)>,
+L<X509_get_subject_name(3)>,
+L<X509_get_version(3)>,
+L<X509_NAME_add_entry_by_txt(3)>,
+L<X509_NAME_ENTRY_get_object(3)>,
+L<X509_NAME_get_index_by_NID(3)>,
+L<X509_NAME_print_ex(3)>,
+L<X509_new(3)>,
+L<X509_sign(3)>,
+L<X509V3_get_d2i(3)>,
+L<X509_verify_cert(3)>
+
+=cut