1 files changed, 7 insertions, 3 deletions

diff --git a/crypto/openssl/doc/man3/X509_check_purpose.pod b/crypto/openssl/doc/man3/X509_check_purpose.pod
index 6af9e79815e4..a3cfb78d6198 100644
--- a/crypto/openssl/doc/man3/X509_check_purpose.pod
+++ b/crypto/openssl/doc/man3/X509_check_purpose.pod
@@ -8,14 +8,15 @@ X509_check_purpose - Check the purpose of a certificate
 
  #include <openssl/x509v3.h>
 
- int X509_check_purpose(X509 *x, int id, int ca)
+ int X509_check_purpose(X509 *x, int id, int ca);
 
 =head1 DESCRIPTION
 
 This function checks if certificate I<x> was created with the purpose
 represented by I<id>. If I<ca> is nonzero, then certificate I<x> is
 checked to determine if it's a possible CA with various levels of certainty
-possibly returned.
+possibly returned. The certificate I<x> must be a complete certificate
+otherwise the function returns an error.
 
 Below are the potential ID's that can be checked:
 
@@ -29,6 +30,9 @@ Below are the potential ID's that can be checked:
  # define X509_PURPOSE_OCSP_HELPER       8
  # define X509_PURPOSE_TIMESTAMP_SIGN    9
 
+The checks performed take into account the X.509 extensions
+keyUsage, extendedKeyUsage, and basicConstraints.
+
 =head1 RETURN VALUES
 
 For non-CA checks
@@ -66,7 +70,7 @@ For CA checks the below integers could be returned with the following meanings:
 
 =head1 COPYRIGHT
 
-Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License"). You may not use this
 file except in compliance with the License. You can obtain a copy in the file
 LICENSE in the source distribution or at L<https://www.openssl.org/source/license.html>.