1 files changed, 16 insertions, 14 deletions

diff --git a/secure/lib/libcrypto/man/man3/X509_check_host.3 b/secure/lib/libcrypto/man/man3/X509_check_host.3
index fec5bd92f04c..d5ef9c20f4aa 100644
--- a/secure/lib/libcrypto/man/man3/X509_check_host.3
+++ b/secure/lib/libcrypto/man/man3/X509_check_host.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -68,8 +68,6 @@
 .    \}
 .\}
 .rr rF
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
 .    \" fudge factors for nroff and troff
 .if n \{\
@@ -132,8 +130,8 @@
 .rm #[ #] #H #V #F C
 .\" ========================================================================
 .\"
-.IX Title "X509_CHECK_HOST 3"
-.TH X509_CHECK_HOST 3 "2022-06-21" "1.1.1p" "OpenSSL"
+.IX Title "X509_CHECK_HOST 3ossl"
+.TH X509_CHECK_HOST 3ossl "2023-09-19" "3.0.11" "OpenSSL"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -161,7 +159,7 @@ The validity of the certificate and its trust level has to be checked by
 other means.
 .PP
 \&\fBX509_check_host()\fR checks if the certificate Subject Alternative
-Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified hostname, 
+Name (\s-1SAN\s0) or Subject CommonName (\s-1CN\s0) matches the specified hostname,
 which must be encoded in the preferred name syntax described
 in section 3.5 of \s-1RFC 1034.\s0  By default, wildcards are supported
 and they match  only in the left-most label; but they may match
@@ -185,9 +183,13 @@ is responsible for freeing the peername via \fBOPENSSL_free()\fR when it
 is no longer needed.
 .PP
 \&\fBX509_check_email()\fR checks if the certificate matches the specified
-email \fBaddress\fR.  Only the mailbox syntax of \s-1RFC 822\s0 is supported,
+email \fBaddress\fR. The mailbox syntax of \s-1RFC 822\s0 is supported,
 comments are not allowed, and no attempt is made to normalize quoted
-characters.  The \fBaddresslen\fR argument must be the number of
+characters. The mailbox syntax of \s-1RFC 6531\s0 is supported for
+SmtpUTF8Mailbox address in subjectAltName according to \s-1RFC 8398,\s0
+with similar limitations as for \s-1RFC 822\s0 syntax, and no attempt
+is made to convert from A\-label to U\-label before comparison.
+The \fBaddresslen\fR argument must be the number of
 characters in the address string or zero in which case the length
 is calculated with strlen(\fBaddress\fR).
 .PP
@@ -195,7 +197,8 @@ is calculated with strlen(\fBaddress\fR).
 IPv6 address.  The \fBaddress\fR array is in binary format, in network
 byte order.  The length is either 4 (IPv4) or 16 (IPv6).  Only
 explicitly marked addresses in the certificates are considered; \s-1IP\s0
-addresses stored in \s-1DNS\s0 names and Common Names are ignored.
+addresses stored in \s-1DNS\s0 names and Common Names are ignored. There are
+currently no \fBflags\fR that would affect the behavior of this call.
 .PP
 \&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated
 string \fBaddress\fR is first converted to the internal representation.
@@ -263,7 +266,7 @@ NULs.
 .SH "NOTES"
 .IX Header "NOTES"
 Applications are encouraged to use \fBX509_VERIFY_PARAM_set1_host()\fR
-rather than explicitly calling \fBX509_check_host\fR\|(3). Host name
+rather than explicitly calling \fBX509_check_host\fR\|(3). Hostname
 checks may be out of scope with the \s-1\fBDANE\-EE\s0\fR\|(3) certificate usage,
 and the internal checks will be suppressed as appropriate when
 \&\s-1DANE\s0 support is enabled.
@@ -273,16 +276,15 @@ and the internal checks will be suppressed as appropriate when
 \&\fBX509_VERIFY_PARAM_set1_host\fR\|(3),
 \&\fBX509_VERIFY_PARAM_add1_host\fR\|(3),
 \&\fBX509_VERIFY_PARAM_set1_email\fR\|(3),
-\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3),
-\&\fBX509_VERIFY_PARAM_set1_ipasc\fR\|(3)
+\&\fBX509_VERIFY_PARAM_set1_ip\fR\|(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
 These functions were added in OpenSSL 1.0.2.
 .SH "COPYRIGHT"
 .IX Header "COPYRIGHT"
-Copyright 2012\-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2012\-2022 The OpenSSL Project Authors. All Rights Reserved.
 .PP
-Licensed under the OpenSSL license (the \*(L"License\*(R").  You may not use
+Licensed under the Apache License 2.0 (the \*(L"License\*(R").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file \s-1LICENSE\s0 in the source distribution or at
 <https://www.openssl.org/source/license.html>.