===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/72.html,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- www/72.html	2022/10/03 21:30:58	1.52
+++ www/72.html	2022/10/03 21:44:19	1.53
@@ -894,33 +894,45 @@
     <li>Added ASN1_INTEGER_{get,set}_{u,}int64()
     <li>Move leaf certificate checks to the last thing after chain
 	validation.
-    <li>Added -s option to openssl(1) ciphers that only shows the ciphers
-	supported by the specified protocol.
-    <li>Use TLS_client_method() instead of TLSv1_client_method() in
-	the openssl(1) ciphers command.
-    <li>Validate the protocols in SSL{_CTX,}_set_alpn_protos().
+    <li>Added -s option to <a
+	href="https://man.openbsd.org/openssl.1">openssl(1)</a> ciphers
+	that only shows the ciphers supported by the specified protocol.
+    <li>Use <a href="https://man.openbsd.org/TLS_client_method.3">TLS_client_method(3)</a>
+	instead of <a href="https://man.openbsd.org/TLSv1_client_method.3">TLSv1_client_method(3)</a> in
+	the <a
+        href="https://man.openbsd.org/openssl.1">openssl(1)</a> ciphers command.
+    <li>Validate the protocols in <a
+	href="https://man.openbsd.org/SSL_CTX_set_alpn_protos.3">SSL{_CTX,}_set_alpn_protos()</a>.
     <li>Made TS and PKCS12 opaque.
     <li>Per RFC 7292, safeContentsBag is a SEQUENCE OF, not a SET OF.
     <li>Align PKCS12_key_gen_uni() with OpenSSL
     <li>Various PKCS12 and TS accessors were added. In particular, the
 	TS_RESP_CTX_set_time_cb() function was added back.
-    <li>Allow a NULL header in PEM_write{,_bio}()
+    <li>Allow a NULL header in <a
+        href="https://man.openbsd.org/PEM_write.3">PEM_write{,_bio}()</a>
     <li>Allow empty attribute sets in CSRs.
-    <li>Adjust signatures of BIO_ctrl functions.
+    <li>Adjust signatures of <a
+        href="https://man.openbsd.org/BIO_ctrl.3">BIO_ctrl</a> functions.
     <li>Provide additional defines for EVP AEAD.
     <li>Provide OPENSSL_cleanup().
-    <li>Make BIO_info_cb() identical to bio_info_cb().
+    <li>Make <a
+        href="https://man.openbsd.org/BIO_info_cb.3">BIO_info_cb()</a> identical to bio_info_cb().
     </ul>
 
   <li>Bug fixes
     <ul>
     <li>Avoid use of uninitialized in BN_mod_exp_recp().
-    <li>Fix X509_get_extension_flags() by ensuring that EXFLAG_INVALID is
+    <li>Fix <a
+        href="https://man.openbsd.org/X509_get_extension_flags.3">X509_get_extension_flags()</a>
+	by ensuring that EXFLAG_INVALID is
 	set on X509_get_purpose() failure.
-    <li>Fix HMAC() with NULL key.
-    <li>Add ERR_load_{COMP,CT,KDF}_strings() to ERR_load_crypto_strings().
+    <li>Fix <a
+        href="https://man.openbsd.org/HMAC.3">HMAC()</a> with NULL key.
+    <li>Add ERR_load_{COMP,CT,KDF}_strings() to <a
+        href="https://man.openbsd.org/ERR_load_crypto_strings.3">ERR_load_crypto_strings()</a>.
     <li>Avoid strict aliasing violations in BN_nist_mod_*().
-    <li>Do not return X509_V_ERR_UNSPECIFIED from X509_check_ca().
+    <li>Do not return X509_V_ERR_UNSPECIFIED from <a
+        href="https://man.openbsd.org/X509_check_ca.3">X509_check_ca()</a>.
 	No return value of X509_check_ca() indicates failure. Application
 	code should therefore issue a checked call to X509_check_purpose()
 	before calling X509_check_ca().
@@ -928,9 +940,12 @@
 	valid input.
     <li>Call the ASN1_OP_D2I_PRE callback after ASN1_item_ex_new().
     <li>Fix d2i_ASN1_OBJECT to advance the *der_in pointer correctly.
-    <li>Avoid use of uninitialized in ASN1_STRING_to_UTF8().
-    <li>Do not pass uninitialized pointer to ASN1_STRING_to_UTF8().
-    <li>Do not refuse valid IPv6 addresses in nc(1)'s HTTP CONNECT proxy.
+    <li>Avoid use of uninitialized in <a
+        href="https://man.openbsd.org/ASN1_STRING_to_UTF8.3">ASN1_STRING_to_UTF8()</a>.
+    <li>Do not pass uninitialized pointer to <a
+        href="https://man.openbsd.org/ASN1_STRING_to_UTF8.3">ASN1_STRING_to_UTF8()</a>.
+    <li>Do not refuse valid IPv6 addresses in <a
+        href="https://man.openbsd.org/nc.1">nc(1)</a>'s HTTP CONNECT proxy.
     <li>Do not reject primes in trial divisions.
     <li>Error out on negative shifts in BN_{r,l}shift() instead of
 	accessing arrays out of bounds.
@@ -938,13 +953,17 @@
     <li>Fix the legacy verifier callback behaviour for untrusted certs.
     <li>Correct serfver-side handling of TLSv1.3 key updates.
     <li>Plug leak in PKCS12_setup_mac().
-    <li>Plug leak in X509V3_add1_i2d().
+    <li>Plug leak in <a
+        href="https://man.openbsd.org/X509V3_add1_i2d.3">X509V3_add1_i2d()</a>.
     <li>Only print X.509 versions we know about.
     <li>Avoid signed integer overflow due to unary negation
-    <li>Initialize readbytes in BIO_gets().
+    <li>Initialize readbytes in <a
+        href="https://man.openbsd.org/BIO_gets.3">BIO_gets()</a>.
     <li>Plug memory leak in CMS_add_simple_smimecap().
-    <li>Plug memory leak in X509_REQ_print_ex().
-    <li>Check HMAC() return value to avoid a later use of uninitialized.
+    <li>Plug memory leak in <a
+        href="https://man.openbsd.org/X509_REQ_print_ex.3">X509_REQ_print_ex()</a>.
+    <li>Check <a
+        href="https://man.openbsd.org/HMAC.3">HMAC()</a> return value to avoid a later use of uninitialized.
     <li>Avoid potential NULL dereference in ssl_set_pkey().
     <li>Check return values in ssl_print_tmp_key().
     <li>Switch loop bounds from size_t to int in check_hosts().
@@ -960,7 +979,8 @@
     <li>The templated ASN.1 decoder has been cleaned up, refactored,
 	modernized with parts rewritten using CBB and CBS.
     <li>The ASN.1 time parser has been rewritten.
-    <li>Rewrite and fix ASN1_STRING_to_UTF8().
+    <li>Rewrite and fix <a
+        href="https://man.openbsd.org/ASN1_STRING_to_UTF8.3">ASN1_STRING_to_UTF8()</a>.
     <li>Use asn1_abs_set_unused_bits() rather than inlining it.
     <li>Simplify ec_asn1_group2curve().
     <li>First pass at a clean up of ASN1_item_sign_ctx()