From a4b531152858c7e9ce8ac29a7d1b84420de719b2 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Mar 28 2011 20:53:46 +0000
Subject: - document some known values


---

diff --git a/src/getcert-request.1.in b/src/getcert-request.1.in
index b6a08d9..6141ebc 100644
--- a/src/getcert-request.1.in
+++ b/src/getcert-request.1.in
@@ -94,7 +94,25 @@ used is CN=\fIhostname\fR, where \fIhostname\fR is the local hostname.
 \fB\-U\fR EKU
 Add an extensionRequest for the specified extendedKeyUsage to the
 signing request.  The EKU value is expected to be an object identifier
-(OID).
+(OID), but some specific names are also recognized:
+
+id-kp-serverAuth	1.3.6.1.5.5.7.3.1
+
+id-kp-clientAuth	1.3.6.1.5.5.7.3.2
+
+id-kp-codeSigning	1.3.6.1.5.5.7.3.3
+
+id-kp-emailProtection	1.3.6.1.5.5.7.3.4
+
+id-kp-timeStamping	1.3.6.1.5.5.7.3.8
+
+id-kp-OCSPSigning	1.3.6.1.5.5.7.3.9
+
+id-pkinit-KPClientAuth	1.3.6.1.5.2.3.4
+
+id-pkinit-KPKdc		1.3.6.1.5.2.3.5
+
+id-ms-kp-sc-logon	1.3.6.1.4.1.311.20.2.2
 .TP
 \fB\-K\fR NAME
 Add an extensionRequest for a subjectAltName, with the specified Kerberos