4 files changed, 68 insertions, 13 deletions

diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 442bd0de..73011dd0 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -547,8 +547,8 @@ A specific ``backend`` may provide one or more of these interfaces.
             :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
             that will be used to generate the request signature.
 
-        :returns: A new object with the
-            :class:`~cryptography.x509.CertificateSigningRequest` interface.
+        :returns: A new instance of
+            :class:`~cryptography.x509.CertificateSigningRequest`.
 
     .. method:: create_x509_certificate(builder, private_key, algorithm)
 
@@ -567,9 +567,36 @@ A specific ``backend`` may provide one or more of these interfaces.
             :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
             that will be used to generate the certificate signature.
 
-        :returns: A new object with the
-            :class:`~cryptography.x509.Certificate` interface.
+        :returns: A new instance of :class:`~cryptography.x509.Certificate`.
+
+    .. method:: create_x509_crl(builder, private_key, algorithm)
+
+        .. versionadded:: 1.2
+
+        :param builder: An instance of
+            :class:`~cryptography.x509.CertificateRevocationListBuilder`.
+
+        :param private_key: The
+            :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
+            :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` or
+            :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`
+            that will be used to sign the CRL.
+
+        :param algorithm: The
+            :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
+            that will be used to generate the CRL signature.
+
+        :returns: A new instance of
+            :class:`~cryptography.x509.CertificateRevocationList`.
+
+    .. method:: create_x509_revoked_certificate(builder)
+
+        .. versionadded:: 1.2
+
+        :param builder: An instance of RevokedCertificateBuilder.
 
+        :returns: A new instance of
+            :class:`~cryptography.x509.RevokedCertificate`.
 
 .. class:: DHBackend
 
diff --git a/docs/hazmat/bindings/openssl.rst b/docs/hazmat/bindings/openssl.rst
index 0ec0a3d6..99cd7a48 100644
--- a/docs/hazmat/bindings/openssl.rst
+++ b/docs/hazmat/bindings/openssl.rst
@@ -46,4 +46,4 @@ OpenSSL.
 
 .. _`CFFI`: https://cffi.readthedocs.org/
 .. _`OpenSSL`: https://www.openssl.org/
-.. _`thread safety facilities`: https://www.openssl.org/docs/crypto/threads.html
+.. _`thread safety facilities`: https://www.openssl.org/docs/manmaster/crypto/threads.html
diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst
index c1619dd0..8e3a3659 100644
--- a/docs/hazmat/primitives/asymmetric/ec.rst
+++ b/docs/hazmat/primitives/asymmetric/ec.rst
@@ -504,7 +504,7 @@ Key Interfaces
 .. _`some concern`: https://crypto.stackexchange.com/questions/10263/should-we-trust-the-nist-recommended-ecc-parameters
 .. _`less than 224 bits`: http://www.ecrypt.eu.org/ecrypt2/documents/D.SPA.20.pdf
 .. _`elliptic curve diffie-hellman is faster than diffie-hellman`: http://digitalcommons.unl.edu/cgi/viewcontent.cgi?article=1100&context=cseconfwork
-.. _`minimize the number of security concerns for elliptic-curve cryptography`: http://cr.yp.to/ecdh/curve25519-20060209.pdf
+.. _`minimize the number of security concerns for elliptic-curve cryptography`: https://cr.yp.to/ecdh/curve25519-20060209.pdf
 .. _`SafeCurves`: http://safecurves.cr.yp.to/
 .. _`ECDSA`: https://en.wikipedia.org/wiki/ECDSA
 .. _`EdDSA`: https://en.wikipedia.org/wiki/EdDSA
diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst
index f14f4037..b94c0e10 100644
--- a/docs/hazmat/primitives/asymmetric/serialization.rst
+++ b/docs/hazmat/primitives/asymmetric/serialization.rst
@@ -118,7 +118,12 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END
         :class:`~cryptography.hazmat.backends.interfaces.PEMSerializationBackend`
         provider.
 
-    :returns: A new instance of a private key.
+    :returns: One of
+        :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
+        :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
+        or
+        :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`
+        depending on the contents of ``data``.
 
     :raises ValueError: If the PEM data could not be decrypted or if its
         structure could not be decoded successfully.
@@ -136,7 +141,8 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END
     .. versionadded:: 0.6
 
     Deserialize a public key from PEM encoded data to one of the supported
-    asymmetric public key types.
+    asymmetric public key types. The PEM encoded data is typically a
+    ``subjectPublicKeyInfo`` payload as specified in :rfc:`5280`.
 
     .. doctest::
 
@@ -151,7 +157,13 @@ all begin with ``-----BEGIN {format}-----`` and end with ``-----END
         :class:`~cryptography.hazmat.backends.interfaces.PEMSerializationBackend`
         provider.
 
-    :returns: A new instance of a public key.
+
+    :returns: One of
+        :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`,
+        :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`,
+        or
+        :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`
+        depending on the contents of ``data``.
 
     :raises ValueError: If the PEM data's structure could not be decoded
         successfully.
@@ -183,7 +195,12 @@ the rest.
         :class:`~cryptography.hazmat.backends.interfaces.DERSerializationBackend`
         provider.
 
-    :returns: A new instance of a private key.
+    :returns: One of
+        :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
+        :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
+        or
+        :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`
+        depending on the contents of ``data``.
 
     :raises ValueError: If the DER data could not be decrypted or if its
         structure could not be decoded successfully.
@@ -210,7 +227,8 @@ the rest.
     .. versionadded:: 0.8
 
     Deserialize a public key from DER encoded data to one of the supported
-    asymmetric public key types.
+    asymmetric public key types. The DER encoded data is typically a
+    ``subjectPublicKeyInfo`` payload as specified in :rfc:`5280`.
 
     :param bytes data: The DER encoded key data.
 
@@ -218,7 +236,12 @@ the rest.
         :class:`~cryptography.hazmat.backends.interfaces.DERSerializationBackend`
         provider.
 
-    :returns: A new instance of a public key.
+    :returns: One of
+        :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`,
+        :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`,
+        or
+        :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`
+        depending on the contents of ``data``.
 
     :raises ValueError: If the DER data's structure could not be decoded
         successfully.
@@ -275,7 +298,12 @@ DSA keys look almost identical but begin with ``ssh-dss`` rather than
         :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`
         depending on the key's type.
 
-    :returns: A new instance of a public key type.
+    :returns: One of
+        :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`,
+        :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`,
+        or
+        :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`
+        depending on the contents of ``data``.
 
     :raises ValueError: If the OpenSSH data could not be properly decoded or
         if the key is not in the proper format.