some minor cleanup;

author: jmc <> 2016-09-22 13:44:02 +0000
committer: jmc <> 2016-09-22 13:44:02 +0000
commit: 436407cda2d7d6820ef38cfce12b5544f0a4b3f6 (patch)
tree: 1c3726128ad22513a8bf3f3e193901bc9c24ec5d
parent: fbfec23d555102b8b1994dcf94e77a3dfa9e852d (diff)
download: openbsd-436407cda2d7d6820ef38cfce12b5544f0a4b3f6.tar.gz
openbsd-436407cda2d7d6820ef38cfce12b5544f0a4b3f6.tar.bz2
openbsd-436407cda2d7d6820ef38cfce12b5544f0a4b3f6.zip
1 files changed, 17 insertions, 47 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 2fa7a70b69..9ca16ee87c 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.80 2016/09/22 13:30:49 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.81 2016/09/22 13:44:02 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -318,7 +318,7 @@ into a nested structure.
 .Op Fl infiles
 .Op Fl key Ar keyfile
 .Op Fl keyfile Ar arg
-.Op Fl keyform Ar PEM
+.Op Fl keyform Ar pem
 .Op Fl md Ar arg
 .Op Fl msie_hack
 .Op Fl name Ar section
@@ -393,7 +393,7 @@ Since on some systems the command line arguments are visible,
 this option should be used with caution.
 .It Fl keyfile Ar file
 The private key to sign requests with.
-.It Fl keyform Ar PEM
+.It Fl keyform Ar pem
 Private key file format.
 .It Fl md Ar alg
 The message digest to use.
@@ -545,14 +545,10 @@ The
 of the configuration file containing CRL extensions to include.
 If no CRL extension section is present then a V1 CRL is created;
 if the CRL extension section is present
-.Pq even if it is empty
+(even if it is empty)
 then a V2 CRL is created.
-The CRL extensions specified are CRL extensions and
+The CRL extensions specified are CRL extensions and not CRL entry extensions.
-.Em not
+It should be noted that some software can't handle V2 CRLs.
-CRL entry extensions.
-It should be noted that some software
-.Pq for example Netscape
-can't handle V2 CRLs.
 .It Fl crlhours Ar num
 The number of hours before the next CRL is due.
 .It Fl gencrl
@@ -725,9 +721,8 @@ is accepted by both to produce a reasonable output.
 If neither option is present, the format used in earlier versions of
 .Nm openssl
 is used.
-Use of the old format is
+Use of the old format is strongly discouraged
-.Em strongly
+because it only displays fields mentioned in the
-discouraged because it only displays fields mentioned in the
 .Cm policy
 section,
 mishandles multicharacter string types and does not display extensions.
@@ -1697,9 +1692,7 @@ Use NULL cipher (no encryption or decryption of input).
 Disable standard block padding.
 .It Fl nosalt
 Don't use a salt in the key derivation routines.
-This option should
+This option should never be used
-.Em NEVER
-be used
 since it makes it possible to perform efficient dictionary
 attacks on the password and to attack stream cipher encrypted data.
 .It Fl out Ar file
@@ -2064,10 +2057,8 @@ specifies the HTTP path name to use, or
 .Pa /
 by default.
 .It Fl issuer Ar file
-The current issuer certificate,
+The current issuer certificate, in PEM format.
-in PEM format.
+Can be used multiple times and must come before any
-Can be used multiple times
-and must come before any
 .Fl cert
 options.
 .It Fl no_cert_checks
@@ -2306,12 +2297,6 @@ If the OCSP responder is a global responder,
 which can give details about multiple CAs
 and has its own separate certificate chain,
 then its root CA can be trusted for OCSP signing.
-For example:
-.Bd -literal -offset indent
-$ openssl x509 -in ocspCA.pem -addtrust OCSPSigning \e
-        -out trustedCA.pem
-.Ed
-.Pp
 Alternatively, the responder certificate itself can be explicitly trusted
 with the
 .Fl VAfile
@@ -2655,8 +2640,7 @@ certificate using 40-bit RC2.
 Create a PKCS#12 file (rather than parsing one).
 .It Fl in Ar file
 The input file to read from,
-or standard input if not specified,
+or standard input if not specified.
-in PEM format.
 The order doesn't matter but one private key and its corresponding
 certificate should be present.
 If additional certificates are present, they will also be included
@@ -2692,8 +2676,6 @@ This name is typically displayed in list boxes by software importing the file.
 Don't attempt to provide the MAC integrity.
 .It Fl nomaciter , noiter
 Affect the iteration counts on the MAC and key algorithms.
-Unless you wish to produce files compatible with MSIE 4.0, you should leave
-these options alone.
 .Pp
 To discourage attacks by using large dictionaries of common passwords,
 the algorithm that derives keys from passwords can have an iteration count
@@ -2706,9 +2688,6 @@ using these options the MAC and encryption iteration counts can be set to 1.
 Since this reduces the file security you should not use these options
 unless you really have to.
 Most software supports both MAC and key iteration counts.
-MSIE 4.0 doesn't support MAC iteration counts, so it needs the
-.Fl nomaciter
-option.
 .It Fl out Ar file
 The output file to write to,
 or standard output if not specified.
@@ -3015,9 +2994,7 @@ pseudo-random bytes.
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl base64
-Perform
+Perform base64 encoding on the output.
-.Em base64
-encoding on the output.
 .It Fl hex
 Specify hexadecimal output.
 .It Fl out Ar file
@@ -3108,7 +3085,8 @@ It also accepts PKCS#8 format private keys for PEM format files.
 The format of the private key file specified in the
 .Fl key
 argument.
-The default is PEM.
+The default is
+.Cm pem .
 .It Fl keyout Ar file
 The file to write the newly created private key to.
 If this option is not specified,
@@ -3974,10 +3952,8 @@ must end with CRLF).
 Generate SSL/TLS session IDs prefixed by
 .Ar arg .
 This is mostly useful for testing any SSL/TLS code
-(e.g. proxies)
+that wish to deal with multiple servers,
-that wish to deal with multiple servers, when each of which might be
+when each of which might be generating a unique range of session IDs.
-generating a unique range of session IDs
-(e.g. with a certain prefix).
 .It Fl key Ar keyfile
 The private key to use.
 If not specified, the certificate file will be used.
@@ -6055,9 +6031,6 @@ The following environment variables affect the execution of
 .It Ev OPENSSL_CONF
 The location of the master configuration file.
 .El
-.\"
-.\" FILES
-.\"
 .Sh FILES
 .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
 .It Pa /etc/ssl/
@@ -6075,9 +6048,6 @@ Default configuration file for
 .Nm x509
 certificates.
 .El
-.\"
-.\" SEE ALSO
-.\"
 .Sh SEE ALSO
 .Xr acme-client 1 ,
 .Xr nc 1 ,
author	jmc <>	2016-09-22 13:44:02 +0000
committer	jmc <>	2016-09-22 13:44:02 +0000
commit	436407cda2d7d6820ef38cfce12b5544f0a4b3f6 (patch)
tree	1c3726128ad22513a8bf3f3e193901bc9c24ec5d
parent	fbfec23d555102b8b1994dcf94e77a3dfa9e852d (diff)
download	openbsd-436407cda2d7d6820ef38cfce12b5544f0a4b3f6.tar.gz openbsd-436407cda2d7d6820ef38cfce12b5544f0a4b3f6.tar.bz2 openbsd-436407cda2d7d6820ef38cfce12b5544f0a4b3f6.zip

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index 2fa7a70b69..9ca16ee87c 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.80 2016/09/22 13:30:49 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.81 2016/09/22 13:44:02 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -318,7 +318,7 @@ into a nested structure.
318	.Op Fl infiles	318	.Op Fl infiles
319	.Op Fl key Ar keyfile	319	.Op Fl key Ar keyfile
320	.Op Fl keyfile Ar arg	320	.Op Fl keyfile Ar arg
321	.Op Fl keyform Ar PEM	321	.Op Fl keyform Ar pem
322	.Op Fl md Ar arg	322	.Op Fl md Ar arg
323	.Op Fl msie_hack	323	.Op Fl msie_hack
324	.Op Fl name Ar section	324	.Op Fl name Ar section
@@ -393,7 +393,7 @@ Since on some systems the command line arguments are visible,
393	this option should be used with caution.	393	this option should be used with caution.
394	.It Fl keyfile Ar file	394	.It Fl keyfile Ar file
395	The private key to sign requests with.	395	The private key to sign requests with.
396	.It Fl keyform Ar PEM	396	.It Fl keyform Ar pem
397	Private key file format.	397	Private key file format.
398	.It Fl md Ar alg	398	.It Fl md Ar alg
399	The message digest to use.	399	The message digest to use.
@@ -545,14 +545,10 @@ The
545	of the configuration file containing CRL extensions to include.	545	of the configuration file containing CRL extensions to include.
546	If no CRL extension section is present then a V1 CRL is created;	546	If no CRL extension section is present then a V1 CRL is created;
547	if the CRL extension section is present	547	if the CRL extension section is present
548	.Pq even if it is empty	548	(even if it is empty)
549	then a V2 CRL is created.	549	then a V2 CRL is created.
550	The CRL extensions specified are CRL extensions and	550	The CRL extensions specified are CRL extensions and not CRL entry extensions.
551	.Em not	551	It should be noted that some software can't handle V2 CRLs.
552	CRL entry extensions.
553	It should be noted that some software
554	.Pq for example Netscape
555	can't handle V2 CRLs.
556	.It Fl crlhours Ar num	552	.It Fl crlhours Ar num
557	The number of hours before the next CRL is due.	553	The number of hours before the next CRL is due.
558	.It Fl gencrl	554	.It Fl gencrl
@@ -725,9 +721,8 @@ is accepted by both to produce a reasonable output.
725	If neither option is present, the format used in earlier versions of	721	If neither option is present, the format used in earlier versions of
726	.Nm openssl	722	.Nm openssl
727	is used.	723	is used.
728	Use of the old format is	724	Use of the old format is strongly discouraged
729	.Em strongly	725	because it only displays fields mentioned in the
730	discouraged because it only displays fields mentioned in the
731	.Cm policy	726	.Cm policy
732	section,	727	section,
733	mishandles multicharacter string types and does not display extensions.	728	mishandles multicharacter string types and does not display extensions.
@@ -1697,9 +1692,7 @@ Use NULL cipher (no encryption or decryption of input).
1697	Disable standard block padding.	1692	Disable standard block padding.
1698	.It Fl nosalt	1693	.It Fl nosalt
1699	Don't use a salt in the key derivation routines.	1694	Don't use a salt in the key derivation routines.
1700	This option should	1695	This option should never be used
1701	.Em NEVER
1702	be used
1703	since it makes it possible to perform efficient dictionary	1696	since it makes it possible to perform efficient dictionary
1704	attacks on the password and to attack stream cipher encrypted data.	1697	attacks on the password and to attack stream cipher encrypted data.
1705	.It Fl out Ar file	1698	.It Fl out Ar file
@@ -2064,10 +2057,8 @@ specifies the HTTP path name to use, or
2064	.Pa /	2057	.Pa /
2065	by default.	2058	by default.
2066	.It Fl issuer Ar file	2059	.It Fl issuer Ar file
2067	The current issuer certificate,	2060	The current issuer certificate, in PEM format.
2068	in PEM format.	2061	Can be used multiple times and must come before any
2069	Can be used multiple times
2070	and must come before any
2071	.Fl cert	2062	.Fl cert
2072	options.	2063	options.
2073	.It Fl no_cert_checks	2064	.It Fl no_cert_checks
@@ -2306,12 +2297,6 @@ If the OCSP responder is a global responder,
2306	which can give details about multiple CAs	2297	which can give details about multiple CAs
2307	and has its own separate certificate chain,	2298	and has its own separate certificate chain,
2308	then its root CA can be trusted for OCSP signing.	2299	then its root CA can be trusted for OCSP signing.
2309	For example:
2310	.Bd -literal -offset indent
2311	$ openssl x509 -in ocspCA.pem -addtrust OCSPSigning \e
2312	-out trustedCA.pem
2313	.Ed
2314	.Pp
2315	Alternatively, the responder certificate itself can be explicitly trusted	2300	Alternatively, the responder certificate itself can be explicitly trusted
2316	with the	2301	with the
2317	.Fl VAfile	2302	.Fl VAfile
@@ -2655,8 +2640,7 @@ certificate using 40-bit RC2.
2655	Create a PKCS#12 file (rather than parsing one).	2640	Create a PKCS#12 file (rather than parsing one).
2656	.It Fl in Ar file	2641	.It Fl in Ar file
2657	The input file to read from,	2642	The input file to read from,
2658	or standard input if not specified,	2643	or standard input if not specified.
2659	in PEM format.
2660	The order doesn't matter but one private key and its corresponding	2644	The order doesn't matter but one private key and its corresponding
2661	certificate should be present.	2645	certificate should be present.
2662	If additional certificates are present, they will also be included	2646	If additional certificates are present, they will also be included
@@ -2692,8 +2676,6 @@ This name is typically displayed in list boxes by software importing the file.
2692	Don't attempt to provide the MAC integrity.	2676	Don't attempt to provide the MAC integrity.
2693	.It Fl nomaciter , noiter	2677	.It Fl nomaciter , noiter
2694	Affect the iteration counts on the MAC and key algorithms.	2678	Affect the iteration counts on the MAC and key algorithms.
2695	Unless you wish to produce files compatible with MSIE 4.0, you should leave
2696	these options alone.
2697	.Pp	2679	.Pp
2698	To discourage attacks by using large dictionaries of common passwords,	2680	To discourage attacks by using large dictionaries of common passwords,
2699	the algorithm that derives keys from passwords can have an iteration count	2681	the algorithm that derives keys from passwords can have an iteration count
@@ -2706,9 +2688,6 @@ using these options the MAC and encryption iteration counts can be set to 1.
2706	Since this reduces the file security you should not use these options	2688	Since this reduces the file security you should not use these options
2707	unless you really have to.	2689	unless you really have to.
2708	Most software supports both MAC and key iteration counts.	2690	Most software supports both MAC and key iteration counts.
2709	MSIE 4.0 doesn't support MAC iteration counts, so it needs the
2710	.Fl nomaciter
2711	option.
2712	.It Fl out Ar file	2691	.It Fl out Ar file
2713	The output file to write to,	2692	The output file to write to,
2714	or standard output if not specified.	2693	or standard output if not specified.
@@ -3015,9 +2994,7 @@ pseudo-random bytes.
3015	The options are as follows:	2994	The options are as follows:
3016	.Bl -tag -width Ds	2995	.Bl -tag -width Ds
3017	.It Fl base64	2996	.It Fl base64
3018	Perform	2997	Perform base64 encoding on the output.
3019	.Em base64
3020	encoding on the output.
3021	.It Fl hex	2998	.It Fl hex
3022	Specify hexadecimal output.	2999	Specify hexadecimal output.
3023	.It Fl out Ar file	3000	.It Fl out Ar file
@@ -3108,7 +3085,8 @@ It also accepts PKCS#8 format private keys for PEM format files.
3108	The format of the private key file specified in the	3085	The format of the private key file specified in the
3109	.Fl key	3086	.Fl key
3110	argument.	3087	argument.
3111	The default is PEM.	3088	The default is
		3089	.Cm pem .
3112	.It Fl keyout Ar file	3090	.It Fl keyout Ar file
3113	The file to write the newly created private key to.	3091	The file to write the newly created private key to.
3114	If this option is not specified,	3092	If this option is not specified,
@@ -3974,10 +3952,8 @@ must end with CRLF).
3974	Generate SSL/TLS session IDs prefixed by	3952	Generate SSL/TLS session IDs prefixed by
3975	.Ar arg .	3953	.Ar arg .
3976	This is mostly useful for testing any SSL/TLS code	3954	This is mostly useful for testing any SSL/TLS code
3977	(e.g. proxies)	3955	that wish to deal with multiple servers,
3978	that wish to deal with multiple servers, when each of which might be	3956	when each of which might be generating a unique range of session IDs.
3979	generating a unique range of session IDs
3980	(e.g. with a certain prefix).
3981	.It Fl key Ar keyfile	3957	.It Fl key Ar keyfile
3982	The private key to use.	3958	The private key to use.
3983	If not specified, the certificate file will be used.	3959	If not specified, the certificate file will be used.
@@ -6055,9 +6031,6 @@ The following environment variables affect the execution of
6055	.It Ev OPENSSL_CONF	6031	.It Ev OPENSSL_CONF
6056	The location of the master configuration file.	6032	The location of the master configuration file.
6057	.El	6033	.El
6058	.\"
6059	.\" FILES
6060	.\"
6061	.Sh FILES	6034	.Sh FILES
6062	.Bl -tag -width "/etc/ssl/openssl.cnf" -compact	6035	.Bl -tag -width "/etc/ssl/openssl.cnf" -compact
6063	.It Pa /etc/ssl/	6036	.It Pa /etc/ssl/
@@ -6075,9 +6048,6 @@ Default configuration file for
6075	.Nm x509	6048	.Nm x509
6076	certificates.	6049	certificates.
6077	.El	6050	.El
6078	.\"
6079	.\" SEE ALSO
6080	.\"
6081	.Sh SEE ALSO	6051	.Sh SEE ALSO
6082	.Xr acme-client 1 ,	6052	.Xr acme-client 1 ,
6083	.Xr nc 1 ,	6053	.Xr nc 1 ,