rework crl2pkcs7; with help from jsing

1 files changed, 18 insertions, 57 deletions

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 047c3a186e..1d77ad9219 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.39 2016/07/21 18:40:26 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.40 2016/07/23 19:31:35 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: July 21 2016 $
+.Dd $Mdocdate: July 23 2016 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -1017,20 +1017,15 @@ The output format.
 .It Fl text
 Print out the CRL in text form.
 .El
-.\"
-.\" CRL2PKCS7
-.\"
 .Sh CRL2PKCS7
 .nr nS 1
 .Nm "openssl crl2pkcs7"
-.Bk -words
 .Op Fl certfile Ar file
 .Op Fl in Ar file
-.Op Fl inform Ar DER | PEM
+.Op Fl inform Cm der | pem
 .Op Fl nocrl
 .Op Fl out Ar file
-.Op Fl outform Ar DER | PEM
-.Ek
+.Op Fl outform Cm der | pem
 .nr nS 0
 .Pp
 The
@@ -1043,62 +1038,28 @@ structure.
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl certfile Ar file
-Specifies a
+Add the certificates in PEM
 .Ar file
-containing one or more certificates in PEM format.
-All certificates in the file will be added to the PKCS#7 structure.
-This option can be used more than once to read certificates from multiple
-files.
+to the PKCS#7 structure.
+This option can be used more than once
+to read certificates from multiple files.
 .It Fl in Ar file
-This specifies the input
-.Ar file
-to read a CRL from, or standard input if this option is not specified.
-.It Fl inform Ar DER | PEM
-This specifies the CRL input format.
-.Ar DER
-format is a DER-encoded CRL structure.
-.Ar PEM
-.Pq the default
-is a base64-encoded version of the DER form with header and footer lines.
+Read the CRL from
+.Ar file ,
+or standard input if not specified.
+.It Fl inform Cm der | pem
+Specify the CRL input format.
 .It Fl nocrl
 Normally, a CRL is included in the output file.
 With this option, no CRL is
 included in the output file and a CRL is not read from the input file.
 .It Fl out Ar file
-Specifies the output
-.Ar file
-to write the PKCS#7 structure to, or standard output by default.
-.It Fl outform Ar DER | PEM
-This specifies the PKCS#7 structure output format.
-.Ar DER
-format is a DER-encoded PKCS#7 structure.
-.Ar PEM
-.Pq the default
-is a base64-encoded version of the DER form with header and footer lines.
+Write the PKCS#7 structure to
+.Ar file ,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+Specify the PKCS#7 structure output format.
 .El
-.Sh CRL2PKCS7 EXAMPLES
-Create a PKCS#7 structure from a certificate and CRL:
-.Pp
-.Dl $ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
-.Pp
-Create a PKCS#7 structure in DER format with no CRL from several
-different certificates:
-.Bd -literal -offset indent
-$ openssl crl2pkcs7 -nocrl -certfile newcert.pem \e
-        -certfile demoCA/cacert.pem -outform DER -out p7.der
-.Ed
-.Sh CRL2PKCS7 NOTES
-The output file is a PKCS#7 signed data structure containing no signers and
-just certificates and an optional CRL.
-.Pp
-This utility can be used to send certificates and CAs to Netscape as part of
-the certificate enrollment process.
-This involves sending the DER-encoded output
-as MIME type
-.Em application/x-x509-user-cert .
-.Pp
-The PEM-encoded form with the header and footer lines removed can be used to
-install user certificates and CAs in MSIE using the Xenroll control.
 .\"
 .\" DGST
 .\"