- sync SYNOPSIS(es) and ciphers/digests available with reality

- remove non-OBSD details
- indent examples
- general macro/punctuation cleanup

1 files changed, 1684 insertions, 1308 deletions

diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1
index ad7e25ffbf..1229888c16 100644
--- a/src/usr.sbin/openssl/openssl.1
+++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.11 2003/08/08 10:13:33 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.12 2003/08/30 17:30:54 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -128,7 +128,7 @@
 .Bk -words
 .Oo Cm list-standard-commands Li |\ \&
 .Cm list-message-digest-commands |
-.Cm \  \  \  \  list-cipher-commands
+.Cm \   \&\ \&\ \&\ \&\ \&list-cipher-commands
 .Oc
 .Ek
 .Pp
@@ -138,8 +138,10 @@
 .Sh DESCRIPTION
 .Nm OpenSSL
 is a cryptography toolkit implementing the Secure Sockets Layer
-(SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and
-related cryptography standards required by them.
+.Pq SSL v2/v3
+and Transport Layer Security
+.Pq TLS v1
+network protocols and related cryptography standards required by them.
 .Pp
 The
 .Nm
@@ -150,7 +152,7 @@ cryptography functions of
 library from the shell.
 It can be used for
 .Pp
-.Bl -bullet -compact
+.Bl -bullet -offset indent -compact
 .It
 Creation of RSA, DH and DSA key parameters
 .It
@@ -185,9 +187,10 @@ The pseudo-commands
 .Cm list-standard-commands , list-message-digest-commands ,
 and
 .Cm list-cipher-commands
-output a list (one entry per line) of the names
-of all standard commands, message digest commands, or cipher commands,
-respectively, that are available in the present
+output a list
+.Pq one entry per line
+of the names of all standard commands, message digest commands,
+or cipher commands, respectively, that are available in the present
 .Nm
 utility.
 .Pp
@@ -198,7 +201,9 @@ specified name is available.
 If no command named
 .Ar XXX
 exists,
-it returns 0 (success) and prints
+it returns 0
+.Pq success
+and prints
 .Cm no- Ns Ar XXX ;
 otherwise it returns 1 and prints
 .Ar XXX .
@@ -226,11 +231,15 @@ itself.
 .It Cm asn1parse
 Parse an ASN.1 sequence.
 .It Cm ca
-Certificate Authority (CA) Management.
+Certificate Authority
+.Pq CA
+Management.
 .It Cm ciphers
 Cipher Suite Description Determination.
 .It Cm crl
-Certificate Revocation List (CRL) Management.
+Certificate Revocation List
+.Pq CRL
+Management.
 .It Cm crl2pkcs7
 CRL to PKCS#7 Conversion.
 .It Cm dgst
@@ -258,7 +267,7 @@ Generation of DSA Parameters.
 .It Cm genrsa
 Generation of RSA Parameters.
 .It Cm nseq
-Create or examine a netscape certificate sequence.
+Create or examine a Netscape certificate sequence.
 .It Cm ocsp
 Online Certificate Status Protocol utility.
 .It Cm passwd
@@ -272,7 +281,9 @@ PKCS#12 Data Management.
 .It Cm rand
 Generate pseudo-random bytes.
 .It Cm req
-X.509 Certificate Signing Request (CSR) Management.
+X.509 Certificate Signing Request
+.Pq CSR
+Management.
 .It Cm rsa
 RSA Data Management.
 .It Cm rsautl
@@ -318,10 +329,10 @@ X.509 Certificate Data Management.
 .Bl -tag -width "asn1parse"
 .It Cm md2
 MD2 Digest.
+.It Cm md4
+MD4 Digest.
 .It Cm md5
 MD5 Digest.
-.It Cm mdc2
-MDC2 Digest.
 .It Cm rmd160
 RMD-160 Digest.
 .It Cm sha
@@ -330,28 +341,47 @@ SHA Digest.
 SHA-1 Digest.
 .El
 .Sh ENCODING AND CIPHER COMMANDS
-.Bl -tag -width "asn1parse"
+.Bl -tag -width Ds -compact
+.It Cm aes-128-cbc | aes-128-ecb | aes-192-cbc | aes-192-ecb |
+.It Cm aes-256-cbc | aes-256-ecb
+AES Cipher.
+.Pp
 .It Cm base64
 Base64 Encoding.
-.It Cm bf bf-cbc bf-cfb bf-ecb bf-ofb
+.Pp
+.It Xo
+.Cm bf | bf-cbc | bf-cfb |
+.Cm bf-ecb | bf-ofb
+.Xc
 Blowfish Cipher.
-.It Cm cast cast-cbc
+.Pp
+.It Cm cast | cast-cbc
 CAST Cipher.
-.It Cm cast5-cbc cast5-cfb cast5-ecb cast5-ofb
+.Pp
+.It Cm cast5-cbc | cast5-cfb | cast5-ecb | cast5-ofb
 CAST5 Cipher.
-.It Cm des des-cbc des-cfb des-ecb des-ede des-ede-cbc
-.It Cm des-ede-cfb des-ede-ofb des-ofb
+.Pp
+.It Xo
+.Cm des | des-cbc | des-cfb | des-ecb |
+.Cm des-ede | des-ede-cbc
+.Xc
+.It Cm des-ede-cfb | des-ede-ofb | des-ofb
 DES Cipher.
-.It Cm des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
+.Pp
+.It Xo
+.Cm des3 | desx | des-ede3 |
+.Cm des-ede3-cbc | des-ede3-cfb | des-ede3-ofb
+.Xc
 Triple-DES Cipher.
-.It Cm idea idea-cbc idea-cfb idea-ecb idea-ofb
-IDEA Cipher.
-.It Cm rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb
+.Pp
+.It Xo
+.Cm rc2 | rc2-40-cbc | rc2-64-cbc | rc2-cbc |
+.Cm rc2-cfb | rc2-ecb | rc2-ofb
+.Xc
 RC2 Cipher.
-.It Cm rc4
+.Pp
+.It Cm rc4 | rc4-40
 RC4 Cipher.
-.It Cm rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb
-RC5 Cipher.
 .El
 .Sh PASS PHRASE ARGUMENTS
 Several commands accept password arguments, typically using
@@ -365,21 +395,25 @@ If no password argument is given and a password is required then the user is
 prompted to enter one: this will typically be read from the current
 terminal with echoing turned off.
 .Bl -tag -width "fd:number"
-.It Ar pass:password
+.It Ar pass Ns : Ns Ar password
 The actual password is
 .Ar password .
 Since the password is visible to utilities
 (like
 .Xr ps 1
-under Unix) this form should only be used where security is not important.
-.It Ar env:var
+under
+.Ux )
+this form should only be used where security is not important.
+.It Ar env Ns : Ns Ar var
 Obtain the password from the environment variable
 .Ar var .
 Since the environment of other processes is visible on certain platforms
-(e.g.
+(e.g.\&
 .Xr ps 1
-under certain Unix OSes) this option should be used with caution.
-.It Ar file:pathname
+under certain
+.Ux
+OSes) this option should be used with caution.
+.It Ar file Ns : Ns Ar pathname
 The first line of
 .Ar pathname
 is the password.
@@ -388,13 +422,13 @@ If the same
 argument is supplied to
 .Fl passin
 and
-.Fl passout
+.Fl passout ,
 then the first line will be used for the input password and the next line
 for the output password.
 .Ar pathname
 need not refer to a regular file:
 it could, for example, refer to a device or named pipe.
-.It Ar fd:number
+.It Ar fd Ns : Ns Ar number
 Read the password from the file descriptor
 .Ar number .
 This can be used to send the data via a pipe for example.
@@ -406,15 +440,19 @@ Read the password from standard input.
 .\"
 .Sh ASN1PARSE
 .Nm "openssl asn1parse"
-.Op Fl inform Ar PEM|DER
+.Bk -words
+.Op Fl inform Ar DER | PEM | TXT
 .Op Fl in Ar filename
 .Op Fl out Ar filename
 .Op Fl noout
 .Op Fl offset Ar number
 .Op Fl length Ar number
 .Op Fl i
+.Op Fl dump
+.Op Fl dlimit Ar number
 .Op Fl oid Ar filename
 .Op Fl strparse Ar offset
+.Ek
 .Pp
 The
 .Nm asn1parse
@@ -423,12 +461,15 @@ It can also be used to extract data from ASN.1 formatted data.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl inform Ar DER|PEM
+.It Fl inform Ar DER | PEM | TXT
 The input format.
 .Ar DER
 is binary format and
 .Ar PEM
-(the default) is base64 encoded.
+.Pq the default
+is base64 encoded.
+.Ar TXT
+is plain text.
 .It Fl in Ar filename
 The input file; default is standard input.
 .It Fl out Ar filename
@@ -446,16 +487,27 @@ Starting offset to begin parsing; default is start of file.
 .It Fl length Ar number
 Number of bytes to parse; default is until end of file.
 .It Fl i
-Indents the output according to the "depth" of the structures.
+Indents the output according to the
+.Qq depth
+of the structures.
+.It Fl dump
+Dump unknown data in hex form.
+.It Fl dlimit Ar number
+Dump the first
+.Ar number
+bytes of unknown data in hex form.
 .It Fl oid Ar filename
-A file containing additional OBJECT IDENTIFIERs (OIDs).
+A file containing additional OBJECT IDENTIFIERs
+.Pq OIDs .
 The format of this file is described in the
 .Sx ASN1PARSE NOTES
 section below.
 .It Fl strparse Ar offset
 Parse the contents octets of the ASN.1 object starting at
 .Ar offset .
-This option can be used multiple times to "drill down" into a nested structure.
+This option can be used multiple times to
+.Qq drill down
+into a nested structure.
 .El
 .Sh ASN1PARSE OUTPUT
 The output will typically contain lines like this:
@@ -468,10 +520,10 @@ The output will typically contain lines like this:
   373:d=2  hl=3 l= 162 cons: cont [ 3 ]
   376:d=3  hl=3 l= 159 cons: SEQUENCE
   379:d=4  hl=2 l=  29 cons: SEQUENCE
-  381:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
+  381:d=5  hl=2 l=   3 prim: OBJECT        :X509v3 Subject Key Identifier
   386:d=5  hl=2 l=  22 prim: OCTET STRING
   410:d=4  hl=2 l= 112 cons: SEQUENCE
-  412:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
+  412:d=5  hl=2 l=   3 prim: OBJECT        :X509v3 Authority Key Identifier
   417:d=5  hl=2 l= 105 prim: OCTET STRING
   524:d=4  hl=2 l=  12 cons: SEQUENCE
 
@@ -484,7 +536,9 @@ Each line starts with the offset in decimal.
 specifies the current depth.
 The depth is increased within the scope of any SET or SEQUENCE.
 .Cm hl=XX
-gives the header length (tag and length octets) of the current type.
+gives the header length
+.Pq tag and length octets
+of the current type.
 .Cm l=XX
 gives the length of the contents octets.
 .Pp
@@ -508,24 +562,28 @@ to yield:
 If an OID is not part of
 .Nm OpenSSL Ns Li 's
 internal table it will be represented in
-numerical form (for example 1.2.3.4).
+numerical form
+.Pq for example 1.2.3.4 .
 The file passed to the
 .Fl oid
 option allows additional OIDs to be included.
-Each line consists of three columns,
+Each line consists of three columns;
 the first column is the OID in numerical format and should be followed by
 whitespace.
-The second column is the "short name" which is a single word followed
-by whitespace.
-The final column is the rest of the line and is the "long name".
+The second column is the
+.Qq short name
+which is a single word followed by whitespace.
+The final column is the rest of the line and is the
+.Qq long name .
 .Nm asn1parse
 displays the long name.
 Example:
 .Pp
-"1.2.3.4        shortName       A long name"
+.Dl \&"1.2.3.4  shortName       A long name\&"
 .Sh ASN1PARSE BUGS
 There should be options to change the format of input lines.
-The output of some ASN.1 types is not well handled (if at all).
+The output of some ASN.1 types is not well handled
+.Pq if at all .
 .\"
 .\" ca
 .\"
@@ -551,6 +609,7 @@ The output of some ASN.1 types is not well handled (if at all).
 .Op Fl md Ar arg
 .Op Fl policy Ar arg
 .Op Fl keyfile Ar arg
+.Op Fl keyform Ar PEM | ENGINE
 .Op Fl key Ar arg
 .Op Fl passin Ar arg
 .Op Fl cert Ar file
@@ -567,6 +626,8 @@ The output of some ASN.1 types is not well handled (if at all).
 .Op Fl msie_hack
 .Op Fl extensions Ar section
 .Op Fl extfile Ar section
+.Op Fl status Ar serial
+.Op Fl updatedb
 .Op Fl engine Ar id
 .Ek
 .Pp
@@ -614,21 +675,27 @@ The
 .Ar directory
 to output certificates to.
 The certificate will be written to a filename consisting of the
-serial number in hex with ".pem" appended.
+serial number in hex with
+.Qq .pem
+appended.
 .It Fl cert
 The CA certificate file.
 .It Fl keyfile Ar filename
 The private key to sign requests with.
+.It Fl keyform Ar PEM | ENGINE
+Private key file format.
 .It Fl key Ar password
 The password used to encrypt the private key.
 Since on some systems the command line arguments are visible
-(e.g. Unix with the
+(e.g.\&
+.Ux
+with the
 .Xr ps 1
 utility) this option should be used with caution.
 .It Fl passin Ar arg
 The key password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
@@ -639,22 +706,24 @@ Don't output the text form of a certificate to the output file.
 .It Fl startdate Ar date
 This allows the start date to be explicitly set.
 The format of the date is YYMMDDHHMMSSZ
-(the same as an ASN1 UTCTime structure).
+.Pq the same as an ASN1 UTCTime structure .
 .It Fl enddate Ar date
 This allows the expiry date to be explicitly set.
 The format of the date is YYMMDDHHMMSSZ
-(the same as an ASN1 UTCTime structure).
+.Pq the same as an ASN1 UTCTime structure .
 .It Fl days Ar arg
 The number of days to certify the certificate for.
 .It Fl md Ar alg
 The message digest to use.
 Possible values include
-.Ar md5 , sha1
+.Ar md5
 and
-.Ar mdc2 .
+.Ar sha1 .
 This option also applies to CRLs.
 .It Fl policy Ar arg
-This option defines the CA "policy" to use.
+This option defines the CA
+.Qq policy
+to use.
 This is a section in the configuration file which decides which fields
 should be mandatory or match the CA certificate.
 Check out the
@@ -664,13 +733,15 @@ section for more information.
 This is a legacy option to make
 .Nm ca
 work with very old versions of the IE certificate enrollment control
-"certenr3".
+.Qq certenr3 .
 It used UniversalStrings for almost everything.
 Since the old control has various security bugs,
 its use is strongly discouraged.
-The newer control "Xenroll" does not need this option.
+The newer control
+.Qq Xenroll
+does not need this option.
 .It Fl preserveDN
-Normally the DN order of a certificate is the same as the order of the
+Normally, the DN order of a certificate is the same as the order of the
 fields in the relevant policy section.
 When this option is set, the order is the same as the request.
 This is largely for compatibility with the older IE enrollment control
@@ -683,7 +754,7 @@ request DN, however it is good policy just having the e-mail set into
 the
 .Em altName
 extension of the certificate.
-When this option is set the EMAIL field is removed from the certificate's
+When this option is set, the EMAIL field is removed from the certificate's
 subject and set only in the, eventually present, extensions.
 The
 .Ar email_in_dn
@@ -700,7 +771,8 @@ unless the
 .Fl extfile
 option is used).
 If no extension section is present, then a V1 certificate is created.
-If the extension section is present (even if it is empty),
+If the extension section is present
+.Pq even if it is empty ,
 then a V3 certificate is created.
 .It Fl extfile Ar file
 An additional configuration
@@ -709,11 +781,16 @@ to read certificate extensions from
 (using the default section unless the
 .Fl extensions
 option is also used).
+.It Fl status Ar serial
+Show status of certificate with serial number
+.Ar serial .
+.It Fl updatedb
+Update database for expired certificates.
 .It Fl engine Ar id
 Specifying an engine (by it's unique
 .Ar id
 string) will cause
-.Nm req
+.Nm ca
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default for all available algorithms.
@@ -743,7 +820,7 @@ The matching of
 .Ar reason
 is case insensitive.
 Setting any revocation reason will make the CRL v2.
-In practive removeFromCRL is not particularly useful because it is only used
+In practice, removeFromCRL is not particularly useful because it is only used
 in delta CRLs which are not currently implemented.
 .It Fl crl_hold Ar instruction
 This sets the CRL revocation reason code to certificateHold and the hold
@@ -768,18 +845,23 @@ The
 .Ar arg
 must be formatted as
 .Ar /type0=value0/type1=value1/type2=... ;
-characters may be escaped by \e (backslash), no spaces are skipped.
+characters may be escaped by
+.Sq \e
+.Pq backslash ,
+no spaces are skipped.
 .It Fl crlexts Ar section
 The
 .Ar section
 of the configuration file containing CRL extensions to include.
 If no CRL extension section is present then a V1 CRL is created;
-if the CRL extension section is present (even if it is empty)
+if the CRL extension section is present
+.Pq even if it is empty
 then a V2 CRL is created.
 The CRL extensions specified are CRL extensions and
 .Em not
 CRL entry extensions.
-It should be noted that some software (for example Netscape)
+It should be noted that some software
+.Pq for example Netscape
 can't handle V2 CRLs.
 .El
 .Sh CA CONFIGURATION FILE OPTIONS
@@ -801,9 +883,11 @@ the following options are read directly from the
 .Em ca
 section:
 .Pp
-  RANDFILE
-  preserve
-  msie_hack
+.Bl -tag -width Ds -offset indent -compact
+.It RANDFILE
+.It preserve
+.It msie_hack
+.El
 .Pp
 With the exception of RANDFILE, this is probably a bug and may
 change in future releases.
@@ -813,7 +897,9 @@ options.
 Where the option is present in the configuration file and the command line,
 the command line value is used.
 Where an option is described as mandatory, then it must be present in
-the configuration file or the command line equivalent (if any) used.
+the configuration file or the command line equivalent
+.Pq if any
+used.
 .Bl -tag -width "XXXX"
 .It Ar oid_file
 This specifies a file containing additional OBJECT IDENTIFIERS.
@@ -825,7 +911,7 @@ This specifies a section in the configuration file containing extra
 object identifiers.
 Each line should consist of the short name of the object identifier
 followed by
-.Cm =
+.Sq =
 and the numerical form.
 The short and long names are the same when this option is used.
 .It Ar new_certs_dir
@@ -866,7 +952,8 @@ The same as the
 option.
 Either this option or
 .Ar default_days
-(or the command line equivalents) must be present.
+.Pq or the command line equivalents
+must be present.
 .It Ar default_crl_hours default_crl_days
 The same as the
 .Fl crlhours
@@ -902,8 +989,9 @@ The same as
 The same as
 .Fl noemailDN .
 If the EMAIL field is to be removed from the DN of the certificate,
-simply set this to 'no'.
-If not present the default is to allow for the EMAIL field in the
+simply set this to
+.Qq no .
+If not present, the default is to allow for the EMAIL field in the
 certificate's DN.
 .It Ar msie_hack
 The same as
@@ -932,11 +1020,11 @@ are permanently set and cannot be disabled
 (this is because the certificate signature cannot be displayed because
 the certificate has not been signed at this point).
 .Pp
-For convenience the values
+For convenience, the value
 .Em default_ca
-are accepted by both to produce a reasonable output.
+is accepted by both to produce a reasonable output.
 .Pp
-If neither option is present the format used in earlier versions of
+If neither option is present, the format used in earlier versions of
 .Nm OpenSSL
 is used.
 Use of the old format is
@@ -952,11 +1040,11 @@ If set to
 or this option is not present, then extensions are
 ignored and not copied to the certificate.
 If set to
-.Ar copy
+.Ar copy ,
 then any extensions present in the request that are not already present
 are copied to the certificate.
 If set to
-.Ar copyall
+.Ar copyall ,
 then all extensions in the request are copied to the certificate:
 if the extension is already present in the certificate it is deleted first.
 See the
@@ -970,10 +1058,15 @@ values for certain extensions such as
 .Sh CA POLICY FORMAT
 The policy section consists of a set of variables corresponding to
 certificate DN fields.
-If the value is "match" then the field value
-must match the same field in the CA certificate.
-If the value is "supplied" then it must be present.
-If the value is "optional" then it may be present.
+If the value is
+.Qq match ,
+then the field value must match the same field in the CA certificate.
+If the value is
+.Qq supplied ,
+then it must be present.
+If the value is
+.Qq optional ,
+then it may be present.
 Any fields not mentioned in the policy section
 are silently deleted, unless the
 .Fl preserveDN
@@ -992,8 +1085,9 @@ utility.
 .Pp
 The file should contain the variable SPKAC set to the value of
 the SPKAC and also the required DN components as name value pairs.
-If it's necessary to include the same component twice then it can be
-preceded by a number and a '.'.
+If it's necessary to include the same component twice,
+then it can be preceded by a number and a
+.Sq \&. .
 .Sh CA EXAMPLES
 .Sy Note :
 these examples assume that the
@@ -1016,36 +1110,39 @@ and its private key to
 .Pa demoCA/private/cakey.pem .
 A file
 .Pa demoCA/serial
-would be created containing, for example, "01" and the empty index file
+would be created containing, for example,
+.Qq 01
+and the empty index file
 .Pa demoCA/index.txt .
 .Pp
 Sign a certificate request:
 .Pp
-\& $ openssl ca -in req.pem -out newcert.pem
+.Dl $ openssl ca -in req.pem -out newcert.pem
 .Pp
 Sign a certificate request, using CA extensions:
 .Pp
-\& $ openssl ca -in req.pem -extensions v3_ca -out newcert.pem
+.Dl $ openssl ca -in req.pem -extensions v3_ca -out newcert.pem
 .Pp
 Generate a CRL:
 .Pp
-\& $ openssl ca -gencrl -out crl.pem
+.Dl $ openssl ca -gencrl -out crl.pem
 .Pp
 Sign several requests:
 .Pp
-\& $ openssl ca -infiles req1.pem req2.pem req3.pem
+.Dl $ openssl ca -infiles req1.pem req2.pem req3.pem
 .Pp
 Certify a Netscape SPKAC:
 .Pp
-\& $ openssl ca -spkac spkac.txt
+.Dl $ openssl ca -spkac spkac.txt
 .Pp
-A sample SPKAC file (the SPKAC line has been truncated for clarity):
-.Bd -literal
-\& SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5
-\& CN=Steve Test
-\& emailAddress=steve@openssl.org
-\& 0.OU=OpenSSL Group
-\& 1.OU=Another Group
+A sample SPKAC file
+.Pq the SPKAC line has been truncated for clarity :
+.Bd -literal -offset indent
+SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK
+CN=Steve Test
+emailAddress=steve@openssl.org
+0.OU=OpenSSL Group
+1.OU=Another Group
 .Ed
 .Pp
 A sample configuration file with the relevant sections for
@@ -1053,29 +1150,29 @@ A sample configuration file with the relevant sections for
 .Bd -literal
 \& [ ca ]
 \& default_ca      = CA_default            # The default ca section
-.Pp
+
 \& [ CA_default ]
-.Pp
+
 \& dir            = ./demoCA              # top dir
 \& database       = $dir/index.txt        # index file
 \& new_certs_dir  = $dir/newcerts         # new certs dir
-.Pp
+
 \& certificate    = $dir/cacert.pem       # The CA cert
 \& serial         = $dir/serial           # serial no file
 \& private_key    = $dir/private/cakey.pem# CA private key
 \& RANDFILE       = $dir/private/.rand    # random number file
-.Pp
+
 \& default_days   = 365                   # how long to certify for
 \& default_crl_days= 30                   # how long before next CRL
 \& default_md     = md5                   # md to use
-.Pp
+
 \& policy         = policy_any            # default policy
 \& email_in_dn    = no                    # Don't add the email into cert DN
-.Pp
+
 \& nameopt        = default_ca            # Subject name display option
 \& certopt        = default_ca            # Certificate display option
-\& copy_extensions = none                 # Don't copy extensions from request
-.Pp
+\& copy_extensions = none                 #Don't copy extensions from request
+
 \& [ policy_any ]
 \& countryName            = supplied
 \& stateOrProvinceName    = optional
@@ -1087,9 +1184,9 @@ A sample configuration file with the relevant sections for
 .Sh CA FILES
 .Sy Note :
 the location of all files can change either by compile time options,
-configuration file entries, environment variables or command line options.
+configuration file entries, environment variables, or command line options.
 The values below reflect the default values.
-.Bd -literal
+.Bd -literal -offset indent
 /usr/local/ssl/lib/openssl.cnf - master configuration file
 \&./demoCA                       - main CA directory
 \&./demoCA/cacert.pem            - CA certificate
@@ -1102,7 +1199,7 @@ The values below reflect the default values.
 \&./demoCA/.rnd                  - CA random seed information
 .Ed
 .Sh CA ENVIRONMENT VARIABLES
-.Em OPENSSL_CONF
+.Ev OPENSSL_CONF
 reflects the location of the master configuration file;
 it can be overridden by the
 .Fl config
@@ -1133,7 +1230,8 @@ The
 .Nm ca
 command really needs rewriting or the required functionality
 exposed at either a command or interface level so a more friendly utility
-(perl script or GUI) can handle things properly.
+.Pq perl script or GUI
+can handle things properly.
 The scripts
 .Nm CA.sh
 and
@@ -1174,7 +1272,7 @@ command on the same database can have unpredictable results.
 The
 .Ar copy_extensions
 option should be used with caution.
-If care is not taken then it can be a security risk.
+If care is not taken, then it can be a security risk.
 For example, if a certificate request contains a
 .Em basicConstraints
 extension with CA:TRUE and the
@@ -1204,7 +1302,7 @@ to prevent a request supplying its own values.
 Additional restrictions can be placed on the CA certificate itself.
 For example if the CA certificate has:
 .Pp
-\& basicConstraints = CA:TRUE, pathlen:0
+.D1 basicConstraints = CA:TRUE, pathlen:0
 .Pp
 then even if a certificate is issued with CA:TRUE it will not be valid.
 .\"
@@ -1213,10 +1311,8 @@ then even if a certificate is issued with CA:TRUE it will not be valid.
 .Sh CIPHERS
 .Nm openssl ciphers
 .Op Fl v
-.Op Fl ssl2
-.Op Fl ssl3
-.Op Fl tls1
-.Op Cm cipherlist
+.Op Fl ssl2 | ssl3 | tls1
+.Op Ar cipherlist
 .Pp
 The
 .Nm cipherlist
@@ -1230,9 +1326,9 @@ The options are as follows:
 .It Fl v
 Verbose option.
 List ciphers with a complete description of protocol version
-(SSLv2 or SSLv3; the latter includes TLS), key exchange,
-authentication, encryption and mac algorithms used along with any key size
-restrictions and whether the algorithm is classed as an
+.Pq SSLv2 or SSLv3; the latter includes TLS ,
+key exchange, authentication, encryption and mac algorithms used along with
+any key size restrictions and whether the algorithm is classed as an
 .Em export
 cipher.
 Note that without the
@@ -1240,15 +1336,15 @@ Note that without the
 option, ciphers may seem to appear twice in a cipher list;
 this is when similar ciphers are available for
 SSL v2 and for SSL v3/TLS v1.
-.It Fl ssl3
-Only include SSL v3 ciphers.
 .It Fl ssl2
 Only include SSL v2 ciphers.
+.It Fl ssl3
+Only include SSL v3 ciphers.
 .It Fl tls1
 Only include TLS v1 ciphers.
-.It Fl h , ?
+.It Fl h , \&?
 Print a brief usage message.
-.It Fl cipherlist
+.It Ar cipherlist
 A cipher list to convert to a cipher preference list.
 If it is not included, then the default cipher list will be used.
 The format is described below.
@@ -1277,7 +1373,7 @@ represents all SSL v3 algorithms.
 Lists of cipher suites can be combined in a single
 .Em cipher string
 using the
-.Cm +
+.Sq +
 character.
 This is used as a logical
 .Em and
@@ -1287,32 +1383,33 @@ For example,
 represents all cipher suites containing the SHA1 and the DES algorithms.
 .Pp
 Each cipher string can be optionally preceded by the characters
-.Cm ! , -
+.Sq \&! ,
+.Sq - ,
 or
-.Cm + .
+.Sq + .
 .Pp
 If
-.Cm !
+.Sq !\&
 is used, then the ciphers are permanently deleted from the list.
 The ciphers deleted can never reappear in the list even if they are
 explicitly stated.
 .Pp
 If
-.Cm -
+.Sq -
 is used, then the ciphers are deleted from the list, but some or
 all of the ciphers can be added again by later options.
 .Pp
 If
-.Cm +
+.Sq +
 is used, then the ciphers are moved to the end of the list.
 This option doesn't add any new ciphers, it just moves matching existing ones.
 .Pp
 If none of these characters is present, then the string is just interpreted
 as a list of ciphers to be appended to the current preference list.
-If the list includes any ciphers already present they will be ignored;
+If the list includes any ciphers already present, they will be ignored;
 that is, they will not be moved to the end of the list.
 .Pp
-Additionally the cipher string
+Additionally, the cipher string
 .Em @STRENGTH
 can be used at any point to sort the current cipher list in order of
 encryption algorithm key length.
@@ -1349,29 +1446,35 @@ The cipher suites not enabled by
 currently being
 .Ar eNULL .
 .It Ar HIGH
-"High" encryption cipher suites.
+.Qq High
+encryption cipher suites.
 This currently means those with key lengths larger than 128 bits.
 .It Ar MEDIUM
-"Medium" encryption cipher suites, currently those using 128 bit encryption.
+.Qq Medium
+encryption cipher suites, currently those using 128-bit encryption.
 .It Ar LOW
-"Low" encryption cipher suites, currently those using 64 or 56 bit encryption
+.Qq Low
+encryption cipher suites, currently those using 64- or 56-bit encryption
 algorithms, but excluding export cipher suites.
 .It Ar EXP , EXPORT
 Export encryption algorithms.
-Including 40 and 56 bits algorithms.
+Including 40- and 56-bit algorithms.
 .It Ar EXPORT40
-40 bit export encryption algorithms
+40-bit export encryption algorithms
 .It Ar EXPORT56
-56 bit export encryption algorithms.
+56-bit export encryption algorithms.
 .It Ar eNULL , NULL
-The "NULL" ciphers; that is those offering no encryption.
-Because these offer no encryption at all and are a security risk
+The
+.Qq NULL
+ciphers; that is those offering no encryption.
+Because these offer no encryption at all and are a security risk,
 they are disabled unless explicitly included.
 .It Ar aNULL
 The cipher suites offering no authentication.
 This is currently the anonymous DH algorithms.
-These cipher suites are vulnerable to a "man in the middle"
-attack and so their use is normally discouraged.
+These cipher suites are vulnerable to a
+.Qq man in the middle
+attack, so their use is normally discouraged.
 .It Ar kRSA , RSA
 Cipher suites using RSA key exchange.
 .It Ar kEDH
@@ -1389,7 +1492,7 @@ Cipher suites effectively using DH authentication, i.e. the certificates carry
 DH keys.
 Not implemented.
 .It Ar kFZA , aFZA , eFZA , FZA
-Ciphers suites using FORTEZZA key exchange, authentication, encryption
+Cipher suites using FORTEZZA key exchange, authentication, encryption
 or all FORTEZZA algorithms.
 Not implemented.
 .It Ar TLSv1 , SSLv3 , SSLv2
@@ -1403,13 +1506,12 @@ Cipher suites using AES.
 .It Ar 3DES
 Cipher suites using triple DES.
 .It Ar DES
-Cipher suites using DES (not triple DES).
+Cipher suites using DES
+.Pq not triple DES .
 .It Ar RC4
 Cipher suites using RC4.
 .It Ar RC2
 Cipher suites using RC2.
-.It Ar IDEA
-Cipher suites using IDEA.
 .It Ar MD5
 Cipher suites using MD5.
 .It Ar SHA1 , SHA
@@ -1423,122 +1525,111 @@ equivalents.
 It should be noted that several cipher suite names do not include the
 authentication used, e.g. DES-CBC3-SHA.
 In these cases, RSA authentication is used.
-.Pp
-.Sy "SSL v3.0 cipher suites"
-.Bd -literal
- SSL_RSA_WITH_NULL_MD5                   NULL-MD5
- SSL_RSA_WITH_NULL_SHA                   NULL-SHA
- SSL_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
- SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
- SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
- SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
- SSL_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
- SSL_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
- SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
-.Ed
-.Bd -literal
- SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
- SSL_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
- SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
- SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
- SSL_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
- SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
- SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
- SSL_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
- SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
- SSL_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
-.Ed
-.Bd -literal
- SSL_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
- SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
- SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
- SSL_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
- SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
-.Ed
-.Bd -literal
- SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
- SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
- SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
-.Ed
-.Pp
-.Sy "TLS v1.0 cipher suites"
-.Bd -literal
- TLS_RSA_WITH_NULL_MD5                   NULL-MD5
- TLS_RSA_WITH_NULL_SHA                   NULL-SHA
- TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
- TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
- TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
- TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
- TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
- TLS_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
-.Ed
-.Bd -literal
- TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
- TLS_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
- TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
- TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
- TLS_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
- TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
- TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
- TLS_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
- TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
- TLS_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
+.Ss SSL v3.0 cipher suites
+.Bd -unfilled -offset indent
+SSL_RSA_WITH_NULL_MD5                   NULL-MD5
+SSL_RSA_WITH_NULL_SHA                   NULL-SHA
+SSL_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
+SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
+SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
+SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
+SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+SSL_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
+SSL_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
+SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+SSL_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
+SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+SSL_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
+SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
+SSL_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
+SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
+SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
+SSL_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
+SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
+
+SSL_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
+SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
+SSL_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
+SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+
+SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
+SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
+SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
 .Ed
-.Bd -literal
- TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
- TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
- TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
- TLS_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+.Ss TLS v1.0 cipher suites
+.Bd -unfilled -offset indent
+TLS_RSA_WITH_NULL_MD5                   NULL-MD5
+TLS_RSA_WITH_NULL_SHA                   NULL-SHA
+TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
+TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
+TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
+TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
+TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
+TLS_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
+TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+TLS_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
+TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+TLS_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
+TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
+TLS_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
+TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
+TLS_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
+
+TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
+TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
+TLS_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
+TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
 .Ed
-.Pp
-.Sy "AES ciphersuites from RFC 3268, extending TLS v1.0"
-.Bd -literal
- TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
- TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
+.Ss AES ciphersuites from RFC 3268, extending TLS v1.0
+.Bd -unfilled -offset indent
+TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
+TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
 
- TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
- TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
- TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
- TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
+TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
+TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
+TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
+TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
 
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
+TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
+TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
+TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
+TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
 
- TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
- TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
+TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
+TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
 .Ed
-.Pp
-.Sy "Additional Export 1024 and other cipher suites"
-.Pp
+.Ss Additional Export 1024 and other cipher suites
 .Sy Note :
 These ciphers can also be used in SSL v3.
-.Bd -literal
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     EXP1024-DES-CBC-SHA
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      EXP1024-RC4-SHA
- TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
- TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  EXP1024-DHE-DSS-RC4-SHA
- TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
+.Bd -unfilled -offset indent
+TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     EXP1024-DES-CBC-SHA
+TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      EXP1024-RC4-SHA
+TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
+TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  EXP1024-DHE-DSS-RC4-SHA
+TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
 .Ed
-.Pp
-.Sy "SSL v2.0 cipher suites"
-.Bd -literal
- SSL_CK_RC4_128_WITH_MD5                 RC4-MD5
- SSL_CK_RC4_128_EXPORT40_WITH_MD5        EXP-RC4-MD5
- SSL_CK_RC2_128_CBC_WITH_MD5             RC2-MD5
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    EXP-RC2-MD5
- SSL_CK_IDEA_128_CBC_WITH_MD5            IDEA-CBC-MD5
- SSL_CK_DES_64_CBC_WITH_MD5              DES-CBC-MD5
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5        DES-CBC3-MD5
+.Ss SSL v2.0 cipher suites
+.Bd -unfilled -offset indent
+SSL_CK_RC4_128_WITH_MD5                 RC4-MD5
+SSL_CK_RC4_128_EXPORT40_WITH_MD5        EXP-RC4-MD5
+SSL_CK_RC2_128_CBC_WITH_MD5             RC2-MD5
+SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    EXP-RC2-MD5
+SSL_CK_IDEA_128_CBC_WITH_MD5            IDEA-CBC-MD5
+SSL_CK_DES_64_CBC_WITH_MD5              DES-CBC-MD5
+SSL_CK_DES_192_EDE3_CBC_WITH_MD5        DES-CBC3-MD5
 .Ed
 .Sh CIPHERS NOTES
 The non-ephemeral DH modes are currently unimplemented in
@@ -1554,25 +1645,25 @@ Verbose listing of all
 .Nm OpenSSL
 ciphers including NULL ciphers:
 .Pp
-\& $ openssl ciphers -v 'ALL:eNULL'
+.Dl $ openssl ciphers -v 'ALL:eNULL'
 .Pp
 Include all ciphers except NULL and anonymous DH then sort by
 strength:
 .Pp
-\& $ openssl ciphers -v 'ALL:!ADH:@STRENGTH'
+.Dl $ openssl ciphers -v 'ALL:!ADH:@STRENGTH'
 .Pp
 Include only 3DES ciphers and then place RSA ciphers last:
 .Pp
-\& $ openssl ciphers -v '3DES:+RSA'
+.Dl $ openssl ciphers -v '3DES:+RSA'
 .Pp
 Include all RC4 ciphers but leave out those without authentication:
 .Pp
-\& $ openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
+.Dl $ openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
 .Pp
 Include all ciphers with RSA authentication but leave out ciphers without
 encryption:
 .Pp
-\& $ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
+.Dl $ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
 .Sh CIPHERS HISTORY
 The
 .Ar COMPLENTOFALL
@@ -1584,18 +1675,21 @@ selection options were added in version 0.9.7.
 .\"
 .Sh CRL
 .Nm openssl crl
-.Op Fl inform Ar PEM|DER
-.Op Fl outform Ar PEM|DER
+.Bk -words
+.Op Fl inform Ar DER | PEM
+.Op Fl outform Ar DER | PEM
 .Op Fl text
 .Op Fl in Ar filename
 .Op Fl out Ar filename
 .Op Fl noout
 .Op Fl hash
+.Op Fl fingerprint
 .Op Fl issuer
 .Op Fl lastupdate
 .Op Fl nextupdate
 .Op Cm CAfile Ar file
 .Op Cm CApath Ar dir
+.Ek
 .Pp
 The
 .Nm crl
@@ -1607,14 +1701,14 @@ format.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl inform Ar DER|PEM
+.It Fl inform Ar DER | PEM
 This specifies the input format.
 .Ar DER
-format is DER encoded CRL structure.
+format is a DER encoded CRL structure.
 .Ar PEM
-(the default) is a base64 encoded version of the DER form with header
-and footer lines.
-.It Fl outform Ar DER|PEM
+.Pq the default
+is a base64 encoded version of the DER form with header and footer lines.
+.It Fl outform Ar DER | PEM
 This specifies the output format; the options have the same meaning as the
 .Fl inform
 option.
@@ -1631,6 +1725,8 @@ Don't output the encoded version of the CRL.
 .It Fl hash
 Output a hash of the issuer name.
 This can be used to lookup CRLs in a directory by issuer name.
+.It Fl fingerprint
+Print the CRL fingerprint.
 .It Fl issuer
 Output the issuer name.
 .It Fl lastupdate
@@ -1654,9 +1750,9 @@ should be linked to each certificate.
 .El
 .Sh CRL NOTES
 The PEM CRL format uses the header and footer lines:
-.Bd -literal
-\& -----BEGIN X509 CRL-----
-\& -----END X509 CRL-----
+.Bd -unfilled -offset indent
+-----BEGIN X509 CRL-----
+-----END X509 CRL-----
 .Ed
 .Sh CRL EXAMPLES
 Convert a CRL file from
@@ -1664,23 +1760,23 @@ Convert a CRL file from
 to
 .Ar DER :
 .Pp
-\& $ openssl crl -in crl.pem -outform DER -out crl.der
+.Dl $ openssl crl -in crl.pem -outform DER -out crl.der
 .Pp
 Output the text form of a
 .Ar DER
 encoded certificate:
 .Pp
-\& $ openssl crl -in crl.der -text -noout
+.Dl $ openssl crl -in crl.der -text -noout
 .Sh CRL BUGS
-Ideally it should be possible to create a CRL using appropriate options
+Ideally, it should be possible to create a CRL using appropriate options
 and files too.
 .\"
 .\" CRL2PKCS7
 .\"
 .Sh CRL2PKCS7
 .Nm openssl crl2pkcs7
-.Op Fl inform Ar PEM|DER
-.Op Fl outform Ar PEM|DER
+.Op Fl inform Ar DER | PEM
+.Op Fl outform Ar DER | PEM
 .Op Fl in Ar filename
 .Op Fl out Ar filename
 .Op Fl certfile Ar filename
@@ -1690,24 +1786,25 @@ The
 .Nm crl2pkcs7
 command takes an optional CRL and one or more
 certificates and converts them into a PKCS#7 degenerate
-"certificates only" structure.
+.Qq certificates only
+structure.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl inform Ar DER|PEM
+.It Fl inform Ar DER | PEM
 This specifies the CRL input format.
 .Ar DER
-format is DER encoded CRL structure.
+format is a DER encoded CRL structure.
 .Ar PEM
-(the default) is a base64 encoded version of the DER form with header
-and footer lines.
-.It Fl outform Ar DER|PEM
+.Pq the default
+is a base64 encoded version of the DER form with header and footer lines.
+.It Fl outform Ar DER | PEM
 This specifies the PKCS#7 structure output format.
 .Ar DER
-format is DER encoded PKCS#7 structure.
+format is a DER encoded PKCS#7 structure.
 .Ar PEM
-(the default) is a base64 encoded version of the DER form with header
-and footer lines.
+.Pq the default
+is a base64 encoded version of the DER form with header and footer lines.
 .It Fl in Ar filename
 This specifies the input
 .Ar filename
@@ -1723,25 +1820,25 @@ containing one or more certificates in
 .Ar PEM
 format.
 All certificates in the file will be added to the PKCS#7 structure.
-This option can be used more than once to read certificates form multiple
+This option can be used more than once to read certificates from multiple
 files.
 .It Fl nocrl
-Normally a CRL is included in the output file.
+Normally, a CRL is included in the output file.
 With this option, no CRL is
 included in the output file and a CRL is not read from the input file.
 .El
 .Sh CRL2PKCS7 EXAMPLES
 Create a PKCS#7 structure from a certificate and CRL:
 .Pp
-\& $ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
+.Dl $ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
 .Pp
-Creates a PKCS#7 structure in
+Create a PKCS#7 structure in
 .Ar DER
 format with no CRL from several
 different certificates:
-.Bd -literal
-\& $ openssl crl2pkcs7 -nocrl -certfile newcert.pem
-\&         -certfile demoCA/cacert.pem -outform DER -out p7.der
+.Bd -literal -offset indent
+$ openssl crl2pkcs7 -nocrl -certfile newcert.pem \e
+        -certfile demoCA/cacert.pem -outform DER -out p7.der
 .Ed
 .Sh CRL2PKCS7 NOTES
 The output file is a PKCS#7 signed data structure containing no signers and
@@ -1762,7 +1859,11 @@ install user certificates and CAs in MSIE using the Xenroll control.
 .\"
 .Sh DGST
 .Nm openssl dgst
-.Op Cm -md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1
+.Bk -words
+.Oo
+.Fl md5 | md4 | md2 | sha1 |
+.Fl sha | ripemd160 | dss1
+.Oc
 .Op Fl c
 .Op Fl d
 .Op Fl hex
@@ -1773,9 +1874,16 @@ install user certificates and CAs in MSIE using the Xenroll control.
 .Op Fl prverify Ar filename
 .Op Fl rand Ar file ...
 .Op Fl signature Ar filename
+.Op Fl engine Ar id
+.Op Fl keyform Ar PEM | ENGINE
 .Op Ar file ...
+.Ek
 .Pp
-.Cm md5|md4|md2|sha1|sha|mdc2|ripemd160
+.Nm openssl
+.Xo
+.Cm md5 | md4 | md2 | sha1 |
+.Cm sha | ripemd160
+.Xc
 .Op Fl c
 .Op Fl d
 .Op Ar file ...
@@ -1790,14 +1898,15 @@ They can also be used for digital signing and verification.
 The options are as follows:
 .Bl -tag -width "XXXX"
 .It Fl c
-Print out the digest in two digit groups separated by colons, only relevant if
+Print out the digest in two-digit groups separated by colons; only relevant if
 .Em hex
 format output is used.
 .It Fl d
 Print out BIO debugging information.
 .It Fl hex
 Digest is to be output as a hex dump.
-This is the default case for a "normal"
+This is the default case for a
+.Qq normal
 digest as opposed to a digital signature.
 .It Fl binary
 Output the digest or signature in binary form.
@@ -1809,28 +1918,31 @@ Digitally sign the digest using the private key in
 .It Fl verify Ar filename
 Verify the signature using the public key in
 .Ar filename .
-The output is either "Verification OK" or "Verification Failure".
+The output is either
+.Qq Verification OK
+or
+.Qq Verification Failure .
 .It Fl prverify Ar filename
 Verify the signature using the private key in
 .Ar filename .
 .It Fl rand Ar file ...
-A
-.Ar file
-or
-.Ar file Ns Li s
-containing random data used to seed the random number
+A file or files containing random data used to seed the random number
 generator, or an EGD socket (see
 .Xr RAND_egd 3 ) .
-Multiple files can be specified separated by an OS-dependent character.
-The separator is
-.Cm \&;
-for MS-Windows,
-.Cm \&,
-for OpenVMS, and
-.Cm \&:
-for all others.
+Multiple files can be specified separated by a
+.Sq \&: .
 .It Fl signature Ar filename
 The actual signature to verify.
+.It Fl engine Ar id
+Specifying an engine (by it's unique
+.Ar id
+string) will cause
+.Nm dgst
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed.
+The engine will then be set as the default for all available algorithms.
+.It Fl keyform Ar PEM | ENGINE
+Key file format.
 .It Ar file ...
 File or files to digest.
 If no files are specified then standard input is used.
@@ -1839,7 +1951,7 @@ If no files are specified then standard input is used.
 The digest of choice for all new applications is SHA1.
 Other digests are, however, still widely used.
 .Pp
-If you wish to sign or verify data using the DSA algorithm then the dss1
+If you wish to sign or verify data using the DSA algorithm, then the dss1
 digest must be used.
 .Pp
 A source of random numbers is required for certain signing algorithms, in
@@ -1851,7 +1963,8 @@ being signed or verified.
 .\" DH
 .\"
 .Sh DH
-Diffie-Hellman Parameter Management. The
+Diffie-Hellman Parameter Management.
+The
 .Nm dh
 command has been replaced by
 .Nm dhparam .
@@ -1864,16 +1977,15 @@ below.
 .Sh DHPARAM
 .Nm openssl dhparam
 .Bk -words
-.Op Fl inform Ar DER|PEM
-.Op Fl outform Ar DER|PEM
+.Op Fl inform Ar DER | PEM
+.Op Fl outform Ar DER | PEM
 .Op Fl in Ar filename
 .Op Fl out Ar filename
 .Op Fl dsaparam
 .Op Fl noout
 .Op Fl text
 .Op Fl C
-.Op Fl 2
-.Op Fl 5
+.Op Fl 2 | 5
 .Op Fl rand Ar file ...
 .Op Fl engine Ar id
 .Op Ar numbits
@@ -1885,7 +1997,7 @@ command is used to manipulate DH parameter files.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl inform Ar DER|PEM
+.It Fl inform Ar DER | PEM
 This specifies the input format.
 The argument
 .Ar DER
@@ -1896,8 +2008,8 @@ The
 form is the default format:
 it consists of the DER format base64 encoded with
 additional header and footer lines.
-.It Fl outform Ar DER|PEM
-This specifies the output format, the options have the same meaning as the
+.It Fl outform Ar DER | PEM
+This specifies the output format; the options have the same meaning as the
 .Fl inform
 option.
 .It Fl in Ar filename
@@ -1915,7 +2027,10 @@ be the same as the input filename.
 .It Fl dsaparam
 If this option is used, DSA rather than DH parameters are read or created;
 they are converted to DH format.
-Otherwise, "strong" primes (such that (p-1)/2 is also prime)
+Otherwise,
+.Qq strong
+primes
+.Pq such that (p-1)/2 is also prime
 will be used for DH parameter generation.
 .Pp
 DH parameter generation with the
@@ -1929,29 +2044,19 @@ avoid small-subgroup attacks that may be possible otherwise.
 .It Fl 2 , 5
 The generator to use, either 2 or 5.
 2 is the default.
-If present then the input file is ignored and parameters are generated instead.
+If present, then the input file is ignored and parameters are generated instead.
 .It Fl rand Ar file ...
-A
-.Ar file
-or
-.Ar file Ns Li s
-containing random data used to seed the random number generator,
+A file or files containing random data used to seed the random number generator,
 or an EGD socket (see
 .Xr RAND_egd 3 ) .
-Multiple files can be specified, separated by an OS-dependent character.
-The separator is
-.Cm \&;
-for MS-Windows,
-.Cm \&,
-for OpenVMS, and
-.Cm \&:
-for all others.
+Multiple files can be specified, separated by a
+.Sq \&: .
 .It Ar numbits
 This argument specifies that a parameter set should be generated of size
 .Ar numbits .
 It must be the last option.
 If not present, then a value of 512 is used.
-If this value is present then the input file is ignored and
+If this value is present, then the input file is ignored and
 parameters are generated instead.
 .It Fl noout
 This option inhibits the output of the encoded version of the parameters.
@@ -1966,7 +2071,7 @@ function.
 Specifying an engine (by it's unique
 .Ar id
 string) will cause
-.Nm req
+.Nm dhparam
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default for all available algorithms.
@@ -1992,9 +2097,9 @@ versions of
 .Sh DHPARAM NOTES
 .Ar PEM
 format DH parameters use the header and footer lines:
-.Bd -literal
-\& -----BEGIN DH PARAMETERS-----
-\& -----END DH PARAMETERS-----
+.Bd -unfilled -offset indent
+-----BEGIN DH PARAMETERS-----
+-----END DH PARAMETERS-----
 .Ed
 .Pp
 .Nm OpenSSL
@@ -2021,20 +2126,21 @@ option was added in
 .Sh DSA
 .Nm openssl dsa
 .Bk -words
-.Op Fl inform Ar PEM|DER
-.Op Fl outform Ar PEM|DER
+.Op Fl inform Ar DER | PEM
+.Op Fl outform Ar DER | PEM
 .Op Fl in Ar filename
 .Op Fl passin Ar arg
 .Op Fl out Ar filename
 .Op Fl passout Ar arg
-.Op Fl des
-.Op Fl des3
-.Op Fl idea
+.Op Fl pubin
+.Op Fl pubout
+.Oo
+.Fl des | des3 | aes128 | aes192 |
+.Fl aes256
+.Oc
 .Op Fl text
 .Op Fl noout
 .Op Fl modulus
-.Op Fl pubin
-.Op Fl pubout
 .Op Fl engine Ar id
 .Ek
 .Pp
@@ -2053,17 +2159,18 @@ command.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl inform Ar DER|PEM
+.It Fl inform Ar DER | PEM
 This specifies the input format.
 The
 .Ar DER
 argument with a private key uses an ASN1 DER encoded form of an ASN.1
-SEQUENCE consisting of the values of version (currently zero), p, q, g,
-the public and private key components respectively as ASN.1 INTEGERs.
+SEQUENCE consisting of the values of version
+.Pq currently zero ,
+p, q, g,
+the public and private key components, respectively, as ASN.1 INTEGERs.
 When used with a public key it uses a
 .Em SubjectPublicKeyInfo
-structure:
-It is an error if the key is not DSA.
+structure: it is an error if the key is not DSA.
 .Pp
 The
 .Ar PEM
@@ -2071,19 +2178,19 @@ form is the default format:
 It consists of the DER format base64
 encoded with additional header and footer lines.
 In the case of a private key, PKCS#8 format is also accepted.
-.It Fl outform Ar DER|PEM
-This specifies the output format, the options have the same meaning as the
+.It Fl outform Ar DER | PEM
+This specifies the output format; the options have the same meaning as the
 .Fl inform
 option.
 .It Fl in Ar filename
 This specifies the input
 .Ar filename
 to read a key from or standard input if this option is not specified.
-If the key is encrypted a pass phrase will be prompted for.
+If the key is encrypted, a pass phrase will be prompted for.
 .It Fl passin Ar arg
 The input file password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
@@ -2099,13 +2206,16 @@ be the same as the input filename.
 .It Fl passout Ar arg
 The output file password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
-.It Cm -des|-des3|-idea
+.It Xo
+.Fl des | des3 | aes128 |
+.Fl aes192 | aes256
+.Xc
 These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers, respectively, before outputting it.
+AES ciphers, respectively, before outputting it.
 A pass phrase is prompted for.
 If none of these options is specified, the key is written in plain text.
 This means that using the
@@ -2118,23 +2228,23 @@ These options can only be used with
 .Ar PEM
 format output files.
 .It Fl text
-Prints out the public, private key components and parameters.
+Prints out the public/private key components and parameters.
 .It Fl noout
 This option prevents output of the encoded version of the key.
 .It Fl modulus
 This option prints out the value of the public key component of the key.
 .It Fl pubin
-By default a private key is read from the input file.
+By default, a private key is read from the input file.
 With this option a public key is read instead.
 .It Fl pubout
-By default a private key is output.
+By default, a private key is output.
 With this option a public key will be output instead.
 This option is automatically set if the input is a public key.
 .It Fl engine Ar id
 Specifying an engine (by it's unique
 .Ar id
 string) will cause
-.Nm req
+.Nm dsa
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default for all available algorithms.
@@ -2143,46 +2253,46 @@ The engine will then be set as the default for all available algorithms.
 The
 .Ar PEM
 private key format uses the header and footer lines:
-.Bd -literal
-\& -----BEGIN DSA PRIVATE KEY-----
-\& -----END DSA PRIVATE KEY-----
+.Bd -unfilled -offset indent
+-----BEGIN DSA PRIVATE KEY-----
+-----END DSA PRIVATE KEY-----
 .Ed
 .Pp
 The
 .Ar PEM
 public key format uses the header and footer lines:
-.Bd -literal
-\& -----BEGIN PUBLIC KEY-----
-\& -----END PUBLIC KEY-----
+.Bd -unfilled -offset indent
+-----BEGIN PUBLIC KEY-----
+-----END PUBLIC KEY-----
 .Ed
 .Sh DSA EXAMPLES
 To remove the pass phrase on a DSA private key:
 .Pp
-\& $ openssl dsa -in key.pem -out keyout.pem
+.Dl $ openssl dsa -in key.pem -out keyout.pem
 .Pp
 To encrypt a private key using triple DES:
 .Pp
-\& $ openssl dsa -in key.pem -des3 -out keyout.pem
+.Dl $ openssl dsa -in key.pem -des3 -out keyout.pem
 .Pp
 To convert a private key from PEM to DER format:
 .Pp
-\& $ openssl dsa -in key.pem -outform DER -out keyout.der
+.Dl $ openssl dsa -in key.pem -outform DER -out keyout.der
 .Pp
 To print out the components of a private key to standard output:
 .Pp
-\& $ openssl dsa -in key.pem -text -noout
+.Dl $ openssl dsa -in key.pem -text -noout
 .Pp
 To just output the public part of a private key:
 .Pp
-\& $ openssl dsa -in key.pem -pubout -out pubkey.pem
+.Dl $ openssl dsa -in key.pem -pubout -out pubkey.pem
 .\"
 .\" DSAPARAM
 .\"
 .Sh DSAPARAM
 .Nm openssl dsaparam
 .Bk -words
-.Op Fl inform Ar DER|PEM
-.Op Fl outform Ar DER|PEM
+.Op Fl inform Ar DER | PEM
+.Op Fl outform Ar DER | PEM
 .Op Fl in Ar filename
 .Op Fl out Ar filename
 .Op Fl noout
@@ -2196,22 +2306,23 @@ To just output the public part of a private key:
 .Pp
 The
 .Nm dsaparam
-command is used to manipulate or generate \s-1DSA\s0 parameter files.
+command is used to manipulate or generate DSA parameter files.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl inform Ar DER|PEM
+.It Fl inform Ar DER | PEM
 This specifies the input format.
 The
 .Ar DER
-argument uses an ASN1 DER encoded form compatible with RFC 2459 (PKIX)
+argument uses an ASN1 DER encoded form compatible with RFC 2459
+.Pq PKIX
 DSS-Parms that is a SEQUENCE consisting of p, q and g, respectively.
 The
 .Ar PEM
 form is the default format:
 it consists of the DER format base64 encoded with additional header
 and footer lines.
-.It Fl outform Ar DER|PEM
+.It Fl outform Ar DER | PEM
 This specifies the output format; the options have the same meaning as the
 .Fl inform
 option.
@@ -2221,7 +2332,7 @@ This specifies the input
 to read parameters from, or standard input if this option is not specified.
 If the
 .Ar numbits
-parameter is included then this option will be ignored.
+parameter is included, then this option will be ignored.
 .It Fl out Ar filename
 This specifies the output
 .Ar filename
@@ -2243,31 +2354,23 @@ function.
 This option will generate a DSA either using the specified or generated
 parameters.
 .It Fl rand Ar file ...
-A
-.Ar file
-or
-.Ar file Ns Li s
-containing random data used to seed the random number
+A file or files containing random data used to seed the random number
 generator, or an EGD socket (see
 .Xr RAND_egd 3 ) .
-Multiple files can be specified, separated by an OS-dependent character.
-The separator is
-.Cm \&;
-for MS-Windows,
-.Cm \&,
-for OpenVMS, and
-.Cm \&:
-for all others.
+Multiple files can be specified, separated by a
+.Sq \&: .
 .It Ar numbits
 This option specifies that a parameter set should be generated of size
 .Ar numbits .
 It must be the last option.
-If this option is included, then the input file (if any) is ignored.
+If this option is included, then the input file
+.Pq if any
+is ignored.
 .It Fl engine Ar id
 Specifying an engine (by it's unique
 .Ar id
 string) will cause
-.Nm req
+.Nm dsaparam
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default for all available algorithms.
@@ -2275,9 +2378,9 @@ The engine will then be set as the default for all available algorithms.
 .Sh DSAPARAM NOTES
 .Ar PEM
 format DSA parameters use the header and footer lines:
-.Bd -literal
-\& -----BEGIN DSA PARAMETERS-----
-\& -----END DSA PARAMETERS-----
+.Bd -unfilled -offset indent
+-----BEGIN DSA PARAMETERS-----
+-----END DSA PARAMETERS-----
 .Ed
 .Pp
 DSA parameter generation is a slow process and as a result the same set of
@@ -2287,16 +2390,20 @@ DSA parameters is often used to generate several distinct keys.
 .\"
 .Sh ENC
 .Nm openssl enc
+.Bk -words
 .Fl ciphername
 .Op Fl in Ar filename
 .Op Fl out Ar filename
 .Op Fl pass Ar arg
+.Op Fl salt
+.Op Fl nosalt
 .Op Fl e
 .Op Fl d
 .Op Fl a
 .Op Fl A
 .Op Fl k Ar password
 .Op Fl kfile Ar filename
+.Op Fl S Ar salt
 .Op Fl K Ar key
 .Op Fl iv Ar IV
 .Op Fl p
@@ -2304,11 +2411,14 @@ DSA parameters is often used to generate several distinct keys.
 .Op Fl bufsize Ar number
 .Op Fl nopad
 .Op Fl debug
+.Op Fl engine Ar id
+.Ek
 .Pp
 The symmetric cipher commands allow data to be encrypted or decrypted
 using various block and stream ciphers using keys based on passwords
-or explicitly provided. Base64 encoding or decoding can also be performed
-either by itself or in addition to the encryption or decryption.
+or explicitly provided.
+Base64 encoding or decoding can also be performed either by itself
+or in addition to the encryption or decryption.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
@@ -2323,7 +2433,7 @@ standard output by default.
 .It Fl pass Ar arg
 The password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
@@ -2443,6 +2553,14 @@ Set the buffer size for I/O.
 Disable standard block padding.
 .It Fl debug
 Debug the BIOs used for I/O.
+.It Fl engine Ar id
+Specifying an engine (by it's unique
+.Ar id
+string) will cause
+.Nm enc
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed.
+The engine will then be set as the default for all available algorithms.
 .El
 .Sh ENC NOTES
 The program can be called either as
@@ -2493,111 +2611,109 @@ this allows a rudimentary integrity or password check to be performed.
 However, since the chance of random data passing the test is
 better than 1 in 256, it isn't a very good test.
 .Pp
-If padding is disabled then the input data must be a multiple of the cipher
+If padding is disabled, then the input data must be a multiple of the cipher
 block length.
 .Pp
 All RC2 ciphers have the same key and effective key length.
 .Pp
-Blowfish and RC5 algorithms use a 128 bit key.
+Blowfish and RC5 algorithms use a 128-bit key.
 .Sh ENC SUPPORTED CIPHERS
-.Bd -literal
-\& base64             Base 64
-.Ed
-.Bd -literal
-\& bf-cbc             Blowfish in CBC mode
-\& bf                 Alias for bf-cbc
-\& bf-cfb             Blowfish in CFB mode
-\& bf-ecb             Blowfish in ECB mode
-\& bf-ofb             Blowfish in OFB mode
-.Ed
-.Bd -literal
-\& cast-cbc           CAST in CBC mode
-\& cast               Alias for cast-cbc
-\& cast5-cbc          CAST5 in CBC mode
-\& cast5-cfb          CAST5 in CFB mode
-\& cast5-ecb          CAST5 in ECB mode
-\& cast5-ofb          CAST5 in OFB mode
-.Ed
-.Bd -literal
-\& des-cbc            DES in CBC mode
-\& des                Alias for des-cbc
-\& des-cfb            DES in CBC mode
-\& des-ofb            DES in OFB mode
-\& des-ecb            DES in ECB mode
-.Ed
-.Bd -literal
-\& des-ede-cbc        Two key triple DES EDE in CBC mode
-\& des-ede            Alias for des-ede
-\& des-ede-cfb        Two key triple DES EDE in CFB mode
-\& des-ede-ofb        Two key triple DES EDE in OFB mode
-.Ed
-.Bd -literal
-\& des-ede3-cbc       Three key triple DES EDE in CBC mode
-\& des-ede3           Alias for des-ede3-cbc
-\& des3               Alias for des-ede3-cbc
-\& des-ede3-cfb       Three key triple DES EDE CFB mode
-\& des-ede3-ofb       Three key triple DES EDE in OFB mode
-.Ed
-.Bd -literal
-\& desx               DESX algorithm.
-.Ed
-.Bd -literal
-\& idea-cbc           IDEA algorithm in CBC mode
-\& idea               same as idea-cbc
-\& idea-cfb           IDEA in CFB mode
-\& idea-ecb           IDEA in ECB mode
-\& idea-ofb           IDEA in OFB mode
-.Ed
-.Bd -literal
-\& rc2-cbc            128 bit RC2 in CBC mode
-\& rc2                Alias for rc2-cbc
-\& rc2-cfb            128 bit RC2 in CBC mode
-\& rc2-ecb            128 bit RC2 in CBC mode
-\& rc2-ofb            128 bit RC2 in CBC mode
-\& rc2-64-cbc         64 bit RC2 in CBC mode
-\& rc2-40-cbc         40 bit RC2 in CBC mode
-.Ed
-.Bd -literal
-\& rc4                128 bit RC4
-\& rc4-64             64 bit RC4
-\& rc4-40             40 bit RC4
-.Ed
-.Bd -literal
-\& rc5-cbc            RC5 cipher in CBC mode
-\& rc5                Alias for rc5-cbc
-\& rc5-cfb            RC5 cipher in CBC mode
-\& rc5-ecb            RC5 cipher in CBC mode
-\& rc5-ofb            RC5 cipher in CBC mode
+.Bd -unfilled -offset indent
+aes-128-cbc        128-bit AES in CBC mode
+aes128             Alias for aes-128-cbc
+aes-128-cfb        128-bit AES in CFB mode
+aes-128-ecb        128-bit AES in ECB mode
+aes-128-ofb        128-bit AES in OFB mode
+
+aes-192-cbc        192-bit AES in CBC mode
+aes192             Alias for aes-192-cbc
+aes-192-cfb        192-bit AES in CFB mode
+aes-192-ecb        192-bit AES in ECB mode
+aes-192-ofb        192-bit AES in OFB mode
+
+aes-256-cbc        256-bit AES in CBC mode
+aes256             Alias for aes-256-cbc
+aes-256-cfb        256-bit AES in CFB mode
+aes-256-ecb        256-bit AES in ECB mode
+aes-256-ofb        256-bit AES in OFB mode
+
+base64             Base 64
+
+bf-cbc             Blowfish in CBC mode
+bf                 Alias for bf-cbc
+blowfish           Alias for bf-cbc
+bf-cfb             Blowfish in CFB mode
+bf-ecb             Blowfish in ECB mode
+bf-ofb             Blowfish in OFB mode
+
+cast-cbc           CAST in CBC mode
+cast               Alias for cast-cbc
+cast5-cbc          CAST5 in CBC mode
+cast5-cfb          CAST5 in CFB mode
+cast5-ecb          CAST5 in ECB mode
+cast5-ofb          CAST5 in OFB mode
+
+des-cbc            DES in CBC mode
+des                Alias for des-cbc
+des-cfb            DES in CBC mode
+des-ofb            DES in OFB mode
+des-ecb            DES in ECB mode
+
+des-ede-cbc        Two key triple DES EDE in CBC mode
+des-ede            Alias for des-ede
+des-ede-cfb        Two key triple DES EDE in CFB mode
+des-ede-ofb        Two key triple DES EDE in OFB mode
+
+des-ede3-cbc       Three key triple DES EDE in CBC mode
+des-ede3           Alias for des-ede3-cbc
+des3               Alias for des-ede3-cbc
+des-ede3-cfb       Three key triple DES EDE CFB mode
+des-ede3-ofb       Three key triple DES EDE in OFB mode
+
+desx-cbc           DESX algorithm
+desx               Alias for desx-cbc
+
+rc2-cbc            128-bit RC2 in CBC mode
+rc2                Alias for rc2-cbc
+rc2-cfb            128-bit RC2 in CBC mode
+rc2-ecb            128-bit RC2 in CBC mode
+rc2-ofb            128-bit RC2 in CBC mode
+rc2-64-cbc         64-bit RC2 in CBC mode
+rc2-40-cbc         40-bit RC2 in CBC mode
+
+rc4                128-bit RC4
+rc4-40             40-bit RC4
 .Ed
 .Sh ENC EXAMPLES
 Just base64 encode a binary file:
 .Pp
-\& $ openssl base64 -in file.bin -out file.b64
+.Dl $ openssl base64 -in file.bin -out file.b64
 .Pp
 Decode the same file:
 .Pp
-\& $ openssl base64 -d -in file.b64 -out file.bin
+.Dl $ openssl base64 -d -in file.b64 -out file.bin
 .Pp
 Encrypt a file using triple DES in CBC mode using a prompted password:
 .Pp
-\& $ openssl des3 -salt -in file.txt -out file.des3
+.Dl $ openssl des3 -salt -in file.txt -out file.des3
 .Pp
 Decrypt a file using a supplied password:
 .Pp
-\& $ openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword
+.Dl "$ openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword"
 .Pp
-Encrypt a file then base64 encode it (so it can be sent via mail for example)
+Encrypt a file then base64 encode it
+(so it can be sent via mail for example)
 using Blowfish in CBC mode:
 .Pp
-\& $ openssl bf -a -salt -in file.txt -out file.bf
+.Dl $ openssl bf -a -salt -in file.txt -out file.bf
 .Pp
 Base64 decode a file then decrypt it:
 .Pp
-\& $ openssl bf -d -salt -a -in file.bf -out file.txt
+.Dl "$ openssl bf -d -salt -a -in file.bf -out file.txt"
 .Pp
-Decrypt some data using a supplied 40 bit RC4 key:
+Decrypt some data using a supplied 40-bit RC4 key:
 .Pp
-\& $ openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
+.Dl $ openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
 .Sh ENC BUGS
 The
 .Fl A
@@ -2616,12 +2732,13 @@ or RC4 with an 84-bit key with this program.
 .Sh ERRSTR
 The
 .Nm errstr
-utility is undocumented.
+utility is currently undocumented.
 .\"
 .\" GENDH
 .\"
 .Sh GENDH
-Generation of Diffie-Hellman Parameters. Replaced by
+Generation of Diffie-Hellman Parameters.
+Replaced by
 .Nm dhparam .
 See
 .Sx DHPARAM
@@ -2631,49 +2748,45 @@ above.
 .\"
 .Sh GENDSA
 .Nm openssl gendsa
+.Bk -words
 .Op Fl out Ar filename
-.Op Fl des
-.Op Fl des3
-.Op Fl idea
 .Op Fl rand Ar file ...
 .Op Fl engine Ar id
+.Oo
+.Fl des | des3 | aes128 |
+.Fl aes192 | aes256
+.Oc
 .Op Ar paramfile
+.Ek
 .Pp
 The
 .Nm gendsa
 command generates a DSA private key from a DSA parameter file
-(which will be typically generated by the
+(which will typically be generated by the
 .Nm openssl dsaparam
 command).
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Cm -des|-des3|-idea
+.It Xo
+.Fl des | des3 | aes128 |
+.Fl aes192 | aes256
+.Xc
 These options encrypt the private key with the DES, triple DES,
-or the IDEA ciphers, respectively, before outputting it.
+or the AES ciphers, respectively, before outputting it.
 A pass phrase is prompted for.
 If none of these options is specified, no encryption is used.
 .It Fl rand Ar file ...
-A
-.Ar file
-or
-.Ar file Ns Li s
-containing random data used to seed the random number
+A file or files containing random data used to seed the random number
 generator, or an EGD socket (see
 .Xr RAND_egd 3 ) .
-Multiple files can be specified separated by an OS-dependent character.
-The separator is
-.Cm \&;
-for MS-Windows,
-.Cm \&,
-for OpenVMS, and
-.Cm \&:
-for all others.
+Multiple files can be specified separated by a
+.Sq \&: .
 .It Fl engine Ar id
 Specifying an engine (by it's unique
 .Ar id
 string) will cause
-.Nm req
+.Nm gendsa
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default for all available algorithms.
@@ -2692,16 +2805,18 @@ much quicker that RSA key generation for example.
 .\"
 .Sh GENRSA
 .Nm openssl genrsa
+.Bk -words
+.Oo
+.Fl des | des3 | aes128 |
+.Fl aes192 | aes256
+.Oc
 .Op Fl out Ar filename
 .Op Fl passout Ar arg
-.Op Fl des
-.Op Fl des3
-.Op Fl idea
-.Op Fl f4
-.Op Fl 3
+.Op Fl f4 | 3
 .Op Fl rand Ar file ...
 .Op Fl engine Ar id
 .Op Ar numbits
+.Ek
 .Pp
 The
 .Nm genrsa
@@ -2716,42 +2831,36 @@ If this argument is not specified then standard output is used.
 .It Fl passout Ar arg
 The output file password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
-.It Cm -des|-des3|-idea
+.It Xo
+.Fl des | des3 | aes128 |
+.Fl aes192 | aes256
+.Xc
 These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers, respectively, before outputting it.
+AES ciphers, respectively, before outputting it.
 If none of these options is specified, no encryption is used.
 If encryption is used a pass phrase is prompted for,
 if it is not supplied via the
 .Fl passout
 option.
-.It Cm -F4|-3
+.It Fl F4 | 3
 The public exponent to use, either 65537 or 3.
 The default is 65537.
 .It Fl rand Ar file ...
-A
-.Ar file
-or
-.Ar file Ns Li s
+A file or files
 containing random data used to seed the random number
 generator, or an EGD socket (see
 .Xr RAND_egd 3 ) .
-Multiple files can be specified separated by an OS-dependent character.
-The separator is
-.Cm \&;
-for MS-Windows,
-.Cm \&,
-for OpenVMS, and
-.Cm \&:
-for all others.
+Multiple files can be specified separated by a
+.Sq \&: .
 .It Fl engine Ar id
 Specifying an engine (by it's unique
 .Ar id
 string) will cause
-.Nm req
+.Nm genrsa
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default for all available algorithms.
@@ -2766,12 +2875,12 @@ numbers.
 When generating a private key, various symbols will be output to
 indicate the progress of the generation.
 A
-.Em \&.
-represents each number which has passed an initial sieve test,
-.Em \&+
+.Sq \&.
+represents each number which has passed an initial sieve test;
+.Sq +
 means a number has passed a single round of the Miller-Rabin primality test.
 A newline means that the number has passed all the prime tests
-(the actual number depends on the key size).
+.Pq the actual number depends on the key size .
 .Pp
 Because key generation is a random process the time taken to generate a key
 may vary somewhat.
@@ -2780,7 +2889,8 @@ A quirk of the prime generation algorithm is that it cannot generate small
 primes.
 Therefore the number of bits should not be less that 64.
 For typical private keys this will not matter because for security reasons
-they will be much larger (typically 1024 bits).
+they will be much larger
+.Pq typically 1024 bits .
 .\"
 .\" NSEQ
 .\"
@@ -2808,7 +2918,7 @@ Specifies the output
 .Ar filename
 or standard output by default.
 .It Fl toseq
-Normally a Netscape certificate sequence will be input and the output
+Normally, a Netscape certificate sequence will be input and the output
 is the certificates contained in it.
 With the
 .Fl toseq
@@ -2818,20 +2928,20 @@ a Netscape certificate sequence is created from a file of certificates.
 .Sh NSEQ EXAMPLES
 Output the certificates in a Netscape certificate sequence:
 .Bd -literal
-\& $ openssl nseq -in nseq.pem -out certs.pem
+.Dl $ openssl nseq -in nseq.pem -out certs.pem
 .Ed
 .Pp
 Create a Netscape certificate sequence:
 .Bd -literal
-\& $ openssl nseq -in certs.pem -toseq -out nseq.pem
+.Dl $ openssl nseq -in certs.pem -toseq -out nseq.pem
 .Ed
 .Sh NSEQ NOTES
 The
 .Em PEM
 encoded form uses the same headers and footers as a certificate:
-.Bd -literal
-\& -----BEGIN CERTIFICATE-----
-\& -----END CERTIFICATE-----
+.Bd -unfilled -offset indent
+-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
 .Ed
 .Pp
 A Netscape certificate sequence is a Netscape specific form that can be sent
@@ -2870,7 +2980,10 @@ input and output files and allowing multiple certificate files to be used.
 .Op Fl nonce
 .Op Fl no_nonce
 .Op Fl url Ar URL
-.Op Fl host Ar host:n
+.Oo
+.Fl host
+.Ar hostname Ns : Ns Ar port
+.Oc
 .Op Fl path
 .Op Fl CApath Ar dir
 .Op Fl CAfile Ar file
@@ -2898,15 +3011,19 @@ input and output files and allowing multiple certificate files to be used.
 .Op Fl nrequest Ar n
 .Ek
 .Pp
-The Online Certificate Status Protocol (OCSP) enables applications to
-determine the (revocation) state of an identified certificate (RFC 2560).
+The Online Certificate Status Protocol
+.Pq OCSP
+enables applications to determine the
+.Pq revocation
+state of an identified certificate
+.Pq RFC 2560 .
 .Pp
 The
 .Nm ocsp
 command performs many common OCSP tasks.
 It can be used to print out requests and responses,
-create requests and send queries to an OCSP responder and behave like
-a mini OCSP server itself.
+create requests and send queries to an OCSP responder,
+and behave like a mini OCSP server itself.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
@@ -2936,8 +3053,10 @@ option except the certificate with serial number
 .Ar num
 is added to the request.
 The serial number is interpreted as a decimal integer unless preceded by
-.Em 0x .
-Negative integers can also be specified by preceding the value by a `-' sign.
+.Sq 0x .
+Negative integers can also be specified by preceding the value with a
+.Sq -
+sign.
 .It Fl signer Ar filename , Fl signkey Ar filename
 Sign the OCSP request using the certificate specified in the
 .Fl signer
@@ -2946,9 +3065,9 @@ option and the private key specified by the
 option.
 If the
 .Fl signkey
-option is not present then the private key is read from the same file
+option is not present, then the private key is read from the same file
 as the certificate.
-If neither option is specified then the OCSP request is not signed.
+If neither option is specified, then the OCSP request is not signed.
 .It Fl sign_other Ar filename
 Additional certificates to include in the signed request.
 .It Fl nonce , no_nonce
@@ -2977,7 +3096,7 @@ is automatically added; specifying
 .Fl no_nonce
 overrides this.
 .It Fl req_text , resp_text , text
-Print out the text form of the OCSP request, response or both, respectively.
+Print out the text form of the OCSP request, response, or both, respectively.
 .It Fl reqout Ar file , Fl respout Ar file
 Write out the DER encoded certificate request or response to
 .Ar file .
@@ -2993,8 +3112,13 @@ and
 options).
 .It Fl url Ar responder_url
 Specify the responder URL.
-Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
-.It Fl host Ar hostname:port , Fl path Ar pathname
+Both HTTP and HTTPS
+.Pq SSL/TLS
+URLs can be specified.
+.It Xo
+.Fl host Ar hostname Ns : Ns Ar port ,
+.Fl path Ar pathname
+.Xc
 If the
 .Fl host
 option is present, then the OCSP request is sent to the host
@@ -3002,7 +3126,9 @@ option is present, then the OCSP request is sent to the host
 on port
 .Ar port .
 .Fl path
-specifies the HTTP path name to use, or "/" by default.
+specifies the HTTP path name to use, or
+.Sq /
+by default.
 .It Fl CAfile Ar file , Fl CApath Ar pathname
 .Ar file
 or
@@ -3049,16 +3175,16 @@ Don't check the signature on the OCSP response.
 Since this option tolerates invalid signatures on OCSP responses,
 it will normally only be used for testing purposes.
 .It Fl no_cert_verify
-Don't verify the OCSP response signers certificate at all.
+Don't verify the OCSP response signer's certificate at all.
 Since this option allows the OCSP response to be signed by any certificate,
 it should only be used for testing purposes.
 .It Fl no_chain
 Do not use certificates in the response as additional untrusted CA
 certificates.
 .It Fl no_cert_checks
-Don't perform any additional checks on the OCSP response signers certificate.
-That is, do not make any checks to see if the signers certificate is authorised
-to provide the necessary status information:
+Don't perform any additional checks on the OCSP response signer's certificate.
+That is, do not make any checks to see if the signer's certificate is
+authorised to provide the necessary status information:
 as a result this option should only be used for testing purposes.
 .It Fl validity_period Ar nsec , Fl status_age Ar age
 These options specify the range of times, in seconds, which will be tolerated
@@ -3079,14 +3205,14 @@ the default value is 5 minutes.
 .Pp
 If the
 .Em notAfter
-time is omitted from a response then this means that new status
+time is omitted from a response, then this means that new status
 information is immediately available.
 In this case the age of the
 .Em notBefore
 field is checked to see it is not older than
 .Ar age
 seconds old.
-By default this additional check is not performed.
+By default, this additional check is not performed.
 .El
 .Sh OCSP SERVER OPTIONS
 .Bl -tag -width "XXXX"
@@ -3139,7 +3265,7 @@ Identify the signer certificate using the key ID,
 default is to use the subject name.
 .It Fl rkey Ar file
 The private key to sign OCSP responses with;
-if not present the file specified in the
+if not present, the file specified in the
 .Fl rsigner
 option is used.
 .It Fl port Ar portnum
@@ -3159,9 +3285,9 @@ or
 when fresh revocation information is available: used in the
 .Ar nextUpdate
 field.
-If neither option is present then the
+If neither option is present, then the
 .Em nextUpdate
-field is omitted meaning fresh revocation information is immediately available.
+field is omitted, meaning fresh revocation information is immediately available.
 .El
 .Sh OCSP RESPONSE VERIFICATION
 OCSP Response follows the rules specified in RFC 2560.
@@ -3181,7 +3307,7 @@ options or they will be looked for in the standard
 certificates
 directory.
 .Pp
-If the initial verify fails then the OCSP verify process halts with an
+If the initial verify fails, then the OCSP verify process halts with an
 error.
 .Pp
 Otherwise the issuing CA certificate in the request is compared to the OCSP
@@ -3192,34 +3318,37 @@ CA certificate in the request.
 If there is a match and the OCSPSigning extended key usage is present
 in the OCSP responder certificate, then the OCSP verify succeeds.
 .Pp
-Otherwise the root CA of the OCSP responders CA is checked to see if it
+Otherwise the root CA of the OCSP responder's CA is checked to see if it
 is trusted for OCSP signing.
 If it is, the OCSP verify succeeds.
 .Pp
-If none of these checks is successful then the OCSP verify fails.
+If none of these checks is successful, then the OCSP verify fails.
 .Pp
 What this effectively means is that if the OCSP responder certificate is
 authorised directly by the CA it is issuing revocation information about
-(and it is correctly configured) then verification will succeed.
+.Pq and it is correctly configured ,
+then verification will succeed.
 .Pp
 If the OCSP responder is a
 .Em global responder
 which can give details about multiple CAs and has its own separate
 certificate chain, then its root CA can be trusted for OCSP signing.
 For example:
-.Bd -literal
-\& $ openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem
+.Bd -literal -offset indent
+$ openssl x509 -in ocspCA.pem -addtrust OCSPSigning \e
+        -out trustedCA.pem
 .Ed
 .Pp
-Alternatively the responder certificate itself can be explicitly trusted
+Alternatively, the responder certificate itself can be explicitly trusted
 with the
 .Fl VAfile
 option.
 .Sh OCSP NOTES
 As noted, most of the verify options are for testing or debugging purposes.
-Normally only the
+Normally, only the
 .Fl CApath , CAfile
-and (if the responder is a 'global VA')
+and
+.Pq if the responder is a `global VA'
 .Fl VAfile
 options need to be used.
 .Pp
@@ -3243,49 +3372,48 @@ and
 options.
 .Sh OCSP EXAMPLES
 Create an OCSP request and write it to a file:
-.Bd -literal
-\& $ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout \e
-        req.der
+.Bd -literal -offset indent
+$ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e
+        -reqout req.der
 .Ed
 .Pp
 Send a query to an OCSP responder with URL
 .Pa http://ocsp.myhost.com/ ,
 save the response to a file and print it out in text form:
-.Bd -literal
-\& $ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e
-\&       -url http://ocsp.myhost.com/ -resp_text -respout resp.der
+.Bd -literal -offset indent
+$ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e
+        -url http://ocsp.myhost.com/ -resp_text -respout resp.der
 .Ed
 .Pp
 Read in an OCSP response and print out text form:
-.Bd -literal
-\& $ openssl ocsp -respin resp.der -text
-.Ed
+.Pp
+.Dl $ openssl ocsp -respin resp.der -text
 .Pp
 OCSP server on port 8888 using a standard
 .Nm ca
 configuration, and a separate responder certificate.
 All requests and responses are printed to a file:
-.Bd -literal
-\& $ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem \e
-        -CA demoCA/cacert.pem -text -out log.txt
+.Bd -literal -offset indent
+$ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner \e
+        rcert.pem -CA demoCA/cacert.pem -text -out log.txt
 .Ed
 .Pp
 As above, but exit after processing one request:
-.Bd -literal
-\& $ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem \e
-        -CA demoCA/cacert.pem -nrequest 1
+.Bd -literal -offset indent
+$ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner \e
+        rcert.pem -CA demoCA/cacert.pem -nrequest 1
 .Ed
 .Pp
 Query status information using internally generated request:
-.Bd -literal
-\& $ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e
+.Bd -literal -offset indent
+$ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e
         demoCA/cacert.pem -issuer demoCA/cacert.pem -serial 1
 .Ed
 .Pp
 Query status information using request read from a file, write response to a
 second file:
-.Bd -literal
-\& $ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e
+.Bd -literal -offset indent
+$ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e
         demoCA/cacert.pem -reqin req.der -respout resp.der
 .Ed
 .\"
@@ -3302,6 +3430,7 @@ second file:
 .Op Fl noverify
 .Op Fl quiet
 .Op Fl table
+.Op Fl reverse
 .Op Ar password
 .Pp
 The
@@ -3315,9 +3444,13 @@ for option
 from stdin for option
 .Fl stdin ,
 or from the command line, or from the terminal otherwise.
-The Unix standard algorithm
+The
+.Ux
+standard algorithm
 .Em crypt
-and the MD5-based BSD password algorithm
+and the MD5-based
+.Bx
+password algorithm
 .Em 1
 and its Apache variant
 .Em apr1
@@ -3328,14 +3461,20 @@ The options are as follows:
 .It Fl crypt
 Use the
 .Em crypt
-algorithm (default).
+algorithm
+.Pq default .
 .It Fl 1
-Use the MD5 based BSD password algorithm
+Use the MD5 based
+.Bx
+password algorithm
 .Em 1 .
 .It Fl apr1
 Use the
 .Em apr1
-algorithm (Apache variant of the BSD algorithm).
+algorithm
+.Pq Apache variant of the
+.Bx
+algorithm.
 .It Fl salt Ar string
 Use the specified
 .Ar salt .
@@ -3350,31 +3489,33 @@ Read passwords from
 .It Fl noverify
 Don't verify when reading a password from the terminal.
 .It Fl quiet
-Don't output warnings when passwords given at the command line are truncated.
+Don't output warnings when passwords given on the command line are truncated.
 .It Fl table
 In the output list, prepend the cleartext password and a TAB character
 to each password hash.
+.It Fl reverse
+Switch table columns.
 .El
 .Sh PASSWD EXAMPLES
-.Bl -tag -width "XXXX"
-.It $ openssl passwd -crypt -salt xx password
+.Dl $ openssl passwd -crypt -salt xx password
 prints
-.Em xxj31ZMTZzkVA .
-.It $ openssl passwd -1 -salt xxxxxxxx password
+.Qq xxj31ZMTZzkVA .
+.Pp
+.Dl $ openssl passwd -1 -salt xxxxxxxx password
 prints
-.Em $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. .
-.It $ openssl passwd -apr1 -salt xxxxxxxx password
+.Qq $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. .
+.Pp
+.Dl $ openssl passwd -apr1 -salt xxxxxxxx password
 prints
-.Em $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 .
-.El
+.Qq $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 .
 .\"
 .\" PKCS7
 .\"
 .Sh PKCS7
 .Nm openssl pkcs7
 .Bk -words
-.Op Fl inform Ar PEM|DER
-.Op Fl outform Ar PEM|DER
+.Op Fl inform Ar DER | PEM
+.Op Fl outform Ar DER | PEM
 .Op Fl in Ar filename
 .Op Fl out Ar filename
 .Op Fl print_certs
@@ -3393,15 +3534,15 @@ format.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl inform Ar DER|PEM
+.It Fl inform Ar DER | PEM
 This specifies the input format.
 .Ar DER
-format is DER encoded PKCS#7 v1.5 structure.
+format is a DER encoded PKCS#7 v1.5 structure.
 .Ar PEM
-(the default) is a base64 encoded version of the DER form with header
-and footer lines.
-.It Fl outform Ar DER|PEM
-This specifies the output format, the options have the same meaning as the
+.Pq the default
+is a base64 encoded version of the DER form with header and footer lines.
+.It Fl outform Ar DER | PEM
+This specifies the output format; the options have the same meaning as the
 .Fl inform
 option.
 .It Fl in Ar filename
@@ -3427,7 +3568,7 @@ is set).
 Specifying an engine (by it's unique
 .Ar id
 string) will cause
-.Nm req
+.Nm pkcs7
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default for all available algorithms.
@@ -3438,24 +3579,24 @@ Convert a PKCS#7 file from
 to
 .Em DER :
 .Pp
-\& $ openssl pkcs7 -in file.pem -outform DER -out file.der
+.Dl $ openssl pkcs7 -in file.pem -outform DER -out file.der
 .Pp
 Output all certificates in a file:
 .Pp
-\& $ openssl pkcs7 -in file.pem -print_certs -out certs.pem
+.Dl $ openssl pkcs7 -in file.pem -print_certs -out certs.pem
 .Sh PKCS7 NOTES
 The
 .Em PEM
 PKCS#7 format uses the header and footer lines:
-.Bd -literal
-\& -----BEGIN PKCS7-----
-\& -----END PKCS7-----
+.Bd -unfilled -offset indent
+-----BEGIN PKCS7-----
+-----END PKCS7-----
 .Ed
 .Pp
 For compatibility with some CAs it will also accept:
-.Bd -literal
-\& -----BEGIN CERTIFICATE-----
-\& -----END CERTIFICATE-----
+.Bd -unfilled -offset indent
+-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
 .Ed
 .Sh PKCS7 RESTRICTIONS
 There is no option to print out all the fields of a PKCS#7 file.
@@ -3469,8 +3610,8 @@ They cannot currently parse, for example, the new CMS as described in RFC 2630.
 .Nm openssl pkcs8
 .Bk -words
 .Op Fl topk8
-.Op Fl inform Ar PEM|DER
-.Op Fl outform Ar PEM|DER
+.Op Fl inform Ar DER | PEM
+.Op Fl outform Ar DER | PEM
 .Op Fl in Ar filename
 .Op Fl passin Ar arg
 .Op Fl out Ar filename
@@ -3490,18 +3631,19 @@ The
 command processes private keys in PKCS#8 format.
 It can handle both unencrypted PKCS#8 PrivateKeyInfo format
 and EncryptedPrivateKeyInfo format with a variety of PKCS#5
-(v1.5 and v2.0) and PKCS#12 algorithms.
+.Pq v1.5 and v2.0
+and PKCS#12 algorithms.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
 .It Fl topk8
-Normally a PKCS#8 private key is expected on input and a traditional format
+Normally, a PKCS#8 private key is expected on input and a traditional format
 private key will be written.
 With the
 .Fl topk8
 option the situation is reversed:
 it reads a traditional format private key and writes a PKCS#8 format key.
-.It Fl inform Ar DER|PEM
+.It Fl inform Ar DER | PEM
 This specifies the input format.
 If a PKCS#8 format key is expected on input,
 then either a
@@ -3514,19 +3656,19 @@ Otherwise the
 or
 .Em PEM
 format of the traditional format private key is used.
-.It Fl outform Ar DER|PEM
-This specifies the output format, the options have the same meaning as the
+.It Fl outform Ar DER | PEM
+This specifies the output format; the options have the same meaning as the
 .Fl inform
 option.
 .It Fl in Ar filename
 This specifies the input
 .Ar filename
 to read a key from or standard input if this option is not specified.
-If the key is encrypted a pass phrase will be prompted for.
+If the key is encrypted, a pass phrase will be prompted for.
 .It Fl passin Ar arg
 The input file password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
@@ -3541,7 +3683,7 @@ be the same as the input filename.
 .It Fl passout Ar arg
 The output file password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
@@ -3579,15 +3721,15 @@ The
 contains a SEQUENCE consisting of the public and private keys, respectively.
 .It Fl v2 Ar alg
 This option enables the use of PKCS#5 v2.0 algorithms.
-Normally PKCS#8 private keys are encrypted with the password based
+Normally, PKCS#8 private keys are encrypted with the password based
 encryption algorithm called
 .Em pbeWithMD5AndDES-CBC ;
-this uses 56 bit DES encryption but it was the strongest encryption
+this uses 56-bit DES encryption but it was the strongest encryption
 algorithm supported in PKCS#5 v1.5.
 Using the
 .Fl v2
 option PKCS#5 v2.0 algorithms are used which can use any
-encryption algorithm such as 168 bit triple DES or 128 bit RC2, however
+encryption algorithm such as 168-bit triple DES or 128-bit RC2, however
 not many implementations support PKCS#5 v2.0 yet.
 If using private keys with
 .Nm OpenSSL
@@ -3609,7 +3751,7 @@ A complete list of possible algorithms is included below.
 Specifying an engine (by it's unique
 .Ar id
 string) will cause
-.Nm req
+.Nm pkcs8
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default for all available algorithms.
@@ -3619,15 +3761,15 @@ The encrypted form of a
 .Em PEM
 encoded PKCS#8 file uses the following
 headers and footers:
-.Bd -literal
-\& -----BEGIN ENCRYPTED PRIVATE KEY-----
-\& -----END ENCRYPTED PRIVATE KEY-----
+.Bd -unfilled -offset indent
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+-----END ENCRYPTED PRIVATE KEY-----
 .Ed
 .Pp
 The unencrypted form uses:
-.Bd -literal
-\& -----BEGIN PRIVATE KEY-----
-\& -----END PRIVATE KEY-----
+.Bd -unfilled -offset indent
+-----BEGIN PRIVATE KEY-----
+-----END PRIVATE KEY-----
 .Ed
 .Pp
 Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
@@ -3655,49 +3797,59 @@ Various algorithms can be used with the
 .Fl v1
 command line option, including PKCS#5 v1.5 and PKCS#12.
 These are described in more detail below.
-.Bl -tag -width "XXXX"
-.It Ar PBE-MD2-DES PBE-MD5-DES
+.Pp
+.Bl -tag -width "XXXX" -compact
+.It Ar PBE-MD2-DES | PBE-MD5-DES
 These algorithms were included in the original PKCS#5 v1.5 specification.
 They only offer 56 bits of protection since they both use DES.
-.It Ar PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES
+.Pp
+.It Ar PBE-SHA1-RC2-64 | PBE-MD2-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
 These algorithms are not mentioned in the original PKCS#5 v1.5 specification
 but they use the same key derivation algorithm and are supported by some
 software.
 They are mentioned in PKCS#5 v2.0.
-They use either 64 bit RC2 or 56 bit DES.
-.It Ar PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40
+They use either 64-bit RC2 or 56-bit DES.
+.Pp
+.It Ar PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES | PBE-SHA1-2DES
+.It Ar PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
 These algorithms use the PKCS#12 password based encryption algorithm and
-allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.
+allow strong encryption algorithms like triple DES or 128-bit RC2 to be used.
 .El
 .Sh PKCS8 EXAMPLES
-Convert a private from traditional to PKCS#5 v2.0 format using triple DES:
+Convert a private key from traditional to PKCS#5 v2.0 format using triple DES:
 .Pp
-\& $ openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
+.Dl "$ openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem"
 .Pp
-Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm (DES):
+Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
+.Pq DES :
 .Pp
-\& $ openssl pkcs8 -in key.pem -topk8 -out enckey.pem
+.Dl $ openssl pkcs8 -in key.pem -topk8 -out enckey.pem
 .Pp
-Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm (3DES):
-.Pp
-\& $ openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
+Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
+.Pq 3DES :
+.Bd -literal -offset indent
+$ openssl pkcs8 -in key.pem -topk8 -out enckey.pem \e
+        -v1 PBE-SHA1-3DES
+.Ed
 .Pp
 Read a DER unencrypted PKCS#8 format private key:
 .Pp
-\& $ openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
+.Dl "$ openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem"
 .Pp
 Convert a private key from any PKCS#8 format to traditional format:
 .Pp
-\& $ openssl pkcs8 -in pk8.pem -out key.pem
+.Dl $ openssl pkcs8 -in pk8.pem -out key.pem
 .Sh PKCS8 STANDARDS
 Test vectors from this PKCS#5 v2.0 implementation were posted to the
-pkcs-tng mailing list using triple DES, DES and RC2 with high iteration
-counts, several people confirmed that they could decrypt the private
+pkcs-tng mailing list using triple DES, DES and RC2 with high iteration counts;
+several people confirmed that they could decrypt the private
 keys produced and therefore it can be assumed that the PKCS#5 v2.0
 implementation is reasonably accurate at least as far as these
 algorithms are concerned.
 .Pp
-The format of PKCS#8 DSA (and other) private keys is not well documented:
+The format of PKCS#8 DSA
+.Pq and other
+private keys is not well documented:
 it is hidden away in PKCS#11 v2.01, section 11.9.;
 .Nm OpenSSL Ns Li 's
 default DSA PKCS#8 private key format complies with this standard.
@@ -3714,10 +3866,13 @@ compatibility, several of the utilities use the old format at present.
 .\"
 .Sh PKCS12
 .Nm "openssl pkcs12"
+.Bk -words
 .Op Fl export
 .Op Fl chain
 .Op Fl inkey Ar filename
 .Op Fl certfile Ar filename
+.Op Fl CApath Ar directory
+.Op Fl CAfile Ar filename
 .Op Fl name Ar name
 .Op Fl caname Ar name
 .Op Fl in Ar filename
@@ -3729,9 +3884,10 @@ compatibility, several of the utilities use the old format at present.
 .Op Fl cacerts
 .Op Fl nokeys
 .Op Fl info
-.Op Fl des
-.Op Fl des3
-.Op Fl idea
+.Oo
+.Fl des | des3 | aes128 |
+.Fl aes192 | aes256
+.Oc
 .Op Fl nodes
 .Op Fl noiter
 .Op Fl maciter
@@ -3745,20 +3901,24 @@ compatibility, several of the utilities use the old format at present.
 .Op Fl passin Ar arg
 .Op Fl passout Ar arg
 .Op Fl rand Ar file ...
+.Op Fl engine Ar id
+.Ek
 .Pp
 The
 .Nm pkcs12
-command allows PKCS#12 files (sometimes referred to as PFX files)
+command allows PKCS#12 files
+.Pq sometimes referred to as PFX files
 to be created and parsed.
 PKCS#12 files are used by several programs including Netscape, MSIE
 and MS Outlook.
 .Pp
 There are a lot of options; the meaning of some depends on whether a
 PKCS#12 file is being created or parsed.
-By default a PKCS#12 file is parsed;
+By default, a PKCS#12 file is parsed;
 a PKCS#12 file can be created by using the
 .Fl export
-option (see below).
+option
+.Pq see below .
 .Sh PKCS12 PARSING OPTIONS
 .Bl -tag -width "XXXX"
 .It Fl in Ar filename
@@ -3774,16 +3934,18 @@ They are all written in
 .Em PEM
 format.
 .It Fl pass Ar arg , Fl passin Ar arg
-The PKCS#12 file (i.e. input file) password source.
+The PKCS#12 file
+.Pq i.e. input file
+password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
 .It Fl passout Ar arg
 Pass phrase source to encrypt any outputed private keys with.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
@@ -3791,9 +3953,11 @@ section above.
 This option inhibits output of the keys and certificates to the output file
 version of the PKCS#12 file.
 .It Fl clcerts
-Only output client certificates (not CA certificates).
+Only output client certificates
+.Pq not CA certificates .
 .It Fl cacerts
-Only output CA certificates (not client certificates).
+Only output CA certificates
+.Pq not client certificates .
 .It Fl nocerts
 No certificates at all will be output.
 .It Fl nokeys
@@ -3801,12 +3965,13 @@ No private keys will be output.
 .It Fl info
 Output additional information about the PKCS#12 file structure,
 algorithms used and iteration counts.
-.It Fl des
-Use DES to encrypt private keys before outputting.
-.It Fl des3
-Use triple DES to encrypt private keys before outputting, this is the default.
-.It Fl idea
-Use IDEA to encrypt private keys before outputting.
+.It Xo
+.Fl des | des3 | aes128 |
+.Fl aes192 | aes256
+.Xc
+Use DES, triple DES, or AES, respectively,
+to encrypt private keys before outputting.
+The default is triple DES.
 .It Fl nodes
 Don't encrypt the private keys at all.
 .It Fl nomacver
@@ -3841,72 +4006,89 @@ in the PKCS#12 file.
 File to read private key from.
 If not present then a private key must be present in the input file.
 .It Fl name Ar friendlyname
-This specifies the "friendly name" for the certificate and private key.
+This specifies the
+.Qq friendly name
+for the certificate and private key.
 This name is typically displayed in list boxes by software importing the file.
 .It Fl certfile Ar filename
 A filename to read additional certificates from.
+.It Fl CApath Ar directory
+Directory of CAs
+.Pq PEM format .
+.It Fl CAfile Ar filename
+File of CAs
+.Pq PEM format .
 .It Fl caname Ar friendlyname
-This specifies the "friendly name" for other certificates.
+This specifies the
+.Qq friendly name
+for other certificates.
 This option may be used multiple times to specify names for all certificates
 in the order they appear.
 Netscape ignores friendly names on other certificates,
 whereas MSIE displays them.
 .It Fl pass Ar arg , Fl passout Ar arg
-The PKCS#12 file (i.e. output file) password source.
+The PKCS#12 file
+.Pq i.e. output file
+password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
 .It Fl passin Ar password
 Pass phrase source to decrypt any input private keys with.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
 .It Fl chain
-If this option is present then an attempt is made to include the entire
+If this option is present, then an attempt is made to include the entire
 certificate chain of the user certificate.
 The standard CA store is used for this search.
-If the search fails it is considered a fatal error.
+If the search fails, it is considered a fatal error.
 .It Fl descert
 Encrypt the certificate using triple DES; this may render the PKCS#12
-file unreadable by some "export grade" software.
-By default the private key is encrypted using triple DES and the
-certificate using 40 bit RC2.
+file unreadable by some
+.Qq export grade
+software.
+By default, the private key is encrypted using triple DES and the
+certificate using 40-bit RC2.
 .It Fl keypbe Ar alg , Fl certpbe Ar alg
 These options allow the algorithm used to encrypt the private key and
 certificates to be selected.
 Although any PKCS#5 v1.5 or PKCS#12 algorithms can be selected,
-it is advisable only to use PKCS#12 algorithms.
+it is advisable to only use PKCS#12 algorithms.
 See the list in the
 .Sx PKCS12 NOTES
 section for more information.
 .It Fl keyex | keysig
 Specifies that the private key is to be used for key exchange or just signing.
 This option is only interpreted by MSIE and similar MS software.
-Normally "export grade" software will only allow 512 bit RSA keys to be
+Normally,
+.Qq export grade
+software will only allow 512-bit RSA keys to be
 used for encryption purposes, but arbitrary length keys for signing.
 The
 .Fl keysig
 option marks the key for signing only.
-Signing only keys can be used for S/MIME signing,
-authenticode (ActiveX control signing) and SSL client authentication;
+Signing only keys can be used for S/MIME signing, authenticode
+.Pq ActiveX control signing
+and SSL client authentication;
 however, due to a bug only MSIE 5.0 and later support
 the use of signing only keys for SSL client authentication.
 .It Fl nomaciter , noiter
 These options affect the iteration counts on the MAC and key algorithms.
-Unless you wish to produce files compatible with MSIE 4.0 you should leave
+Unless you wish to produce files compatible with MSIE 4.0, you should leave
 these options alone.
 .Pp
-To discourage attacks by using large dictionaries of common passwords the
-algorithm that derives keys from passwords can have an iteration count applied
-to it: this causes a certain part of the algorithm to be repeated and slows it
-down.
+To discourage attacks by using large dictionaries of common passwords,
+the algorithm that derives keys from passwords can have an iteration count
+applied to it: this causes a certain part of the algorithm to be repeated
+and slows it down.
 The MAC is used to check the file integrity but since it will normally
 have the same password as the keys and certificates it could also be attacked.
-By default both MAC and encryption iteration counts are set to 2048;
+By default, both MAC and encryption iteration counts are set to 2048;
 using these options the MAC and encryption iteration counts can be set to 1.
 Since this reduces the file security you should not use these options
 unless you really have to.
@@ -3915,29 +4097,28 @@ MSIE 4.0 doesn't support MAC iteration counts, so it needs the
 .Fl nomaciter
 option.
 .It Fl maciter
-This option is included for compatibility with previous versions, it used
+This option is included for compatibility with previous versions; it used
 to be needed to use MAC iterations counts but they are now used by default.
 .It Fl rand Ar file ...
-A
-.Ar file
-or
-.Ar file Ns Li s
+A file or files
 containing random data used to seed the random number generator,
 or an EGD socket (see
 .Xr RAND_egd 3 ) .
-Multiple files can be specified separated by an OS-dependent character.
-The separator is
-.Cm \&;
-for MS-Windows,
-.Cm \&,
-for OpenVMS, and
-.Cm \&:
-for all others.
+Multiple files can be specified separated by a
+.Sq \&: .
+.It Fl engine Ar id
+Specifying an engine (by it's unique
+.Ar id
+string) will cause
+.Nm pkcs12
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed.
+The engine will then be set as the default for all available algorithms.
 .El
 .Sh PKCS12 NOTES
 Although there are a large number of options,
 most of them are very rarely used.
-For PKCS#12 file parsing only
+For PKCS#12 file parsing, only
 .Fl in
 and
 .Fl out
@@ -3948,10 +4129,10 @@ and
 are also used.
 .Pp
 If none of the
-.Fl clcerts , cacerts
+.Fl clcerts , cacerts ,
 or
 .Fl nocerts
-options are present then all certificates will be output in the order
+options are present, then all certificates will be output in the order
 they appear in the input PKCS#12 files.
 There is no guarantee that the first certificate present is
 the one corresponding to the private key.
@@ -3962,7 +4143,7 @@ Using the
 .Fl clcerts
 option will solve this problem by only outputting the certificate
 corresponding to the private key.
-If the CA certificates are required then they can be output to a separate
+If the CA certificates are required, then they can be output to a separate
 file using the
 .Fl nokeys
 and
@@ -3975,40 +4156,40 @@ and
 .Fl certpbe
 algorithms allow the precise encryption algorithms for private keys
 and certificates to be specified.
-Normally the defaults are fine but occasionally software can't handle
+Normally, the defaults are fine but occasionally software can't handle
 triple DES encrypted private keys;
 then the option
 .Fl keypbe Ar PBE-SHA1-RC2-40
-can be used to reduce the private key encryption to 40 bit RC2.
+can be used to reduce the private key encryption to 40-bit RC2.
 A complete description of all algorithms is contained in the
 .Sx PKCS8
 section above.
 .Sh PKCS12 EXAMPLES
 Parse a PKCS#12 file and output it to a file:
 .Pp
-\& $ openssl pkcs12 -in file.p12 -out file.pem
+.Dl $ openssl pkcs12 -in file.p12 -out file.pem
 .Pp
 Output only client certificates to a file:
 .Pp
-\& $ openssl pkcs12 -in file.p12 -clcerts -out file.pem
+.Dl $ openssl pkcs12 -in file.p12 -clcerts -out file.pem
 .Pp
 Don't encrypt the private key:
 .Pp
-\& $ openssl pkcs12 -in file.p12 -out file.pem -nodes
+.Dl $ openssl pkcs12 -in file.p12 -out file.pem -nodes
 .Pp
 Print some info about a PKCS#12 file:
 .Pp
-\& $ openssl pkcs12 -in file.p12 -info -noout
+.Dl $ openssl pkcs12 -in file.p12 -info -noout
 .Pp
 Create a PKCS#12 file:
-.Bd -literal
-\& $ openssl pkcs12 -export -in file.pem -out file.p12 \e
+.Bd -literal -offset indent
+$ openssl pkcs12 -export -in file.pem -out file.p12 \e
         -name "My Certificate"
 .Ed
 .Pp
 Include some extra certificates:
-.Bd -literal
-\& $ openssl pkcs12 -export -in file.pem -out file.p12 \e
+.Bd -literal -offset indent
+$ openssl pkcs12 -export -in file.pem -out file.p12 \e
         -name "My Certificate" -certfile othercerts.pem
 .Ed
 .Sh PKCS12 BUGS
@@ -4020,8 +4201,9 @@ before 0.9.6a had a bug in the PKCS#12 key generation routines.
 Under rare circumstances this could produce a PKCS#12 file encrypted
 with an invalid key.
 As a result some PKCS#12 files which triggered this bug
-from other implementations (MSIE or Netscape) could not be decrypted
-by
+from other implementations
+.Pq MSIE or Netscape
+could not be decrypted by
 .Nm OpenSSL
 and similarly
 .Nm OpenSSL
@@ -4043,9 +4225,10 @@ and recreating
 the PKCS#12 file from the keys and certificates using a newer version of
 .Nm OpenSSL .
 For example:
-.Bd -literal
-\& $ old-openssl -in bad.p12 -out keycerts.pem
-\& $ openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12
+.Bd -literal -offset indent
+$ old-openssl -in bad.p12 -out keycerts.pem
+$ openssl -in keycerts.pem -export -name "My PKCS#12 file" \e
+        -out fixed.p12
 .Ed
 .\"
 .\" RAND
@@ -4053,8 +4236,9 @@ For example:
 .Sh RAND
 .Cm openssl rand
 .Op Fl out Ar file
-.Op Fl rand Ar file
+.Op Fl rand Ar file ...
 .Op Fl base64
+.Op Fl engine Ar id
 .Ar num
 .Pp
 The
@@ -4086,25 +4270,23 @@ Write to
 .Ar file
 instead of standard output.
 .It Fl rand Ar file ...
-Use specified
-.Ar file
-or
-.Ar file Ns Li s
-or EGD socket (see
+Use specified file or files, or EGD socket (see
 .Xr RAND_egd 3 )
 for seeding the random number generator.
-Multiple files can be specified separated by an OS-dependent character.
-The separator is
-.Cm \&;
-for MS-Windows,
-.Cm \&,
-for OpenVMS, and
-.Cm \&:
-for all others.
+Multiple files can be specified separated by a
+.Sq \&: .
 .It Fl base64
 Perform
 .Em base64
 encoding on the output.
+.It Fl engine Ar id
+Specifying an engine (by it's unique
+.Ar id
+string) will cause
+.Nm rand
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed.
+The engine will then be set as the default for all available algorithms.
 .El
 .\"
 .\" REQ
@@ -4112,8 +4294,8 @@ encoding on the output.
 .Sh REQ
 .Nm openssl req
 .Bk -words
-.Op Fl inform Ar PEM|DER
-.Op Fl outform Ar PEM|DER
+.Op Fl inform Ar DER | PEM
+.Op Fl outform Ar DER | PEM
 .Op Fl in Ar filename
 .Op Fl passin Ar arg
 .Op Fl out Ar filename
@@ -4125,13 +4307,22 @@ encoding on the output.
 .Op Fl modulus
 .Op Fl new
 .Op Fl rand Ar file ...
-.Op Fl newkey Ar rsa:bits
-.Op Fl newkey Ar dsa:file
+.Oo Xo
+.Fl newkey
+.Ar rsa Ns : Ns Ar bits
+.Xc
+.Oc
+.Oo Xo
+.Fl newkey
+.Ar dsa Ns : Ns Ar file
+.Xc
+.Oc
 .Op Fl nodes
+.Op Fl subject
 .Op Fl key Ar filename
-.Op Fl keyform Ar PEM|DER
+.Op Fl keyform Ar DER | PEM
 .Op Fl keyout Ar filename
-.Op Fl Op Cm md5|sha1|md2|mdc2
+.Op Fl md5 | sha1 | md2 | md4
 .Op Fl config Ar filename
 .Op Fl subj Ar arg
 .Op Fl x509
@@ -4157,7 +4348,7 @@ for use as root CAs, for example.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl inform Ar DER|PEM
+.It Fl inform Ar DER | PEM
 This specifies the input format.
 The
 .Ar DER
@@ -4168,8 +4359,8 @@ The
 form is the default format:
 it consists of the DER format base64 encoded with additional header and
 footer lines.
-.It Fl outform Ar DER|PEM
-This specifies the output format, the options have the same meaning as the
+.It Fl outform Ar DER | PEM
+This specifies the output format; the options have the same meaning as the
 .Fl inform
 option.
 .It Fl in Ar filename
@@ -4185,7 +4376,7 @@ are not specified.
 .It Fl passin Ar arg
 The input file password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
@@ -4196,7 +4387,7 @@ to write to, or standard output by default.
 .It Fl passout Ar arg
 The output file password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
@@ -4219,34 +4410,24 @@ are specified in the configuration file and any requested extensions.
 .Pp
 If the
 .Fl key
-option is not used it will generate a new RSA private
+option is not used, it will generate a new RSA private
 key using information specified in the configuration file.
 .It Fl rand Ar file ...
-A
-.Ar file
-or
-.Ar file Ns Li s
-containing random data used to seed the random number generator,
+A file or files containing random data used to seed the random number generator,
 or an EGD socket (see
 .Xr RAND_egd 3 ) .
-Multiple files can be specified separated by an OS-dependent character.
-The separator is
-.Cm \&;
-for MS-Windows,
-.Cm \&,
-for OpenVMS, and
-.Cm \&:
-for all others.
+Multiple files can be specified separated by a
+.Sq \&: .
 .It Fl newkey Ar arg
 This option creates a new certificate request and a new private key.
 The argument takes one of two forms:
-.Ar rsa:nbits ,
+.Ar rsa Ns : Ns Ar nbits ,
 where
 .Ar nbits
 is the number of bits, generates an RSA key
 .Ar nbits
 in size.
-.Ar dsa:filename
+.Ar dsa Ns : Ns Ar filename
 generates a DSA key using the parameters in the file
 .Ar filename .
 .It Fl key Ar filename
@@ -4254,11 +4435,11 @@ This specifies the file to read the private key from.
 It also accepts PKCS#8 format private keys for
 .Em PEM
 format files.
-.It Fl keyform Ar PEM|DER
+.It Fl keyform Ar DER | PEM
 The format of the private key file specified in the
 .Fl key
 argument.
-.AR PEM
+.Ar PEM
 is the default.
 .It Fl keyout Ar filename
 This gives the
@@ -4267,9 +4448,11 @@ to write the newly created private key to.
 If this option is not specified, then the filename present in the
 configuration file is used.
 .It Fl nodes
-If this option is specified then if a private key is created it
+If this option is specified and a private key is created, it
 will not be encrypted.
-.It Fl md5|sha1|md2|mdc2
+.It Fl subject
+Output the request's subject.
+.It Fl md5 | sha1 | md2 | md4
 This specifies the message digest to sign the request with.
 This overrides the digest algorithm specified in the configuration file.
 This option is ignored for DSA requests: they always use SHA1.
@@ -4277,34 +4460,38 @@ This option is ignored for DSA requests: they always use SHA1.
 This allows an alternative configuration file to be specified;
 this overrides the compile time filename or any specified in
 the
-.Em OPENSSL_CONF
+.Ev OPENSSL_CONF
 environment variable.
 .It Fl subj Ar arg
 Sets subject name for new request or supersedes the subject name
 when processing a request.
 The arg must be formatted as
-.Em /type0=value0/type1=value1/type2=... ,
-characters may be escaped by \e (backslash), no spaces are skipped.
+.Em /type0=value0/type1=value1/type2=... ;
+characters may be escaped by
+.Sq \e
+.Pq backslash ,
+no spaces are skipped.
 .It Fl x509
 This option outputs a self-signed certificate instead of a certificate
 request.
 This is typically used to generate a test certificate or
 a self-signed root CA.
 The extensions added to the certificate
-(if any) are specified in the configuration file.
+.Pq if any
+are specified in the configuration file.
 Unless specified using the
 .Fl set_serial
 option, 0 will be used for the serial number.
 .It Fl days Ar n
 When the
 .Fl x509
-option is being used this specifies the number of
+option is being used, this specifies the number of
 days to certify the certificate for.
 The default is 30 days.
 .It Fl set_serial Ar n
 Serial number to use when outputting a self-signed certificate.
 This may be specified as a decimal value or a hex value if preceded by
-.Em 0x .
+.Sq 0x .
 It is possible to use negative serial numbers but this is not recommended.
 .It Fl extensions Ar section , Fl reqexts Ar section
 These options specify alternative sections to include certificate
@@ -4315,8 +4502,8 @@ This allows several different sections to
 be used in the same configuration file to specify requests for
 a variety of purposes.
 .It Fl utf8
-This option causes field values to be interpreted as UTF8 strings, by
-default they are interpreted as ASCII.
+This option causes field values to be interpreted as UTF8 strings;
+by default they are interpreted as ASCII.
 This means that the field values, whether prompted from a terminal or
 obtained from a configuration file, must be valid UTF8 strings.
 .It Fl nameopt Ar option
@@ -4331,7 +4518,7 @@ See the
 .Sx X509
 section below for details.
 .It Fl asn1-kludge
-By default the
+By default, the
 .Nm req
 command outputs certificate requests containing
 no attributes in the correct PKCS#10 format.
@@ -4339,7 +4526,7 @@ However certain CAs will only
 accept requests containing no attributes in an invalid form: this
 option produces this invalid format.
 .Pp
-More precisely the
+More precisely, the
 .Em Attributes
 in a PKCS#10 certificate request are defined as a SET OF Attribute.
 They are
@@ -4354,7 +4541,9 @@ It should be noted that very few CAs still require the use of this option.
 Adds the word NEW to the
 .Em PEM
 file header and footer lines on the outputed request.
-Some software (Netscape certificate server) and some CAs need this.
+Some software
+.Pq Netscape certificate server
+and some CAs need this.
 .It Fl batch
 Non-interactive mode.
 .It Fl verbose
@@ -4373,7 +4562,7 @@ The configuration options are specified in the
 .Em req
 section of the configuration file.
 As with all configuration files, if no value is specified in the specific
-section (i.e.
+section (i.e.\&
 .Em req )
 then the initial unnamed or
 .Em default
@@ -4381,9 +4570,11 @@ section is searched too.
 .Pp
 The options available are described in detail below.
 .Bl -tag -width "XXXX"
-.It Ar input_password output_password
-The passwords for the input private key file (if present) and
-the output private key file (if one will be created).
+.It Ar input_password | output_password
+The passwords for the input private key file
+.Pq if present
+and the output private key file
+.Pq if one will be created .
 The command line options
 .Fl passin
 and
@@ -4414,7 +4605,7 @@ This specifies a section in the configuration file containing extra
 object identifiers.
 Each line should consist of the short name of the
 object identifier followed by
-.Cm =
+.Sq =
 and the numerical form.
 The short and long names are the same when this option is used.
 .It Ar RANDFILE
@@ -4425,7 +4616,7 @@ It is used for private key generation.
 .It Ar encrypt_key
 If this is set to
 .Em no
-then if a private key is generated it is
+and a private key is generated, it is
 .Em not
 encrypted.
 This is equivalent to the
@@ -4437,10 +4628,10 @@ is an equivalent option.
 .It Ar default_md
 This option specifies the digest algorithm to use.
 Possible values include
-.Ar md5 , sha1
+.Ar md5
 and
-.Ar mdc2 .
-If not present then MD5 is used.
+.Ar sha1 .
+If not present, then MD5 is used.
 This option can be overridden on the command line.
 .It Ar string_mask
 This option masks out the use of certain string types in certain
@@ -4455,7 +4646,7 @@ and
 .Em BMPStrings ;
 if the
 .Ar pkix
-value is used then only
+value is used, then only
 .Em PrintableStrings
 and
 .Em BMPStrings
@@ -4463,7 +4654,7 @@ will be used.
 This follows the PKIX recommendation in RFC 2459.
 If the
 .Fl utf8only
-option is used then only
+option is used, then only
 .Em UTF8Strings
 will be used: this is the PKIX recommendation in RFC 2459 after 2003.
 Finally, the
@@ -4531,16 +4722,18 @@ sections.
 If the
 .Fl prompt
 option is set to
-.Em no
+.Em no ,
 then these sections just consist of field names and values: for example,
-.Bd -literal
-\& CN=My Name
-\& OU=My Organization
-\& emailAddress=someone@somewhere.org
+.Bd -unfilled -offset indent
+CN=My Name
+OU=My Organization
+emailAddress=someone@somewhere.org
 .Ed
 .Pp
-This allows external programs (e.g. GUI based) to generate a template file
-with all the field names and values and just pass it to
+This allows external programs
+.Pq e.g. GUI based
+to generate a template file with all the field names and values
+and just pass it to
 .Nm req .
 An example of this kind of configuration file is contained in the
 .Sx REQ EXAMPLES
@@ -4552,21 +4745,26 @@ option is absent or not set to
 .Em no ,
 then the file contains field prompting information.
 It consists of lines of the form:
-.Bd -literal
-\& fieldName="prompt"
-\& fieldName_default="default field value"
-\& fieldName_min= 2
-\& fieldName_max= 4
+.Bd -unfilled -offset indent
+fieldName="prompt"
+fieldName_default="default field value"
+fieldName_min= 2
+fieldName_max= 4
 .Ed
 .Pp
-"fieldName" is the field name being used, for example
+.Qq fieldName
+is the field name being used, for example
 .Em commonName
-(or CN).
-The "prompt" string is used to ask the user to enter the relevant details.
+.Pq or CN .
+The
+.Qq prompt
+string is used to ask the user to enter the relevant details.
 If the user enters nothing, then the default value is used;
-if no default value is present then the field is omitted.
+if no default value is present, then the field is omitted.
 A field can still be omitted if a default value is present,
-if the user just enters the '.' character.
+if the user just enters the
+.Sq \&.
+character.
 .Pp
 The number of characters entered must be between the
 .Em fieldName_min
@@ -4584,12 +4782,13 @@ Some fields (such as
 can be used more than once in a DN.
 This presents a problem because configuration files will
 not recognize the same name occurring twice.
-To avoid this problem if the
+To avoid this problem, if the
 .Em fieldName
-contains some characters followed by a full stop they will be ignored.
+contains some characters followed by a full stop, they will be ignored.
 So, for example, a second
 .Em organizationName
-can be input by calling it "1.organizationName".
+can be input by calling it
+.Qq 1.organizationName .
 .Pp
 The actual permitted field names are any object identifier short or
 long names.
@@ -4598,7 +4797,7 @@ These are compiled into
 and include the usual values such as
 .Em commonName , countryName , localityName , organizationName ,
 .Em organizationUnitName , stateOrProvinceName .
-Additionally
+Additionally,
 .Em emailAddress
 is included as well as
 .Em name , surname , givenName initials
@@ -4615,36 +4814,36 @@ Any additional fields will be treated as though they were a
 .Sh REQ EXAMPLES
 Examine and verify certificate request:
 .Pp
-\& $ openssl req -in req.pem -text -verify -noout
+.Dl $ openssl req -in req.pem -text -verify -noout
 .Pp
 Create a private key and then generate a certificate request from it:
-.Bd -literal
-\& $ openssl genrsa -out key.pem 1024
-\& $ openssl req -new -key key.pem -out req.pem
+.Bd -literal -offset indent
+$ openssl genrsa -out key.pem 1024
+$ openssl req -new -key key.pem -out req.pem
 .Ed
 .Pp
 The same but just using req:
 .Pp
-\& $ openssl req -newkey rsa:1024 -keyout key.pem -out req.pem
+.Dl $ openssl req -newkey rsa:1024 -keyout key.pem -out req.pem
 .Pp
 Generate a self-signed root certificate:
 .Pp
-\& $ openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem
+.Dl "$ openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem"
 .Pp
 Example of a file pointed to by the
 .Ar oid_file
 option:
-.Bd -literal
-\& 1.2.3.4        shortName       A longer Name
-\& 1.2.3.6        otherName       Other longer Name
+.Bd -unfilled -offset indent
+1.2.3.4        shortName       A longer Name
+1.2.3.6        otherName       Other longer Name
 .Ed
 .Pp
 Example of a section pointed to by
 .Ar oid_section
 making use of variable expansion:
-.Bd -literal
-\& testoid1=1.2.3.5
-\& testoid2=${testoid1}.6
+.Bd -unfilled -offset indent
+testoid1=1.2.3.5
+testoid2=${testoid1}.6
 .Ed
 .Pp
 Sample configuration file prompting for field values:
@@ -4655,32 +4854,32 @@ Sample configuration file prompting for field values:
 \& distinguished_name     = req_distinguished_name
 \& attributes             = req_attributes
 \& x509_extensions        = v3_ca
-.Pp
+
 \& dirstring_type = nobmp
-.Pp
+
 \& [ req_distinguished_name ]
 \& countryName                    = Country Name (2 letter code)
 \& countryName_default            = AU
 \& countryName_min                = 2
 \& countryName_max                = 2
-.Pp
+
 \& localityName                   = Locality Name (eg, city)
-.Pp
+
 \& organizationalUnitName         = Organizational Unit Name (eg, section)
-.Pp
+
 \& commonName                     = Common Name (eg, YOUR name)
 \& commonName_max                 = 64
-.Pp
+
 \& emailAddress                   = Email Address
 \& emailAddress_max               = 40
-.Pp
+
 \& [ req_attributes ]
 \& challengePassword              = A challenge password
 \& challengePassword_min          = 4
 \& challengePassword_max          = 20
-.Pp
+
 \& [ v3_ca ]
-.Pp
+
 \& subjectKeyIdentifier=hash
 \& authorityKeyIdentifier=keyid:always,issuer:always
 \& basicConstraints = CA:true
@@ -4689,7 +4888,7 @@ Sample configuration file prompting for field values:
 Sample configuration containing all field values:
 .Bd -literal
 \& RANDFILE               = $ENV::HOME/.rnd
-.Pp
+
 \& [ req ]
 \& default_bits           = 1024
 \& default_keyfile        = keyfile.pem
@@ -4697,7 +4896,7 @@ Sample configuration containing all field values:
 \& attributes             = req_attributes
 \& prompt                 = no
 \& output_password        = mypass
-.Pp
+
 \& [ req_distinguished_name ]
 \& C                      = GB
 \& ST                     = Test State or Province
@@ -4706,7 +4905,7 @@ Sample configuration containing all field values:
 \& OU                     = Organizational Unit Name
 \& CN                     = Common Name
 \& emailAddress           = test@email.address
-.Pp
+
 \& [ req_attributes ]
 \& challengePassword              = A challenge password
 .Ed
@@ -4714,15 +4913,17 @@ Sample configuration containing all field values:
 The header and footer lines in the
 .Ar PEM
 format are normally:
-.Bd -literal
-\& -----BEGIN CERTIFICATE REQUEST-----
-\& -----END CERTIFICATE REQUEST-----
+.Bd -unfilled -offset indent
+-----BEGIN CERTIFICATE REQUEST-----
+-----END CERTIFICATE REQUEST-----
 .Ed
 .Pp
-Some software (some versions of Netscape certificate server) instead needs:
-.Bd -literal
-\& -----BEGIN NEW CERTIFICATE REQUEST-----
-\& -----END NEW CERTIFICATE REQUEST-----
+Some software
+.Pq some versions of Netscape certificate server
+instead needs:
+.Bd -unfilled -offset indent
+-----BEGIN NEW CERTIFICATE REQUEST-----
+-----END NEW CERTIFICATE REQUEST-----
 .Ed
 .Pp
 which is produced with the
@@ -4733,69 +4934,73 @@ Either form is accepted transparently on input.
 The certificate requests generated by Xenroll with MSIE have extensions added.
 It includes the
 .Em keyUsage
-extension which determines the type of
-key (signature only or general purpose) and any additional OIDs entered
-by the script in an
+extension which determines the type of key
+.Pq signature only or general purpose
+and any additional OIDs entered by the script in an
 .Em extendedKeyUsage
 extension.
 .Sh REQ DIAGNOSTICS
 The following messages are frequently asked about:
-.Bd -literal
-\&        Using configuration from /some/path/openssl.cnf
-\&        Unable to load config info
+.Bd -unfilled -offset indent
+Using configuration from /some/path/openssl.cnf
+Unable to load config info
 .Ed
 .Pp
 This is followed some time later by...
-.Bd -literal
-\&        unable to find 'distinguished_name' in config
-\&        problems making Certificate Request
+.Bd -unfilled -offset indent
+unable to find 'distinguished_name' in config
+problems making Certificate Request
 .Ed
 .Pp
 The first error message is the clue: it can't find the configuration
 file!
-Certain operations (like examining a certificate request) don't
-need a configuration file so its use isn't enforced.
+Certain operations
+.Pq like examining a certificate request
+don't need a configuration file so its use isn't enforced.
 Generation of certificates or requests, however, do need a configuration file.
 This could be regarded as a bug.
 .Pp
 Another puzzling message is this:
-.Bd -literal
-\&        Attributes:
-\&            a0:00
+.Bd -unfilled -offset indent
+Attributes:
+    a0:00
 .Ed
 .Pp
 This is displayed when no attributes are present and the request includes
-the correct empty SET OF structure (the DER encoding of which is 0xa0 0x00).
+the correct empty SET OF structure
+.Pq the DER encoding of which is 0xa0 0x00 .
 If you just see:
 .Pp
-\&        Attributes:
+.D1 Attributes:
 .Pp
-then the SET OF is missing and the encoding is technically invalid (but
-it is tolerated).
+then the SET OF is missing and the encoding is technically invalid
+.Pq but it is tolerated .
 See the description of the command line option
 .Fl asn1-kludge
 for more information.
 .Sh REQ ENVIRONMENT VARIABLES
 The variable
-.Em OPENSSL_CONF ,
+.Ev OPENSSL_CONF ,
 if defined, allows an alternative configuration
 file location to be specified; it will be overridden by the
 .Fl config
 command line switch if it is present.
 For compatibility reasons the
-.Em SSLEAY_CONF
+.Ev SSLEAY_CONF
 environment variable serves the same purpose but its use is discouraged.
 .Sh REQ BUGS
 .Nm OpenSSL Ns Li 's
-handling of T61Strings (aka TeletexStrings) is broken: it effectively
-treats them as ISO-8859-1 (Latin 1);
+handling of T61Strings
+.Pq aka TeletexStrings
+is broken: it effectively treats them as ISO-8859-1
+.Pq Latin 1 ;
 Netscape and MSIE have similar behaviour.
 This can cause problems if you need characters that aren't available in
 .Em PrintableStrings
 and you don't want to or can't use
 .Em BMPStrings .
 .Pp
-As a consequence of the T61String handling the only correct way to represent
+As a consequence of the T61String handling, the only correct way to represent
 accented characters in
 .Nm OpenSSL
 is to use a
@@ -4806,10 +5011,10 @@ and MSIE then you currently need to use the invalid T61String form.
 .Pp
 The current prompting is not very friendly.
 It doesn't allow you to confirm what you've just entered.
-Other things like extensions in certificate requests are
+Other things, like extensions in certificate requests, are
 statically defined in the configuration file.
 Some of these, like an email address in
-.Em subjectAltName
+.Em subjectAltName ,
 should be input by the user.
 .\"
 .\" RSA
@@ -4817,16 +5022,17 @@ should be input by the user.
 .Sh RSA
 .Cm openssl rsa
 .Bk -words
-.Op Fl inform Ar PEM|NET|DER
-.Op Fl outform Ar PEM|NET|DER
+.Op Fl inform Ar DER | NET | PEM
+.Op Fl outform Ar DER | NET | PEM
 .Op Fl in Ar filename
 .Op Fl passin Ar arg
 .Op Fl out Ar filename
 .Op Fl passout Ar arg
 .Op Fl sgckey
-.Op Fl des
-.Op Fl des3
-.Op Fl idea
+.Oo
+.Fl des | des3 | aes128 |
+.Fl aes192 | aes256
+.Oc
 .Op Fl text
 .Op Fl noout
 .Op Fl modulus
@@ -4851,7 +5057,7 @@ utility.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl inform Ar DER|NET|PEM
+.It Fl inform Ar DER | NET | PEM
 This specifies the input format.
 The
 .Ar DER
@@ -4868,8 +5074,8 @@ The
 form is a format described in the
 .Sx RSA NOTES
 section.
-.It Fl outform Ar DER|NET|PEM
-This specifies the output format, the options have the same meaning as the
+.It Fl outform Ar DER | NET | PEM
+This specifies the output format; the options have the same meaning as the
 .Fl inform
 option.
 .It Fl in Ar filename
@@ -4881,7 +5087,7 @@ If the key is encrypted, a pass phrase will be prompted for.
 .It Fl passin Ar arg
 The input file password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
@@ -4889,14 +5095,14 @@ section above.
 This specifies the output
 .Ar filename
 to write a key to, or standard output if this option is not specified.
-If any encryption options are set then a pass phrase will be prompted for.
+If any encryption options are set then, a pass phrase will be prompted for.
 The output filename should
 .Em not
 be the same as the input filename.
 .It Fl passout Ar password
 The output file password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
@@ -4904,9 +5110,12 @@ section above.
 Use the modified
 .Em NET
 algorithm used with some versions of Microsoft IIS and SGC keys.
-.It Cm -des|-des3|-idea
+.It Xo
+.Fl des | des3 | aes128 |
+.Fl aes192 | aes256
+.Xc
 These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers, respectively, before outputting it.
+AES ciphers, respectively, before outputting it.
 A pass phrase is prompted for.
 If none of these options is specified the key is written in plain text.
 This means that using the
@@ -4927,17 +5136,17 @@ This option prints out the value of the modulus of the key.
 .It Fl check
 This option checks the consistency of an RSA private key.
 .It Fl pubin
-By default a private key is read from the input file: with this
+By default, a private key is read from the input file: with this
 option a public key is read instead.
 .It Fl pubout
-By default a private key is output:
+By default, a private key is output:
 with this option a public key will be output instead.
 This option is automatically set if the input is a public key.
 .It Fl engine Ar id
 Specifying an engine (by it's unique
 .Ar id
 string) will cause
-.Nm req
+.Nm rsa
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default for all available algorithms.
@@ -4946,17 +5155,17 @@ The engine will then be set as the default for all available algorithms.
 The
 .Em PEM
 private key format uses the header and footer lines:
-.Bd -literal
-\& -----BEGIN RSA PRIVATE KEY-----
-\& -----END RSA PRIVATE KEY-----
+.Bd -unfilled -offset indent
+-----BEGIN RSA PRIVATE KEY-----
+-----END RSA PRIVATE KEY-----
 .Ed
 .Pp
 The
 .Em PEM
 public key format uses the header and footer lines:
-.Bd -literal
-\& -----BEGIN PUBLIC KEY-----
-\& -----END PUBLIC KEY-----
+.Bd -unfilled -offset indent
+-----BEGIN PUBLIC KEY-----
+-----END PUBLIC KEY-----
 .Ed
 .Pp
 The
@@ -4969,8 +5178,10 @@ Some newer version of IIS have additional data in the exported .key files.
 To use these with the
 .Nm rsa
 utility, view the file with a binary editor
-and look for the string "private-key", then trace back to the byte
-sequence 0x30, 0x82 (this is an ASN1 SEQUENCE).
+and look for the string
+.Qq private-key ,
+then trace back to the byte sequence 0x30, 0x82
+.Pq this is an ASN1 SEQUENCE .
 Copy all the data from this point onwards to another file and use that as
 the input to the
 .Nm rsa
@@ -4983,11 +5194,11 @@ option.
 .Sh RSA EXAMPLES
 To remove the pass phrase on an RSA private key:
 .Pp
-\& $ openssl rsa -in key.pem -out keyout.pem
+.Dl $ openssl rsa -in key.pem -out keyout.pem
 .Pp
 To encrypt a private key using triple DES:
 .Pp
-\& $ openssl rsa -in key.pem -des3 -out keyout.pem
+.Dl $ openssl rsa -in key.pem -des3 -out keyout.pem
 .Pp
 To convert a private key from
 .Em PEM
@@ -4995,15 +5206,15 @@ to
 .Em DER
 format:
 .Pp
-\& $ openssl rsa -in key.pem -outform DER -out keyout.der
+.Dl $ openssl rsa -in key.pem -outform DER -out keyout.der
 .Pp
 To print out the components of a private key to standard output:
 .Pp
-\& $ openssl rsa -in key.pem -text -noout
+.Dl $ openssl rsa -in key.pem -text -noout
 .Pp
 To just output the public part of a private key:
 .Pp
-\& $ openssl rsa -in key.pem -pubout -out pubkey.pem
+.Dl $ openssl rsa -in key.pem -pubout -out pubkey.pem
 .Sh RSA BUGS
 The command line password arguments don't currently work with
 .Em NET
@@ -5016,20 +5227,22 @@ without having to manually edit them.
 .\"
 .Sh RSAUTL
 .Nm openssl rsautl
+.Bk -words
 .Op Fl in Ar file
 .Op Fl out Ar file
 .Op Fl inkey Ar file
+.Op Fl keyform Ar DER | PEM
 .Op Fl pubin
 .Op Fl certin
 .Op Fl sign
 .Op Fl verify
 .Op Fl encrypt
 .Op Fl decrypt
-.Op Fl pkcs
-.Op Fl ssl
-.Op Fl raw
+.Op Fl pkcs | oaep | ssl | raw
 .Op Fl hexdump
 .Op Fl asn1parse
+.Op Fl engine Ar id
+.Ek
 .Pp
 The
 .Nm rsautl
@@ -5050,6 +5263,10 @@ to write to or standard output by
 default.
 .It Fl inkey Ar file
 The input key file, by default it should be an RSA private key.
+.It Fl keyform Ar DER | PEM
+Private ket format.
+Default is
+.Ar PEM .
 .It Fl pubin
 The input file is an RSA public key.
 .It Fl certin
@@ -5063,9 +5280,10 @@ Verify the input data and output the recovered data.
 Encrypt the input data using an RSA public key.
 .It Fl decrypt
 Decrypt the input data using an RSA private key.
-.It Fl pkcs , oaep , ssl , raw
-The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
-special padding used in SSL v2 backwards compatible handshakes,
+.It Fl pkcs | oaep | ssl | raw
+The padding to use: PKCS#1 v1.5
+.Pq the default ,
+PKCS#1 OAEP, special padding used in SSL v2 backwards compatible handshakes,
 or no padding, respectively.
 For signatures, only
 .Fl pkcs
@@ -5075,9 +5293,17 @@ can be used.
 .It Fl hexdump
 Hex dump the output data.
 .It Fl asn1parse
-Asn1parse the output data, this is useful when combined with the
+Asn1parse the output data; this is useful when combined with the
 .Fl verify
 option.
+.It Fl engine Ar id
+Specifying an engine (by it's unique
+.Ar id
+string) will cause
+.Nm rsautl
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed.
+The engine will then be set as the default for all available algorithms.
 .El
 .Sh RSAUTL NOTES
 .Nm rsautl ,
@@ -5086,16 +5312,16 @@ used to sign or verify small pieces of data.
 .Sh RSAUTL EXAMPLES
 Sign some data using a private key:
 .Pp
-\& $ openssl rsautl -sign -in file -inkey key.pem -out sig
+.Dl "$ openssl rsautl -sign -in file -inkey key.pem -out sig"
 .Pp
 Recover the signed data:
 .Pp
-\& $ openssl rsautl -verify -in sig -inkey key.pem
+.Dl $ openssl rsautl -verify -in sig -inkey key.pem
 .Pp
 Examine the raw signed data:
 .Pp
-\& $ openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
-.Bd -literal
+.Li "\ \&$ openssl rsautl -verify -in file -inkey key.pem -raw -hexdump"
+.Bd -unfilled
 \& 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
 \& 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
 \& 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
@@ -5106,8 +5332,9 @@ Examine the raw signed data:
 \& 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world
 .Ed
 .Pp
-The PKCS#1 block formatting is evident from this. If this was done using
-encrypt and decrypt the block would have been of type 2 (the second byte)
+The PKCS#1 block formatting is evident from this.
+If this was done using encrypt and decrypt, the block would have been of type 2
+.Pq the second byte
 and random padding data visible instead of the 0xff bytes.
 .Pp
 It is possible to analyse the signature of certificates using this
@@ -5115,12 +5342,12 @@ utility in conjunction with
 .Nm asn1parse .
 Consider the self-signed example in
 .Pa certs/pca-cert.pem :
-Running
+running
 .Nm asn1parse
 as follows yields:
 .Pp
-\& $ openssl asn1parse -in pca-cert.pem
-.Bd -literal
+.Li "\ \&$ openssl asn1parse -in pca-cert.pem"
+.Bd -unfilled
 \&    0:d=0  hl=4 l= 742 cons: SEQUENCE
 \&    4:d=1  hl=4 l= 591 cons:  SEQUENCE
 \&    8:d=2  hl=2 l=   3 cons:   cont [ 0 ]
@@ -5144,22 +5371,22 @@ as follows yields:
 The final BIT STRING contains the actual signature.
 It can be extracted with:
 .Pp
-\& $ openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
+.Dl "$ openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614"
 .Pp
 The certificate public key can be extracted with:
 .Pp
-\& $ openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem
+.Dl $ openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem
 .Pp
 The signature can be analysed with:
 .Pp
-\& $ openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
-.Bd -literal
+.Li "\ \&$ openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin"
+.Bd -unfilled
 \&    0:d=0  hl=2 l=  32 cons: SEQUENCE
 \&    2:d=1  hl=2 l=  12 cons:  SEQUENCE
 \&    4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
 \&   14:d=2  hl=2 l=   0 prim:   NULL
 \&   16:d=1  hl=2 l=  16 prim:  OCTET STRING
-\&      0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..
+\&   0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5  .F...Js.7...H%..
 .Ed
 .Pp
 This is the parsed version of an ASN1
@@ -5168,13 +5395,12 @@ structure.
 It can be seen that the digest used was md5.
 The actual part of the certificate that was signed can be extracted with:
 .Pp
-\& $ openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
+.Dl "$ openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4"
 .Pp
 and its digest computed with:
-.Bd -literal
-\& $ openssl md5 -c tbs
-\&   MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
-.Ed
+.Pp
+.Dl $ openssl md5 -c tbs
+.D1 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
 .Pp
 which it can be seen agrees with the recovered value above.
 .\"
@@ -5183,7 +5409,9 @@ which it can be seen agrees with the recovered value above.
 .Sh S_CLIENT
 .Nm openssl s_client
 .Bk -words
-.Op Fl connect Ar host:port>
+.Oo
+.Fl connect Ar host Ns : Ns Ar port
+.Oc
 .Op Fl verify Ar depth
 .Op Fl cert Ar filename
 .Op Fl key Ar filename
@@ -5192,6 +5420,7 @@ which it can be seen agrees with the recovered value above.
 .Op Fl reconnect
 .Op Fl pause
 .Op Fl showcerts
+.Op Fl prexit
 .Op Fl debug
 .Op Fl msg
 .Op Fl nbio_test
@@ -5207,9 +5436,9 @@ which it can be seen agrees with the recovered value above.
 .Op Fl no_ssl3
 .Op Fl no_tls1
 .Op Fl bugs
+.Op Fl serverpref
 .Op Fl cipher Ar cipherlist
 .Op Fl starttls Ar protocol
-.Op Fl starttls Ar protocol
 .Op Fl engine Ar id
 .Op Fl rand Ar file ...
 .Ek
@@ -5224,20 +5453,22 @@ useful diagnostic tool for SSL servers.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl connect Ar host:port
+.It Xo
+.Fl connect Ar host Ns : Ns Ar port
+.Xc
 This specifies the
 .Ar host
 and optional
 .Ar port
 to connect to.
-If not specified then an attempt is made to connect to the local host
+If not specified, then an attempt is made to connect to the local host
 on port 4433.
 .It Fl cert Ar certname
 The certificate to use, if one is requested by the server.
 The default is not to use a certificate.
 .It Fl key Ar keyfile
 The private key to use.
-If not specified then the certificate file will be used.
+If not specified, then the certificate file will be used.
 .It Fl verify Ar depth
 The verify
 .Ar depth
@@ -5252,7 +5483,9 @@ certificate verify failure.
 The
 .Ar directory
 to use for server certificate verification.
-This directory must be in "hash format", see
+This directory must be in
+.Qq hash format ;
+see
 .Fl verify
 for more information.
 These are also used when building the client certificate chain.
@@ -5273,7 +5506,7 @@ certificate itself is displayed.
 Print session information when the program exits.
 This will always attempt
 to print out information even if the connection fails.
-Normally information will only be printed out once if the connection succeeds.
+Normally, information will only be printed out once if the connection succeeds.
 This option is useful because the cipher in use may be renegotiated
 or the connection may fail because a client certificate is required or is
 requested only after an attempt is made to access a certain URL.
@@ -5301,10 +5534,12 @@ Inhibit printing of session and certificate information.
 This implicitly turns on
 .Fl ign_eof
 as well.
-.It Fl ssl2 , ssl3 , tls1 , no_ssl2 ,
-.It Fl no_ssl3 , no_tls1
+.It Xo
+.Fl ssl2 | ssl3 | tls1 |
+.Fl no_ssl2 | no_ssl3 | no_tls1
+.Xc
 These options disable the use of certain SSL or TLS protocols.
-By default the initial handshake uses a method which should be compatible
+By default, the initial handshake uses a method which should be compatible
 with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
 .Pp
 Unfortunately there are a lot of ancient and broken servers in use which
@@ -5317,9 +5552,12 @@ option.
 .It Fl bugs
 There are several known bugs in SSL and TLS implementations.
 Adding this option enables various workarounds.
+.It Fl serverpref
+Use server's cipher preferences
+.Pq SSLv2 only .
 .It Fl cipher Ar cipherlist
 This allows the cipher list sent by the client to be modified.
-Although the server determines which cipher suite is used it should take
+Although the server determines which cipher suite is used, it should take
 the first supported cipher in the list sent by the client.
 See the
 .Sx CIPHERS
@@ -5328,7 +5566,8 @@ section above for more information.
 Send the protocol-specific message(s) to switch to TLS for communication.
 .Ar protocol
 is a keyword for the intended protocol.
-Currently, the only supported keyword is "smtp".
+Currently, the only supported keyword is
+.Qq smtp .
 .It Fl engine Ar id
 Specifying an engine (by it's unique
 .Ar id
@@ -5338,25 +5577,14 @@ to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default for all available algorithms.
 .It Fl rand Ar file ...
-A
-.Ar file
-or
-.Ar file Ns Li s
-containing random data used to seed the random number generator,
+A file or files containing random data used to seed the random number generator,
 or an EGD socket (see
 .Xr RAND_egd 3 ) .
-Multiple files can be specified separated by an OS-dependent character.
-The separator is
-.Cm \&;
-for MS-Windows,
-.Cm \&,
-for OpenVMS, and
-.Cm \&:
-for
-all others.
+Multiple files can be specified separated by a
+.Sq \&: .
 .El
 .Sh S_CLIENT CONNECTED COMMANDS
-If a connection is established with an SSL server then any data received
+If a connection is established with an SSL server, then any data received
 from the server is displayed and any key presses will be sent to the
 server.
 When used interactively (which means neither
@@ -5364,8 +5592,8 @@ When used interactively (which means neither
 nor
 .Fl ign_eof
 have been given), the session will be renegotiated if the line begins with an
-.Em R ,
-and if the line begins with a
+.Em R ;
+if the line begins with a
 .Em Q
 or if end of file is reached, the connection will be closed down.
 .Sh S_CLIENT NOTES
@@ -5373,14 +5601,16 @@ or if end of file is reached, the connection will be closed down.
 can be used to debug SSL servers.
 To connect to an SSL HTTP server the command:
 .Pp
-\& $ openssl s_client -connect servername:443
+.Dl $ openssl s_client -connect servername:443
 .Pp
-would typically be used (https uses port 443).
-If the connection succeeds then an HTTP command can be given such as
-"GET" to retrieve a web page.
+would typically be used
+.Pq HTTPS uses port 443 .
+If the connection succeeds, then an HTTP command can be given such as
+.Qq GET
+to retrieve a web page.
 .Pp
-If the handshake fails then there are several possible causes; if it is
-nothing obvious like no client certificate then the
+If the handshake fails, then there are several possible causes; if it is
+nothing obvious like no client certificate, then the
 .Fl bugs , ssl2 , ssl3 , tls1 ,
 .Fl no_ssl2 , no_ssl3
 and
@@ -5395,9 +5625,10 @@ mailing list.
 A frequent problem when attempting to get client certificates working
 is that a web client complains it has no certificates or gives an empty
 list to choose from.
-This is normally because the server is not sending the clients certificate
-authority in its "acceptable CA list" when it
-requests a certificate.
+This is normally because the server is not sending the client's certificate
+authority in its
+.Qq acceptable CA list
+when it requests a certificate.
 By using
 .Nm s_client
 the CA list can be viewed and checked.
@@ -5409,12 +5640,12 @@ command and send an HTTP request for an appropriate page.
 .Pp
 If a certificate is specified on the command line using the
 .Fl cert
-option it will not be used unless the server specifically requests
+option, it will not be used unless the server specifically requests
 a client certificate.
 Therefore merely including a client certificate
 on the command line is no guarantee that the certificate works.
 .Pp
-If there are problems verifying a server certificate then the
+If there are problems verifying a server certificate, then the
 .Fl showcerts
 option can be used to show the whole chain.
 .Sh S_CLIENT BUGS
@@ -5457,6 +5688,7 @@ We should really report information whenever a session is renegotiated.
 .Op Fl CAfile Ar filename
 .Op Fl nocert
 .Op Fl cipher Ar cipherlist
+.Op Fl serverpref
 .Op Fl quiet
 .Op Fl no_tmp_rsa
 .Op Fl ssl2
@@ -5493,16 +5725,17 @@ Sets the SSL context id.
 It can be given any string value.
 If this option is not present, a default value will be used.
 .It Fl cert Ar certname
-The certificate to use; most servers cipher suites require the use of a
+The certificate to use; most server's cipher suites require the use of a
 certificate and some require a certificate with a certain public key type:
 for example the DSS cipher suites require a certificate containing a DSS
-(DSA) key.
-If not specified then the filename
+.Pq DSA
+key.
+If not specified, then the filename
 .Pa server.pem
 will be used.
 .It Fl key Ar keyfile
 The private key to use.
-If not specified then the certificate file will be used.
+If not specified, then the certificate file will be used.
 .It Fl dcert Ar filename , Fl dkey Ar keyname
 Specify an additional certificate and private key; these behave in the
 same manner as the
@@ -5510,18 +5743,20 @@ same manner as the
 and
 .Fl key
 options except there is no default if they are not specified
-(no additional certificate and key is used).
+.Pq no additional certificate and key is used .
 As noted above some cipher suites require a certificate containing a key of
 a certain type.
 Some cipher suites need a certificate carrying an RSA key
-and some a DSS (DSA) key.
+and some a DSS
+.Pq DSA
+key.
 By using RSA and DSS certificates and keys
 a server can support clients which only support RSA or DSS cipher suites
 by using an appropriate certificate.
 .It Fl nocert
-If this option is set then no certificate is used.
+If this option is set, then no certificate is used.
 This restricts the cipher suites available to the anonymous ones
-(currently just anonymous DH).
+.Pq currently just anonymous DH .
 .It Fl dhparam Ar filename
 The DH parameter file to use.
 The ephemeral DH cipher suites generate keys
@@ -5545,15 +5780,17 @@ This specifies the maximum length of the client certificate chain
 and makes the server request a certificate from the client.
 With the
 .Fl verify
-option a certificate is requested but the client does not have to send one.
+option, a certificate is requested but the client does not have to send one.
 With the
 .Fl Verify
-option the client must supply a certificate or an error occurs.
+option, the client must supply a certificate or an error occurs.
 .It Fl CApath Ar directory
 The
 .Ar directory
 to use for client certificate verification.
-This directory must be in "hash format", see
+This directory must be in
+.Qq hash format ;
+see
 .Fl verify
 for more information.
 These are also used when building the server certificate chain.
@@ -5569,15 +5806,17 @@ Print extensive debugging information including a hex dump of all traffic.
 .It Fl msg
 Show all protocol messages with hex dump.
 .It Fl nbio_test
-Tests non blocking I/O.
+Tests non-blocking I/O.
 .It Fl nbio
-Turns on non blocking I/O.
+Turns on non-blocking I/O.
 .It Fl crlf
 This option translates a line feed from the terminal into CR+LF.
 .It Fl quiet
 Inhibit printing of session and certificate information.
-.It Fl ssl2 , ssl3 , tls1 , no_ssl2 ,
-.It Fl no_ssl3 , no_tls1
+.It Xo
+.Fl ssl2 | ssl3 | tls1 |
+.Fl no_ssl2 | no_ssl3 | no_tls1
+.Xc
 These options disable the use of certain SSL or TLS protocols.
 By default, the initial handshake uses a method which should be compatible
 with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
@@ -5586,16 +5825,19 @@ There are several known bugs in SSL and TLS implementations.
 Adding this option enables various workarounds.
 .It Fl hack
 This option enables a further workaround for some some early Netscape
-SSL code (?).
+SSL code
+.Pq \&? .
 .It Fl cipher Ar cipherlist
 This allows the cipher list used by the server to be modified.
 When the client sends a list of supported ciphers, the first client cipher
 also included in the server list is used.
 Because the client specifies the preference order, the order of the server
-cipherlist irrelevant.
+cipherlist is irrelevant.
 See the
 .Sx CIPHERS
 section for more information.
+.It Fl serverpref
+Use server's cipher preferences.
 .It Fl www
 Sends a status message back to the client when it connects.
 This includes lots of information about the ciphers used and various
@@ -5632,25 +5874,17 @@ The engine will then be set as the default for all available algorithms.
 .It Fl id_prefix Ar arg
 Generate SSL/TLS session IDs prefixed by
 .Ar arg .
-This is mostly useful for testing any SSL/TLS code (e.g. proxies) that wish
-to deal with multiple servers, when each of which might be generating a
-unique range of session IDs (e.g. with a certain prefix).
+This is mostly useful for testing any SSL/TLS code
+.Pq e.g. proxies
+that wish to deal with multiple servers, when each of which might be
+generating a unique range of session IDs
+.Pq e.g. with a certain prefix .
 .It Fl rand Ar file ...
-A
-.Ar file
-or
-.Ar file Ns Li s
-containing random data used to seed the random number generator,
+A file or files containing random data used to seed the random number generator,
 or an EGD socket (see
 .Xr RAND_egd 3 ) .
-Multiple files can be specified separated by an OS-dependent character.
-The separator is
-.Cm \&;
-for MS-Windows,
-.Cm \&,
-for OpenVMS, and
-.Cm \&:
-for all others.
+Multiple files can be specified separated by a
+.Sq \&: .
 .El
 .Sh S_SERVER CONNECTED COMMANDS
 If a connection request is established with an SSL client and neither the
@@ -5682,13 +5916,14 @@ Print out some session cache status information.
 can be used to debug SSL clients.
 To accept connections from a web browser the command:
 .Pp
-\& $ openssl s_server -accept 443 -www
+.Dl $ openssl s_server -accept 443 -www
 .Pp
 can be used for example.
 .Pp
-Most web browsers (in particular Netscape and MSIE) only support RSA cipher
-suites, so they cannot connect to servers which don't use a certificate
-carrying an RSA key or a version of
+Most web browsers
+.Pq in particular Netscape and MSIE
+only support RSA cipher suites, so they cannot connect to servers
+which don't use a certificate carrying an RSA key or a version of
 .Nm OpenSSL
 with RSA disabled.
 .Pp
@@ -5721,34 +5956,35 @@ unknown cipher suites a client says it supports.
 .Sh S_TIME
 The
 .Nm s_time
-utility is undocumented.
+utility is currently undocumented.
 .\"
 .\" SESS_ID
 .\"
 .Sh SESS_ID
 .Nm openssl sess_id
 .Bk -words
-.Op Fl inform Ar PEM|DER
-.Op Fl outform Ar PEM|DER
+.Op Fl inform Ar DER | PEM
+.Op Fl outform Ar DER | PEM
 .Op Fl in Ar filename
 .Op Fl out Ar filename
 .Op Fl text
+.Op Fl cert
 .Op Fl noout
 .Op Fl context Ar ID
 .Ek
 .Pp
 The
 .Nm sess_id
-program processes the encoded version of the SSL
-session structure and optionally prints out SSL
-session details (for example the SSL
-session master key) in human readable format.
+program processes the encoded version of the SSL session structure and
+optionally prints out SSL session details
+.Pq for example the SSL session master key
+in human readable format.
 Since this is a diagnostic tool that needs some knowledge of the SSL
 protocol to use properly, most users will not need to use it.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl inform Ar DER|PEM
+.It Fl inform Ar DER | PEM
 This specifies the input format.
 The
 .Ar DER
@@ -5759,8 +5995,8 @@ The
 .Ar PEM
 form is the default format: it consists of the DER
 format base64 encoded with additional header and footer lines.
-.It Fl outform Ar DER|PEM
-This specifies the output format, the options have the same meaning as the
+.It Fl outform Ar DER | PEM
+This specifies the output format; the options have the same meaning as the
 .Fl inform
 option.
 .It Fl in Ar filename
@@ -5776,14 +6012,15 @@ output if this option is not specified.
 Prints out the various public or private key components in
 plain text in addition to the encoded version.
 .It Fl cert
-If a certificate is present in the session it will be output using this option,
+If a certificate is present in the session,
+it will be output using this option;
 if the
 .Fl text
-option is also present then it will be printed out in text form.
+option is also present, then it will be printed out in text form.
 .It Fl noout
 This option prevents output of the encoded version of the session.
 .It Fl context Ar ID
-This option can set the session id so the output session information uses the
+This option can set the session ID so the output session information uses the
 supplied
 .Ar ID .
 The
@@ -5793,7 +6030,7 @@ This option won't normally be used.
 .El
 .Sh SESS_ID OUTPUT
 Typical output:
-.Bd -literal
+.Bd -unfilled
 \& SSL-Session:
 \&     Protocol  : TLSv1
 \&     Cipher    : 0016
@@ -5820,10 +6057,11 @@ The session ID context in hex format.
 .It Ar Master-Key
 This is the SSL session master key.
 .It Ar Key-Arg
-The key argument, this is only used in SSL v2.
+The key argument; this is only used in SSL v2.
 .It Ar Start Time
-This is the session start time, represented as an integer
-in standard Unix format.
+This is the session start time, represented as an integer in standard
+.Ux
+format.
 .It Ar Timeout
 The timeout in seconds.
 .It Ar Verify return code
@@ -5833,15 +6071,17 @@ This is the return code when an SSL client certificate is verified.
 The
 .Em PEM
 encoded session format uses the header and footer lines:
-.Bd -literal
-\& -----BEGIN SSL SESSION PARAMETERS-----
-\& -----END SSL SESSION PARAMETERS-----
+.Bd -unfilled -offset indent
+-----BEGIN SSL SESSION PARAMETERS-----
+-----END SSL SESSION PARAMETERS-----
 .Ed
 .Pp
 Since the SSL session output contains the master key, it is possible to read
 the contents of an encrypted session using this information.
 Therefore appropriate security precautions
-should be taken if the information is being output by a "real" application.
+should be taken if the information is being output by a
+.Qq real
+application.
 This is, however, strongly discouraged and should only be used for
 debugging purposes.
 .Sh SESS_ID BUGS
@@ -5857,25 +6097,39 @@ The cipher and start time should be printed out in human readable form.
 .Op Fl sign
 .Op Fl verify
 .Op Fl pk7out
-.Op Fl des
-.Op Fl des3
-.Op Fl rc2-40
-.Op Fl rc2-64
-.Op Fl rc2-128
+.Oo Xo
+.Fl des | des3 | rc2-40 | rc2-64 |
+.Fl rc2-128 | aes128 | aes192 | aes256
+.Xc
+.Oc
+.Op Fl nointern
+.Op Fl noverify
+.Op Fl nochain
+.Op Fl nosigs
+.Op Fl nocerts
+.Op Fl noattr
+.Op Fl binary
+.Op Fl nodetach
 .Op Fl in Ar file
 .Op Fl certfile Ar file
 .Op Fl signer Ar file
 .Op Fl recip Ar file
-.Op Fl inform Ar SMIME|PEM|DER
+.Op Fl inform Ar SMIME | DER | PEM
 .Op Fl passin Ar arg
 .Op Fl inkey Ar file
+.Op Fl keyform Ar PEM | ENGINE
 .Op Fl out Ar file
-.Op Fl outform Ar SMIME|PEM|DER
+.Op Fl outform Ar SMIME | DER | PEM
 .Op Fl content Ar file
 .Op Fl to Ar addr
 .Op Fl from Ar addr
 .Op Fl subject Ar s
 .Op Fl text
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl crl_check
+.Op Fl crl_check_all
+.Op Fl engine Ar id
 .Op Fl rand Ar file ...
 .Op Ar cert.pem ...
 .Ek
@@ -5925,7 +6179,7 @@ The input message to be encrypted or signed or the
 .Em MIME
 message to
 be decrypted or verified.
-.It Fl inform Ar SMIME|PEM|DER
+.It Fl inform Ar SMIME | DER | PEM
 This specifies the input format for the PKCS#7 structure.
 The default is
 .Em SMIME
@@ -5938,16 +6192,16 @@ and
 format change this to expect PEM and DER format PKCS#7 structures
 instead.
 This currently only affects the input format of the PKCS#7
-structure, if no PKCS#7 structure is being input (for example with
+structure; if no PKCS#7 structure is being input (for example with
 .Fl encrypt
 or
-.Fl sign )
+.Fl sign ) ,
 this option has no effect.
 .It Fl out Ar filename
 The message text that has been decrypted or verified, or the output
 .Em MIME
 format message that has been signed or verified.
-.It Fl outform Ar SMIME|PEM|DER
+.It Fl outform Ar SMIME | DER | PEM
 This specifies the output format for the PKCS#7 structure.
 The default is
 .Em SMIME
@@ -5978,7 +6232,8 @@ and it uses the multipart/signed
 .Em MIME
 content type.
 .It Fl text
-This option adds plain text (text/plain)
+This option adds plain text
+.Pq text/plain
 .Em MIME
 headers to the supplied message if encrypting or signing.
 If decrypting or verifying it strips off text headers:
@@ -5988,36 +6243,44 @@ type text/plain then an error occurs.
 .It Fl CAfile Ar file
 A
 .Ar file
-containing trusted CA certificates, only used with
+containing trusted CA certificates; only used with
 .Fl verify .
 .It Fl CApath Ar dir
 A
 .Ar directory
-containing trusted CA certificates, only used with
+containing trusted CA certificates; only used with
 .Fl verify .
 This directory must be a standard certificate directory;
 that is, a hash of each subject name (using
 .Nm x509 -hash )
 should be linked to each certificate.
-.It Fl des des3 rc2-40 rc2-64 rc2-128
+.It Xo
+.Fl des | des3 | rc2-40 | rc2-64 |
+.Fl rc2-128 | aes128 | aes192 | aes256
+.Xc
 The encryption algorithm to use.
-DES (56 bits), triple DES\s0 (168 bits)
-or 40, 64 or 128 bit RC2, respectively; if not specified 40 bit RC2 is
+DES
+.Pq 56 bits ,
+triple DES
+.Pq 168 bits ,
+40-, 64-, or 128-bit RC2, or 128-, 192-, or 256-bit AES, respectively;
+if not specified, 40-bit RC2 is
 used.
 Only used with
 .Fl encrypt .
 .It Fl nointern
-When verifying a message, normally certificates (if any) included in
-the message are searched for the signing certificate.
-With this option only the certificates specified in the
+When verifying a message, normally certificates
+.Pq if any
+included in the message are searched for the signing certificate.
+With this option, only the certificates specified in the
 .Fl certfile
 option are used.
 The supplied certificates can still be used as untrusted CAs however.
 .It Fl noverify
 Do not verify the signer's certificate of a signed message.
 .It Fl nochain
-Do not do chain verification of signers' certificates: that is don't
-use the certificates in the signed message as untrusted CAs.
+Do not do chain verification of signers' certificates: that is,
+don't use the certificates in the signed message as untrusted CAs.
 .It Fl nosigs
 Don't try to verify the signatures on the message.
 .It Fl nocerts
@@ -6032,8 +6295,9 @@ Normally, when a message is signed a set of attributes are included which
 include the signing time and supported symmetric algorithms.
 With this option they are not included.
 .It Fl binary
-Normally the input message is converted to "canonical" format which is
-effectively using CR and LF as end of line: as required by the
+Normally, the input message is converted to
+.Qq canonical
+format which is effectively using CR and LF as end of line: as required by the
 .Em S/MIME
 specification.
 When this option is present no translation occurs.
@@ -6066,36 +6330,42 @@ must match one of the recipients of the message or an error occurs.
 .It Fl inkey Ar file
 The private key to use when signing or decrypting.
 This must match the corresponding certificate.
-If this option is not specified then the private key must be included
+If this option is not specified, then the private key must be included
 in the certificate file specified with
 the
 .Fl recip
 or
 .Fl signer
 file.
+.It Fl keyform Ar PEM | ENGINE
+Input private key format.
 .It Fl passin Ar arg
 The private key password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
+.It Fl crl_check
+Check revocation status of signer's certificate using CRLs.
+.It Fl crl_check_all
+Check revocation status of signer's certificate chain using CRLs.
+.It Fl engine Ar id
+Specifying an engine (by it's unique
+.Ar id
+string) will cause
+.Nm smime
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed.
+The engine will then be set as the default
+for all available algorithms.
 .It Fl rand Ar file ...
-A
-.Ar file
-or
-.Ar file Ns Li s
+A file or files
 containing random data used to seed the random number generator,
 or an EGD socket (see
 .Xr RAND_egd 3 ) .
-Multiple files can be specified separated by an OS-dependent character.
-The separator is
-.Cm \&;
-for MS-Windows,
-.Cm \&,
-for OpenVMS, and
-.Cm \&:
-for all others.
+Multiple files can be specified separated by a
+.Sq \&: .
 .It Ar cert.pem ...
 One or more certificates of message recipients: used when encrypting
 a message.
@@ -6122,13 +6392,15 @@ necessary
 .Em MIME
 headers or many
 .Em S/MIME
-clients won't display it properly (if at all).
+clients won't display it properly
+.Pq if at all .
 You can use the
 .Fl text
 option to automatically add plain text headers.
 .Pp
-A "signed and encrypted" message is one where a signed message is
-then encrypted.
+A
+.Qq signed and encrypted
+message is one where a signed message is then encrypted.
 This can be produced by encrypting an already signed message:
 see the
 .Sx SMIME EXAMPLES
@@ -6139,8 +6411,9 @@ will verify multiple signers on received messages.
 Some
 .Em S/MIME
 clients choke if a message contains multiple signers.
-It is possible to sign messages "in parallel" by signing an already
-signed message.
+It is possible to sign messages
+.Qq in parallel
+by signing an already signed message.
 .Pp
 The options
 .Fl encrypt
@@ -6167,56 +6440,58 @@ message.
 An error occurred decrypting or verifying the message.
 .It Ar 5
 The message was verified correctly, but an error occurred writing out
-the signers certificates.
+the signer's certificates.
 .El
 .Sh SMIME EXAMPLES
 Create a cleartext signed message:
-.Bd -literal
-\& $ openssl smime -sign -in message.txt -text -out mail.msg \e
-\&        -signer mycert.pem
+.Bd -literal -offset indent
+$ openssl smime -sign -in message.txt -text -out mail.msg \e
+        -signer mycert.pem
 .Ed
 .Pp
 Create an opaque signed message:
-.Bd -literal
-\& $ openssl smime -sign -in message.txt -text -out mail.msg -nodetach \e
-\&        -signer mycert.pem
+.Bd -literal -offset indent
+$ openssl smime -sign -in message.txt -text -out mail.msg \e
+        -nodetach -signer mycert.pem
 .Ed
 .Pp
 Create a signed message, include some additional certificates and
 read the private key from another file:
-.Bd -literal
-\& $ openssl smime -sign -in in.txt -text -out mail.msg \e
-\&        -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+.Bd -literal -offset indent
+$ openssl smime -sign -in in.txt -text -out mail.msg \e
+        -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
 .Ed
 .Pp
-Send a signed message under Unix directly to
+Send a signed message under
+.Ux
+directly to
 .Xr sendmail 8 ,
 including headers:
-.Bd -literal
-\& $ openssl smime -sign -in in.txt -text -signer mycert.pem \e
-\&        -from steve@openssl.org -to someone@somewhere \e
-\&        -subject "Signed message" | sendmail someone@somewhere
+.Bd -literal -offset indent
+$ openssl smime -sign -in in.txt -text -signer mycert.pem \e
+        -from steve@openssl.org -to someone@somewhere \e
+        -subject "Signed message" | sendmail someone@somewhere
 .Ed
 .Pp
 Verify a message and extract the signer's certificate if successful:
-.Bd -literal
-\& $ openssl smime -verify -in mail.msg -signer user.pem \e
-\&      -out signedtext.txt
+.Bd -literal -offset indent
+$ openssl smime -verify -in mail.msg -signer user.pem \e
+        -out signedtext.txt
 .Ed
 .Pp
 Send encrypted mail using triple DES:
-.Bd -literal
-\& $ openssl smime -encrypt -in in.txt -from steve@openssl.org \e
-\&        -to someone@somewhere -subject "Encrypted message" \e
-\&        -des3 user.pem -out mail.msg
+.Bd -literal -offset indent
+$ openssl smime -encrypt -in in.txt -from steve@openssl.org \e
+        -to someone@somewhere -subject "Encrypted message" \e
+        -des3 user.pem -out mail.msg
 .Ed
 .Pp
 Sign and encrypt mail:
-.Bd -literal
-\& $ openssl smime -sign -in ml.txt -signer my.pem -text \e
-\&        | openssl smime -encrypt -out mail.msg \e
-\&        -from steve@openssl.org -to someone@somewhere \e
-\&        -subject "Signed and Encrypted message" -des3 user.pem
+.Bd -literal -offset indent
+$ openssl smime -sign -in ml.txt -signer my.pem -text | \e
+        openssl smime -encrypt -out mail.msg \e
+        -from steve@openssl.org -to someone@somewhere \e
+        -subject "Signed and Encrypted message" -des3 user.pem
 .Ed
 .Pp
 .Sy Note :
@@ -6227,28 +6502,30 @@ option because the message being encrypted already has
 headers.
 .Pp
 Decrypt mail:
-.Pp
-\& $ openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+.Bd -literal -offset indent
+$ openssl smime -decrypt -in mail.msg -recip mycert.pem \e
+        -inkey key.pem"
+.Ed
 .Pp
 The output from Netscape form signing is a PKCS#7 structure with the
 detached signature format.
 You can use this program to verify the signature by line wrapping the
 base64 encoded structure and surrounding it with:
-.Bd -literal
-\& -----BEGIN PKCS7-----
-\& -----END PKCS7-----
+.Bd -unfilled -offset indent
+-----BEGIN PKCS7-----
+-----END PKCS7-----
 .Ed
 .Pp
 and using the command:
-.Bd -literal
-\& $ openssl smime -verify -inform PEM -in signature.pem
-\&      -content content.txt
+.Bd -literal -offset indent
+$ openssl smime -verify -inform PEM -in signature.pem \e
+        -content content.txt
 .Ed
 .Pp
 Alternatively, you can base64 decode the signature and use:
-.Bd -literal
-\& $ openssl smime -verify -inform DER -in signature.der
-\&      -content content.txt
+.Bd -literal -offset indent
+$ openssl smime -verify -inform DER -in signature.der \e
+        -content content.txt
 .Ed
 .Sh SMIME BUGS
 The
@@ -6262,7 +6539,7 @@ extracted.
 There should be some heuristic that determines the correct encryption
 certificate.
 .Pp
-Ideally a database should be maintained of a certificate for each email
+Ideally, a database should be maintained of a certificate for each email
 address.
 .Pp
 The code doesn't currently take note of the permitted symmetric encryption
@@ -6276,7 +6553,7 @@ No revocation checking is done on the signer's certificate.
 .Pp
 The current code can only handle
 .Em S/MIME
-v2 messages, the more complex
+v2 messages; the more complex
 .Em S/MIME
 v3 structures may cause parsing errors.
 .\"
@@ -6284,37 +6561,63 @@ v3 structures may cause parsing errors.
 .\"
 .Sh SPEED
 .Nm openssl speed
-.Op Fl engine Ar id
-.Op Cm md2
-.Op Cm mdc2
-.Op Cm md5
-.Op Cm hmac
-.Op Cm sha1
-.Op Cm rmd160
-.Op Cm idea-cbc
-.Op Cm rc2-cbc
-.Op Cm rc5-cbc
+.Bk -words
+.Op Cm aes
+.Op Cm aes-128-cbc
+.Op Cm aes-192-cbc
+.Op Cm aes-256-cbc
+.Op Cm blowfish
 .Op Cm bf-cbc
+.Op Cm des
 .Op Cm des-cbc
 .Op Cm des-ede3
-.Op Cm rc4
-.Op Cm rsa512
-.Op Cm rsa1024
-.Op Cm rsa2048
-.Op Cm rsa4096
 .Op Cm dsa512
 .Op Cm dsa1024
 .Op Cm dsa2048
-.Op Cm idea
+.Op Cm hmac
+.Op Cm md2
+.Op Cm md4
+.Op Cm md5
 .Op Cm rc2
-.Op Cm des
+.Op Cm rc2-cbc
+.Op Cm rc4
+.Op Cm rmd160
 .Op Cm rsa
-.Op Cm blowfish
+.Op Cm rsa512
+.Op Cm rsa1024
+.Op Cm rsa2048
+.Op Cm rsa4096
+.Op Cm sha1
+.Op Fl elapsed
+.Op Fl evp Ar e
+.Op Fl decrypt
+.Op Fl mr
+.Op Fl multi Ar number
+.Op Fl engine Ar id
+.Ek
 .Pp
 The
 .Nm speed
 command is used to test the performance of cryptographic algorithms.
 .Bl -tag -width "XXXX"
+.It Cm [zero or more test algorithms]
+If any options are given,
+.Nm speed
+tests those algorithms, otherwise all of the above are tested.
+.It Fl elapsed
+Measure time in real time instead of CPU user time.
+.It Fl evp Ar e
+Use EVP
+.Ar e .
+.It Fl decrypt
+Time decryption instead of encryption
+.Pq only EVP .
+.It Fl mr
+Produce machine readable ouput.
+.It Fl multi Ar number
+Run
+.Ar number
+benchmarks in parallel.
 .It Fl engine Ar id
 Specifying an engine (by it's unique
 .Ar id
@@ -6324,10 +6627,6 @@ to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default
 for all available algorithms.
-.It Cm [zero or more test algorithms]
-If any options are given,
-.Nm speed
-tests those algorithms, otherwise all of the above are tested.
 .El
 .\"
 .\" SPKAC
@@ -6349,7 +6648,8 @@ tests those algorithms, otherwise all of the above are tested.
 The
 .Nm spkac
 command processes Netscape signed public key and challenge
-(SPKAC) files.
+.Pq SPKAC
+files.
 It can print out their contents, verify the signature and
 produce its own SPKACs from a supplied private key.
 .Pp
@@ -6377,7 +6677,7 @@ options are ignored if present.
 .It Fl passin Ar password
 The input file password source.
 For more information about the format of
-.Ar arg
+.Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
@@ -6393,18 +6693,18 @@ Allows an alternative name for the
 containing the SPKAC.
 The default is the default section.
 .It Fl noout
-Don't output the text version of the SPKAC (not used if an
-SPKAC is being created).
+Don't output the text version of the SPKAC
+.Pq not used if an SPKAC is being created .
 .It Fl pubkey
-Output the public key of an SPKAC (not used if an SPKAC is
-being created).
+Output the public key of an SPKAC
+.Pq not used if an SPKAC is being created .
 .It Fl verify
 Verifies the digital signature on the supplied SPKAC.
 .It Fl engine Ar id
 Specifying an engine (by it's unique
 .Ar id
 string) will cause
-.Nm req
+.Nm spkac
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default for all available algorithms.
@@ -6412,23 +6712,25 @@ The engine will then be set as the default for all available algorithms.
 .Sh SPKAC EXAMPLES
 Print out the contents of an SPKAC:
 .Pp
-\& $ openssl spkac -in spkac.cnf
+.Dl $ openssl spkac -in spkac.cnf
 .Pp
 Verify the signature of an SPKAC:
 .Pp
-\& $ openssl spkac -in spkac.cnf -noout -verify
+.Dl $ openssl spkac -in spkac.cnf -noout -verify
 .Pp
-Create an SPKAC using the challenge string "hello":
+Create an SPKAC using the challenge string
+.Qq hello :
 .Pp
-\& $ openssl spkac -key key.pem -challenge hello -out spkac.cnf
+.Dl $ openssl spkac -key key.pem -challenge hello -out spkac.cnf
 .Pp
-Example of an SPKAC, (long lines split up for clarity):
-.Bd -literal
-\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
-\& PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e
-\& PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e
-\& 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e
-\& 4=
+Example of an SPKAC,
+.Pq long lines split up for clarity :
+.Bd -unfilled -offset indent
+SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
+PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e
+PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e
+2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e
+4=
 .Ed
 .Sh SPKAC NOTES
 A created SPKAC with suitable DN components appended can be fed into
@@ -6448,7 +6750,8 @@ string, some guarantee is given that the user knows the private key
 corresponding to the public key being certified.
 This is important in some applications.
 Without this it is possible for a previous SPKAC
-to be used in a "replay attack".
+to be used in a
+.Qq replay attack .
 .\"
 .\" VERIFY
 .\"
@@ -6461,6 +6764,8 @@ to be used in a "replay attack".
 .Op Fl help
 .Op Fl issuer_checks
 .Op Fl verbose
+.Op Fl crl_check
+.Op Fl engine Ar id
 .Op Fl
 .Op Ar certificates
 .Pp
@@ -6476,13 +6781,15 @@ A
 of trusted certificates.
 The certificates should have names of the form
 .Em hash.0 ,
-or have symbolic links to them of this form.
+or have symbolic links to them of this form
 ("hash" is the hashed certificate subject name: see the
 .Fl hash
 option of the
 .Nm x509
 utility).
-Under Unix the
+Under
+.Ux ,
+the
 .Nm c_rehash
 script will automatically create symbolic links to a directory of certificates.
 .It Fl CAfile Ar file
@@ -6523,16 +6830,26 @@ This shows why each candidate issuer certificate was rejected.
 However the presence of rejection messages
 does not itself imply that anything is wrong: during the normal
 verify process several rejections may take place.
+.It Fl crl_check
+Check revocation status of signer's certificate using CRLs.
+.It Fl engine Ar id
+Specifying an engine (by it's unique
+.Ar id
+string) will cause
+.Nm verify
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed.
+The engine will then be set as the default for all available algorithms.
 .It Fl
 Marks the last option.
 All arguments following this are assumed to be certificate files.
 This is useful if the first certificate filename begins with a
-.Cm \&- .
+.Sq - .
 .It Ar certificates
 One or more
 .Ar certificates
 to verify.
-If no certificate filenames are included then an attempt is made to read
+If no certificate filenames are included, then an attempt is made to read
 a certificate from standard input.
 They should all be in
 .Em PEM
@@ -6559,11 +6876,12 @@ and ending in the root CA.
 It is an error if the whole chain cannot be built up.
 The chain is built up by looking up the issuers certificate of the current
 certificate.
-If a certificate is found which is its own issuer it is assumed
+If a certificate is found which is its own issuer, it is assumed
 to be the root CA.
 .Pp
-The process of 'looking up the issuers certificate' itself involves a number
-of steps.
+The process of
+.Qq looking up the issuers certificate
+itself involves a number of steps.
 In versions of
 .Nm OpenSSL
 before 0.9.5a the first certificate whose subject name matched the issuer
@@ -6573,10 +6891,14 @@ In
 0.9.6 and later all certificates whose subject name matches the issuer name
 of the current certificate are subject to further tests.
 The relevant authority key identifier components of the current certificate
-(if present) must match the subject key identifier (if present)
+.Pq if present
+must match the subject key identifier
+.Pq if present
 and issuer and serial number of the candidate issuer; in addition the
 .Em keyUsage
-extension of the candidate issuer (if present) must permit certificate signing.
+extension of the candidate issuer
+.Pq if present
+must permit certificate signing.
 .Pp
 The lookup first looks in the list of untrusted certificates and if no match
 is found the remaining lookups are from the trusted certificates.
@@ -6589,9 +6911,10 @@ consistency with the supplied purpose.
 If the
 .Fl purpose
 option is not included, then no checks are done.
-The supplied or "leaf" certificate must have extensions compatible with the
-supplied purpose and all other certificates must also be valid
-CA certificates.
+The supplied or
+.Qq leaf
+certificate must have extensions compatible with the supplied purpose
+and all other certificates must also be valid CA certificates.
 The precise extensions required are described in more detail in
 the
 .Sx X509 CERTIFICATE EXTENSIONS
@@ -6620,15 +6943,15 @@ If any operation fails then the certificate is not valid.
 .Sh VERIFY DIAGNOSTICS
 When a verify operation fails, the output messages can be somewhat cryptic.
 The general form of the error message is:
-.Bd -literal
-\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+.Bd -unfilled
+\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
 \& error 24 at 1 depth lookup:invalid CA certificate
 .Ed
 .Pp
-The first line contains the name of the certificate being verified followed by
+The first line contains the name of the certificate being verified, followed by
 the subject name of the certificate.
 The second line contains the error number and the depth.
-The depth is number of the certificate being verified when a
+The depth is the number of the certificate being verified when a
 problem was detected starting with zero for the certificate being verified
 itself, then 1 for the CA that signed the certificate and so on.
 Finally a text version of the error number is presented.
@@ -6637,7 +6960,8 @@ An exhaustive list of the error codes and messages is shown below; this also
 includes the name of the error code as defined in the header file
 .Aq Pa x509_vfy.h .
 Some of the error codes are defined but never returned: these are described
-as "unused".
+as
+.Qq unused .
 .Bl -tag -width "XXXX"
 .It Ar "0 X509_V_OK: ok"
 The operation was successful.
@@ -6782,12 +7106,7 @@ mishandled them.
 .\"
 .Sh VERSION
 .Nm openssl version
-.Op Fl a
-.Op Fl v
-.Op Fl b
-.Op Fl o
-.Op Fl f
-.Op Fl p
+.Op Fl abdfopv
 .Pp
 The
 .Nm version
@@ -6798,23 +7117,23 @@ The options are as follows:
 .Bl -tag -width "XXXX"
 .It Fl a
 All information: this is the same as setting all the other flags.
-.It Fl v
-The current
-.Nm OpenSSL
-version.
 .It Fl b
 The date the current version of
 .Nm OpenSSL
 was built.
+.It Fl d
+.Ev OPENSSLDIR
+setting.
+.It Fl f
+Compilation flags.
 .It Fl o
 Option information: various options set when the library was built.
-.It Fl c
-Compilation flags.
 .It Fl p
 Platform setting.
-.It Fl d
-.Em OPENSSLDIR
-setting.
+.It Fl v
+The current
+.Nm OpenSSL
+version.
 .El
 .Sh VERSION NOTES
 The output of
@@ -6832,13 +7151,14 @@ option was added in
 .Sh X509
 .Nm openssl x509
 .Bk -words
-.Op Fl inform Ar DER|PEM|NET
-.Op Fl outform Ar DER|PEM|NET
-.Op Fl keyform Ar DER|PEM
-.Op Fl CAform Ar DER|PEM
-.Op Fl CAkeyform Ar DER|PEM
+.Op Fl inform Ar DER | PEM | NET
+.Op Fl outform Ar DER | PEM | NET
+.Op Fl keyform Ar DER | PEM
+.Op Fl CAform Ar DER | PEM
+.Op Fl CAkeyform Ar DER | PEM
 .Op Fl in Ar filename
 .Op Fl out Ar filename
+.Op Fl passin Ar arg
 .Op Fl serial
 .Op Fl hash
 .Op Fl subject
@@ -6850,9 +7170,11 @@ option was added in
 .Op Fl purpose
 .Op Fl dates
 .Op Fl modulus
+.Op Fl pubkey
 .Op Fl fingerprint
 .Op Fl alias
 .Op Fl noout
+.Op Fl ocspid
 .Op Fl trustout
 .Op Fl clrtrust
 .Op Fl clrreject
@@ -6860,6 +7182,7 @@ option was added in
 .Op Fl addreject Ar arg
 .Op Fl setalias Ar arg
 .Op Fl days Ar arg
+.Op Fl checkend Ar arg
 .Op Fl set_serial Ar n
 .Op Fl signkey Ar filename
 .Op Fl x509toreq
@@ -6870,7 +7193,7 @@ option was added in
 .Op Fl CAserial Ar filename
 .Op Fl text
 .Op Fl C
-.Op Cm -md2|-md5|-sha1|-mdc2
+.Op Fl md2 | md5 | sha1
 .Op Fl clrext
 .Op Fl extfile Ar filename
 .Op Fl extensions Ar section
@@ -6881,16 +7204,17 @@ The
 .Nm x509
 command is a multi-purpose certificate utility.
 It can be used to display certificate information, convert certificates to
-various forms, sign certificate requests like a "mini CA" or edit
-certificate trust settings.
+various forms, sign certificate requests like a
+.Qq mini CA ,
+or edit certificate trust settings.
 .Pp
 Since there are a large number of options, they are split up into
 various sections.
-.Sh X509 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS
+.Sh X509 INPUT, OUTPUT, AND GENERAL PURPOSE OPTIONS
 .Bl -tag -width "XXXX"
-.It Fl inform Ar DER|PEM|NET
+.It Fl inform Ar DER | PEM | NET
 This specifies the input format.
-Normally the command will expect an X509 certificate,
+Normally, the command will expect an X509 certificate,
 but this can change if other options such as
 .Fl req
 are present.
@@ -6903,9 +7227,8 @@ The
 .Ar NET
 option is an obscure Netscape server format that is now
 obsolete.
-.It Fl outform Ar DER|PEM|NET
-This specifies the output format;
-the options have the same meaning as the
+.It Fl outform Ar DER | PEM | NET
+This specifies the output format; the options have the same meaning as the
 .Fl inform
 option.
 .It Fl in Ar filename
@@ -6916,22 +7239,29 @@ to read a certificate from or standard input if this option is not specified.
 This specifies the output
 .Ar filename
 to write to or standard output by default.
-.It Fl md2|-md5|-sha1|-mdc2
+.It Fl passin Ar arg
+The key password source.
+For more information about the format of
+.Ar arg ,
+see the
+.Sx PASS PHRASE ARGUMENTS
+section above.
+.It Fl md2 | md5 | sha1
 The digest to use.
 This affects any signing or display option that uses a message digest,
 such as the
-.Fl fingerprint , signkey
+.Fl fingerprint , signkey ,
 and
 .Fl CA
 options.
-If not specified then MD5 is used.
-If the key being used to sign with is a DSA key then
+If not specified, then MD5 is used.
+If the key being used to sign with is a DSA key, then
 this option has no effect: SHA1 is always used with DSA keys.
 .It Fl engine Ar id
 Specifying an engine (by it's unique
 .Ar id
 string) will cause
-.Nm req
+.Nm x509
 to attempt to obtain a functional reference to the specified engine,
 thus initialising it if needed.
 The engine will then be set as the default for all available algorithms.
@@ -6959,19 +7289,25 @@ The
 argument can be a single option or multiple options separated by commas.
 The
 .Fl certopt
-switch may be also be used more than once to set multiple options.
+switch may also be used more than once to set multiple options.
 See the
 .Sx X509 TEXT OPTIONS
 section for more information.
 .It Fl noout
 This option prevents output of the encoded version of the request.
+.It Fl ocspid
+Print OCSP hash values for the subject name and public key.
 .It Fl modulus
 This option prints out the value of the modulus of the public key
 contained in the certificate.
+.It Fl pubkey
+Ouput the public key.
 .It Fl serial
 Outputs the certificate serial number.
 .It Fl hash
-Outputs the "hash" of the certificate subject name.
+Outputs the
+.Qq hash
+of the certificate subject name.
 This is used in
 .Nm OpenSSL
 to form an index to allow certificates in a directory to be looked up
@@ -7017,11 +7353,13 @@ A
 .Em trusted certificate
 is an ordinary certificate which has several
 additional pieces of information attached to it such as the permitted
-and prohibited uses of the certificate and an "alias".
+and prohibited uses of the certificate and an
+.Qq alias .
 .Pp
-Normally when a certificate is being verified at least one certificate
-must be "trusted".
-By default a trusted certificate must be stored
+Normally, when a certificate is being verified at least one certificate
+must be
+.Qq trusted .
+By default, a trusted certificate must be stored
 locally and must be a root CA: any certificate chain ending in this CA
 is then usable for any purpose.
 .Pp
@@ -7053,7 +7391,8 @@ are modified.
 .It Fl setalias Ar arg
 Sets the alias of the certificate.
 This will allow the certificate to be referred to using a nickname,
-for example "Steve's Certificate".
+for example
+.Qq Steve's Certificate .
 .It Fl alias
 Outputs the certificate alias, if any.
 .It Fl clrtrust
@@ -7064,18 +7403,12 @@ Clears all the prohibited or rejected uses of the certificate.
 Adds a trusted certificate use.
 Any object name can be used here, but currently only
 .Ar clientAuth
-.Po Em SSL
- client use
-.Pc ,
+.Pq SSL client use ,
 .Ar serverAuth
-.Po Em SSL
- server use
-.Pc
+.Pq SSL server use ,
 and
 .Ar emailProtection
-.Po Em S/MIME
- email
-.Pc
+.Pq S/MIME email
 are used.
 Other
 .Nm OpenSSL
@@ -7088,7 +7421,7 @@ option.
 .It Fl purpose
 This option performs tests on the certificate extensions and outputs
 the results.
-For a more complete description see the
+For a more complete description, see the
 .Sx X509 CERTIFICATE EXTENSIONS
 section.
 .El
@@ -7096,15 +7429,18 @@ section.
 The
 .Nm x509
 utility can be used to sign certificates and requests: it
-can thus behave like a "mini CA".
+can thus behave like a
+.Qq mini CA .
 .Bl -tag -width "XXXX"
 .It Fl signkey Ar filename
 This option causes the input file to be self-signed using the supplied
 private key.
 .Pp
 If the input file is a certificate, it sets the issuer name to the
-subject name (i.e. makes it self-signed), changes the public key to the
-supplied value and changes the start and end dates.
+subject name
+.Pq i.e. makes it self-signed ,
+changes the public key to the supplied value
+and changes the start and end dates.
 The start date is set to the current time and the end date is set to
 a value determined by the
 .Fl days
@@ -7124,26 +7460,29 @@ certificate (for example with the
 or the
 .Fl CA
 options).
-Normally all extensions are retained.
-.It Fl keyform Ar PEM|DER
+Normally, all extensions are retained.
+.It Fl keyform Ar DER | PEM
 Specifies the format
-.Po Em DER
- or
-.Em PEM
-.Pc
+.Pq DER or PEM
 of the private key file used in the
 .Fl signkey
 option.
 .It Fl days Ar arg
 Specifies the number of days to make a certificate valid for.
 The default is 30 days.
+.It Fl checkend Ar arg
+Check whether the certificate expires in the next
+.Ar arg
+seconds.
+If so, exit with return value 1;
+otherwise exit with return value 0.
 .It Fl x509toreq
 Converts a certificate into a certificate request.
 The
 .Fl signkey
 option is used to pass the required private key.
 .It Fl req
-By default a certificate is expected on input.
+By default, a certificate is expected on input.
 With this option a certificate request is expected instead.
 .It Fl set_serial Ar n
 Specifies the serial number to use.
@@ -7161,16 +7500,17 @@ or
 options) is not used.
 .Pp
 The serial number can be decimal or hex (if preceded by
-.Em 0x ) .
+.Sq 0x ) .
 Negative serial numbers can also be specified but their use is not recommended.
 .It Fl CA Ar filename
 Specifies the CA certificate to be used for signing.
-When this option is present
+When this option is present,
 .Nm x509
-behaves like a "mini CA".
+behaves like a
+.Qq mini CA .
 The input file is signed by the CA using this option;
 that is, its issuer name is set to the subject name of the CA and it is
-digitally signed using the CAs private key.
+digitally signed using the CA's private key.
 .Pp
 This option is normally combined with the
 .Fl req
@@ -7180,7 +7520,7 @@ Without the
 option, the input is a certificate which must be self-signed.
 .It Fl CAkey Ar filename
 Sets the CA private key to sign a certificate with.
-If this option is not specified then it is assumed that the CA private key
+If this option is not specified, then it is assumed that the CA private key
 is present in the CA certificate file.
 .It Fl CAserial Ar filename
 Sets the CA serial number file to use.
@@ -7197,25 +7537,31 @@ to the file again.
 The default filename consists of the CA certificate file base name with
 .Pa .srl
 appended.
-For example if the CA certificate file is called
+For example, if the CA certificate file is called
 .Pa mycacert.pem ,
 it expects to find a serial number file called
 .Pa mycacert.srl .
 .It Fl CAcreateserial
 With this option the CA serial number file is created if it does not exist:
-it will contain the serial number "02" and the certificate being signed will
-have 1 as its serial number.
-Normally if the
+it will contain the serial number
+.Sq 02
+and the certificate being signed will have
+.Sq 1
+as its serial number.
+Normally, if the
 .Fl CA
-option is specified and the serial number file does not exist it is an error.
+option is specified and the serial number file does not exist, it is an error.
 .It Fl extfile Ar filename
 File containing certificate extensions to use.
 If not specified, then no extensions are added to the certificate.
 .It Fl extensions Ar section
 The section to add certificate extensions from.
-If this option is not specified then the extensions should either be
-contained in the unnamed (default) section or the default section should
-contain a variable called "extensions" which contains the section to use.
+If this option is not specified, then the extensions should either be
+contained in the unnamed
+.Pq default
+section or the default section should contain a variable called
+.Qq extensions
+which contains the section to use.
 .El
 .Sh X509 NAME OPTIONS
 The
@@ -7224,12 +7570,12 @@ command line switch determines how the subject and issuer
 names are displayed.
 If no
 .Fl nameopt
-switch is present, the default "oneline"
+switch is present, the default
+.Qq oneline
 format is used which is compatible with previous versions of
 .Nm OpenSSL .
-Each option is described in detail below, all options can be preceded by
-a
-.Cm \&-
+Each option is described in detail below; all options can be preceded by a
+.Sq -
 to turn the option off.
 Only the first four will normally be used.
 .Bl -tag -width "XXXX"
@@ -7258,37 +7604,44 @@ It is equivalent to
 and
 .Ar align .
 .It Ar esc_2253
-Escape the "special" characters required by RFC 2253 in a field that is
-.Cm \& ,+"<>; .
+Escape the
+.Qq special
+characters required by RFC 2253 in a field that is
+.Dq \& ,+"<>; .
 Additionally,
-.Cm \&#
+.Sq #
 is escaped at the beginning of a string
 and a space character at the beginning or end of a string.
 .It Ar esc_ctrl
 Escape control characters.
-That is, those with ASCII values less than
-0x20 (space) and the delete (0x7f) character.
-They are escaped using the RFC2253 \eXX notation (where XX are two hex
+That is, those with ASCII values less than 0x20
+.Pq space
+and the delete
+.Pq 0x7f
+character.
+They are escaped using the RFC 2253 \eXX notation (where XX are two hex
 digits representing the character value).
 .It Ar esc_msb
 Escape characters with the MSB set; that is, with ASCII values larger than
 127.
 .It Ar use_quote
 Escapes some characters by surrounding the whole string with
-.Cm \&"
+.Sq \&"
 characters.
 Without the option, all escaping is done with the
-.Cm \&\e
+.Sq \e
 character.
 .It Ar utf8
 Convert all strings to UTF8 format first.
 This is required by RFC 2253.
-If you are lucky enough to have a UTF8 compatible terminal then the use
+If you are lucky enough to have a UTF8 compatible terminal, then the use
 of this option (and
 .Em not
 setting
 .Ar esc_msb )
-may result in the correct display of multibyte (international) characters.
+may result in the correct display of multibyte
+.Pq international
+characters.
 If this option is not present, then multibyte characters larger than 0xff
 will be represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
 for 32 bits.
@@ -7304,15 +7657,17 @@ looking output.
 .It Ar show_type
 Show the type of the ASN1 character string.
 The type precedes the field contents.
-For example "BMPSTRING: Hello World".
+For example
+.Qq BMPSTRING: Hello World .
 .It Ar dump_der
 When this option is set, any fields that need to be hexdumped will
 be dumped using the DER encoding of the field.
 Otherwise just the content octets will be displayed.
-Both options use the RFC2253 #XXXX... format.
+Both options use the RFC 2253 #XXXX... format.
 .It Ar dump_nostr
-Dump non-character string types (for example OCTET STRING); if this
-option is not set then non-character string types will be displayed
+Dump non-character string types
+.Pq for example OCTET STRING ;
+if this option is not set, then non-character string types will be displayed
 as though each content octet represents a single character.
 .It Ar dump_all
 Dump all fields.
@@ -7326,12 +7681,13 @@ Dump any field whose OID is not recognised by
 These options determine the field separators.
 The first character is between RDNs and the second between multiple AVAs
 (multiple AVAs are very rare and their use is discouraged).
-The options ending in "space" additionally place a space after the
-separator to make it more readable.
+The options ending in
+.Qq space
+additionally place a space after the separator to make it more readable.
 The
 .Ar sep_multiline
 uses a linefeed character for the RDN separator and a spaced
-.Cm \&+
+.Sq +
 for the AVA separator.
 It also indents the fields by four characters.
 .It Ar dn_rev
@@ -7344,7 +7700,9 @@ These options alter how the field name is displayed.
 .Ar nofname
 does not display the field at all.
 .Ar sname
-uses the "short name" form (CN for
+uses the
+.Qq short name
+form (CN for
 .Ar commonName ,
 for example).
 .Ar lname
@@ -7357,7 +7715,7 @@ Only usable with
 .Ar sep_multiline .
 .It Ar spc_eq
 Places spaces round the
-.Cm \&=
+.Sq =
 character which follows the field name.
 .El
 .Sh X509 TEXT OPTIONS
@@ -7373,8 +7731,10 @@ The default behaviour is to print all fields.
 Use the old format.
 This is equivalent to specifying no output options at all.
 .It Ar no_header
-Don't print header information: that is, the lines saying "Certificate"
-and "Data".
+Don't print header information: that is, the lines saying
+.Qq Certificate
+and
+.Qq Data .
 .It Ar no_version
 Don't print out the version number.
 .It Ar no_serial
@@ -7419,37 +7779,40 @@ and
 .El
 .Sh X509 EXAMPLES
 .Sy Note :
-In these examples the '\e' means the example should be all on one
-line.
+In these examples the
+.Sq \e
+means the example should be all on one line.
 .Pp
 Display the contents of a certificate:
 .Pp
-\& $ openssl x509 -in cert.pem -noout -text
+.Dl $ openssl x509 -in cert.pem -noout -text
 .Pp
 Display the certificate serial number:
 .Pp
-\& $ openssl x509 -in cert.pem -noout -serial
+.Dl $ openssl x509 -in cert.pem -noout -serial
 .Pp
 Display the certificate subject name:
 .Pp
-\& $ openssl x509 -in cert.pem -noout -subject
+.Dl $ openssl x509 -in cert.pem -noout -subject
 .Pp
-Display the certificate subject name in RFC2253 form:
+Display the certificate subject name in RFC 2253 form:
 .Pp
-\& $ openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
+.Dl $ openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
 .Pp
 Display the certificate subject name in oneline form on a terminal
 supporting UTF8:
-.Pp
-\& $ openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb
+.Bd -literal -offset indent
+$ openssl x509 -in cert.pem -noout -subject \e
+        -nameopt oneline,-escmsb
+.Ed
 .Pp
 Display the certificate MD5 fingerprint:
 .Pp
-\& $ openssl x509 -in cert.pem -noout -fingerprint
+.Dl $ openssl x509 -in cert.pem -noout -fingerprint
 .Pp
 Display the certificate SHA1 fingerprint:
 .Pp
-\& $ openssl x509 -sha1 -in cert.pem -noout -fingerprint
+.Dl $ openssl x509 -sha1 -in cert.pem -noout -fingerprint
 .Pp
 Convert a certificate from
 .Em PEM
@@ -7457,51 +7820,54 @@ to
 .Em DER
 format:
 .Pp
-\& $ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
+.Dl "$ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER"
 .Pp
 Convert a certificate to a certificate request:
-.Pp
-\& $ openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
+.Bd -literal -offset indent
+$ openssl x509 -x509toreq -in cert.pem -out req.pem \e
+        -signkey key.pem
+.Ed
 .Pp
 Convert a certificate request into a self-signed certificate using
 extensions for a CA:
-.Bd -literal
-\& $ openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions \e
-\&        v3_ca -signkey key.pem -out cacert.pem
+.Bd -literal -offset indent
+$ openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions \e
+        v3_ca -signkey key.pem -out cacert.pem
 .Ed
 .Pp
 Sign a certificate request using the CA certificate above and add user
 certificate extensions:
-.Bd -literal
-\& $ openssl x509 -req -in req.pem -extfile openssl.cnf -extensions \e
+.Bd -literal -offset indent
+$ openssl x509 -req -in req.pem -extfile openssl.cnf -extensions \e
         v3_usr -CA cacert.pem -CAkey key.pem -CAcreateserial
 .Ed
 .Pp
 Set a certificate to be trusted for SSL
-client use and set its alias to "Steve's Class 1 CA":
-.Bd -literal
-\& $ openssl x509 -in cert.pem -addtrust clientAuth \e
-\&        -setalias "Steve's Class 1 CA" -out trust.pem
+client use and set its alias to
+.Qq Steve's Class 1 CA :
+.Bd -literal -offset indent
+$ openssl x509 -in cert.pem -addtrust clientAuth \e
+        -setalias "Steve's Class 1 CA" -out trust.pem
 .Ed
 .Sh X509 NOTES
 The
 .Em PEM
 format uses the header and footer lines:
-.Bd -literal
-\& -----BEGIN CERTIFICATE-----
-\& -----END CERTIFICATE-----
+.Bd -unfilled -offset indent
+-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
 .Ed
 .Pp
 It will also handle files containing:
-.Bd -literal
-\& -----BEGIN X509 CERTIFICATE-----
-\& -----END X509 CERTIFICATE-----
+.Bd -unfilled -offset indent
+-----BEGIN X509 CERTIFICATE-----
+-----END X509 CERTIFICATE-----
 .Ed
 .Pp
 Trusted certificates have the lines:
-.Bd -literal
-\& -----BEGIN TRUSTED CERTIFICATE-----
-\& -----END TRUSTED CERTIFICATE-----
+.Bd -unfilled -offset indent
+-----BEGIN TRUSTED CERTIFICATE-----
+-----END TRUSTED CERTIFICATE-----
 .Ed
 .Pp
 The conversion to UTF8 format used with the name options assumes that
@@ -7513,7 +7879,8 @@ it is more likely to display the majority of certificates correctly.
 The
 .Fl fingerprint
 option takes the digest of the DER encoded certificate.
-This is commonly called a "fingerprint".
+This is commonly called a
+.Qq fingerprint .
 Because of the nature of message digests, the fingerprint of a certificate
 is unique to that certificate and two certificates with the same fingerprint
 can be considered to be the same.
@@ -7542,22 +7909,24 @@ The
 .Em basicConstraints
 extension CA flag is used to determine whether the
 certificate can be used as a CA.
-If the CA flag is true then it is a CA,
-if the CA flag is false then it is not a CA.
+If the CA flag is true, then it is a CA;
+if the CA flag is false, then it is not a CA.
 .Em All
 CAs should have the CA flag set to true.
 .Pp
 If the
 .Em basicConstraints
-extension is absent then the certificate is
-considered to be a "possible CA"; other extensions are checked according
-to the intended use of the certificate.
+extension is absent, then the certificate is
+considered to be a
+.Qq possible CA ;
+other extensions are checked according to the intended use of the certificate.
 A warning is given in this case because the certificate should really not
 be regarded as a CA: however,
 it is allowed to be a CA to work around some broken software.
 .Pp
-If the certificate is a V1 certificate (and thus has no extensions) and
-it is self-signed, it is also assumed to be a CA but a warning is again
+If the certificate is a V1 certificate
+.Pq and thus has no extensions
+and it is self-signed, it is also assumed to be a CA but a warning is again
 given: this is to work around the problem of Verisign roots which are V1
 self-signed certificates.
 .Pp
@@ -7575,7 +7944,8 @@ extension is present.
 .Pp
 The extended key usage extension places additional restrictions on the
 certificate uses.
-If this extension is present (whether critical or not)
+If this extension is present
+.Pq whether critical or not ,
 the key can only be used for the purposes specified.
 .Pp
 A complete description of each test is given below.
@@ -7589,7 +7959,8 @@ CA certificates.
 .Bl -tag -width "XXXX"
 .It Ar SSL Client
 The extended key usage extension must be absent or include the
-"web client authentication" OID.
+.Qq web client authentication
+OID.
 .Ar keyUsage
 must be absent or it must have the
 .Em digitalSignature
@@ -7598,14 +7969,16 @@ Netscape certificate type must be absent or it must have the SSL
 client bit set.
 .It Ar SSL Client CA
 The extended key usage extension must be absent or include the
-"web client authentication" OID.
+.Qq web client authentication
+OID.
 Netscape certificate type must be absent or it must have the SSL CA
 bit set: this is used as a work around if the
 .Em basicConstraints
 extension is absent.
 .It Ar SSL Server
 The extended key usage extension must be absent or include the
-"web server authentication" and/or one of the SGC OIDs.
+.Qq web server authentication
+and/or one of the SGC OIDs.
 .Em keyUsage
 must be absent or it must have the
 .Em digitalSignature
@@ -7615,7 +7988,8 @@ set, or both bits set.
 Netscape certificate type must be absent or have the SSL server bit set.
 .It Ar SSL Server CA
 The extended key usage extension must be absent or include the
-"web server authentication" and/or one of the SGC OIDs.
+.Qq web server authentication
+and/or one of the SGC OIDs.
 Netscape certificate type must be absent or the SSL CA
 bit must be set: this is used as a work around if the
 .Em basicConstraints
@@ -7631,13 +8005,14 @@ digital signing.
 Otherwise it is the same as a normal SSL server.
 .It Ar Common S/MIME Client Tests
 The extended key usage extension must be absent or include the
-"email protection" OID.
+.Qq email protection
+OID.
 Netscape certificate type must be absent or should have the
 .Em S/MIME
 bit set.
 If the
 .Em S/MIME
-bit is not set in netscape certificate type, then the SSL
+bit is not set in Netscape certificate type, then the SSL
 client bit is tolerated as an alternative but a warning is shown:
 this is because some Verisign certificates don't set the
 .Em S/MIME
@@ -7660,7 +8035,8 @@ bit must be set if the
 extension is present.
 .It Ar S/MIME CA
 The extended key usage extension must be absent or include the
-"email protection" OID.
+.Qq email protection
+OID.
 Netscape certificate type must be absent or must have the
 .Em S/MIME CA
 bit set: this is used as a work around if the