updates for openssl verify;

author: jmc <> 2004-08-26 21:29:18 +0000
committer: jmc <> 2004-08-26 21:29:18 +0000
commit: 71784ebcf5b2bc44629188017a8d30fd63c5b652 (patch)
tree: 7f3ffb93aa17108a2a65d1601a14b35389e02bff /src
parent: 633fc554b41a52a44458a5f8967f01dc3ea386de (diff)
download: openbsd-71784ebcf5b2bc44629188017a8d30fd63c5b652.tar.gz
openbsd-71784ebcf5b2bc44629188017a8d30fd63c5b652.tar.bz2
openbsd-71784ebcf5b2bc44629188017a8d30fd63c5b652.zip
1 files changed, 18 insertions, 14 deletions
diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1
index d7adc32f08..5abc0738ab 100644
--- a/src/usr.sbin/openssl/openssl.1
+++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.46 2004/07/23 10:35:44 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.47 2004/08/26 21:29:18 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -6943,17 +6943,19 @@ to be used in a
 .\"
 .Sh VERIFY
 .Nm openssl verify
-.Op Fl CApath Ar directory
+.Bk -words
-.Op Fl CAfile Ar file
+.Op Fl crl_check
-.Op Fl purpose Ar purpose
-.Op Fl untrusted Ar file
 .Op Fl help
 .Op Fl issuer_checks
 .Op Fl verbose
-.Op Fl crl_check
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
 .Op Fl engine Ar id
+.Op Fl purpose Ar purpose
+.Op Fl untrusted Ar file
 .Op Fl
 .Op Ar certificates
+.Ek
 .Pp
 The
 .Nm verify
@@ -6961,7 +6963,7 @@ command verifies certificate chains.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
-.It Fl CApath directory
+.It Fl CApath Ar directory
 A
 .Ar directory
 of trusted certificates.
@@ -6998,8 +7000,10 @@ Without this option no chain verification will be done.
 Currently accepted uses are
 .Ar sslclient , sslserver ,
 .Ar nssslserver , smimesign ,
+.Ar smimeencrypt , crlsign ,
+.Ar any ,
 and
-.Ar smimeencrypt .
+.Ar ocsphelper .
 See the
 .Sx VERIFY OPERATION
 section for more information.
@@ -7051,23 +7055,23 @@ after an error, whereas normally the verify operation would halt on the
 first error.
 This allows all the problems with a certificate chain to be determined.
 .Pp
-The verify operation consists of a number of separate steps.
+The verify operation consists of a number of separate steps:
 .Pp
 Firstly a certificate chain is built up starting from the supplied certificate
 and ending in the root CA.
 It is an error if the whole chain cannot be built up.
-The chain is built up by looking up the issuers certificate of the current
+The chain is built up by looking up the issuer's certificate of the current
 certificate.
 If a certificate is found which is its own issuer, it is assumed
 to be the root CA.
 .Pp
 The process of
-.Qq looking up the issuers certificate
+.Qq looking up the issuer's certificate
 itself involves a number of steps.
 In versions of
 .Nm OpenSSL
 before 0.9.5a the first certificate whose subject name matched the issuer
-of the current certificate was assumed to be the issuers certificate.
+of the current certificate was assumed to be the issuer's certificate.
 In
 .Nm OpenSSL
 0.9.6 and later all certificates whose subject name matches the issuer name
@@ -7140,7 +7144,7 @@ Finally a text version of the error number is presented.
 .Pp
 An exhaustive list of the error codes and messages is shown below; this also
 includes the name of the error code as defined in the header file
-.Aq Pa x509_vfy.h .
+.Aq Pa openssl/x509_vfy.h .
 Some of the error codes are defined but never returned: these are described
 as
 .Qq unused .
@@ -7281,7 +7285,7 @@ be recognised.
 .Pp
 Previous versions of
 .Nm OpenSSL
-assume certificates with matching subject name are identical and
+assumed certificates with matching subject name were identical and
 mishandled them.
 .\"
 .\" VERSION
author	jmc <>	2004-08-26 21:29:18 +0000
committer	jmc <>	2004-08-26 21:29:18 +0000
commit	71784ebcf5b2bc44629188017a8d30fd63c5b652 (patch)
tree	7f3ffb93aa17108a2a65d1601a14b35389e02bff /src
parent	633fc554b41a52a44458a5f8967f01dc3ea386de (diff)
download	openbsd-71784ebcf5b2bc44629188017a8d30fd63c5b652.tar.gz openbsd-71784ebcf5b2bc44629188017a8d30fd63c5b652.tar.bz2 openbsd-71784ebcf5b2bc44629188017a8d30fd63c5b652.zip

diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1 index d7adc32f08..5abc0738ab 100644 --- a/src/usr.sbin/openssl/openssl.1 +++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.46 2004/07/23 10:35:44 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.47 2004/08/26 21:29:18 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -6943,17 +6943,19 @@ to be used in a
6943	.\"	6943	.\"
6944	.Sh VERIFY	6944	.Sh VERIFY
6945	.Nm openssl verify	6945	.Nm openssl verify
6946	.Op Fl CApath Ar directory	6946	.Bk -words
6947	.Op Fl CAfile Ar file	6947	.Op Fl crl_check
6948	.Op Fl purpose Ar purpose
6949	.Op Fl untrusted Ar file
6950	.Op Fl help	6948	.Op Fl help
6951	.Op Fl issuer_checks	6949	.Op Fl issuer_checks
6952	.Op Fl verbose	6950	.Op Fl verbose
6953	.Op Fl crl_check	6951	.Op Fl CAfile Ar file
		6952	.Op Fl CApath Ar directory
6954	.Op Fl engine Ar id	6953	.Op Fl engine Ar id
		6954	.Op Fl purpose Ar purpose
		6955	.Op Fl untrusted Ar file
6955	.Op Fl	6956	.Op Fl
6956	.Op Ar certificates	6957	.Op Ar certificates
		6958	.Ek
6957	.Pp	6959	.Pp
6958	The	6960	The
6959	.Nm verify	6961	.Nm verify
@@ -6961,7 +6963,7 @@ command verifies certificate chains.
6961	.Pp	6963	.Pp
6962	The options are as follows:	6964	The options are as follows:
6963	.Bl -tag -width "XXXX"	6965	.Bl -tag -width "XXXX"
6964	.It Fl CApath directory	6966	.It Fl CApath Ar directory
6965	A	6967	A
6966	.Ar directory	6968	.Ar directory
6967	of trusted certificates.	6969	of trusted certificates.
@@ -6998,8 +7000,10 @@ Without this option no chain verification will be done.
6998	Currently accepted uses are	7000	Currently accepted uses are
6999	.Ar sslclient , sslserver ,	7001	.Ar sslclient , sslserver ,
7000	.Ar nssslserver , smimesign ,	7002	.Ar nssslserver , smimesign ,
		7003	.Ar smimeencrypt , crlsign ,
		7004	.Ar any ,
7001	and	7005	and
7002	.Ar smimeencrypt .	7006	.Ar ocsphelper .
7003	See the	7007	See the
7004	.Sx VERIFY OPERATION	7008	.Sx VERIFY OPERATION
7005	section for more information.	7009	section for more information.
@@ -7051,23 +7055,23 @@ after an error, whereas normally the verify operation would halt on the
7051	first error.	7055	first error.
7052	This allows all the problems with a certificate chain to be determined.	7056	This allows all the problems with a certificate chain to be determined.
7053	.Pp	7057	.Pp
7054	The verify operation consists of a number of separate steps.	7058	The verify operation consists of a number of separate steps:
7055	.Pp	7059	.Pp
7056	Firstly a certificate chain is built up starting from the supplied certificate	7060	Firstly a certificate chain is built up starting from the supplied certificate
7057	and ending in the root CA.	7061	and ending in the root CA.
7058	It is an error if the whole chain cannot be built up.	7062	It is an error if the whole chain cannot be built up.
7059	The chain is built up by looking up the issuers certificate of the current	7063	The chain is built up by looking up the issuer's certificate of the current
7060	certificate.	7064	certificate.
7061	If a certificate is found which is its own issuer, it is assumed	7065	If a certificate is found which is its own issuer, it is assumed
7062	to be the root CA.	7066	to be the root CA.
7063	.Pp	7067	.Pp
7064	The process of	7068	The process of
7065	.Qq looking up the issuers certificate	7069	.Qq looking up the issuer's certificate
7066	itself involves a number of steps.	7070	itself involves a number of steps.
7067	In versions of	7071	In versions of
7068	.Nm OpenSSL	7072	.Nm OpenSSL
7069	before 0.9.5a the first certificate whose subject name matched the issuer	7073	before 0.9.5a the first certificate whose subject name matched the issuer
7070	of the current certificate was assumed to be the issuers certificate.	7074	of the current certificate was assumed to be the issuer's certificate.
7071	In	7075	In
7072	.Nm OpenSSL	7076	.Nm OpenSSL
7073	0.9.6 and later all certificates whose subject name matches the issuer name	7077	0.9.6 and later all certificates whose subject name matches the issuer name
@@ -7140,7 +7144,7 @@ Finally a text version of the error number is presented.
7140	.Pp	7144	.Pp
7141	An exhaustive list of the error codes and messages is shown below; this also	7145	An exhaustive list of the error codes and messages is shown below; this also
7142	includes the name of the error code as defined in the header file	7146	includes the name of the error code as defined in the header file
7143	.Aq Pa x509_vfy.h .	7147	.Aq Pa openssl/x509_vfy.h .
7144	Some of the error codes are defined but never returned: these are described	7148	Some of the error codes are defined but never returned: these are described
7145	as	7149	as
7146	.Qq unused .	7150	.Qq unused .
@@ -7281,7 +7285,7 @@ be recognised.
7281	.Pp	7285	.Pp
7282	Previous versions of	7286	Previous versions of
7283	.Nm OpenSSL	7287	.Nm OpenSSL
7284	assume certificates with matching subject name are identical and	7288	assumed certificates with matching subject name were identical and
7285	mishandled them.	7289	mishandled them.
7286	.\"	7290	.\"
7287	.\" VERSION	7291	.\" VERSION