various cleanup;

8 files changed, 35 insertions, 41 deletions

diff --git a/src/lib/libcrypto/man/X509V3_get_d2i.3 b/src/lib/libcrypto/man/X509V3_get_d2i.3
index cd3bb844b5..b883bde099 100644
--- a/src/lib/libcrypto/man/X509V3_get_d2i.3
+++ b/src/lib/libcrypto/man/X509V3_get_d2i.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509V3_get_d2i.3,v 1.1 2016/12/04 20:51:47 schwarze Exp $
+.\"     $OpenBSD: X509V3_get_d2i.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 047dd81e Jul 4 23:03:17 2014 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 4 2016 $
+.Dd $Mdocdate: December 5 2016 $
 .Dt X509V3_GET_D2I 3
 .Os
 .Sh NAME
@@ -201,7 +201,7 @@ and
 .Fn X509_add1_ext_i2d
 operate on the extensions of certificate
 .Fa x ,
-they are otherwise identical to
+and are otherwise identical to
 .Fn X509V3_get_d2i
 and
 .Fn X509V3_add1_i2d 3 .
@@ -211,7 +211,7 @@ and
 .Fn X509_CRL_add1_ext_i2d
 operate on the extensions of CRL
 .Fa crl ,
-they are otherwise identical to
+and are otherwise identical to
 .Fn X509V3_get_d2i
 and
 .Fn X509V3_add1_i2d 3 .
@@ -223,7 +223,7 @@ operate on the extensions of the
 .Vt X509_REVOKED
 structure
 .Fa r
-(i.e. for CRL entry extensions), they are otherwise identical to
+(i.e. for CRL entry extensions), and are otherwise identical to
 .Fn X509V3_get_d2i
 and
 .Fn X509V3_add1_i2d 3 .
@@ -265,7 +265,7 @@ No new extension is added.
 .Pp
 If
 .Dv X509V3_ADD_SILENT
-is ored with
+is OR'd with
 .Fa flags ,
 any error returned will not be added to the error queue.
 .Pp
@@ -282,7 +282,7 @@ The following sections contain a list of all supported extensions
 including their name and NID.
 .Ss PKIX Certificate Extensions
 The following certificate extensions are defined in PKIX standards such
-as RFC5280.
+as RFC 5280.
 .Bl -column 30n 30n
 .It Basic Constraints             Ta Dv NID_basic_constraints
 .It Key Usage                     Ta Dv NID_key_usage
@@ -318,7 +318,7 @@ The following are (largely obsolete) Netscape certificate extensions.
 .It Proxy Certificate Information Ta Dv NID_proxyCertInfo
 .El
 .Ss PKIX CRL Extensions
-The following are CRL extensions from PKIX standards such as RFC5280.
+The following are CRL extensions from PKIX standards such as RFC 5280.
 .Bl -column 30n 30n
 .It CRL Number                    Ta Dv NID_crl_number
 .It CRL Distribution Points       Ta Dv NID_crl_distribution_points
@@ -329,7 +329,7 @@ The following are CRL extensions from PKIX standards such as RFC5280.
 .El
 .Pp
 The following are CRL entry extensions from PKIX standards such as
-RFC5280.
+RFC 5280.
 .Bl -column 30n 30n
 .It CRL Reason Code               Ta Dv NID_crl_reason
 .It Certificate Issuer            Ta Dv NID_certificate_issuer
@@ -345,7 +345,7 @@ RFC5280.
 .It Hold Instruction Code         Ta Dv NID_hold_instruction_code
 .El
 .Ss Certificate Transparency Extensions
-The following extensions are used by certificate transparency, RFC6962
+The following extensions are used by certificate transparency, RFC 6962
 .Bl -column 30n 30n
 .It CT Precertificate SCTs        Ta Dv NID_ct_precert_scts
 .It CT Certificate SCTs           Ta Dv NID_ct_cert_scts
diff --git a/src/lib/libcrypto/man/X509_ALGOR_dup.3 b/src/lib/libcrypto/man/X509_ALGOR_dup.3
index 00d87592c7..5ca80dc3f8 100644
--- a/src/lib/libcrypto/man/X509_ALGOR_dup.3
+++ b/src/lib/libcrypto/man/X509_ALGOR_dup.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_ALGOR_dup.3,v 1.1 2016/12/04 20:51:47 schwarze Exp $
+.\"     $OpenBSD: X509_ALGOR_dup.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 4692340e Jun 7 15:49:08 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 4 2016 $
+.Dd $Mdocdate: December 5 2016 $
 .Dt X509_ALGOR_DUP 3
 .Os
 .Sh NAME
@@ -146,12 +146,3 @@ compares
 and
 .Fa b
 and returns 0 if they have identical encodings and non-zero otherwise.
-.Sh COPYRIGHT
-Copyright 2002-2016 The OpenSSL Project Authors.
-All Rights Reserved.
-.Pp
-Licensed under the OpenSSL license (the "License").
-You may not use this file except in compliance with the License.
-You can obtain a copy in the file LICENSE in the source distribution or
-at
-.Lk https://www.openssl.org/source/license.html .
diff --git a/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 b/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
index 4b06525994..886b3d303a 100644
--- a/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
+++ b/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.1 2016/12/04 20:51:47 schwarze Exp $
+.\"     $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 4 2016 $
+.Dd $Mdocdate: December 5 2016 $
 .Dt X509_LOOKUP_HASH_DIR 3
 .Os
 .Sh NAME
@@ -89,7 +89,7 @@ and
 .Fn X509_LOOKUP_file
 are two certificate lookup methods to use with
 .Vt X509_STORE ,
-provided by OpenSSL library.
+provided by the OpenSSL library.
 .Pp
 Users of the library typically do not need to create instances of these
 methods manually.
@@ -99,7 +99,7 @@ or
 .Xr SSL_CTX_load_verify_locations 3
 functions.
 .Pp
-Internally loading of certificates and CRLs is implemented via functions
+Internally, loading of certificates and CRLs is implemented via the functions
 .Fn X509_load_cert_crl_file ,
 .Fn X509_load_cert_file
 and
@@ -137,7 +137,7 @@ The constant
 .Dv FILETYPE_DEFAULT
 with
 .Dv NULL
-filename causes these functions to load default certificate
+filename causes these functions to load the default certificate
 store file (see
 .Xr X509_STORE_set_default_paths 3 ) .
 .Pp
@@ -162,7 +162,7 @@ This method should be used by applications which work with a small set
 of CAs.
 .Ss Hashed Directory Method
 .Fa X509_LOOKUP_hash_dir
-is a more advanced method, which loads certificates and CRLs on demand,
+is a more advanced method which loads certificates and CRLs on demand,
 and caches them in memory once they are loaded.
 As of OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so
 that newer CRLs are used as soon as they appear in the directory.
@@ -182,7 +182,7 @@ name for CRLs.
 The hash can also be obtained via the
 .Fl hash
 option of the
-.Xr openssl
+.Xr openssl 1
 .Cm x509
 or
 .Cm crl
diff --git a/src/lib/libcrypto/man/X509_PUBKEY_new.3 b/src/lib/libcrypto/man/X509_PUBKEY_new.3
index 59dc2fbf7a..7ed923ac21 100644
--- a/src/lib/libcrypto/man/X509_PUBKEY_new.3
+++ b/src/lib/libcrypto/man/X509_PUBKEY_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_PUBKEY_new.3,v 1.1 2016/12/05 12:50:07 schwarze Exp $
+.\"     $OpenBSD: X509_PUBKEY_new.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -172,7 +172,7 @@ returns the public key contained in
 .Fa key .
 The reference
 count on the returned key is incremented so it must be freed using
-.Xr EVP_PKEY_free
+.Xr EVP_PKEY_free 3
 after use.
 .Pp
 .Fn d2i_PUBKEY
@@ -226,6 +226,7 @@ is set to the associated OID and the encoding consists of
 .Pf * Fa ppklen
 bytes at
 .Pf * Fa pk ,
+and
 .Pf * Fa pa
 is set to the associated AlgorithmIdentifier for the public key.
 If the value of any of these parameters is not required,
diff --git a/src/lib/libcrypto/man/X509_STORE_set1_param.3 b/src/lib/libcrypto/man/X509_STORE_set1_param.3
index abd1b872f3..93455893d5 100644
--- a/src/lib/libcrypto/man/X509_STORE_set1_param.3
+++ b/src/lib/libcrypto/man/X509_STORE_set1_param.3
@@ -1,4 +1,4 @@
-.\"     $OpenSSL$
+.\"     $OpenBSD: X509_STORE_set1_param.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 99d63d46
 .\"
 .\" This file was written by Christian Heimes <cheimes@redhat.com>.
diff --git a/src/lib/libcrypto/man/X509_check_ca.3 b/src/lib/libcrypto/man/X509_check_ca.3
index 67aac693e6..7d31c145c0 100644
--- a/src/lib/libcrypto/man/X509_check_ca.3
+++ b/src/lib/libcrypto/man/X509_check_ca.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_check_ca.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $
+.\"     $OpenBSD: X509_check_ca.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>.
@@ -63,7 +63,7 @@
 .Sh DESCRIPTION
 This function checks whether the given certificate is a CA certificate,
 that is, whether it can be used to sign other certificates.
-.Sh RETURN VALUE
+.Sh RETURN VALUES
 This functions returns non-zero if
 .Fa cert
 is a CA certificate or 0 otherwise.
diff --git a/src/lib/libcrypto/man/X509_check_host.3 b/src/lib/libcrypto/man/X509_check_host.3
index 1e6a44ffe1..5990670acb 100644
--- a/src/lib/libcrypto/man/X509_check_host.3
+++ b/src/lib/libcrypto/man/X509_check_host.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_check_host.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $
+.\"     $OpenBSD: X509_check_host.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Florian Weimer <fweimer@redhat.com> and
@@ -99,7 +99,7 @@ checks if the certificate Subject Alternative Name (SAN) or Subject
 CommonName (CN) matches the specified host name, which must be encoded
 in the preferred name syntax described in section 3.5 of RFC 1034.
 By default, wildcards are supported and they match only in the
-left-most label; but they may match part of that label with an
+left-most label; they may match part of that label with an
 explicit prefix or suffix.
 For example, by default, the host
 .Fa name
@@ -124,7 +124,8 @@ When
 starts with a dot (e.g.\&
 .Qq .example.com ) ,
 it will be matched by a certificate valid for any sub-domain of
-.Fa name ; see also
+.Fa name ;
+see also
 .Fa X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS
 below.
 .Pp
@@ -142,11 +143,12 @@ when it is no longer needed.
 .Fn X509_check_email
 checks if the certificate matches the specified email
 .Fa address .
-Only the mailbox syntax of RFC 822 is supported, comments are not
-allowed, and no attempt is made to normalize quoted characters.
+Only the mailbox syntax of RFC 822 is supported.
+Comments are not allowed,
+and no attempt is made to normalize quoted characters.
 The
 .Fa addresslen
-argument must be the number of characters in the address string or zero
+argument must be the number of characters in the address string or zero,
 in which case the length is calculated with
 .Fn strlen address .
 .Pp
diff --git a/src/lib/libcrypto/man/X509_check_issued.3 b/src/lib/libcrypto/man/X509_check_issued.3
index 997dfe12f1..a6696123ac 100644
--- a/src/lib/libcrypto/man/X509_check_issued.3
+++ b/src/lib/libcrypto/man/X509_check_issued.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_check_issued.3,v 1.1 2016/12/05 15:56:46 schwarze Exp $
+.\"     $OpenBSD: X509_check_issued.3,v 1.2 2016/12/05 16:38:24 jmc Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Victor B. Wagner <vitus@cryptocom.ru>.
@@ -89,7 +89,7 @@ check the
 field of
 .Fa issuer .
 .El
-.Sh RETURN VALUE
+.Sh RETURN VALUES
 This function returns
 .Dv X509_V_OK
 if the certificate