update for crl and crl2pkcs7;

author: jmc <> 2003-10-26 15:16:13 +0000
committer: jmc <> 2003-10-26 15:16:13 +0000
commit: 772a69078b41d69500b8d4a738658ba3c2a5f9be (patch)
tree: 8f37f998c739784bec01faf83696e1f65d0dc272 /src
parent: 5ea1c776c381a4b2ec02b6dddf2a1294d1f42810 (diff)
download: openbsd-772a69078b41d69500b8d4a738658ba3c2a5f9be.tar.gz
openbsd-772a69078b41d69500b8d4a738658ba3c2a5f9be.tar.bz2
openbsd-772a69078b41d69500b8d4a738658ba3c2a5f9be.zip
1 files changed, 66 insertions, 64 deletions
diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1
index b137d90f09..76ea6f9661 100644
--- a/src/usr.sbin/openssl/openssl.1
+++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.19 2003/10/24 09:41:52 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.20 2003/10/26 15:16:13 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -1668,7 +1668,7 @@ encryption:
 .Dl $ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
 .Sh CIPHERS HISTORY
 The
-.Ar COMPLENTOFALL
+.Ar COMPLEMENTOFALL
 and
 .Ar COMPLEMENTOFDEFAULT
 selection options were added in version 0.9.7.
@@ -1678,19 +1678,19 @@ selection options were added in version 0.9.7.
 .Sh CRL
 .Nm openssl crl
 .Bk -words
-.Op Fl inform Ar DER | PEM
-.Op Fl outform Ar DER | PEM
-.Op Fl text
-.Op Fl in Ar filename
-.Op Fl out Ar filename
-.Op Fl noout
-.Op Fl hash
 .Op Fl fingerprint
+.Op Fl hash
 .Op Fl issuer
 .Op Fl lastupdate
 .Op Fl nextupdate
+.Op Fl noout
+.Op Fl text
 .Op Cm CAfile Ar file
 .Op Cm CApath Ar dir
+.Op Fl in Ar filename
+.Op Fl inform Ar DER | PEM
+.Op Fl out Ar filename
+.Op Fl outform Ar DER | PEM
 .Ek
 .Pp
 The
@@ -1703,6 +1703,24 @@ format.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
+.It Fl CAfile Ar file
+Verify the signature on a CRL by looking up the issuing certificate in
+.Ar file .
+.It Fl CApath Ar dir
+Verify the signature on a CRL by looking up the issuing certificate in
+.Ar dir .
+This directory must be a standard certificate directory,
+i.e. a hash of each subject name (using
+.Cm x509 Fl hash )
+should be linked to each certificate.
+.It Fl fingerprint
+Print the CRL fingerprint.
+.It Fl hash
+Output a hash of the issuer name.
+This can be used to look up CRLs in a directory by issuer name.
+.It Fl in Ar filename
+This specifies the input filename to read from, or standard input if this
+option is not specified.
 .It Fl inform Ar DER | PEM
 This specifies the input format.
 .Ar DER
@@ -1710,25 +1728,6 @@ format is a DER encoded CRL structure.
 .Ar PEM
 .Pq the default
 is a base64 encoded version of the DER form with header and footer lines.
-.It Fl outform Ar DER | PEM
-This specifies the output format; the options have the same meaning as the
-.Fl inform
-option.
-.It Fl in Ar filename
-This specifies the input filename to read from or standard input if this
-option is not specified.
-.It Fl out Ar filename
-Specifies the output filename to write to, or standard output by
-default.
-.It Fl text
-Print out the CRL in text form.
-.It Fl noout
-Don't output the encoded version of the CRL.
-.It Fl hash
-Output a hash of the issuer name.
-This can be used to look up CRLs in a directory by issuer name.
-.It Fl fingerprint
-Print the CRL fingerprint.
 .It Fl issuer
 Output the issuer name.
 .It Fl lastupdate
@@ -1739,16 +1738,17 @@ field.
 Output the
 .Ar nextUpdate
 field.
-.It Fl CAfile Ar file
+.It Fl noout
-Verify the signature on a CRL by looking up the issuing certificate in
+Don't output the encoded version of the CRL.
-.Ar file .
+.It Fl out Ar filename
-.It Fl CApath Ar dir
+Specifies the output filename to write to, or standard output by
-Verify the signature on a CRL by looking up the issuing certificate in
+default.
-.Ar dir .
+.It Fl outform Ar DER | PEM
-This directory must be a standard certificate directory,
+This specifies the output format; the options have the same meaning as the
-i.e. a hash of each subject name (using
+.Fl inform
-.Cm x509 Fl hash )
+option.
-should be linked to each certificate.
+.It Fl text
+Print out the CRL in text form.
 .El
 .Sh CRL NOTES
 The PEM CRL format uses the header and footer lines:
@@ -1768,7 +1768,7 @@ Output the text form of a
 .Ar DER
 encoded certificate:
 .Pp
-.Dl $ openssl crl -in crl.der -text -noout
+.Dl $ openssl crl -in crl.der -inform DER -text -noout
 .Sh CRL BUGS
 Ideally, it should be possible to create a CRL using appropriate options
 and files too.
@@ -1777,12 +1777,14 @@ and files too.
 .\"
 .Sh CRL2PKCS7
 .Nm openssl crl2pkcs7
-.Op Fl inform Ar DER | PEM
+.Bk -words
-.Op Fl outform Ar DER | PEM
+.Op Fl nocrl
+.Op Fl certfile Ar filename
 .Op Fl in Ar filename
+.Op Fl inform Ar DER | PEM
 .Op Fl out Ar filename
-.Op Fl certfile Ar filename
+.Op Fl outform Ar DER | PEM
-.Op Fl nocrl
+.Ek
 .Pp
 The
 .Nm crl2pkcs7
@@ -1793,6 +1795,19 @@ structure.
 .Pp
 The options are as follows:
 .Bl -tag -width "XXXX"
+.It Fl certfile Ar filename
+Specifies a
+.Ar filename
+containing one or more certificates in
+.Ar PEM
+format.
+All certificates in the file will be added to the PKCS#7 structure.
+This option can be used more than once to read certificates from multiple
+files.
+.It Fl in Ar filename
+This specifies the input
+.Ar filename
+to read a CRL from or standard input if this option is not specified.
 .It Fl inform Ar DER | PEM
 This specifies the CRL input format.
 .Ar DER
@@ -1800,6 +1815,14 @@ format is a DER encoded CRL structure.
 .Ar PEM
 .Pq the default
 is a base64 encoded version of the DER form with header and footer lines.
+.It Fl nocrl
+Normally, a CRL is included in the output file.
+With this option, no CRL is
+included in the output file and a CRL is not read from the input file.
+.It Fl out Ar filename
+Specifies the output
+.Ar filename
+to write the PKCS#7 structure to or standard output by default.
 .It Fl outform Ar DER | PEM
 This specifies the PKCS#7 structure output format.
 .Ar DER
@@ -1807,27 +1830,6 @@ format is a DER encoded PKCS#7 structure.
 .Ar PEM
 .Pq the default
 is a base64 encoded version of the DER form with header and footer lines.
-.It Fl in Ar filename
-This specifies the input
-.Ar filename
-to read a CRL from or standard input if this option is not specified.
-.It Fl out Ar filename
-Specifies the output
-.Ar filename
-to write the PKCS#7 structure to or standard output by default.
-.It Fl certfile Ar filename
-Specifies a
-.Ar filename
-containing one or more certificates in
-.Ar PEM
-format.
-All certificates in the file will be added to the PKCS#7 structure.
-This option can be used more than once to read certificates from multiple
-files.
-.It Fl nocrl
-Normally, a CRL is included in the output file.
-With this option, no CRL is
-included in the output file and a CRL is not read from the input file.
 .El
 .Sh CRL2PKCS7 EXAMPLES
 Create a PKCS#7 structure from a certificate and CRL:
author	jmc <>	2003-10-26 15:16:13 +0000
committer	jmc <>	2003-10-26 15:16:13 +0000
commit	772a69078b41d69500b8d4a738658ba3c2a5f9be (patch)
tree	8f37f998c739784bec01faf83696e1f65d0dc272 /src
parent	5ea1c776c381a4b2ec02b6dddf2a1294d1f42810 (diff)
download	openbsd-772a69078b41d69500b8d4a738658ba3c2a5f9be.tar.gz openbsd-772a69078b41d69500b8d4a738658ba3c2a5f9be.tar.bz2 openbsd-772a69078b41d69500b8d4a738658ba3c2a5f9be.zip

diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1 index b137d90f09..76ea6f9661 100644 --- a/src/usr.sbin/openssl/openssl.1 +++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.19 2003/10/24 09:41:52 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.20 2003/10/26 15:16:13 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -1668,7 +1668,7 @@ encryption:
1668	.Dl $ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'	1668	.Dl $ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
1669	.Sh CIPHERS HISTORY	1669	.Sh CIPHERS HISTORY
1670	The	1670	The
1671	.Ar COMPLENTOFALL	1671	.Ar COMPLEMENTOFALL
1672	and	1672	and
1673	.Ar COMPLEMENTOFDEFAULT	1673	.Ar COMPLEMENTOFDEFAULT
1674	selection options were added in version 0.9.7.	1674	selection options were added in version 0.9.7.
@@ -1678,19 +1678,19 @@ selection options were added in version 0.9.7.
1678	.Sh CRL	1678	.Sh CRL
1679	.Nm openssl crl	1679	.Nm openssl crl
1680	.Bk -words	1680	.Bk -words
1681	.Op Fl inform Ar DER \| PEM
1682	.Op Fl outform Ar DER \| PEM
1683	.Op Fl text
1684	.Op Fl in Ar filename
1685	.Op Fl out Ar filename
1686	.Op Fl noout
1687	.Op Fl hash
1688	.Op Fl fingerprint	1681	.Op Fl fingerprint
		1682	.Op Fl hash
1689	.Op Fl issuer	1683	.Op Fl issuer
1690	.Op Fl lastupdate	1684	.Op Fl lastupdate
1691	.Op Fl nextupdate	1685	.Op Fl nextupdate
		1686	.Op Fl noout
		1687	.Op Fl text
1692	.Op Cm CAfile Ar file	1688	.Op Cm CAfile Ar file
1693	.Op Cm CApath Ar dir	1689	.Op Cm CApath Ar dir
		1690	.Op Fl in Ar filename
		1691	.Op Fl inform Ar DER \| PEM
		1692	.Op Fl out Ar filename
		1693	.Op Fl outform Ar DER \| PEM
1694	.Ek	1694	.Ek
1695	.Pp	1695	.Pp
1696	The	1696	The
@@ -1703,6 +1703,24 @@ format.
1703	.Pp	1703	.Pp
1704	The options are as follows:	1704	The options are as follows:
1705	.Bl -tag -width "XXXX"	1705	.Bl -tag -width "XXXX"
		1706	.It Fl CAfile Ar file
		1707	Verify the signature on a CRL by looking up the issuing certificate in
		1708	.Ar file .
		1709	.It Fl CApath Ar dir
		1710	Verify the signature on a CRL by looking up the issuing certificate in
		1711	.Ar dir .
		1712	This directory must be a standard certificate directory,
		1713	i.e. a hash of each subject name (using
		1714	.Cm x509 Fl hash )
		1715	should be linked to each certificate.
		1716	.It Fl fingerprint
		1717	Print the CRL fingerprint.
		1718	.It Fl hash
		1719	Output a hash of the issuer name.
		1720	This can be used to look up CRLs in a directory by issuer name.
		1721	.It Fl in Ar filename
		1722	This specifies the input filename to read from, or standard input if this
		1723	option is not specified.
1706	.It Fl inform Ar DER \| PEM	1724	.It Fl inform Ar DER \| PEM
1707	This specifies the input format.	1725	This specifies the input format.
1708	.Ar DER	1726	.Ar DER
@@ -1710,25 +1728,6 @@ format is a DER encoded CRL structure.
1710	.Ar PEM	1728	.Ar PEM
1711	.Pq the default	1729	.Pq the default
1712	is a base64 encoded version of the DER form with header and footer lines.	1730	is a base64 encoded version of the DER form with header and footer lines.
1713	.It Fl outform Ar DER \| PEM
1714	This specifies the output format; the options have the same meaning as the
1715	.Fl inform
1716	option.
1717	.It Fl in Ar filename
1718	This specifies the input filename to read from or standard input if this
1719	option is not specified.
1720	.It Fl out Ar filename
1721	Specifies the output filename to write to, or standard output by
1722	default.
1723	.It Fl text
1724	Print out the CRL in text form.
1725	.It Fl noout
1726	Don't output the encoded version of the CRL.
1727	.It Fl hash
1728	Output a hash of the issuer name.
1729	This can be used to look up CRLs in a directory by issuer name.
1730	.It Fl fingerprint
1731	Print the CRL fingerprint.
1732	.It Fl issuer	1731	.It Fl issuer
1733	Output the issuer name.	1732	Output the issuer name.
1734	.It Fl lastupdate	1733	.It Fl lastupdate
@@ -1739,16 +1738,17 @@ field.
1739	Output the	1738	Output the
1740	.Ar nextUpdate	1739	.Ar nextUpdate
1741	field.	1740	field.
1742	.It Fl CAfile Ar file	1741	.It Fl noout
1743	Verify the signature on a CRL by looking up the issuing certificate in	1742	Don't output the encoded version of the CRL.
1744	.Ar file .	1743	.It Fl out Ar filename
1745	.It Fl CApath Ar dir	1744	Specifies the output filename to write to, or standard output by
1746	Verify the signature on a CRL by looking up the issuing certificate in	1745	default.
1747	.Ar dir .	1746	.It Fl outform Ar DER \| PEM
1748	This directory must be a standard certificate directory,	1747	This specifies the output format; the options have the same meaning as the
1749	i.e. a hash of each subject name (using	1748	.Fl inform
1750	.Cm x509 Fl hash )	1749	option.
1751	should be linked to each certificate.	1750	.It Fl text
		1751	Print out the CRL in text form.
1752	.El	1752	.El
1753	.Sh CRL NOTES	1753	.Sh CRL NOTES
1754	The PEM CRL format uses the header and footer lines:	1754	The PEM CRL format uses the header and footer lines:
@@ -1768,7 +1768,7 @@ Output the text form of a
1768	.Ar DER	1768	.Ar DER
1769	encoded certificate:	1769	encoded certificate:
1770	.Pp	1770	.Pp
1771	.Dl $ openssl crl -in crl.der -text -noout	1771	.Dl $ openssl crl -in crl.der -inform DER -text -noout
1772	.Sh CRL BUGS	1772	.Sh CRL BUGS
1773	Ideally, it should be possible to create a CRL using appropriate options	1773	Ideally, it should be possible to create a CRL using appropriate options
1774	and files too.	1774	and files too.
@@ -1777,12 +1777,14 @@ and files too.
1777	.\"	1777	.\"
1778	.Sh CRL2PKCS7	1778	.Sh CRL2PKCS7
1779	.Nm openssl crl2pkcs7	1779	.Nm openssl crl2pkcs7
1780	.Op Fl inform Ar DER \| PEM	1780	.Bk -words
1781	.Op Fl outform Ar DER \| PEM	1781	.Op Fl nocrl
		1782	.Op Fl certfile Ar filename
1782	.Op Fl in Ar filename	1783	.Op Fl in Ar filename
		1784	.Op Fl inform Ar DER \| PEM
1783	.Op Fl out Ar filename	1785	.Op Fl out Ar filename
1784	.Op Fl certfile Ar filename	1786	.Op Fl outform Ar DER \| PEM
1785	.Op Fl nocrl	1787	.Ek
1786	.Pp	1788	.Pp
1787	The	1789	The
1788	.Nm crl2pkcs7	1790	.Nm crl2pkcs7
@@ -1793,6 +1795,19 @@ structure.
1793	.Pp	1795	.Pp
1794	The options are as follows:	1796	The options are as follows:
1795	.Bl -tag -width "XXXX"	1797	.Bl -tag -width "XXXX"
		1798	.It Fl certfile Ar filename
		1799	Specifies a
		1800	.Ar filename
		1801	containing one or more certificates in
		1802	.Ar PEM
		1803	format.
		1804	All certificates in the file will be added to the PKCS#7 structure.
		1805	This option can be used more than once to read certificates from multiple
		1806	files.
		1807	.It Fl in Ar filename
		1808	This specifies the input
		1809	.Ar filename
		1810	to read a CRL from or standard input if this option is not specified.
1796	.It Fl inform Ar DER \| PEM	1811	.It Fl inform Ar DER \| PEM
1797	This specifies the CRL input format.	1812	This specifies the CRL input format.
1798	.Ar DER	1813	.Ar DER
@@ -1800,6 +1815,14 @@ format is a DER encoded CRL structure.
1800	.Ar PEM	1815	.Ar PEM
1801	.Pq the default	1816	.Pq the default
1802	is a base64 encoded version of the DER form with header and footer lines.	1817	is a base64 encoded version of the DER form with header and footer lines.
		1818	.It Fl nocrl
		1819	Normally, a CRL is included in the output file.
		1820	With this option, no CRL is
		1821	included in the output file and a CRL is not read from the input file.
		1822	.It Fl out Ar filename
		1823	Specifies the output
		1824	.Ar filename
		1825	to write the PKCS#7 structure to or standard output by default.
1803	.It Fl outform Ar DER \| PEM	1826	.It Fl outform Ar DER \| PEM
1804	This specifies the PKCS#7 structure output format.	1827	This specifies the PKCS#7 structure output format.
1805	.Ar DER	1828	.Ar DER
@@ -1807,27 +1830,6 @@ format is a DER encoded PKCS#7 structure.
1807	.Ar PEM	1830	.Ar PEM
1808	.Pq the default	1831	.Pq the default
1809	is a base64 encoded version of the DER form with header and footer lines.	1832	is a base64 encoded version of the DER form with header and footer lines.
1810	.It Fl in Ar filename
1811	This specifies the input
1812	.Ar filename
1813	to read a CRL from or standard input if this option is not specified.
1814	.It Fl out Ar filename
1815	Specifies the output
1816	.Ar filename
1817	to write the PKCS#7 structure to or standard output by default.
1818	.It Fl certfile Ar filename
1819	Specifies a
1820	.Ar filename
1821	containing one or more certificates in
1822	.Ar PEM
1823	format.
1824	All certificates in the file will be added to the PKCS#7 structure.
1825	This option can be used more than once to read certificates from multiple
1826	files.
1827	.It Fl nocrl
1828	Normally, a CRL is included in the output file.
1829	With this option, no CRL is
1830	included in the output file and a CRL is not read from the input file.
1831	.El	1833	.El
1832	.Sh CRL2PKCS7 EXAMPLES	1834	.Sh CRL2PKCS7 EXAMPLES
1833	Create a PKCS#7 structure from a certificate and CRL:	1835	Create a PKCS#7 structure from a certificate and CRL: