diff options
Diffstat (limited to '')
| -rw-r--r-- | src/usr.bin/openssl/openssl.1 | 64 | 
1 files changed, 17 insertions, 47 deletions
| diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index 2fa7a70b69..9ca16ee87c 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: openssl.1,v 1.80 2016/09/22 13:30:49 jmc Exp $ | 1 | .\" $OpenBSD: openssl.1,v 1.81 2016/09/22 13:44:02 jmc Exp $ | 
| 2 | .\" ==================================================================== | 2 | .\" ==================================================================== | 
| 3 | .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 3 | .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 
| 4 | .\" | 4 | .\" | 
| @@ -318,7 +318,7 @@ into a nested structure. | |||
| 318 | .Op Fl infiles | 318 | .Op Fl infiles | 
| 319 | .Op Fl key Ar keyfile | 319 | .Op Fl key Ar keyfile | 
| 320 | .Op Fl keyfile Ar arg | 320 | .Op Fl keyfile Ar arg | 
| 321 | .Op Fl keyform Ar PEM | 321 | .Op Fl keyform Ar pem | 
| 322 | .Op Fl md Ar arg | 322 | .Op Fl md Ar arg | 
| 323 | .Op Fl msie_hack | 323 | .Op Fl msie_hack | 
| 324 | .Op Fl name Ar section | 324 | .Op Fl name Ar section | 
| @@ -393,7 +393,7 @@ Since on some systems the command line arguments are visible, | |||
| 393 | this option should be used with caution. | 393 | this option should be used with caution. | 
| 394 | .It Fl keyfile Ar file | 394 | .It Fl keyfile Ar file | 
| 395 | The private key to sign requests with. | 395 | The private key to sign requests with. | 
| 396 | .It Fl keyform Ar PEM | 396 | .It Fl keyform Ar pem | 
| 397 | Private key file format. | 397 | Private key file format. | 
| 398 | .It Fl md Ar alg | 398 | .It Fl md Ar alg | 
| 399 | The message digest to use. | 399 | The message digest to use. | 
| @@ -545,14 +545,10 @@ The | |||
| 545 | of the configuration file containing CRL extensions to include. | 545 | of the configuration file containing CRL extensions to include. | 
| 546 | If no CRL extension section is present then a V1 CRL is created; | 546 | If no CRL extension section is present then a V1 CRL is created; | 
| 547 | if the CRL extension section is present | 547 | if the CRL extension section is present | 
| 548 | .Pq even if it is empty | 548 | (even if it is empty) | 
| 549 | then a V2 CRL is created. | 549 | then a V2 CRL is created. | 
| 550 | The CRL extensions specified are CRL extensions and | 550 | The CRL extensions specified are CRL extensions and not CRL entry extensions. | 
| 551 | .Em not | 551 | It should be noted that some software can't handle V2 CRLs. | 
| 552 | CRL entry extensions. | ||
| 553 | It should be noted that some software | ||
| 554 | .Pq for example Netscape | ||
| 555 | can't handle V2 CRLs. | ||
| 556 | .It Fl crlhours Ar num | 552 | .It Fl crlhours Ar num | 
| 557 | The number of hours before the next CRL is due. | 553 | The number of hours before the next CRL is due. | 
| 558 | .It Fl gencrl | 554 | .It Fl gencrl | 
| @@ -725,9 +721,8 @@ is accepted by both to produce a reasonable output. | |||
| 725 | If neither option is present, the format used in earlier versions of | 721 | If neither option is present, the format used in earlier versions of | 
| 726 | .Nm openssl | 722 | .Nm openssl | 
| 727 | is used. | 723 | is used. | 
| 728 | Use of the old format is | 724 | Use of the old format is strongly discouraged | 
| 729 | .Em strongly | 725 | because it only displays fields mentioned in the | 
| 730 | discouraged because it only displays fields mentioned in the | ||
| 731 | .Cm policy | 726 | .Cm policy | 
| 732 | section, | 727 | section, | 
| 733 | mishandles multicharacter string types and does not display extensions. | 728 | mishandles multicharacter string types and does not display extensions. | 
| @@ -1697,9 +1692,7 @@ Use NULL cipher (no encryption or decryption of input). | |||
| 1697 | Disable standard block padding. | 1692 | Disable standard block padding. | 
| 1698 | .It Fl nosalt | 1693 | .It Fl nosalt | 
| 1699 | Don't use a salt in the key derivation routines. | 1694 | Don't use a salt in the key derivation routines. | 
| 1700 | This option should | 1695 | This option should never be used | 
| 1701 | .Em NEVER | ||
| 1702 | be used | ||
| 1703 | since it makes it possible to perform efficient dictionary | 1696 | since it makes it possible to perform efficient dictionary | 
| 1704 | attacks on the password and to attack stream cipher encrypted data. | 1697 | attacks on the password and to attack stream cipher encrypted data. | 
| 1705 | .It Fl out Ar file | 1698 | .It Fl out Ar file | 
| @@ -2064,10 +2057,8 @@ specifies the HTTP path name to use, or | |||
| 2064 | .Pa / | 2057 | .Pa / | 
| 2065 | by default. | 2058 | by default. | 
| 2066 | .It Fl issuer Ar file | 2059 | .It Fl issuer Ar file | 
| 2067 | The current issuer certificate, | 2060 | The current issuer certificate, in PEM format. | 
| 2068 | in PEM format. | 2061 | Can be used multiple times and must come before any | 
| 2069 | Can be used multiple times | ||
| 2070 | and must come before any | ||
| 2071 | .Fl cert | 2062 | .Fl cert | 
| 2072 | options. | 2063 | options. | 
| 2073 | .It Fl no_cert_checks | 2064 | .It Fl no_cert_checks | 
| @@ -2306,12 +2297,6 @@ If the OCSP responder is a global responder, | |||
| 2306 | which can give details about multiple CAs | 2297 | which can give details about multiple CAs | 
| 2307 | and has its own separate certificate chain, | 2298 | and has its own separate certificate chain, | 
| 2308 | then its root CA can be trusted for OCSP signing. | 2299 | then its root CA can be trusted for OCSP signing. | 
| 2309 | For example: | ||
| 2310 | .Bd -literal -offset indent | ||
| 2311 | $ openssl x509 -in ocspCA.pem -addtrust OCSPSigning \e | ||
| 2312 | -out trustedCA.pem | ||
| 2313 | .Ed | ||
| 2314 | .Pp | ||
| 2315 | Alternatively, the responder certificate itself can be explicitly trusted | 2300 | Alternatively, the responder certificate itself can be explicitly trusted | 
| 2316 | with the | 2301 | with the | 
| 2317 | .Fl VAfile | 2302 | .Fl VAfile | 
| @@ -2655,8 +2640,7 @@ certificate using 40-bit RC2. | |||
| 2655 | Create a PKCS#12 file (rather than parsing one). | 2640 | Create a PKCS#12 file (rather than parsing one). | 
| 2656 | .It Fl in Ar file | 2641 | .It Fl in Ar file | 
| 2657 | The input file to read from, | 2642 | The input file to read from, | 
| 2658 | or standard input if not specified, | 2643 | or standard input if not specified. | 
| 2659 | in PEM format. | ||
| 2660 | The order doesn't matter but one private key and its corresponding | 2644 | The order doesn't matter but one private key and its corresponding | 
| 2661 | certificate should be present. | 2645 | certificate should be present. | 
| 2662 | If additional certificates are present, they will also be included | 2646 | If additional certificates are present, they will also be included | 
| @@ -2692,8 +2676,6 @@ This name is typically displayed in list boxes by software importing the file. | |||
| 2692 | Don't attempt to provide the MAC integrity. | 2676 | Don't attempt to provide the MAC integrity. | 
| 2693 | .It Fl nomaciter , noiter | 2677 | .It Fl nomaciter , noiter | 
| 2694 | Affect the iteration counts on the MAC and key algorithms. | 2678 | Affect the iteration counts on the MAC and key algorithms. | 
| 2695 | Unless you wish to produce files compatible with MSIE 4.0, you should leave | ||
| 2696 | these options alone. | ||
| 2697 | .Pp | 2679 | .Pp | 
| 2698 | To discourage attacks by using large dictionaries of common passwords, | 2680 | To discourage attacks by using large dictionaries of common passwords, | 
| 2699 | the algorithm that derives keys from passwords can have an iteration count | 2681 | the algorithm that derives keys from passwords can have an iteration count | 
| @@ -2706,9 +2688,6 @@ using these options the MAC and encryption iteration counts can be set to 1. | |||
| 2706 | Since this reduces the file security you should not use these options | 2688 | Since this reduces the file security you should not use these options | 
| 2707 | unless you really have to. | 2689 | unless you really have to. | 
| 2708 | Most software supports both MAC and key iteration counts. | 2690 | Most software supports both MAC and key iteration counts. | 
| 2709 | MSIE 4.0 doesn't support MAC iteration counts, so it needs the | ||
| 2710 | .Fl nomaciter | ||
| 2711 | option. | ||
| 2712 | .It Fl out Ar file | 2691 | .It Fl out Ar file | 
| 2713 | The output file to write to, | 2692 | The output file to write to, | 
| 2714 | or standard output if not specified. | 2693 | or standard output if not specified. | 
| @@ -3015,9 +2994,7 @@ pseudo-random bytes. | |||
| 3015 | The options are as follows: | 2994 | The options are as follows: | 
| 3016 | .Bl -tag -width Ds | 2995 | .Bl -tag -width Ds | 
| 3017 | .It Fl base64 | 2996 | .It Fl base64 | 
| 3018 | Perform | 2997 | Perform base64 encoding on the output. | 
| 3019 | .Em base64 | ||
| 3020 | encoding on the output. | ||
| 3021 | .It Fl hex | 2998 | .It Fl hex | 
| 3022 | Specify hexadecimal output. | 2999 | Specify hexadecimal output. | 
| 3023 | .It Fl out Ar file | 3000 | .It Fl out Ar file | 
| @@ -3108,7 +3085,8 @@ It also accepts PKCS#8 format private keys for PEM format files. | |||
| 3108 | The format of the private key file specified in the | 3085 | The format of the private key file specified in the | 
| 3109 | .Fl key | 3086 | .Fl key | 
| 3110 | argument. | 3087 | argument. | 
| 3111 | The default is PEM. | 3088 | The default is | 
| 3089 | .Cm pem . | ||
| 3112 | .It Fl keyout Ar file | 3090 | .It Fl keyout Ar file | 
| 3113 | The file to write the newly created private key to. | 3091 | The file to write the newly created private key to. | 
| 3114 | If this option is not specified, | 3092 | If this option is not specified, | 
| @@ -3974,10 +3952,8 @@ must end with CRLF). | |||
| 3974 | Generate SSL/TLS session IDs prefixed by | 3952 | Generate SSL/TLS session IDs prefixed by | 
| 3975 | .Ar arg . | 3953 | .Ar arg . | 
| 3976 | This is mostly useful for testing any SSL/TLS code | 3954 | This is mostly useful for testing any SSL/TLS code | 
| 3977 | (e.g. proxies) | 3955 | that wish to deal with multiple servers, | 
| 3978 | that wish to deal with multiple servers, when each of which might be | 3956 | when each of which might be generating a unique range of session IDs. | 
| 3979 | generating a unique range of session IDs | ||
| 3980 | (e.g. with a certain prefix). | ||
| 3981 | .It Fl key Ar keyfile | 3957 | .It Fl key Ar keyfile | 
| 3982 | The private key to use. | 3958 | The private key to use. | 
| 3983 | If not specified, the certificate file will be used. | 3959 | If not specified, the certificate file will be used. | 
| @@ -6055,9 +6031,6 @@ The following environment variables affect the execution of | |||
| 6055 | .It Ev OPENSSL_CONF | 6031 | .It Ev OPENSSL_CONF | 
| 6056 | The location of the master configuration file. | 6032 | The location of the master configuration file. | 
| 6057 | .El | 6033 | .El | 
| 6058 | .\" | ||
| 6059 | .\" FILES | ||
| 6060 | .\" | ||
| 6061 | .Sh FILES | 6034 | .Sh FILES | 
| 6062 | .Bl -tag -width "/etc/ssl/openssl.cnf" -compact | 6035 | .Bl -tag -width "/etc/ssl/openssl.cnf" -compact | 
| 6063 | .It Pa /etc/ssl/ | 6036 | .It Pa /etc/ssl/ | 
| @@ -6075,9 +6048,6 @@ Default configuration file for | |||
| 6075 | .Nm x509 | 6048 | .Nm x509 | 
| 6076 | certificates. | 6049 | certificates. | 
| 6077 | .El | 6050 | .El | 
| 6078 | .\" | ||
| 6079 | .\" SEE ALSO | ||
| 6080 | .\" | ||
| 6081 | .Sh SEE ALSO | 6051 | .Sh SEE ALSO | 
| 6082 | .Xr acme-client 1 , | 6052 | .Xr acme-client 1 , | 
| 6083 | .Xr nc 1 , | 6053 | .Xr nc 1 , | 
