1 files changed, 30 insertions, 34 deletions
diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1
index a95e5a3982..c23685a6ad 100644
--- a/src/usr.sbin/openssl/openssl.1
+++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.97 2014/06/25 06:57:42 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.98 2014/07/22 06:28:10 guenther Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: June 25 2014 $
+.Dd $Mdocdate: July 22 2014 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -5851,40 +5851,36 @@ It can be overridden by the
 .Fl reqexts
 command line switch.
 .It Ar string_mask
-This option masks out the use of certain string types in certain
+This option limits the string types for encoding certain
 fields.
-Most users will not need to change this option.
+The following values may be used, limiting strings to the indicated types:
-.Pp
+.Bl -tag -width "MASK:number"
-It can be set to several values:
+.It Ar utf8only
-.Ar default ,
+.Em UTF8String.
-which is also the default option, uses
+This is the default, as recommended by PKIX in RFC 2459.
-.Em PrintableStrings , T61Strings
+.It Ar default
-and
+.Em PrintableString , IA5String , T61String , BMPString , UTF8String .
-.Em BMPStrings ;
+.It Ar pkix
-if the
+.Em PrintableString , IA5String , BMPString , UTF8String .
-.Ar pkix
+This was inspired by the PKIX recommendation in RFC 2459 for certificates
-value is used, then only
+generated before 2004, but differs by also permitting
-.Em PrintableStrings
+.Em IA5String .
-and
+.It Ar nombstr
-.Em BMPStrings
+.Em PrintableString , IA5String , T61String , UniversalString .
-will be used.
+This was a workaround for some ancient software that had problems
-This follows the PKIX recommendation in RFC 2459.
+with the variable-sized
-If the
+.Em BMPString
-.Fl utf8only
-option is used, then only
-.Em UTF8Strings
-will be used: this is the PKIX recommendation in RFC 2459 after 2003.
-Finally, the
-.Ar nombstr
-option just uses
-.Em PrintableStrings
-and
-.Em T61Strings :
-certain software has problems with
-.Em BMPStrings
 and
-.Em UTF8Strings :
+.Em UTF8String
-in particular Netscape.
+types.
+.It Li MASK : Ns Ar number
+This is an explicit bitmask of permitted types, where
+.Ar number
+is a C-style hex, decimal, or octal number that's a bit-wise OR of
+.Dv B_ASN1_*
+values from
+.In openssl/asn1.h .
+.El
 .It Ar utf8
 If set to the value
 .Em yes ,

diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1 index a95e5a3982..c23685a6ad 100644 --- a/src/usr.sbin/openssl/openssl.1 +++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.97 2014/06/25 06:57:42 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.98 2014/07/22 06:28:10 guenther Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -112,7 +112,7 @@
112	.\"	112	.\"
113	.\" OPENSSL	113	.\" OPENSSL
114	.\"	114	.\"
115	.Dd $Mdocdate: June 25 2014 $	115	.Dd $Mdocdate: July 22 2014 $
116	.Dt OPENSSL 1	116	.Dt OPENSSL 1
117	.Os	117	.Os
118	.Sh NAME	118	.Sh NAME
@@ -5851,40 +5851,36 @@ It can be overridden by the
5851	.Fl reqexts	5851	.Fl reqexts
5852	command line switch.	5852	command line switch.
5853	.It Ar string_mask	5853	.It Ar string_mask
5854	This option masks out the use of certain string types in certain	5854	This option limits the string types for encoding certain
5855	fields.	5855	fields.
5856	Most users will not need to change this option.	5856	The following values may be used, limiting strings to the indicated types:
5857	.Pp	5857	.Bl -tag -width "MASK:number"
5858	It can be set to several values:	5858	.It Ar utf8only
5859	.Ar default ,	5859	.Em UTF8String.
5860	which is also the default option, uses	5860	This is the default, as recommended by PKIX in RFC 2459.
5861	.Em PrintableStrings , T61Strings	5861	.It Ar default
5862	and	5862	.Em PrintableString , IA5String , T61String , BMPString , UTF8String .
5863	.Em BMPStrings ;	5863	.It Ar pkix
5864	if the	5864	.Em PrintableString , IA5String , BMPString , UTF8String .
5865	.Ar pkix	5865	This was inspired by the PKIX recommendation in RFC 2459 for certificates
5866	value is used, then only	5866	generated before 2004, but differs by also permitting
5867	.Em PrintableStrings	5867	.Em IA5String .
5868	and	5868	.It Ar nombstr
5869	.Em BMPStrings	5869	.Em PrintableString , IA5String , T61String , UniversalString .
5870	will be used.	5870	This was a workaround for some ancient software that had problems
5871	This follows the PKIX recommendation in RFC 2459.	5871	with the variable-sized
5872	If the	5872	.Em BMPString
5873	.Fl utf8only
5874	option is used, then only
5875	.Em UTF8Strings
5876	will be used: this is the PKIX recommendation in RFC 2459 after 2003.
5877	Finally, the
5878	.Ar nombstr
5879	option just uses
5880	.Em PrintableStrings
5881	and
5882	.Em T61Strings :
5883	certain software has problems with
5884	.Em BMPStrings
5885	and	5873	and
5886	.Em UTF8Strings :	5874	.Em UTF8String
5887	in particular Netscape.	5875	types.
		5876	.It Li MASK : Ns Ar number
		5877	This is an explicit bitmask of permitted types, where
		5878	.Ar number
		5879	is a C-style hex, decimal, or octal number that's a bit-wise OR of
		5880	.Dv B_ASN1_*
		5881	values from
		5882	.In openssl/asn1.h .
		5883	.El
5888	.It Ar utf8	5884	.It Ar utf8
5889	If set to the value	5885	If set to the value
5890	.Em yes ,	5886	.Em yes ,