1 files changed, 26 insertions, 21 deletions
diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1
index 318833ecc2..d86b932416 100644
--- a/src/usr.sbin/openssl/openssl.1
+++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.32 2004/01/28 19:25:19 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.33 2004/01/28 20:09:23 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -3675,6 +3675,11 @@ This option does not encrypt private keys at all and should only be used
 when absolutely necessary.
 Certain software such as some versions of Java code signing software use
 unencrypted private keys.
+.It Fl noiter
+Use an iteration count of 1.
+See the
+.Sx PKCS12
+section below for a detailed explanation of this option.
 .It Fl nooct
 This option generates RSA private keys in a broken format that some software
 uses.
@@ -3860,20 +3865,19 @@ compatibility, several of the utilities use the old format at present.
 .Fl des | des3
 .Oc
 .Op Fl cacerts
-.Op Fl certpbe
 .Op Fl chain
 .Op Fl clcerts
 .Op Fl descert
 .Op Fl export
 .Op Fl info
 .Op Fl keyex
-.Op Fl keypbe
 .Op Fl keysig
 .Op Fl maciter
 .Op Fl nocerts
 .Op Fl nodes
 .Op Fl noiter
 .Op Fl nokeys
+.Op Fl nomaciter
 .Op Fl nomacver
 .Op Fl noout
 .Op Fl twopass
@@ -3881,14 +3885,15 @@ compatibility, several of the utilities use the old format at present.
 .Op Fl CApath Ar directory
 .Op Fl caname Ar name
 .Op Fl certfile Ar file
+.Op Fl certpbe Ar alg
 .Op Fl engine Ar id
 .Op Fl in Ar file
 .Op Fl inkey Ar file
+.Op Fl keypbe Ar alg
 .Op Fl name Ar name
 .Op Fl out Ar file
 .Op Fl passin Ar arg
 .Op Fl passout Ar arg
-.Op Fl password Ar arg
 .Op Fl rand Ar file ...
 .Ek
 .Pp
@@ -3946,7 +3951,7 @@ The
 .Ar file
 to write certificates and private keys to, standard output by default.
 They are all written in PEM format.
-.It Fl pass Ar arg , Fl passin Ar arg
+.It Fl passin Ar arg
 The PKCS#12 file
 .Pq i.e. input file
 password source.
@@ -3975,7 +3980,7 @@ File of CAs
 .It Fl CApath Ar directory
 Directory of CAs
 .Pq PEM format .
-.It Fl caname Ar friendlyname
+.It Fl caname Ar name
 This specifies the
 .Qq friendly name
 for other certificates.
@@ -3985,6 +3990,14 @@ Netscape ignores friendly names on other certificates,
 whereas MSIE displays them.
 .It Fl certfile Ar file
 A file to read additional certificates from.
+.It Fl certpbe Ar alg , Fl keypbe Ar alg
+These options allow the algorithm used to encrypt the private key and
+certificates to be selected.
+Although any PKCS#5 v1.5 or PKCS#12 algorithms can be selected,
+it is advisable to only use PKCS#12 algorithms.
+See the list in the
+.Sx PKCS12 NOTES
+section for more information.
 .It Fl chain
 If this option is present, then an attempt is made to include the entire
 certificate chain of the user certificate.
@@ -4035,18 +4048,10 @@ Signing only keys can be used for S/MIME signing, authenticode
 and SSL client authentication;
 however, due to a bug only MSIE 5.0 and later support
 the use of signing only keys for SSL client authentication.
-.It Fl keypbe Ar alg , Fl certpbe Ar alg
-These options allow the algorithm used to encrypt the private key and
-certificates to be selected.
-Although any PKCS#5 v1.5 or PKCS#12 algorithms can be selected,
-it is advisable to only use PKCS#12 algorithms.
-See the list in the
-.Sx PKCS12 NOTES
-section for more information.
 .It Fl maciter
 This option is included for compatibility with previous versions; it used
 to be needed to use MAC iterations counts but they are now used by default.
-.It Fl name Ar friendlyname
+.It Fl name Ar name
 This specifies the
 .Qq friendly name
 for the certificate and private key.
@@ -4075,17 +4080,17 @@ This specifies
 .Ar file
 to write the PKCS#12 file to.
 Standard output is used by default.
-.It Fl pass Ar arg , Fl passout Ar arg
+.It Fl passin Ar arg
-The PKCS#12 file
+Pass phrase source to decrypt any input private keys with.
-.Pq i.e. output file
-password source.
 For more information about the format of
 .Ar arg ,
 see the
 .Sx PASS PHRASE ARGUMENTS
 section above.
-.It Fl passin Ar password
+.It Fl passout Ar arg
-Pass phrase source to decrypt any input private keys with.
+The PKCS#12 file
+.Pq i.e. output file
+password source.
 For more information about the format of
 .Ar arg ,
 see the

diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1 index 318833ecc2..d86b932416 100644 --- a/src/usr.sbin/openssl/openssl.1 +++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.32 2004/01/28 19:25:19 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.33 2004/01/28 20:09:23 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -3675,6 +3675,11 @@ This option does not encrypt private keys at all and should only be used
3675	when absolutely necessary.	3675	when absolutely necessary.
3676	Certain software such as some versions of Java code signing software use	3676	Certain software such as some versions of Java code signing software use
3677	unencrypted private keys.	3677	unencrypted private keys.
		3678	.It Fl noiter
		3679	Use an iteration count of 1.
		3680	See the
		3681	.Sx PKCS12
		3682	section below for a detailed explanation of this option.
3678	.It Fl nooct	3683	.It Fl nooct
3679	This option generates RSA private keys in a broken format that some software	3684	This option generates RSA private keys in a broken format that some software
3680	uses.	3685	uses.
@@ -3860,20 +3865,19 @@ compatibility, several of the utilities use the old format at present.
3860	.Fl des \| des3	3865	.Fl des \| des3
3861	.Oc	3866	.Oc
3862	.Op Fl cacerts	3867	.Op Fl cacerts
3863	.Op Fl certpbe
3864	.Op Fl chain	3868	.Op Fl chain
3865	.Op Fl clcerts	3869	.Op Fl clcerts
3866	.Op Fl descert	3870	.Op Fl descert
3867	.Op Fl export	3871	.Op Fl export
3868	.Op Fl info	3872	.Op Fl info
3869	.Op Fl keyex	3873	.Op Fl keyex
3870	.Op Fl keypbe
3871	.Op Fl keysig	3874	.Op Fl keysig
3872	.Op Fl maciter	3875	.Op Fl maciter
3873	.Op Fl nocerts	3876	.Op Fl nocerts
3874	.Op Fl nodes	3877	.Op Fl nodes
3875	.Op Fl noiter	3878	.Op Fl noiter
3876	.Op Fl nokeys	3879	.Op Fl nokeys
		3880	.Op Fl nomaciter
3877	.Op Fl nomacver	3881	.Op Fl nomacver
3878	.Op Fl noout	3882	.Op Fl noout
3879	.Op Fl twopass	3883	.Op Fl twopass
@@ -3881,14 +3885,15 @@ compatibility, several of the utilities use the old format at present.
3881	.Op Fl CApath Ar directory	3885	.Op Fl CApath Ar directory
3882	.Op Fl caname Ar name	3886	.Op Fl caname Ar name
3883	.Op Fl certfile Ar file	3887	.Op Fl certfile Ar file
		3888	.Op Fl certpbe Ar alg
3884	.Op Fl engine Ar id	3889	.Op Fl engine Ar id
3885	.Op Fl in Ar file	3890	.Op Fl in Ar file
3886	.Op Fl inkey Ar file	3891	.Op Fl inkey Ar file
		3892	.Op Fl keypbe Ar alg
3887	.Op Fl name Ar name	3893	.Op Fl name Ar name
3888	.Op Fl out Ar file	3894	.Op Fl out Ar file
3889	.Op Fl passin Ar arg	3895	.Op Fl passin Ar arg
3890	.Op Fl passout Ar arg	3896	.Op Fl passout Ar arg
3891	.Op Fl password Ar arg
3892	.Op Fl rand Ar file ...	3897	.Op Fl rand Ar file ...
3893	.Ek	3898	.Ek
3894	.Pp	3899	.Pp
@@ -3946,7 +3951,7 @@ The
3946	.Ar file	3951	.Ar file
3947	to write certificates and private keys to, standard output by default.	3952	to write certificates and private keys to, standard output by default.
3948	They are all written in PEM format.	3953	They are all written in PEM format.
3949	.It Fl pass Ar arg , Fl passin Ar arg	3954	.It Fl passin Ar arg
3950	The PKCS#12 file	3955	The PKCS#12 file
3951	.Pq i.e. input file	3956	.Pq i.e. input file
3952	password source.	3957	password source.
@@ -3975,7 +3980,7 @@ File of CAs
3975	.It Fl CApath Ar directory	3980	.It Fl CApath Ar directory
3976	Directory of CAs	3981	Directory of CAs
3977	.Pq PEM format .	3982	.Pq PEM format .
3978	.It Fl caname Ar friendlyname	3983	.It Fl caname Ar name
3979	This specifies the	3984	This specifies the
3980	.Qq friendly name	3985	.Qq friendly name
3981	for other certificates.	3986	for other certificates.
@@ -3985,6 +3990,14 @@ Netscape ignores friendly names on other certificates,
3985	whereas MSIE displays them.	3990	whereas MSIE displays them.
3986	.It Fl certfile Ar file	3991	.It Fl certfile Ar file
3987	A file to read additional certificates from.	3992	A file to read additional certificates from.
		3993	.It Fl certpbe Ar alg , Fl keypbe Ar alg
		3994	These options allow the algorithm used to encrypt the private key and
		3995	certificates to be selected.
		3996	Although any PKCS#5 v1.5 or PKCS#12 algorithms can be selected,
		3997	it is advisable to only use PKCS#12 algorithms.
		3998	See the list in the
		3999	.Sx PKCS12 NOTES
		4000	section for more information.
3988	.It Fl chain	4001	.It Fl chain
3989	If this option is present, then an attempt is made to include the entire	4002	If this option is present, then an attempt is made to include the entire
3990	certificate chain of the user certificate.	4003	certificate chain of the user certificate.
@@ -4035,18 +4048,10 @@ Signing only keys can be used for S/MIME signing, authenticode
4035	and SSL client authentication;	4048	and SSL client authentication;
4036	however, due to a bug only MSIE 5.0 and later support	4049	however, due to a bug only MSIE 5.0 and later support
4037	the use of signing only keys for SSL client authentication.	4050	the use of signing only keys for SSL client authentication.
4038	.It Fl keypbe Ar alg , Fl certpbe Ar alg
4039	These options allow the algorithm used to encrypt the private key and
4040	certificates to be selected.
4041	Although any PKCS#5 v1.5 or PKCS#12 algorithms can be selected,
4042	it is advisable to only use PKCS#12 algorithms.
4043	See the list in the
4044	.Sx PKCS12 NOTES
4045	section for more information.
4046	.It Fl maciter	4051	.It Fl maciter
4047	This option is included for compatibility with previous versions; it used	4052	This option is included for compatibility with previous versions; it used
4048	to be needed to use MAC iterations counts but they are now used by default.	4053	to be needed to use MAC iterations counts but they are now used by default.
4049	.It Fl name Ar friendlyname	4054	.It Fl name Ar name
4050	This specifies the	4055	This specifies the
4051	.Qq friendly name	4056	.Qq friendly name
4052	for the certificate and private key.	4057	for the certificate and private key.
@@ -4075,17 +4080,17 @@ This specifies
4075	.Ar file	4080	.Ar file
4076	to write the PKCS#12 file to.	4081	to write the PKCS#12 file to.
4077	Standard output is used by default.	4082	Standard output is used by default.
4078	.It Fl pass Ar arg , Fl passout Ar arg	4083	.It Fl passin Ar arg
4079	The PKCS#12 file	4084	Pass phrase source to decrypt any input private keys with.
4080	.Pq i.e. output file
4081	password source.
4082	For more information about the format of	4085	For more information about the format of
4083	.Ar arg ,	4086	.Ar arg ,
4084	see the	4087	see the
4085	.Sx PASS PHRASE ARGUMENTS	4088	.Sx PASS PHRASE ARGUMENTS
4086	section above.	4089	section above.
4087	.It Fl passin Ar password	4090	.It Fl passout Ar arg
4088	Pass phrase source to decrypt any input private keys with.	4091	The PKCS#12 file
		4092	.Pq i.e. output file
		4093	password source.
4089	For more information about the format of	4094	For more information about the format of
4090	.Ar arg ,	4095	.Ar arg ,
4091	see the	4096	see the