1 files changed, 37 insertions, 58 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 971cb43fd2..301bc22694 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.56 2016/08/20 07:56:09 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.57 2016/08/20 12:54:49 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -1729,7 +1729,7 @@ Encrypt the input data.
 This is the default.
 .It Fl in Ar file
 The input file to read from,
-or standard input if none is specified.
+or standard input if not specified.
 .It Fl iv Ar IV
 The actual
 .Ar IV
@@ -1801,7 +1801,7 @@ since it makes it possible to perform efficient dictionary
 attacks on the password and to attack stream cipher encrypted data.
 .It Fl out Ar file
 The output file to write to,
-or standard output if none is specified.
+or standard output if not specified.
 .It Fl P
 Print out the salt, key, and IV used, then immediately exit;
 don't do any encryption or decryption.
@@ -1885,7 +1885,7 @@ A pass phrase is prompted for.
 If none of these options are specified, no encryption is used.
 .It Fl out Ar file
 The output file to write to,
-or standard output if none is specified.
+or standard output if not specified.
 .It Ar paramfile
 Specify the DSA parameter file to use.
 The parameters in this file determine the size of the private key.
@@ -1939,7 +1939,7 @@ or
 options.
 .It Fl out Ar file
 The output file to write to,
-or standard output if none is specified.
+or standard output if not specified.
 .It Fl outform Cm der | pem
 The output format.
 .It Fl paramfile Ar file
@@ -2032,7 +2032,7 @@ if it is not supplied via the
 option.
 .It Fl out Ar file
 The output file to write to,
-or standard output if none is specified.
+or standard output if not specified.
 .It Fl passout Ar arg
 The output file password source.
 .It Ar numbits
@@ -2223,7 +2223,7 @@ This is normally only be used for debugging
 since it disables all verification of the responder's certificate.
 .It Fl out Ar file
 Specify the output file to write to,
-or standard output if none is specified.
+or standard output if not specified.
 .It Fl req_text , resp_text , text
 Print out the text form of the OCSP request, response, or both, respectively.
 .It Fl reqin Ar file , Fl respin Ar file
@@ -2481,39 +2481,47 @@ Read passwords from standard input.
 In the output list, prepend the cleartext password and a TAB character
 to each password hash.
 .El
-.\"
-.\" PKCS7
-.\"
 .Sh PKCS7
 .nr nS 1
 .Nm "openssl pkcs7"
-.Bk -words
 .Op Fl in Ar file
-.Op Fl inform Ar DER | PEM
+.Op Fl inform Cm der | pem
 .Op Fl noout
 .Op Fl out Ar file
-.Op Fl outform Ar DER | PEM
+.Op Fl outform Cm der | pem
 .Op Fl print_certs
 .Op Fl text
-.Ek
 .nr nS 0
 .Pp
 The
 .Nm pkcs7
 command processes PKCS#7 files in DER or PEM format.
+The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
+They cannot currently parse, for example, the new CMS as described in RFC 2630.
+.Pp
+The PEM PKCS#7 format uses the header and footer lines:
+.Bd -unfilled -offset indent
+-----BEGIN PKCS7-----
+-----END PKCS7-----
+.Ed
+.Pp
+For compatibility with some CAs it will also accept:
+.Bd -unfilled -offset indent
+-----BEGIN CERTIFICATE-----
+-----END CERTIFICATE-----
+.Ed
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl in Ar file
-This specifies the input
+The input file to read from,
-.Ar file
+or standard input if not specified.
-to read from, or standard input if this option is not specified.
+.It Fl inform Cm der | pem
-.It Fl inform Ar DER | PEM
+The input format.
-This specifies the input format.
+.Cm der
-.Ar DER
 format is a DER-encoded PKCS#7 v1.5 structure.
-.Ar PEM
+.Cm pem
-.Pq the default
+(the default)
 is a base64-encoded version of the DER form with header and footer lines.
 .It Fl noout
 Don't output the encoded version of the PKCS#7 structure
@@ -2521,45 +2529,16 @@ Don't output the encoded version of the PKCS#7 structure
 .Fl print_certs
 is set).
 .It Fl out Ar file
-Specifies the output
+The output to write to,
-.Ar file
+or standard output if not specified.
-to write to, or standard output by default.
+.It Fl outform Cm der | pem
-.It Fl outform Ar DER | PEM
+The output format.
-This specifies the output format; the options have the same meaning as the
-.Fl inform
-option.
 .It Fl print_certs
-Prints out any certificates or CRLs contained in the file.
+Print any certificates or CRLs contained in the file,
-They are preceded by their subject and issuer names in a one-line format.
+preceded by their subject and issuer names in a one-line format.
 .It Fl text
-Prints out certificate details in full rather than just subject and
+Print certificate details in full rather than just subject and issuer names.
-issuer names.
 .El
-.Sh PKCS7 EXAMPLES
-Convert a PKCS#7 file from PEM to DER:
-.Pp
-.Dl $ openssl pkcs7 -in file.pem -outform DER -out file.der
-.Pp
-Output all certificates in a file:
-.Pp
-.Dl $ openssl pkcs7 -in file.pem -print_certs -out certs.pem
-.Sh PKCS7 NOTES
-The PEM PKCS#7 format uses the header and footer lines:
-.Bd -unfilled -offset indent
-----BEGIN PKCS7-----
-----END PKCS7-----
-.Ed
-.Pp
-For compatibility with some CAs it will also accept:
-.Bd -unfilled -offset indent
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-.Ed
-.Sh PKCS7 RESTRICTIONS
-There is no option to print out all the fields of a PKCS#7 file.
-.Pp
-The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
-They cannot currently parse, for example, the new CMS as described in RFC 2630.
 .\"
 .\" PKCS8
 .\"

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index 971cb43fd2..301bc22694 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.56 2016/08/20 07:56:09 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.57 2016/08/20 12:54:49 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -1729,7 +1729,7 @@ Encrypt the input data.
1729	This is the default.	1729	This is the default.
1730	.It Fl in Ar file	1730	.It Fl in Ar file
1731	The input file to read from,	1731	The input file to read from,
1732	or standard input if none is specified.	1732	or standard input if not specified.
1733	.It Fl iv Ar IV	1733	.It Fl iv Ar IV
1734	The actual	1734	The actual
1735	.Ar IV	1735	.Ar IV
@@ -1801,7 +1801,7 @@ since it makes it possible to perform efficient dictionary
1801	attacks on the password and to attack stream cipher encrypted data.	1801	attacks on the password and to attack stream cipher encrypted data.
1802	.It Fl out Ar file	1802	.It Fl out Ar file
1803	The output file to write to,	1803	The output file to write to,
1804	or standard output if none is specified.	1804	or standard output if not specified.
1805	.It Fl P	1805	.It Fl P
1806	Print out the salt, key, and IV used, then immediately exit;	1806	Print out the salt, key, and IV used, then immediately exit;
1807	don't do any encryption or decryption.	1807	don't do any encryption or decryption.
@@ -1885,7 +1885,7 @@ A pass phrase is prompted for.
1885	If none of these options are specified, no encryption is used.	1885	If none of these options are specified, no encryption is used.
1886	.It Fl out Ar file	1886	.It Fl out Ar file
1887	The output file to write to,	1887	The output file to write to,
1888	or standard output if none is specified.	1888	or standard output if not specified.
1889	.It Ar paramfile	1889	.It Ar paramfile
1890	Specify the DSA parameter file to use.	1890	Specify the DSA parameter file to use.
1891	The parameters in this file determine the size of the private key.	1891	The parameters in this file determine the size of the private key.
@@ -1939,7 +1939,7 @@ or
1939	options.	1939	options.
1940	.It Fl out Ar file	1940	.It Fl out Ar file
1941	The output file to write to,	1941	The output file to write to,
1942	or standard output if none is specified.	1942	or standard output if not specified.
1943	.It Fl outform Cm der \| pem	1943	.It Fl outform Cm der \| pem
1944	The output format.	1944	The output format.
1945	.It Fl paramfile Ar file	1945	.It Fl paramfile Ar file
@@ -2032,7 +2032,7 @@ if it is not supplied via the
2032	option.	2032	option.
2033	.It Fl out Ar file	2033	.It Fl out Ar file
2034	The output file to write to,	2034	The output file to write to,
2035	or standard output if none is specified.	2035	or standard output if not specified.
2036	.It Fl passout Ar arg	2036	.It Fl passout Ar arg
2037	The output file password source.	2037	The output file password source.
2038	.It Ar numbits	2038	.It Ar numbits
@@ -2223,7 +2223,7 @@ This is normally only be used for debugging
2223	since it disables all verification of the responder's certificate.	2223	since it disables all verification of the responder's certificate.
2224	.It Fl out Ar file	2224	.It Fl out Ar file
2225	Specify the output file to write to,	2225	Specify the output file to write to,
2226	or standard output if none is specified.	2226	or standard output if not specified.
2227	.It Fl req_text , resp_text , text	2227	.It Fl req_text , resp_text , text
2228	Print out the text form of the OCSP request, response, or both, respectively.	2228	Print out the text form of the OCSP request, response, or both, respectively.
2229	.It Fl reqin Ar file , Fl respin Ar file	2229	.It Fl reqin Ar file , Fl respin Ar file
@@ -2481,39 +2481,47 @@ Read passwords from standard input.
2481	In the output list, prepend the cleartext password and a TAB character	2481	In the output list, prepend the cleartext password and a TAB character
2482	to each password hash.	2482	to each password hash.
2483	.El	2483	.El
2484	.\"
2485	.\" PKCS7
2486	.\"
2487	.Sh PKCS7	2484	.Sh PKCS7
2488	.nr nS 1	2485	.nr nS 1
2489	.Nm "openssl pkcs7"	2486	.Nm "openssl pkcs7"
2490	.Bk -words
2491	.Op Fl in Ar file	2487	.Op Fl in Ar file
2492	.Op Fl inform Ar DER \| PEM	2488	.Op Fl inform Cm der \| pem
2493	.Op Fl noout	2489	.Op Fl noout
2494	.Op Fl out Ar file	2490	.Op Fl out Ar file
2495	.Op Fl outform Ar DER \| PEM	2491	.Op Fl outform Cm der \| pem
2496	.Op Fl print_certs	2492	.Op Fl print_certs
2497	.Op Fl text	2493	.Op Fl text
2498	.Ek
2499	.nr nS 0	2494	.nr nS 0
2500	.Pp	2495	.Pp
2501	The	2496	The
2502	.Nm pkcs7	2497	.Nm pkcs7
2503	command processes PKCS#7 files in DER or PEM format.	2498	command processes PKCS#7 files in DER or PEM format.
		2499	The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
		2500	They cannot currently parse, for example, the new CMS as described in RFC 2630.
		2501	.Pp
		2502	The PEM PKCS#7 format uses the header and footer lines:
		2503	.Bd -unfilled -offset indent
		2504	-----BEGIN PKCS7-----
		2505	-----END PKCS7-----
		2506	.Ed
		2507	.Pp
		2508	For compatibility with some CAs it will also accept:
		2509	.Bd -unfilled -offset indent
		2510	-----BEGIN CERTIFICATE-----
		2511	-----END CERTIFICATE-----
		2512	.Ed
2504	.Pp	2513	.Pp
2505	The options are as follows:	2514	The options are as follows:
2506	.Bl -tag -width Ds	2515	.Bl -tag -width Ds
2507	.It Fl in Ar file	2516	.It Fl in Ar file
2508	This specifies the input	2517	The input file to read from,
2509	.Ar file	2518	or standard input if not specified.
2510	to read from, or standard input if this option is not specified.	2519	.It Fl inform Cm der \| pem
2511	.It Fl inform Ar DER \| PEM	2520	The input format.
2512	This specifies the input format.	2521	.Cm der
2513	.Ar DER
2514	format is a DER-encoded PKCS#7 v1.5 structure.	2522	format is a DER-encoded PKCS#7 v1.5 structure.
2515	.Ar PEM	2523	.Cm pem
2516	.Pq the default	2524	(the default)
2517	is a base64-encoded version of the DER form with header and footer lines.	2525	is a base64-encoded version of the DER form with header and footer lines.
2518	.It Fl noout	2526	.It Fl noout
2519	Don't output the encoded version of the PKCS#7 structure	2527	Don't output the encoded version of the PKCS#7 structure
@@ -2521,45 +2529,16 @@ Don't output the encoded version of the PKCS#7 structure
2521	.Fl print_certs	2529	.Fl print_certs
2522	is set).	2530	is set).
2523	.It Fl out Ar file	2531	.It Fl out Ar file
2524	Specifies the output	2532	The output to write to,
2525	.Ar file	2533	or standard output if not specified.
2526	to write to, or standard output by default.	2534	.It Fl outform Cm der \| pem
2527	.It Fl outform Ar DER \| PEM	2535	The output format.
2528	This specifies the output format; the options have the same meaning as the
2529	.Fl inform
2530	option.
2531	.It Fl print_certs	2536	.It Fl print_certs
2532	Prints out any certificates or CRLs contained in the file.	2537	Print any certificates or CRLs contained in the file,
2533	They are preceded by their subject and issuer names in a one-line format.	2538	preceded by their subject and issuer names in a one-line format.
2534	.It Fl text	2539	.It Fl text
2535	Prints out certificate details in full rather than just subject and	2540	Print certificate details in full rather than just subject and issuer names.
2536	issuer names.
2537	.El	2541	.El
2538	.Sh PKCS7 EXAMPLES
2539	Convert a PKCS#7 file from PEM to DER:
2540	.Pp
2541	.Dl $ openssl pkcs7 -in file.pem -outform DER -out file.der
2542	.Pp
2543	Output all certificates in a file:
2544	.Pp
2545	.Dl $ openssl pkcs7 -in file.pem -print_certs -out certs.pem
2546	.Sh PKCS7 NOTES
2547	The PEM PKCS#7 format uses the header and footer lines:
2548	.Bd -unfilled -offset indent
2549	-----BEGIN PKCS7-----
2550	-----END PKCS7-----
2551	.Ed
2552	.Pp
2553	For compatibility with some CAs it will also accept:
2554	.Bd -unfilled -offset indent
2555	-----BEGIN CERTIFICATE-----
2556	-----END CERTIFICATE-----
2557	.Ed
2558	.Sh PKCS7 RESTRICTIONS
2559	There is no option to print out all the fields of a PKCS#7 file.
2560	.Pp
2561	The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2562	They cannot currently parse, for example, the new CMS as described in RFC 2630.
2563	.\"	2542	.\"
2564	.\" PKCS8	2543	.\" PKCS8
2565	.\"	2544	.\"