1 files changed, 44 insertions, 43 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 52949f6bd2..d93a19b91d 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.37 2016/07/21 16:34:08 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.38 2016/07/21 18:33:27 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -263,14 +263,6 @@ of the structures.
 The input file; the default is standard input.
 .It Fl inform Cm der | pem | txt
 The input format.
-.Cm der
-.Pq Distinguished Encoding Rules
-is binary format and
-.Cm pem
-.Pq Privacy Enhanced Mail ,
-the default, is base64-encoded.
-.Cm txt
-is plain text.
 .It Fl length Ar number
 Number of bytes to parse; the default is until end of file.
 .It Fl noout
@@ -971,25 +963,19 @@ Cipher suites using SHA1.
 .Op Fl fingerprint
 .Op Fl hash
 .Op Fl in Ar file
-.Op Fl inform Ar DER | PEM
+.Op Fl inform Cm der | pem
 .Op Fl issuer
 .Op Fl lastupdate
 .Op Fl nextupdate
 .Op Fl noout
 .Op Fl out Ar file
-.Op Fl outform Ar DER | PEM
+.Op Fl outform Cm der | pem
 .Op Fl text
 .nr nS 0
 .Pp
 The
 .Nm crl
 command processes CRL files in DER or PEM format.
-.Pp
-.Cm DER
-is a DER-encoded CRL structure.
-.Cm PEM ,
-the default,
-is a base64-encoded version of the DER form with header and footer lines.
 The PEM CRL format uses the header and footer lines:
 .Bd -unfilled -offset indent
 -----BEGIN X509 CRL-----
@@ -1015,7 +1001,7 @@ Output a hash of the issuer name.
 This can be used to look up CRLs in a directory by issuer name.
 .It Fl in Ar file
 The input file to read from, or standard input if not specified.
-.It Fl inform Cm DER | PEM
+.It Fl inform Cm der | pem
 The input format.
 .It Fl issuer
 Output the issuer name.
@@ -1031,7 +1017,7 @@ field.
 Don't output the encoded version of the CRL.
 .It Fl out Ar file
 The output file to write to, or standard output if not specified.
-.It Fl outform Cm DER | PEM
+.It Fl outform Cm der | pem
 The output format.
 .It Fl text
 Print out the CRL in text form.
@@ -9010,37 +8996,32 @@ This means that any directories using the old form
 must have their links rebuilt using
 .Ar c_rehash
 or similar.
-.Sh NOTES
+.Sh COMMON NOTATION
-Several commands accept password arguments, typically using
+Several commands share a common syntax,
+as detailed below.
+.Pp
+Password arguments, typically specified using
 .Fl passin
 and
 .Fl passout
-for input and output passwords, respectively.
+for input and output passwords,
-These allow the password to be obtained from a variety of sources.
+allow passwords to be obtained from a variety of sources.
-Both of these options take a single argument whose format is described below.
+Both of these options take a single argument, described below.
 If no password argument is given and a password is required,
 then the user is prompted to enter one:
 this will typically be read from the current terminal with echoing turned off.
-.Bl -tag -width "fd:number"
+.Bl -tag -width "pass:password" -offset indent
-.It Ar pass : Ns Ar password
+.It Cm pass : Ns Ar password
 The actual password is
 .Ar password .
-Since the password is visible to utilities
+Since the password is visible to utilities,
-(like
-.Xr ps 1
-under
-.Ux )
 this form should only be used where security is not important.
-.It Ar env : Ns Ar var
+.It Cm env : Ns Ar var
 Obtain the password from the environment variable
 .Ar var .
-Since the environment of other processes is visible on certain platforms
+Since the environment of other processes is visible,
-(e.g.\&
+this option should be used with caution.
-.Xr ps 1
+.It Cm file : Ns Ar path
-under certain
-.Ux
-OSes) this option should be used with caution.
-.It Ar file : Ns Ar path
 The first line of
 .Ar path
 is the password.
@@ -9055,17 +9036,37 @@ for the output password.
 .Ar path
 need not refer to a regular file:
 it could, for example, refer to a device or named pipe.
-.It Ar fd : Ns Ar number
+.It Cm fd : Ns Ar number
 Read the password from the file descriptor
 .Ar number .
-This can be used to send the data via a pipe for example.
+This can be used to send the data via a pipe, for example.
-.It Ar stdin
+.It Cm stdin
 Read the password from standard input.
 .El
+.Pp
+File formats,
+typically specified using
+.Fl inform
+and
+.Fl outform ,
+indicate the type of file being read from
+or the file format to write.
+The argument is case insensitive.
+.Pp
+.Bl -tag -width Ds -offset indent -compact
+.It Cm der
+Distinguished Encoding Rules (DER)
+is a binary format.
+.It Cm pem
+Privacy Enhanced Mail (PEM)
+is base64-encoded.
+.It Cm txt
+Plain ASCII text.
+.El
 .Sh ENVIRONMENT
 The following environment variables affect the execution of
 .Nm openssl :
-.Bl -tag -width "OPENSSL_CONFXXX"
+.Bl -tag -width "/etc/ssl/openssl.cnf"
 .It Ev OPENSSL_CONF
 The location of the master configuration file.
 .El

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index 52949f6bd2..d93a19b91d 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.37 2016/07/21 16:34:08 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.38 2016/07/21 18:33:27 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -263,14 +263,6 @@ of the structures.
263	The input file; the default is standard input.	263	The input file; the default is standard input.
264	.It Fl inform Cm der \| pem \| txt	264	.It Fl inform Cm der \| pem \| txt
265	The input format.	265	The input format.
266	.Cm der
267	.Pq Distinguished Encoding Rules
268	is binary format and
269	.Cm pem
270	.Pq Privacy Enhanced Mail ,
271	the default, is base64-encoded.
272	.Cm txt
273	is plain text.
274	.It Fl length Ar number	266	.It Fl length Ar number
275	Number of bytes to parse; the default is until end of file.	267	Number of bytes to parse; the default is until end of file.
276	.It Fl noout	268	.It Fl noout
@@ -971,25 +963,19 @@ Cipher suites using SHA1.
971	.Op Fl fingerprint	963	.Op Fl fingerprint
972	.Op Fl hash	964	.Op Fl hash
973	.Op Fl in Ar file	965	.Op Fl in Ar file
974	.Op Fl inform Ar DER \| PEM	966	.Op Fl inform Cm der \| pem
975	.Op Fl issuer	967	.Op Fl issuer
976	.Op Fl lastupdate	968	.Op Fl lastupdate
977	.Op Fl nextupdate	969	.Op Fl nextupdate
978	.Op Fl noout	970	.Op Fl noout
979	.Op Fl out Ar file	971	.Op Fl out Ar file
980	.Op Fl outform Ar DER \| PEM	972	.Op Fl outform Cm der \| pem
981	.Op Fl text	973	.Op Fl text
982	.nr nS 0	974	.nr nS 0
983	.Pp	975	.Pp
984	The	976	The
985	.Nm crl	977	.Nm crl
986	command processes CRL files in DER or PEM format.	978	command processes CRL files in DER or PEM format.
987	.Pp
988	.Cm DER
989	is a DER-encoded CRL structure.
990	.Cm PEM ,
991	the default,
992	is a base64-encoded version of the DER form with header and footer lines.
993	The PEM CRL format uses the header and footer lines:	979	The PEM CRL format uses the header and footer lines:
994	.Bd -unfilled -offset indent	980	.Bd -unfilled -offset indent
995	-----BEGIN X509 CRL-----	981	-----BEGIN X509 CRL-----
@@ -1015,7 +1001,7 @@ Output a hash of the issuer name.
1015	This can be used to look up CRLs in a directory by issuer name.	1001	This can be used to look up CRLs in a directory by issuer name.
1016	.It Fl in Ar file	1002	.It Fl in Ar file
1017	The input file to read from, or standard input if not specified.	1003	The input file to read from, or standard input if not specified.
1018	.It Fl inform Cm DER \| PEM	1004	.It Fl inform Cm der \| pem
1019	The input format.	1005	The input format.
1020	.It Fl issuer	1006	.It Fl issuer
1021	Output the issuer name.	1007	Output the issuer name.
@@ -1031,7 +1017,7 @@ field.
1031	Don't output the encoded version of the CRL.	1017	Don't output the encoded version of the CRL.
1032	.It Fl out Ar file	1018	.It Fl out Ar file
1033	The output file to write to, or standard output if not specified.	1019	The output file to write to, or standard output if not specified.
1034	.It Fl outform Cm DER \| PEM	1020	.It Fl outform Cm der \| pem
1035	The output format.	1021	The output format.
1036	.It Fl text	1022	.It Fl text
1037	Print out the CRL in text form.	1023	Print out the CRL in text form.
@@ -9010,37 +8996,32 @@ This means that any directories using the old form
9010	must have their links rebuilt using	8996	must have their links rebuilt using
9011	.Ar c_rehash	8997	.Ar c_rehash
9012	or similar.	8998	or similar.
9013	.Sh NOTES	8999	.Sh COMMON NOTATION
9014	Several commands accept password arguments, typically using	9000	Several commands share a common syntax,
		9001	as detailed below.
		9002	.Pp
		9003	Password arguments, typically specified using
9015	.Fl passin	9004	.Fl passin
9016	and	9005	and
9017	.Fl passout	9006	.Fl passout
9018	for input and output passwords, respectively.	9007	for input and output passwords,
9019	These allow the password to be obtained from a variety of sources.	9008	allow passwords to be obtained from a variety of sources.
9020	Both of these options take a single argument whose format is described below.	9009	Both of these options take a single argument, described below.
9021	If no password argument is given and a password is required,	9010	If no password argument is given and a password is required,
9022	then the user is prompted to enter one:	9011	then the user is prompted to enter one:
9023	this will typically be read from the current terminal with echoing turned off.	9012	this will typically be read from the current terminal with echoing turned off.
9024	.Bl -tag -width "fd:number"	9013	.Bl -tag -width "pass:password" -offset indent
9025	.It Ar pass : Ns Ar password	9014	.It Cm pass : Ns Ar password
9026	The actual password is	9015	The actual password is
9027	.Ar password .	9016	.Ar password .
9028	Since the password is visible to utilities	9017	Since the password is visible to utilities,
9029	(like
9030	.Xr ps 1
9031	under
9032	.Ux )
9033	this form should only be used where security is not important.	9018	this form should only be used where security is not important.
9034	.It Ar env : Ns Ar var	9019	.It Cm env : Ns Ar var
9035	Obtain the password from the environment variable	9020	Obtain the password from the environment variable
9036	.Ar var .	9021	.Ar var .
9037	Since the environment of other processes is visible on certain platforms	9022	Since the environment of other processes is visible,
9038	(e.g.\&	9023	this option should be used with caution.
9039	.Xr ps 1	9024	.It Cm file : Ns Ar path
9040	under certain
9041	.Ux
9042	OSes) this option should be used with caution.
9043	.It Ar file : Ns Ar path
9044	The first line of	9025	The first line of
9045	.Ar path	9026	.Ar path
9046	is the password.	9027	is the password.
@@ -9055,17 +9036,37 @@ for the output password.
9055	.Ar path	9036	.Ar path
9056	need not refer to a regular file:	9037	need not refer to a regular file:
9057	it could, for example, refer to a device or named pipe.	9038	it could, for example, refer to a device or named pipe.
9058	.It Ar fd : Ns Ar number	9039	.It Cm fd : Ns Ar number
9059	Read the password from the file descriptor	9040	Read the password from the file descriptor
9060	.Ar number .	9041	.Ar number .
9061	This can be used to send the data via a pipe for example.	9042	This can be used to send the data via a pipe, for example.
9062	.It Ar stdin	9043	.It Cm stdin
9063	Read the password from standard input.	9044	Read the password from standard input.
9064	.El	9045	.El
		9046	.Pp
		9047	File formats,
		9048	typically specified using
		9049	.Fl inform
		9050	and
		9051	.Fl outform ,
		9052	indicate the type of file being read from
		9053	or the file format to write.
		9054	The argument is case insensitive.
		9055	.Pp
		9056	.Bl -tag -width Ds -offset indent -compact
		9057	.It Cm der
		9058	Distinguished Encoding Rules (DER)
		9059	is a binary format.
		9060	.It Cm pem
		9061	Privacy Enhanced Mail (PEM)
		9062	is base64-encoded.
		9063	.It Cm txt
		9064	Plain ASCII text.
		9065	.El
9065	.Sh ENVIRONMENT	9066	.Sh ENVIRONMENT
9066	The following environment variables affect the execution of	9067	The following environment variables affect the execution of
9067	.Nm openssl :	9068	.Nm openssl :
9068	.Bl -tag -width "OPENSSL_CONFXXX"	9069	.Bl -tag -width "/etc/ssl/openssl.cnf"
9069	.It Ev OPENSSL_CONF	9070	.It Ev OPENSSL_CONF
9070	The location of the master configuration file.	9071	The location of the master configuration file.
9071	.El	9072	.El