30 files changed, 103 insertions, 103 deletions

diff --git a/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3
index a53723fbfd..15156ffca3 100644
--- a/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3
+++ b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.5 2019/06/06 01:06:58 schwarze Exp $
+.\"     $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.6 2022/03/31 17:27:16 naddy Exp $
 .\"
 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt ACCESS_DESCRIPTION_NEW 3
 .Os
 .Sh NAME
@@ -94,7 +94,7 @@ object, which is a
 and represents an ASN.1
 .Vt AuthorityInfoAccessSyntax
 structure defined in RFC 5280 section 4.2.2.1.
-If can be used for the authority information access extension of
+It can be used for the authority information access extension of
 certificates and certificate revocation lists and for the subject
 information access extension of certificates.
 .Fn AUTHORITY_INFO_ACCESS_free
diff --git a/src/lib/libcrypto/man/ASN1_TIME_set.3 b/src/lib/libcrypto/man/ASN1_TIME_set.3
index b966165fb2..cd6ab937d0 100644
--- a/src/lib/libcrypto/man/ASN1_TIME_set.3
+++ b/src/lib/libcrypto/man/ASN1_TIME_set.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_TIME_set.3,v 1.16 2021/11/21 17:35:53 schwarze Exp $
+.\" $OpenBSD: ASN1_TIME_set.3,v 1.17 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 21 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt ASN1_TIME_SET 3
 .Os
 .Sh NAME
@@ -321,7 +321,7 @@ If both
 .Pf * Fa pday
 and
 .Pf * Fa psec
-are nonzero they will always have the same sign.
+are nonzero, they will always have the same sign.
 The value of
 .Pf * Fa psec
 will always be less than the number of seconds in a day.
diff --git a/src/lib/libcrypto/man/BIO_f_buffer.3 b/src/lib/libcrypto/man/BIO_f_buffer.3
index 21a6e9a5fe..27baf7270c 100644
--- a/src/lib/libcrypto/man/BIO_f_buffer.3
+++ b/src/lib/libcrypto/man/BIO_f_buffer.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: BIO_f_buffer.3,v 1.10 2018/05/01 17:05:05 schwarze Exp $
+.\"     $OpenBSD: BIO_f_buffer.3,v 1.11 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL 9b86974e Mar 19 12:32:14 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 1 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_F_BUFFER 3
 .Os
 .Sh NAME
@@ -132,7 +132,7 @@ bytes of
 .Fa buf .
 If
 .Fa num
-is larger than the current buffer size the buffer is expanded.
+is larger than the current buffer size, the buffer is expanded.
 .Pp
 Except
 .Fn BIO_f_buffer ,
diff --git a/src/lib/libcrypto/man/BIO_s_accept.3 b/src/lib/libcrypto/man/BIO_s_accept.3
index 4ead28b62f..c33abee901 100644
--- a/src/lib/libcrypto/man/BIO_s_accept.3
+++ b/src/lib/libcrypto/man/BIO_s_accept.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: BIO_s_accept.3,v 1.11 2018/05/12 20:12:17 schwarze Exp $
+.\"     $OpenBSD: BIO_s_accept.3,v 1.12 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL c03726ca Thu Aug 27 12:28:08 2015 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 12 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_S_ACCEPT 3
 .Os
 .Sh NAME
@@ -223,7 +223,7 @@ incoming connection before processing I/O calls.
 When an accept BIO is not at then end of a chain,
 it passes I/O calls to the next BIO in the chain.
 .Pp
-When a connection is established a new socket BIO is created
+When a connection is established, a new socket BIO is created
 for the connection and appended to the chain.
 That is the chain is now accept->socket.
 This effectively means that attempting I/O on an initial accept
diff --git a/src/lib/libcrypto/man/BIO_s_bio.3 b/src/lib/libcrypto/man/BIO_s_bio.3
index 171207dfe1..bf4e8738b5 100644
--- a/src/lib/libcrypto/man/BIO_s_bio.3
+++ b/src/lib/libcrypto/man/BIO_s_bio.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: BIO_s_bio.3,v 1.13 2018/05/01 17:05:05 schwarze Exp $
+.\"     $OpenBSD: BIO_s_bio.3,v 1.14 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL c03726ca Aug 27 12:28:08 2015 -0400
 .\"
 .\" This file was written by
@@ -53,7 +53,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 1 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_S_BIO 3
 .Os
 .Sh NAME
@@ -182,7 +182,7 @@ sets the write buffer size of BIO
 .Fa b
 to
 .Fa size .
-If the size is not initialized a default value is used.
+If the size is not initialized, a default value is used.
 This is currently 17K, sufficient for a maximum size TLS record.
 .Pp
 .Fn BIO_get_write_buf_size
@@ -255,7 +255,7 @@ or
 .Xr SSL_free 3
 call, the other half still needs to be freed.
 .Pp
-When used in bidirectional applications (such as TLS/SSL)
+When used in bidirectional applications (such as TLS/SSL),
 care should be taken to flush any data in the write buffer.
 This can be done by calling
 .Xr BIO_pending 3
diff --git a/src/lib/libcrypto/man/BIO_s_connect.3 b/src/lib/libcrypto/man/BIO_s_connect.3
index 7ddde85f53..2732e9bc9c 100644
--- a/src/lib/libcrypto/man/BIO_s_connect.3
+++ b/src/lib/libcrypto/man/BIO_s_connect.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: BIO_s_connect.3,v 1.11 2018/05/12 20:12:17 schwarze Exp $
+.\"     $OpenBSD: BIO_s_connect.3,v 1.12 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 12 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt BIO_S_CONNECT 3
 .Os
 .Sh NAME
@@ -159,7 +159,7 @@ and also returns the socket.
 If
 .Fa c
 is not
-.Dv NULL
+.Dv NULL ,
 it should be of type
 .Vt "int *" .
 .Pp
diff --git a/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3
index e431b2cb36..094d6ec487 100644
--- a/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3
+++ b/src/lib/libcrypto/man/CMS_get0_RecipientInfos.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMS_get0_RecipientInfos.3,v 1.7 2019/11/02 15:39:46 schwarze Exp $
+.\" $OpenBSD: CMS_get0_RecipientInfos.3,v 1.8 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 2 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt CMS_GET0_RECIPIENTINFOS 3
 .Os
 .Sh NAME
@@ -255,7 +255,7 @@ Depending on the type, the
 structure can be ignored or its key identifier data retrieved using
 an appropriate function.
 If the corresponding secret or private key can be obtained by any
-appropriate means it can then be associated with the structure and
+appropriate means, it can then be associated with the structure and
 .Fn CMS_RecipientInfo_decrypt
 called.
 If successful,
diff --git a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
index c78076b8a8..9d72b85642 100644
--- a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
+++ b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CRYPTO_set_ex_data.3,v 1.12 2019/08/16 12:16:22 schwarze Exp $
+.\" $OpenBSD: CRYPTO_set_ex_data.3,v 1.13 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to:
 .\" OpenSSL CRYPTO_get_ex_new_index 9e183d22 Mar 11 08:56:44 2017 -0500
 .\" selective merge up to: 72a7a702 Feb 26 14:05:09 2019 +0000
@@ -52,7 +52,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 16 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt CRYPTO_SET_EX_DATA 3
 .Os
 .Sh NAME
@@ -156,7 +156,7 @@ header file.
 .Pp
 The API described here is used by OpenSSL to manipulate exdata for
 specific structures.
-Since the application data can be anything at all it is passed and
+Since the application data can be anything at all, it is passed and
 retrieved as a
 .Vt void *
 type.
diff --git a/src/lib/libcrypto/man/DES_set_key.3 b/src/lib/libcrypto/man/DES_set_key.3
index da58957d36..e74c7c5e48 100644
--- a/src/lib/libcrypto/man/DES_set_key.3
+++ b/src/lib/libcrypto/man/DES_set_key.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: DES_set_key.3,v 1.14 2019/06/06 01:06:58 schwarze Exp $
+.\" $OpenBSD: DES_set_key.3,v 1.15 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to:
 .\" OpenSSL man3/DES_random_key 521738e9 Oct 5 14:58:30 2018 -0400
 .\"
@@ -115,7 +115,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt DES_SET_KEY 3
 .Os
 .Sh NAME
@@ -747,7 +747,7 @@ If set to
 .Dv DES_PCBC_MODE
 (the default), DES_pcbc_encrypt is used.
 If set to
-.Dv DES_CBC_MODE
+.Dv DES_CBC_MODE ,
 DES_cbc_encrypt is used.
 .Sh RETURN VALUES
 .Fn DES_set_key ,
diff --git a/src/lib/libcrypto/man/EC_GROUP_new.3 b/src/lib/libcrypto/man/EC_GROUP_new.3
index a02104f967..ef7251fa3d 100644
--- a/src/lib/libcrypto/man/EC_GROUP_new.3
+++ b/src/lib/libcrypto/man/EC_GROUP_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: EC_GROUP_new.3,v 1.13 2021/05/11 04:22:32 tb Exp $
+.\"     $OpenBSD: EC_GROUP_new.3,v 1.14 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL 6328d367 Sat Jul 4 21:58:30 2020 +0200
 .\"
 .\" This file was written by Matt Caswell <matt@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 11 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EC_GROUP_NEW 3
 .Os
 .Sh NAME
@@ -288,7 +288,7 @@ item has a unique integer ID
 .Pq Fa nid
 and a human readable comment string describing the curve.
 .Pp
-In order to construct a builtin curve use the function
+In order to construct a builtin curve, use the function
 .Fn EC_GROUP_new_by_curve_name
 and provide the
 .Fa nid
diff --git a/src/lib/libcrypto/man/ERR_put_error.3 b/src/lib/libcrypto/man/ERR_put_error.3
index 142d2eb2bd..7eac5e415c 100644
--- a/src/lib/libcrypto/man/ERR_put_error.3
+++ b/src/lib/libcrypto/man/ERR_put_error.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ERR_put_error.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $
+.\"     $OpenBSD: ERR_put_error.3,v 1.10 2022/03/31 17:27:16 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 27 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt ERR_PUT_ERROR 3
 .Os
 .Sh NAME
@@ -128,7 +128,7 @@ Function and reason codes should consist of upper case characters,
 numbers and underscores only.
 The error file generation script translates function codes into function
 names by looking in the header files for an appropriate function name.
-If none is found it just uses the capitalized form such as "SSL23_READ"
+If none is found, it just uses the capitalized form such as "SSL23_READ"
 in the above example.
 .Pp
 The trailing section of a reason code (after the "_R_") is translated
diff --git a/src/lib/libcrypto/man/EVP_DigestInit.3 b/src/lib/libcrypto/man/EVP_DigestInit.3
index 9b2ee4e09f..b9aacf9e9f 100644
--- a/src/lib/libcrypto/man/EVP_DigestInit.3
+++ b/src/lib/libcrypto/man/EVP_DigestInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_DigestInit.3,v 1.22 2022/01/15 09:08:51 tb Exp $
+.\" $OpenBSD: EVP_DigestInit.3,v 1.23 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000
 .\" selective merge up to: OpenSSL a95d7574 Jul 2 12:16:38 2017 -0400
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 15 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_DIGESTINIT 3
 .Os
 .Sh NAME
@@ -457,7 +457,7 @@ For example
 .Fn EVP_sha1
 is associated with RSA so this will return
 .Dv NID_sha1WithRSAEncryption .
-Since digests and signature algorithms are no longer linked this
+Since digests and signature algorithms are no longer linked, this
 function is only retained for compatibility reasons.
 .Pp
 .Fn EVP_md5 ,
diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3
index 58d18346e1..47527925ba 100644
--- a/src/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/src/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.42 2021/10/14 00:45:02 tb Exp $
+.\" $OpenBSD: EVP_EncryptInit.3,v 1.43 2022/03/31 17:27:16 naddy Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\"   EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
 .\"   7c6d372a Nov 20 13:20:01 2018 +0000
@@ -71,7 +71,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 14 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_ENCRYPTINIT 3
 .Os
 .Sh NAME
@@ -535,7 +535,7 @@ The encrypted final data is written to
 which should have sufficient space for one cipher block.
 The number of bytes written is placed in
 .Fa outl .
-After this function is called the encryption operation is finished and
+After this function is called, the encryption operation is finished and
 no further calls to
 .Fn EVP_EncryptUpdate
 should be made.
@@ -754,7 +754,7 @@ This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it
 ignores the cipher parameters and 40-bit RC2 and 128-bit RC2 have the
 same NID.
 If the cipher does not have an object identifier or does not
-have ASN.1 support this function will return
+have ASN.1 support, this function will return
 .Dv NID_undef .
 .Pp
 .Fn EVP_CIPHER_CTX_cipher
@@ -842,7 +842,7 @@ block size n will equal the block size.
 For example if the block size is 8 and 11 bytes are to be encrypted then
 5 padding bytes of value 5 will be added.
 .Pp
-When decrypting the final block is checked to see if it has the correct
+When decrypting, the final block is checked to see if it has the correct
 form.
 .Pp
 Although the decryption operation can produce an error if padding is
@@ -1374,7 +1374,7 @@ first appeared in LibreSSL 2.8.1 and has been available since
 and
 .Dv EVP_MAX_IV_LENGTH
 only refer to the internal ciphers with default key lengths.
-If custom ciphers exceed these values the results are unpredictable.
+If custom ciphers exceed these values, the results are unpredictable.
 This is because it has become standard practice to define a generic key
 as a fixed unsigned char array containing
 .Dv EVP_MAX_KEY_LENGTH
diff --git a/src/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/src/lib/libcrypto/man/EVP_PKEY_decrypt.3
index cdae726c42..af5ed93fba 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_decrypt.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_decrypt.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.8 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_PKEY_DECRYPT 3
 .Os
 .Sh NAME
@@ -102,7 +102,7 @@ then before the call the
 parameter should contain the length of the
 .Fa out
 buffer.
-If the call is successful the decrypted data is written to
+If the call is successful, the decrypted data is written to
 .Fa out
 and the amount of data written to
 .Fa outlen .
diff --git a/src/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/src/lib/libcrypto/man/EVP_PKEY_encrypt.3
index a627c2abb6..210c43d6d8 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_encrypt.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_encrypt.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: EVP_PKEY_encrypt.3,v 1.6 2018/03/23 04:34:23 schwarze Exp $
+.\"     $OpenBSD: EVP_PKEY_encrypt.3,v 1.7 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_PKEY_ENCRYPT 3
 .Os
 .Sh NAME
@@ -102,7 +102,7 @@ then before the call the
 parameter should contain the length of the
 .Fa out
 buffer.
-If the call is successful the encrypted data is written to
+If the call is successful, the encrypted data is written to
 .Fa out
 and the amount of data written to
 .Fa outlen .
diff --git a/src/lib/libcrypto/man/EVP_PKEY_sign.3 b/src/lib/libcrypto/man/EVP_PKEY_sign.3
index efbea950c9..fbd8e66376 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_sign.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_sign.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: EVP_PKEY_sign.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $
+.\"     $OpenBSD: EVP_PKEY_sign.3,v 1.8 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_PKEY_SIGN 3
 .Os
 .Sh NAME
@@ -102,7 +102,7 @@ then before the call the
 parameter should contain the length of the
 .Fa sig
 buffer.
-If the call is successful the signature is written to
+If the call is successful, the signature is written to
 .Fa sig
 and the amount of data written to
 .Fa siglen .
diff --git a/src/lib/libcrypto/man/EVP_SignInit.3 b/src/lib/libcrypto/man/EVP_SignInit.3
index a53d059b46..06aeb2f141 100644
--- a/src/lib/libcrypto/man/EVP_SignInit.3
+++ b/src/lib/libcrypto/man/EVP_SignInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_SignInit.3,v 1.14 2019/06/10 14:58:48 schwarze Exp $
+.\" $OpenBSD: EVP_SignInit.3,v 1.15 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 10 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt EVP_SIGNINIT 3
 .Os
 .Sh NAME
@@ -217,7 +217,7 @@ could not be made after calling
 .Fn EVP_SignFinal .
 .Pp
 Since the private key is passed in the call to
-.Fn EVP_SignFinal
+.Fn EVP_SignFinal ,
 any error relating to the private key (for example an unsuitable key and
 digest combination) will not be indicated until after potentially large
 amounts of data have been passed through
diff --git a/src/lib/libcrypto/man/OBJ_nid2obj.3 b/src/lib/libcrypto/man/OBJ_nid2obj.3
index 511bf8567a..4b35762dcf 100644
--- a/src/lib/libcrypto/man/OBJ_nid2obj.3
+++ b/src/lib/libcrypto/man/OBJ_nid2obj.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: OBJ_nid2obj.3,v 1.18 2021/12/18 17:47:45 schwarze Exp $
+.\" $OpenBSD: OBJ_nid2obj.3,v 1.19 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL c264592d May 14 11:28:00 2006 +0000
 .\" selective merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
 .\"
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 18 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OBJ_NID2OBJ 3
 .Os
 .Sh NAME
@@ -206,7 +206,7 @@ is 0 then long names and short names will be interpreted as well as
 numerical forms.
 If
 .Fa no_name
-is 1 only the numerical form is acceptable.
+is 1, only the numerical form is acceptable.
 .Pp
 .Fn OBJ_obj2txt
 converts the
diff --git a/src/lib/libcrypto/man/OCSP_cert_to_id.3 b/src/lib/libcrypto/man/OCSP_cert_to_id.3
index f2ed8b1154..73a21867b9 100644
--- a/src/lib/libcrypto/man/OCSP_cert_to_id.3
+++ b/src/lib/libcrypto/man/OCSP_cert_to_id.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: OCSP_cert_to_id.3,v 1.11 2021/08/06 21:45:55 schwarze Exp $
+.\"     $OpenBSD: OCSP_cert_to_id.3,v 1.12 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 6 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OCSP_CERT_TO_ID 3
 .Os
 .Sh NAME
@@ -180,7 +180,7 @@ and
 returns the issuer name hash, hash OID, issuer key hash and serial
 number contained in
 .Fa cid .
-If any of the values are not required the corresponding parameter can be
+If any of the values are not required, the corresponding parameter can be
 set to
 .Dv NULL .
 The values returned by
diff --git a/src/lib/libcrypto/man/OCSP_resp_find_status.3 b/src/lib/libcrypto/man/OCSP_resp_find_status.3
index bcfefb5754..06d0354bd6 100644
--- a/src/lib/libcrypto/man/OCSP_resp_find_status.3
+++ b/src/lib/libcrypto/man/OCSP_resp_find_status.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: OCSP_resp_find_status.3,v 1.10 2019/08/27 10:00:41 schwarze Exp $
+.\" $OpenBSD: OCSP_resp_find_status.3,v 1.11 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL c952780c Jun 21 07:03:34 2016 -0400
 .\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100
 .\"
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 27 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OCSP_RESP_FIND_STATUS 3
 .Os
 .Sh NAME
@@ -295,11 +295,11 @@ or
 .Fn OCSP_single_get0_status .
 If
 .Fa sec
-is non-zero it indicates how many seconds leeway should be allowed in
+is non-zero, it indicates how many seconds leeway should be allowed in
 the check.
 If
 .Fa maxsec
-is positive it indicates the maximum age of
+is positive, it indicates the maximum age of
 .Fa thisupd
 in seconds.
 .Pp
diff --git a/src/lib/libcrypto/man/OCSP_sendreq_new.3 b/src/lib/libcrypto/man/OCSP_sendreq_new.3
index c8107c4d58..300f719525 100644
--- a/src/lib/libcrypto/man/OCSP_sendreq_new.3
+++ b/src/lib/libcrypto/man/OCSP_sendreq_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: OCSP_sendreq_new.3,v 1.9 2019/08/27 10:48:41 schwarze Exp $
+.\" $OpenBSD: OCSP_sendreq_new.3,v 1.10 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 27 2019 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OCSP_SENDREQ_NEW 3
 .Os
 .Sh NAME
@@ -159,7 +159,7 @@ should be set to
 .Fn OCSP_sendreq_nbio
 performs non-blocking I/O on the OCSP request context
 .Fa rctx .
-When the operation is complete it returns the response in
+When the operation is complete, it returns the response in
 .Pf * Fa presp .
 If
 .Fn OCSP_sendreq_nbio
diff --git a/src/lib/libcrypto/man/PKCS12_create.3 b/src/lib/libcrypto/man/PKCS12_create.3
index d19a6f3e44..bc00d3df78 100644
--- a/src/lib/libcrypto/man/PKCS12_create.3
+++ b/src/lib/libcrypto/man/PKCS12_create.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: PKCS12_create.3,v 1.11 2021/10/22 15:50:19 schwarze Exp $
+.\" $OpenBSD: PKCS12_create.3,v 1.12 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400
 .\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
 .\"
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 22 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt PKCS12_CREATE 3
 .Os
 .Sh NAME
@@ -137,10 +137,10 @@ should be set to PKCS12_DEFAULT_ITER.
 adds a flag to the store private key.
 This is a non-standard extension that is only currently interpreted by
 MSIE.
-If set to zero the flag is omitted; if set to
-.Dv KEY_SIG
+If set to zero, the flag is omitted; if set to
+.Dv KEY_SIG ,
 the key can be used for signing only; and if set to
-.Dv KEY_EX
+.Dv KEY_EX ,
 it can be used for signing and encryption.
 This option was useful for old export grade software which could use
 signing only keys of arbitrary size but had restrictions on the
diff --git a/src/lib/libcrypto/man/PKCS7_verify.3 b/src/lib/libcrypto/man/PKCS7_verify.3
index 2895da16d8..d091c03dfd 100644
--- a/src/lib/libcrypto/man/PKCS7_verify.3
+++ b/src/lib/libcrypto/man/PKCS7_verify.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: PKCS7_verify.3,v 1.10 2022/01/19 20:28:06 tb Exp $
+.\"     $OpenBSD: PKCS7_verify.3,v 1.11 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 19 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt PKCS7_VERIFY 3
 .Os
 .Sh NAME
@@ -133,13 +133,13 @@ parameter (if it is not
 and then looking in any certificates contained in the
 .Fa p7
 structure itself.
-If any signer's certificates cannot be located the operation fails.
+If any signer's certificates cannot be located, the operation fails.
 .Pp
 Each signer's certificate is chain verified using the
 .Sy smimesign
 purpose and the supplied trusted certificate store.
 Any internal certificates in the message are used as untrusted CAs.
-If any chain verify fails an error code is returned.
+If any chain verify fails, an error code is returned.
 .Pp
 Finally, the signed content is read (and written to
 .Fa out
diff --git a/src/lib/libcrypto/man/RSA_get_ex_new_index.3 b/src/lib/libcrypto/man/RSA_get_ex_new_index.3
index cf3d3f6fd7..ee1e0e82f7 100644
--- a/src/lib/libcrypto/man/RSA_get_ex_new_index.3
+++ b/src/lib/libcrypto/man/RSA_get_ex_new_index.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: RSA_get_ex_new_index.3,v 1.10 2018/03/23 23:18:17 schwarze Exp $
+.\"     $OpenBSD: RSA_get_ex_new_index.3,v 1.11 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL 35cb565a Nov 19 15:49:30 2015 -0500
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org> and
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2018 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt RSA_GET_EX_NEW_INDEX 3
 .Os
 .Sh NAME
@@ -117,7 +117,7 @@ with a structure (for example the hash of some part of the structure) or
 some additional data (for example a handle to the data in an external
 library).
 .Pp
-Since the application data can be anything at all it is passed and
+Since the application data can be anything at all, it is passed and
 retrieved as a
 .Vt void *
 type.
diff --git a/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
index cd7e94d4e1..3c1237d20e 100644
--- a/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+++ b/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.15 2021/12/09 19:01:52 schwarze Exp $
+.\"     $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.16 2022/03/31 17:27:17 naddy Exp $
 .\"     OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 9 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt X509_NAME_ADD_ENTRY_BY_TXT 3
 .Os
 .Sh NAME
@@ -205,11 +205,11 @@ if it is -1 it is appended.
 .Pp
 .Fa set
 determines how the new type is added.
-If it is zero a new RDN is created.
+If it is zero, a new RDN is created.
 .Pp
 If
 .Fa set
-is -1 or 1 it is added to the previous or next RDN structure
+is -1 or 1, it is added to the previous or next RDN structure
 respectively.
 This will then be a multivalued RDN: since multivalue RDNs are very
 seldom used,
diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
index 8964d612b2..fdcfd4834e 100644
--- a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.24 2022/03/29 14:27:59 naddy Exp $
+.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.25 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -68,7 +68,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 29 2022 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt X509_VERIFY_PARAM_SET_FLAGS 3
 .Os
 .Sh NAME
@@ -493,7 +493,7 @@ enables CRL checking for the entire certificate chain.
 disables critical extension checking.
 By default any unhandled critical extensions in certificates or (if
 checked) CRLs results in a fatal error.
-If this flag is set unhandled critical extensions are ignored.
+If this flag is set, unhandled critical extensions are ignored.
 .Sy WARNING :
 setting this option for anything other than debugging purposes can be a
 security risk.
@@ -539,7 +539,7 @@ By default some additional features such as indirect CRLs and CRLs
 signed by different keys are disabled.
 If
 .Dv X509_V_FLAG_EXTENDED_CRL_SUPPORT
-is set they are enabled.
+is set, they are enabled.
 .Pp
 If
 .Dv X509_V_FLAG_USE_DELTAS
diff --git a/src/lib/libcrypto/man/X509_get_pubkey.3 b/src/lib/libcrypto/man/X509_get_pubkey.3
index 506404d9ac..0829397982 100644
--- a/src/lib/libcrypto/man/X509_get_pubkey.3
+++ b/src/lib/libcrypto/man/X509_get_pubkey.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_get_pubkey.3,v 1.12 2021/10/26 18:05:07 tb Exp $
+.\" $OpenBSD: X509_get_pubkey.3,v 1.13 2022/03/31 17:27:17 naddy Exp $
 .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 26 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt X509_GET_PUBKEY 3
 .Os
 .Sh NAME
@@ -128,7 +128,7 @@
 .Fn X509_get_pubkey
 attempts to decode the public key for certificate
 .Fa x .
-If successful it returns the public key as an
+If successful, it returns the public key as an
 .Vt EVP_PKEY
 pointer with its reference count incremented: this means the returned
 key must be freed up after use.
diff --git a/src/lib/libcrypto/man/lh_new.3 b/src/lib/libcrypto/man/lh_new.3
index a9ac283a90..c848eed825 100644
--- a/src/lib/libcrypto/man/lh_new.3
+++ b/src/lib/libcrypto/man/lh_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: lh_new.3,v 1.8 2021/12/17 16:32:07 schwarze Exp $
+.\" $OpenBSD: lh_new.3,v 1.9 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to:
 .\" OpenSSL doc/crypto/lhash.pod 1bc74519 May 20 08:11:46 2016 -0400
 .\" selective merge up to:
@@ -118,7 +118,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: December 17 2021 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt LH_NEW 3
 .Os
 .Sh NAME
@@ -488,7 +488,7 @@ The load is the number of items in the hash table divided by the size of
 the hash table.
 The default values are as follows.
 If (hash->up_load < load) => expand.
-if (hash->down_load > load) => contract.
+If (hash->down_load > load) => contract.
 The
 .Fa up_load
 has a default value of 1 and
@@ -503,12 +503,12 @@ variables.
 The 'load' is kept in a form which is multiplied by 256.
 So hash->up_load=8*256 will cause a load of 8 to be set.
 .Pp
-If you are interested in performance the field to watch is
+If you are interested in performance, the field to watch is
 .Fa num_comp_calls .
 The hash library keeps track of the 'hash' value for each item so when a
 lookup is done, the 'hashes' are compared, if there is a match, then a
 full compare is done, and hash->num_comp_calls is incremented.
-If num_comp_calls is not equal to num_delete plus num_retrieve it means
+If num_comp_calls is not equal to num_delete plus num_retrieve, it means
 that your hash function is generating hashes that are the same for
 different values.
 It is probably worth changing your hash function if this is the case
diff --git a/src/lib/libcrypto/man/openssl.cnf.5 b/src/lib/libcrypto/man/openssl.cnf.5
index ae56869b8b..48ca66cf4b 100644
--- a/src/lib/libcrypto/man/openssl.cnf.5
+++ b/src/lib/libcrypto/man/openssl.cnf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.cnf.5,v 1.7 2020/02/17 12:52:42 inoguchi Exp $
+.\" $OpenBSD: openssl.cnf.5,v 1.8 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100
 .\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 17 2020 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt OPENSSL.CNF 5
 .Os
 .Sh NAME
@@ -265,7 +265,7 @@ bar = bar_section
 The command
 .Ic engine_id
 is used to give the ENGINE name.
-If used this command must be first.
+If used, this command must be first.
 For example:
 .Bd -literal -offset indent
 [engine_section]
@@ -305,7 +305,7 @@ The command
 sets the default algorithms an ENGINE will supply using the functions
 .Xr ENGINE_set_default_string 3 .
 .Pp
-If the name matches none of the above command names it is assumed
+If the name matches none of the above command names, it is assumed
 to be a ctrl command which is sent to the ENGINE.
 The value of the command is the argument to the ctrl command.
 If the value is the string
diff --git a/src/lib/libcrypto/man/x509v3.cnf.5 b/src/lib/libcrypto/man/x509v3.cnf.5
index 392c44d456..89f52d6a01 100644
--- a/src/lib/libcrypto/man/x509v3.cnf.5
+++ b/src/lib/libcrypto/man/x509v3.cnf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: x509v3.cnf.5,v 1.7 2020/06/11 18:03:19 jmc Exp $
+.\" $OpenBSD: x509v3.cnf.5,v 1.8 2022/03/31 17:27:17 naddy Exp $
 .\" full merge up to:
 .\" OpenSSL man5/x509v3_config a41815f0 Mar 17 18:43:53 2017 -0700
 .\" selective merge up to: OpenSSL 36cf10cf Oct 4 02:11:08 2017 -0400
@@ -51,7 +51,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 11 2020 $
+.Dd $Mdocdate: March 31 2022 $
 .Dt X509V3.CNF 5
 .Os
 .Sh NAME
@@ -163,7 +163,7 @@ parameter indicates the maximum number of CAs that can appear below
 this one in a chain.
 So if you have a CA with a
 .Ic pathlen
-of zero it can only be used to sign end user certificates and not
+of zero, it can only be used to sign end user certificates and not
 further CAs.
 .Ss Key usage
 Key usage is a multi-valued extension consisting of a list of names of