1 files changed, 21 insertions, 41 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index b8bf67565e..52949f6bd2 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.36 2016/07/20 14:42:03 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.37 2016/07/21 16:34:08 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: July 20 2016 $
+.Dd $Mdocdate: July 21 2016 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -963,13 +963,9 @@ Cipher suites using MD5.
 .It Cm SHA1 , SHA
 Cipher suites using SHA1.
 .El
-.\"
-.\" CRL
-.\"
 .Sh CRL
 .nr nS 1
 .Nm "openssl crl"
-.Bk -words
 .Op Fl CAfile Ar file
 .Op Fl CApath Ar dir
 .Op Fl fingerprint
@@ -983,13 +979,23 @@ Cipher suites using SHA1.
 .Op Fl out Ar file
 .Op Fl outform Ar DER | PEM
 .Op Fl text
-.Ek
 .nr nS 0
 .Pp
 The
 .Nm crl
 command processes CRL files in DER or PEM format.
 .Pp
+.Cm DER
+is a DER-encoded CRL structure.
+.Cm PEM ,
+the default,
+is a base64-encoded version of the DER form with header and footer lines.
+The PEM CRL format uses the header and footer lines:
+.Bd -unfilled -offset indent
+-----BEGIN X509 CRL-----
+-----END X509 CRL-----
+.Ed
+.Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl CAfile Ar file
@@ -1008,54 +1014,28 @@ Print the CRL fingerprint.
 Output a hash of the issuer name.
 This can be used to look up CRLs in a directory by issuer name.
 .It Fl in Ar file
-This specifies the input file to read from, or standard input if this
+The input file to read from, or standard input if not specified.
-option is not specified.
+.It Fl inform Cm DER | PEM
-.It Fl inform Ar DER | PEM
+The input format.
-This specifies the input format.
-.Ar DER
-format is a DER-encoded CRL structure.
-.Ar PEM
-.Pq the default
-is a base64-encoded version of the DER form with header and footer lines.
 .It Fl issuer
 Output the issuer name.
 .It Fl lastupdate
 Output the
-.Ar lastUpdate
+.Cm lastUpdate
 field.
 .It Fl nextupdate
 Output the
-.Ar nextUpdate
+.Cm nextUpdate
 field.
 .It Fl noout
 Don't output the encoded version of the CRL.
 .It Fl out Ar file
-Specifies the output file to write to, or standard output by
+The output file to write to, or standard output if not specified.
-default.
+.It Fl outform Cm DER | PEM
-.It Fl outform Ar DER | PEM
+The output format.
-This specifies the output format; the options have the same meaning as the
-.Fl inform
-option.
 .It Fl text
 Print out the CRL in text form.
 .El
-.Sh CRL NOTES
-The PEM CRL format uses the header and footer lines:
-.Bd -unfilled -offset indent
-----BEGIN X509 CRL-----
-----END X509 CRL-----
-.Ed
-.Sh CRL EXAMPLES
-Convert a CRL file from PEM to DER:
-.Pp
-.Dl $ openssl crl -in crl.pem -outform DER -out crl.der
-.Pp
-Output the text form of a DER-encoded certificate:
-.Pp
-.Dl $ openssl crl -in crl.der -inform DER -text -noout
-.Sh CRL BUGS
-Ideally, it should be possible to create a CRL using appropriate options
-and files too.
 .\"
 .\" CRL2PKCS7
 .\"

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index b8bf67565e..52949f6bd2 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.36 2016/07/20 14:42:03 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.37 2016/07/21 16:34:08 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -112,7 +112,7 @@
112	.\"	112	.\"
113	.\" OPENSSL	113	.\" OPENSSL
114	.\"	114	.\"
115	.Dd $Mdocdate: July 20 2016 $	115	.Dd $Mdocdate: July 21 2016 $
116	.Dt OPENSSL 1	116	.Dt OPENSSL 1
117	.Os	117	.Os
118	.Sh NAME	118	.Sh NAME
@@ -963,13 +963,9 @@ Cipher suites using MD5.
963	.It Cm SHA1 , SHA	963	.It Cm SHA1 , SHA
964	Cipher suites using SHA1.	964	Cipher suites using SHA1.
965	.El	965	.El
966	.\"
967	.\" CRL
968	.\"
969	.Sh CRL	966	.Sh CRL
970	.nr nS 1	967	.nr nS 1
971	.Nm "openssl crl"	968	.Nm "openssl crl"
972	.Bk -words
973	.Op Fl CAfile Ar file	969	.Op Fl CAfile Ar file
974	.Op Fl CApath Ar dir	970	.Op Fl CApath Ar dir
975	.Op Fl fingerprint	971	.Op Fl fingerprint
@@ -983,13 +979,23 @@ Cipher suites using SHA1.
983	.Op Fl out Ar file	979	.Op Fl out Ar file
984	.Op Fl outform Ar DER \| PEM	980	.Op Fl outform Ar DER \| PEM
985	.Op Fl text	981	.Op Fl text
986	.Ek
987	.nr nS 0	982	.nr nS 0
988	.Pp	983	.Pp
989	The	984	The
990	.Nm crl	985	.Nm crl
991	command processes CRL files in DER or PEM format.	986	command processes CRL files in DER or PEM format.
992	.Pp	987	.Pp
		988	.Cm DER
		989	is a DER-encoded CRL structure.
		990	.Cm PEM ,
		991	the default,
		992	is a base64-encoded version of the DER form with header and footer lines.
		993	The PEM CRL format uses the header and footer lines:
		994	.Bd -unfilled -offset indent
		995	-----BEGIN X509 CRL-----
		996	-----END X509 CRL-----
		997	.Ed
		998	.Pp
993	The options are as follows:	999	The options are as follows:
994	.Bl -tag -width Ds	1000	.Bl -tag -width Ds
995	.It Fl CAfile Ar file	1001	.It Fl CAfile Ar file
@@ -1008,54 +1014,28 @@ Print the CRL fingerprint.
1008	Output a hash of the issuer name.	1014	Output a hash of the issuer name.
1009	This can be used to look up CRLs in a directory by issuer name.	1015	This can be used to look up CRLs in a directory by issuer name.
1010	.It Fl in Ar file	1016	.It Fl in Ar file
1011	This specifies the input file to read from, or standard input if this	1017	The input file to read from, or standard input if not specified.
1012	option is not specified.	1018	.It Fl inform Cm DER \| PEM
1013	.It Fl inform Ar DER \| PEM	1019	The input format.
1014	This specifies the input format.
1015	.Ar DER
1016	format is a DER-encoded CRL structure.
1017	.Ar PEM
1018	.Pq the default
1019	is a base64-encoded version of the DER form with header and footer lines.
1020	.It Fl issuer	1020	.It Fl issuer
1021	Output the issuer name.	1021	Output the issuer name.
1022	.It Fl lastupdate	1022	.It Fl lastupdate
1023	Output the	1023	Output the
1024	.Ar lastUpdate	1024	.Cm lastUpdate
1025	field.	1025	field.
1026	.It Fl nextupdate	1026	.It Fl nextupdate
1027	Output the	1027	Output the
1028	.Ar nextUpdate	1028	.Cm nextUpdate
1029	field.	1029	field.
1030	.It Fl noout	1030	.It Fl noout
1031	Don't output the encoded version of the CRL.	1031	Don't output the encoded version of the CRL.
1032	.It Fl out Ar file	1032	.It Fl out Ar file
1033	Specifies the output file to write to, or standard output by	1033	The output file to write to, or standard output if not specified.
1034	default.	1034	.It Fl outform Cm DER \| PEM
1035	.It Fl outform Ar DER \| PEM	1035	The output format.
1036	This specifies the output format; the options have the same meaning as the
1037	.Fl inform
1038	option.
1039	.It Fl text	1036	.It Fl text
1040	Print out the CRL in text form.	1037	Print out the CRL in text form.
1041	.El	1038	.El
1042	.Sh CRL NOTES
1043	The PEM CRL format uses the header and footer lines:
1044	.Bd -unfilled -offset indent
1045	-----BEGIN X509 CRL-----
1046	-----END X509 CRL-----
1047	.Ed
1048	.Sh CRL EXAMPLES
1049	Convert a CRL file from PEM to DER:
1050	.Pp
1051	.Dl $ openssl crl -in crl.pem -outform DER -out crl.der
1052	.Pp
1053	Output the text form of a DER-encoded certificate:
1054	.Pp
1055	.Dl $ openssl crl -in crl.der -inform DER -text -noout
1056	.Sh CRL BUGS
1057	Ideally, it should be possible to create a CRL using appropriate options
1058	and files too.
1059	.\"	1039	.\"
1060	.\" CRL2PKCS7	1040	.\" CRL2PKCS7
1061	.\"	1041	.\"