summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/openssl.1 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Update openssl.1 for msie_hack removaltb12 days1-21/+4
| | | | ok jmc jsing
* Remove -C option from "apps"tb2025-01-191-23/+2
| | | | | | | | As far as I can tell, this way of generating "C code" was only used to add stuff to pretty regress and even prettier speed "app" and otherwise it just served to make the library maintainer's lives even more miserable. ok jsing
* zap line missed in previous removal; ok tbjmc2024-08-301-3/+2
|
* Adjust documentation for check/pubcheck removaltb2024-08-291-11/+2
| | | | ok beck
* openssl: adjust manual for LMK and CSP removaltb2024-08-221-10/+2
|
* Add -CRLfile option to 'cms' sub commandjob2024-08-121-2/+6
| | | | | | | | | This option allows to verify certs in a CMS object against additional CRLs. Ported from work by Tom Harrison from APNIC OK tb@
* Adjust manpage for SPKAC removaltb2024-07-081-84/+4
| | | | ok jsing
* openssl: toolkit implementing the TLS v1 protocol is weirdtb2024-05-071-3/+3
| | | | | | Well, it's a toolkit alright, and a terrible one at that, but TLS v1 (which is this beloved toolkit's name for TLS v1.0) is a thing firmly from the past, so drop the v1.
* Add 'openssl x509 -new' functionality to the libcrypto CLI utilityjob2024-01-261-2/+21
| | | | | | | | | The ability to generate a new certificate is useful for testing and experimentation with rechaining PKIs. While there, alias '-key' to '-signkey' for compatibility. with and OK tb@
* Add -force_pubkey -multivalue-rdn -set_issuer -set_subject -utf8 to x509 appjob2024-01-121-4/+44
| | | | | | | | The -set_issuer, -set_subject, and -force_pubkey features can be used to 'rechain' PKIs, for more information see https://labs.apnic.net/nro-ta/ and https://blog.apnic.net/2023/12/14/models-of-trust-for-the-rpki/ OK tb@
* s_client: pause hasn't worked in ages. Just ignore ittb2023-12-291-5/+2
| | | | ok jsing
* Remove antiquated options outputtb2023-07-271-5/+3
| | | | | | | | This is uninteresting and rather meaningless except for the implementer. No need to have several hundred lines of code backing half a dozen symbols in the public API for this. ok jsing
* Remove -stats option from openssl(1) errstr.tb2023-07-231-9/+2
| | | | | | This is the only consumer of ERR_get_string_table(), which will go away. ok jsing
* some minor fix up;jmc2023-07-031-5/+5
|
* Remove the tls1.0 and 1.1 related options from the openssl(1) toolkitbeck2023-07-031-26/+11
| | | | ok tb@
* From the description of "openssl verify", delete the duplicate andschwarze2023-06-081-130/+9
| | | | | | | outdated list of error messages. Instead, refer to the master copy of that list in X509_STORE_CTX_get_error(3). Suggested by and OK tb@, and beck@ also agrees with the idea.
* Refer to the field "thisUpdate" instead of the non-existent "lastUpdate".schwarze2023-06-071-4/+10
| | | | | Similar to X509_get0_notBefore(3) rev. 1.6. Requested by and OK tb@.
* Remove a space that I thought I had already deleted.tb2023-05-201-2/+2
| | | | Makes mandoc -Tlint happier
* openssl speed: add an '-unaligned n' optiontb2023-05-201-2/+10
| | | | | | | | | | | | | | | | All hashes and ciphers covered by speed should be able to handle unaligned input and output. The buffers used in openssl speed are well aligned since they are large, so will never exercise the more problematic unaligned case. I wished something like this was available on various occasions. It would have been useful to point more easily at OpenSSL's broken T4 assembly. Yesterday there were two independent reasons for wanting it, so I sat down and did it. It's trivial: make the allocations a bit larger and use buffers starting at an offset inside these allocations. Despite the trivality, I managed to have a stupid bug. Thanks miod. discussed with jsing ok miod
* Reinstate X9.31 padding mode support in rsautltb2023-05-051-5/+9
|
* Remove the nseq commandtb2023-04-251-33/+2
|
* Document the change in default to comma plus space but leave out thetb2023-04-221-2/+5
| | | | compat nonsense
* Remove X9.31 support from openssl(1)tb2023-04-091-9/+5
| | | | | | | The X9.31 standard has long been retired and deprecated and libcrypto will drop support for it soon. This prepares userland. ok jsing
* Denote multiple arguments with 'arg ...' not 'args'kn2022-12-221-4/+4
| | | | | | | | | | | | | | | | | | | | A few programs used the plural in their synopsis which doesn't read as clear as the obvious triple-dot notation. mdoc(7) .Ar defaults to "file ..." if no arguments are given and consistent use of 'arg ...' matches that behaviour. Cleanup a few markups of the same argument so the text keeps reading naturally; omit unhelpful parts like 'if optional arguments are given, they are passed along' for tools like time(1) and timeout(1) that obviously execute commands with whatever arguments where given -- just like doas(1) which doesn't mention arguments in its DESCRIPTION in the first place. For expr(1) the difference between 'expressions' and 'expression ...' is crucial, as arguments must be passed as individual words. Feedback millert jmc schwarze deraadt OK jmc
* Document -tls1_{1,2,3} in openssl cipherstb2022-07-191-2/+11
| | | | ok jsing
* Document openssl ciphers -stb2022-07-141-3/+5
| | | | ok beck jsing
* man pages: add missing commas between subordinate and main clausesnaddy2022-03-311-22/+22
| | | | | | | jmc@ dislikes a comma before "then" in a conditional, so leave those untouched. ok jmc@
* prefer https links in man pagesjsg2022-02-181-3/+3
| | | | ok gnezdo@ miod@ jmc@
* Document openssl pkey -check,-pubcheck and param -checktb2022-01-101-2/+12
|
* openssl(1): drop support for netscape certificates and server gated keys.tb2021-11-261-6/+2
| | | | ok inoguchi jsing
* Nuke the asn1-kludge. This was a workaround for CAs with broken PCKS#10tb2021-10-231-10/+2
| | | | | | encoders many moons ago. OpenSSL removed it in 2015. ok beck jsing
* new sentence, new line, and tweak wording of previous;jmc2021-09-051-2/+3
|
* Using serial number instead as subject if it is empty in openssl(1) cainoguchi2021-09-051-2/+6
| | | | | | | This allows multiple entries without a subject even if unique_subject == yes. Referred to OpenSSL commit 5af88441 and arranged for our codebase. ok tb@
* Implement -naccept in the s_server.tb2021-08-291-2/+7
| | | | | doc fixes/ok jmc ok beck
* Add DTLSv1.2 support to openssl(1) s_client/s_server.jsing2021-03-171-2/+14
| | | | ok inoguchi@ tb@
* Document meaning of '*' in genrsa outputtb2020-12-301-3/+6
| | | | ok inoguchi jmc kn
* some comma fixes; from varik valeforjmc2020-11-011-12/+12
| | | | (audio.4 tweaked from that submitted)
* Add a -legacy_verify flag to force use of the old validator for debuggingtb2020-10-261-2/+5
| | | | | | and testing purposes. ok beck inoguchi jsing
* Remove hypheninoguchi2020-07-141-3/+3
|
* Add single space between pem and ...inoguchi2020-07-141-2/+2
|
* Add manual for openssl(1) certhashinoguchi2020-07-141-2/+57
| | | | ok jmc@
* Add description for -tls1_3 and -no_tls1_3 options to openssl(1) s_serverinoguchi2020-05-131-6/+8
| | | | ok jsing@ tb@
* In s_server.c rev. 1.33, jsing added support for "openssl s_server -groups";schwarze2020-04-251-6/+18
| | | | | | | | document it and deprecate "openssl s_server -named_curve". While here, fix the error in the synopsis for "openssl s_client -groups" and use unified argument naming and similar wording like in SSL_CTX_set1_groups_list(3). OK jsing@
* Tag subcommand sectionskn2020-02-191-2/+44
| | | | | | | | | Allow semantic lookup by manually tagging sections (.Sh) for which no automatic tagging has been implemented; this thereby also eliminates false positives such that ":tx509<Enter>" now jumps to the X509 section. feedback remi inoguchi schwarze OK tb
* Add -tls1_3 and -notls1_3 options to openssl(1) s_client.jsing2020-02-161-6/+8
| | | | | | | | | Also stop using version pinned methods, instead setting the min and max protocol versions. Requested by inoguchi@ ok inoguchi@ tb@
* use "Currently" in the doc for "openssl enc" when talking about defaultsthen2019-12-181-2/+2
| | | | | md, to hint that it might not always be the case (e.g. if dealing with files from a different version of the tool). ok tb@
* In January, the default digest used in the openssl enc command wastb2019-12-181-7/+4
| | | | | | | | changed from md5 to sha256. Update manual to reflect that. From Fabio Scotoni ok jmc
* Add manual for openssl(1) cmsinoguchi2019-11-281-2/+518
| | | | ok and comments jmc@
* Add manual descriptions for openssl(1) req -addextinoguchi2019-11-191-2/+10
| | | | ok jmc@
* the formatting for the mini synopses in this page did not render welljmc2019-10-041-115/+179
| | | | | | | on html or groff. the solution, to replace the non-standard .nr macros with a hang list, was provided by ingo - thanks! ok schwarze
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 21:43:44 +0000