path: root/doc/apps
diff options
authorJung-uk Kim <jkim@FreeBSD.org>2017-05-25 19:38:38 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2017-05-25 19:38:38 +0000
commit12df5ad9af4981f5d3c31a9819d31618c0f1af51 (patch)
tree97e3336a3054b8d8a0150b9d414934f73c99cb30 /doc/apps
parent5315173646e65b5025be33013edc33eb9658e683 (diff)
Import OpenSSL 1.0.2l.vendor/openssl/1.0.2l
Notes: svn path=/vendor-crypto/openssl/dist/; revision=318897 svn path=/vendor-crypto/openssl/1.0.2l/; revision=318898; tag=vendor/openssl/1.0.2l
Diffstat (limited to 'doc/apps')
6 files changed, 61 insertions, 11 deletions
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index 9224557255ed..35d40bbf27ae 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -179,7 +179,8 @@ When in doubt, include B<!aNULL> in your cipherlist.
=item B<kRSA>, B<RSA>
-cipher suites using RSA key exchange.
+cipher suites using RSA key exchange or authentication. B<RSA> is an alias for
=item B<kDHr>, B<kDHd>, B<kDH>
diff --git a/doc/apps/config.pod b/doc/apps/config.pod
index e12591528c0c..3f607d3b5fc8 100644
--- a/doc/apps/config.pod
+++ b/doc/apps/config.pod
@@ -47,7 +47,8 @@ or B<${section::name}>. By using the form B<$ENV::name> environment
variables can be substituted. It is also possible to assign values to
environment variables by using the name B<ENV::name>, this will work
if the program looks up environment variables using the B<CONF> library
-instead of calling B<getenv()> directly.
+instead of calling B<getenv()> directly. The value string must not exceed 64k in
+length after variable expansion. Otherwise an error will occur.
It is possible to escape certain characters by using any kind of quote
or the B<\> character. By making the last character of a line a B<\>
diff --git a/doc/apps/genrsa.pod b/doc/apps/genrsa.pod
index 3dc9870f34b9..f4ed9593ae26 100644
--- a/doc/apps/genrsa.pod
+++ b/doc/apps/genrsa.pod
@@ -7,11 +7,15 @@ genrsa - generate an RSA private key
B<openssl> B<genrsa>
[B<-out filename>]
[B<-passout arg>]
@@ -32,17 +36,21 @@ The B<genrsa> command generates an RSA private key.
=over 4
+=item B<-help>
+Print out a usage message.
=item B<-out filename>
-the output filename. If this argument is not specified then standard output is
+Output the key to the specified file. If this argument is not specified then
+standard output is used.
=item B<-passout arg>
the output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
-=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
+=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
These options encrypt the private key with specified
cipher before outputting it. If none of these options is
@@ -56,8 +64,8 @@ the public exponent to use, either 65537 or 3. The default is 65537.
=item B<-rand file(s)>
a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
+generator, or an EGD socket (see L<RAND_egd(3)>).
+Multiple files can be specified separated by an OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.
@@ -71,7 +79,7 @@ for all available algorithms.
=item B<numbits>
the size of the private key to generate in bits. This must be the last option
-specified. The default is 512.
+specified. The default is 2048.
@@ -96,7 +104,15 @@ be much larger (typically 1024 bits).
=head1 SEE ALSO
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 30653e509357..1682ba5143dd 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -237,6 +237,9 @@ a self signed root CA. The extensions added to the certificate
using the B<set_serial> option, a large random number will be used for
the serial number.
+If existing request is specified with the B<-in> option, it is converted
+to the self signed certificate otherwise new request is created.
=item B<-days n>
when the B<-x509> option is being used this specifies the number of
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index 29675dd213f4..b45acbc5e3e4 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -42,6 +42,8 @@ B<openssl> B<s_client>
+[B<-sigalgs sigalglist>]
+[B<-curves curvelist>]
[B<-cipher cipherlist>]
[B<-starttls protocol>]
@@ -217,6 +219,19 @@ Send TLS_FALLBACK_SCSV in the ClientHello.
there are several known bug in SSL and TLS implementations. Adding this
option enables various workarounds.
+=item B<-sigalgs sigalglist>
+Specifies the list of signature algorithms that are sent by the client.
+The server selects one entry in the list based on its preferences.
+For example strings, see L<SSL_CTX_set1_sigalgs(3)>
+=item B<-curves curvelist>
+Specifies the list of supported curves to be sent by the client. The curve is
+is ultimately selected by the server. For a list of all curves, use:
+ $ openssl ecparam -list_curves
=item B<-cipher cipherlist>
this allows the cipher list sent by the client to be modified. Although
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index fa17488d9173..1fe93ddfbebb 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -35,6 +35,8 @@ B<openssl> B<s_server>
[B<-CAfile filename>]
+[B<-client_sigalgs sigalglist>]
+[B<-named_curve curve>]
[B<-cipher cipherlist>]
@@ -234,6 +236,18 @@ option enables various workarounds.
this option enables a further workaround for some some early Netscape
SSL code (?).
+=item B<-client_sigalgs sigalglist>
+Signature algorithms to support for client certificate authentication
+(colon-separated list)
+=item B<-named_curve curve>
+Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
+For a list of all possible curves, use:
+ $ openssl ecparam -list_curves
=item B<-cipher cipherlist>
this allows the cipher list used by the server to be modified. When