aboutsummaryrefslogtreecommitdiffstats
path: root/doc/apps
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2016-09-22 13:04:03 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2016-09-22 13:04:03 +0000
commite1b483878d9824c63d376895da633b0b96fbbaed (patch)
tree0846e185ed4cc1159a684e408e772c86ae0fc1a7 /doc/apps
parent57f1256b1a087adbdf8e5c080dd9ed7975de939a (diff)
downloadsrc-e1b483878d9824c63d376895da633b0b96fbbaed.tar.gz
src-e1b483878d9824c63d376895da633b0b96fbbaed.zip
Import OpenSSL 1.0.2i.vendor/openssl/1.0.2i
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=306189 svn path=/vendor-crypto/openssl/1.0.2i/; revision=306190; tag=vendor/openssl/1.0.2i
Diffstat (limited to 'doc/apps')
-rw-r--r--doc/apps/cms.pod3
-rw-r--r--doc/apps/s_client.pod9
-rw-r--r--doc/apps/s_server.pod9
-rw-r--r--doc/apps/smime.pod3
-rw-r--r--doc/apps/verify.pod5
-rw-r--r--doc/apps/x509.pod4
-rw-r--r--doc/apps/x509v3_config.pod2
7 files changed, 28 insertions, 7 deletions
diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 4eaedbcd34c4..ac69804228cc 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -86,6 +86,9 @@ encrypt mail for the given recipient certificates. Input file is the message
to be encrypted. The output file is the encrypted mail in MIME format. The
actual CMS type is <B>EnvelopedData<B>.
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
=item B<-decrypt>
decrypt mail using the supplied certificate and private key. Expects an
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index 618df9659d3b..29675dd213f4 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -53,6 +53,7 @@ B<openssl> B<s_client>
[B<-rand file(s)>]
[B<-serverinfo types>]
[B<-status>]
+[B<-alpn protocols>]
[B<-nextprotoneg protocols>]
=head1 DESCRIPTION
@@ -277,9 +278,13 @@ file.
sends a certificate status request to the server (OCSP stapling). The server
response (if any) is printed out.
-=item B<-nextprotoneg protocols>
+=item B<-alpn protocols>, B<-nextprotoneg protocols>
-enable Next Protocol Negotiation TLS extension and provide a list of
+these flags enable the
+Enable the Application-Layer Protocol Negotiation or Next Protocol
+Negotiation extension, respectively. ALPN is the IETF standard and
+replaces NPN.
+The B<protocols> list is a
comma-separated protocol names that the client should advertise
support for. The list should contain most wanted protocols first.
Protocol names are printable ASCII strings, for example "http/1.1" or
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index 6f4acb7006ff..fa17488d9173 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -62,6 +62,7 @@ B<openssl> B<s_server>
[B<-status_verbose>]
[B<-status_timeout nsec>]
[B<-status_url url>]
+[B<-alpn protocols>]
[B<-nextprotoneg protocols>]
=head1 DESCRIPTION
@@ -327,9 +328,13 @@ sets a fallback responder URL to use if no responder URL is present in the
server certificate. Without this option an error is returned if the server
certificate does not contain a responder address.
-=item B<-nextprotoneg protocols>
+=item B<-alpn protocols>, B<-nextprotoneg protocols>
-enable Next Protocol Negotiation TLS extension and provide a
+these flags enable the
+Enable the Application-Layer Protocol Negotiation or Next Protocol
+Negotiation extension, respectively. ALPN is the IETF standard and
+replaces NPN.
+The B<protocols> list is a
comma-separated list of supported protocol names.
The list should contain most wanted protocols first.
Protocol names are printable ASCII strings, for example "http/1.1" or
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index d5618c8ff0df..04a83ca8e427 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -53,6 +53,9 @@ The meaning of the other options varies according to the operation type.
encrypt mail for the given recipient certificates. Input file is the message
to be encrypted. The output file is the encrypted mail in MIME format.
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
=item B<-decrypt>
decrypt mail using the supplied certificate and private key. Expects an
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
index bffa6c0ec403..b3767325ae07 100644
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -27,6 +27,7 @@ B<openssl> B<verify>
[B<-use_deltas>]
[B<-policy_print>]
[B<-no_alt_chains>]
+[B<-allow_proxy_certs>]
[B<-untrusted file>]
[B<-help>]
[B<-issuer_checks>]
@@ -139,6 +140,10 @@ be found that is trusted. With this option that behaviour is suppressed so that
only the first chain found is ever used. Using this option will force the
behaviour to match that of previous OpenSSL versions.
+=item B<-allow_proxy_certs>
+
+Allow the verification of proxy certificates.
+
=item B<-trusted file>
A file of additional trusted certificates. The file should contain multiple
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 26f71c883295..1479a7495716 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -642,8 +642,8 @@ hex dump unsupported extensions.
=item B<ca_default>
-the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>,
-B<no_version>, B<no_sigdump> and B<no_signame>.
+the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>,
+B<no_header>, and B<no_version>.
=back
diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod
index c82cea1da24e..fb5f79c356e6 100644
--- a/doc/apps/x509v3_config.pod
+++ b/doc/apps/x509v3_config.pod
@@ -104,7 +104,7 @@ Examples:
This extensions consists of a list of usages indicating purposes for which
the certificate public key can be used for,
-These can either be object short names of the dotted numerical form of OIDs.
+These can either be object short names or the dotted numerical form of OIDs.
While any OID can be used only certain values make sense. In particular the
following PKIX, NS and MS values are meaningful: