aboutsummaryrefslogtreecommitdiffstats
path: root/secure/usr.bin/openssl/man
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2019-02-26 19:34:42 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2019-02-26 19:34:42 +0000
commit3cf0952a072a5feca804996ce8599733a1fd47de (patch)
treee2b644021f6d02804d8430114af5cac383b71aa3 /secure/usr.bin/openssl/man
parent8a506ab161b8c7d92e9edc3d26c70a85a940ad88 (diff)
downloadsrc-3cf0952a072a5feca804996ce8599733a1fd47de.tar.gz
src-3cf0952a072a5feca804996ce8599733a1fd47de.zip
MFC: r344602
Merge OpenSSL 1.1.1b.
Notes
Notes: svn path=/stable/12/; revision=344603
Diffstat (limited to 'secure/usr.bin/openssl/man')
-rw-r--r--secure/usr.bin/openssl/man/CA.pl.128
-rw-r--r--secure/usr.bin/openssl/man/asn1parse.126
-rw-r--r--secure/usr.bin/openssl/man/ca.138
-rw-r--r--secure/usr.bin/openssl/man/ciphers.128
-rw-r--r--secure/usr.bin/openssl/man/cms.142
-rw-r--r--secure/usr.bin/openssl/man/crl.126
-rw-r--r--secure/usr.bin/openssl/man/crl2pkcs7.124
-rw-r--r--secure/usr.bin/openssl/man/dgst.130
-rw-r--r--secure/usr.bin/openssl/man/dhparam.126
-rw-r--r--secure/usr.bin/openssl/man/dsa.130
-rw-r--r--secure/usr.bin/openssl/man/dsaparam.128
-rw-r--r--secure/usr.bin/openssl/man/ec.133
-rw-r--r--secure/usr.bin/openssl/man/ecparam.126
-rw-r--r--secure/usr.bin/openssl/man/enc.128
-rw-r--r--secure/usr.bin/openssl/man/engine.124
-rw-r--r--secure/usr.bin/openssl/man/errstr.122
-rw-r--r--secure/usr.bin/openssl/man/gendsa.126
-rw-r--r--secure/usr.bin/openssl/man/genpkey.132
-rw-r--r--secure/usr.bin/openssl/man/genrsa.126
-rw-r--r--secure/usr.bin/openssl/man/list.126
-rw-r--r--secure/usr.bin/openssl/man/nseq.122
-rw-r--r--secure/usr.bin/openssl/man/ocsp.128
-rw-r--r--secure/usr.bin/openssl/man/openssl.174
-rw-r--r--secure/usr.bin/openssl/man/passwd.122
-rw-r--r--secure/usr.bin/openssl/man/pkcs12.137
-rw-r--r--secure/usr.bin/openssl/man/pkcs7.124
-rw-r--r--secure/usr.bin/openssl/man/pkcs8.132
-rw-r--r--secure/usr.bin/openssl/man/pkey.132
-rw-r--r--secure/usr.bin/openssl/man/pkeyparam.126
-rw-r--r--secure/usr.bin/openssl/man/pkeyutl.134
-rw-r--r--secure/usr.bin/openssl/man/prime.122
-rw-r--r--secure/usr.bin/openssl/man/rand.124
-rw-r--r--secure/usr.bin/openssl/man/req.142
-rw-r--r--secure/usr.bin/openssl/man/rsa.130
-rw-r--r--secure/usr.bin/openssl/man/rsautl.124
-rw-r--r--secure/usr.bin/openssl/man/s_client.185
-rw-r--r--secure/usr.bin/openssl/man/s_server.175
-rw-r--r--secure/usr.bin/openssl/man/s_time.140
-rw-r--r--secure/usr.bin/openssl/man/sess_id.124
-rw-r--r--secure/usr.bin/openssl/man/smime.130
-rw-r--r--secure/usr.bin/openssl/man/speed.122
-rw-r--r--secure/usr.bin/openssl/man/spkac.126
-rw-r--r--secure/usr.bin/openssl/man/srp.124
-rw-r--r--secure/usr.bin/openssl/man/storeutl.128
-rw-r--r--secure/usr.bin/openssl/man/ts.158
-rw-r--r--secure/usr.bin/openssl/man/tsget.126
-rw-r--r--secure/usr.bin/openssl/man/verify.136
-rw-r--r--secure/usr.bin/openssl/man/version.122
-rw-r--r--secure/usr.bin/openssl/man/x509.138
49 files changed, 898 insertions, 678 deletions
diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1
index 126e63cbaa85..62361743b417 100644
--- a/secure/usr.bin/openssl/man/CA.pl.1
+++ b/secure/usr.bin/openssl/man/CA.pl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CA.PL 1"
-.TH CA.PL 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CA.PL 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -265,7 +269,7 @@ the request and finally create a PKCS#12 file containing it.
.SH "DSA CERTIFICATES"
.IX Header "DSA CERTIFICATES"
Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to
-use it with \s-1DSA\s0 certificates and requests using the \fIreq\fR\|(1) command
+use it with \s-1DSA\s0 certificates and requests using the \fBreq\fR\|(1) command
directly. The following example shows the steps that would typically be taken.
.PP
Create some \s-1DSA\s0 parameters:
@@ -325,8 +329,8 @@ by a beginner. Its behaviour isn't always what is wanted. For more control over
behaviour of the certificate commands call the \fBopenssl\fR command directly.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIreq\fR\|(1), \fIpkcs12\fR\|(1),
-\&\fIconfig\fR\|(5)
+\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBreq\fR\|(1), \fBpkcs12\fR\|(1),
+\&\fBconfig\fR\|(5)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1
index a9d20be114bf..5f7227df4d51 100644
--- a/secure/usr.bin/openssl/man/asn1parse.1
+++ b/secure/usr.bin/openssl/man/asn1parse.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1PARSE 1"
-.TH ASN1PARSE 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ASN1PARSE 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -205,7 +209,7 @@ option can be used multiple times to \*(L"drill down\*(R" into a nested structur
.IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4
.IX Item "-genstr string, -genconf file"
Generate encoded data based on \fBstring\fR, \fBfile\fR or both using
-\&\fIASN1_generate_nconf\fR\|(3) format. If \fBfile\fR only is
+\&\fBASN1_generate_nconf\fR\|(3) format. If \fBfile\fR only is
present then the string is obtained from the default section using the name
\&\fBasn1\fR. The encoded data is passed through the \s-1ASN1\s0 parser and printed out as
though it came from a file, the contents can thus be examined and written to a
@@ -324,7 +328,7 @@ There should be options to change the format of output lines. The output of some
\&\s-1ASN.1\s0 types is not well handled (if at all).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIASN1_generate_nconf\fR\|(3)
+\&\fBASN1_generate_nconf\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1
index c155e2415098..c235cc738963 100644
--- a/secure/usr.bin/openssl/man/ca.1
+++ b/secure/usr.bin/openssl/man/ca.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CA 1"
-.TH CA 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CA 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -207,7 +211,7 @@ This prints extra details about the operations being performed.
.IX Item "-config filename"
Specifies the configuration file to use.
Optional; for a description of the default value,
-see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1).
+see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1).
.IP "\fB\-name section\fR" 4
.IX Item "-name section"
Specifies the configuration file section to use (overrides
@@ -269,7 +273,7 @@ self-signed certificate.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
The key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-notext\fR" 4
.IX Item "-notext"
Don't output the text form of a certificate to the output file.
@@ -331,8 +335,8 @@ The section of the configuration file containing certificate extensions
to be added when a certificate is issued (defaults to \fBx509_extensions\fR
unless the \fB\-extfile\fR option is used). If no extension section is
present then, a V1 certificate is created. If the extension section
-is present (even if it is empty), then a V3 certificate is created. See the:w
-\&\fIx509v3_config\fR\|(5) manual page for details of the
+is present (even if it is empty), then a V3 certificate is created. See the
+\&\fBx509v3_config\fR\|(5) manual page for details of the
extension section format.
.IP "\fB\-extfile file\fR" 4
.IX Item "-extfile file"
@@ -444,7 +448,7 @@ created, if the \s-1CRL\s0 extension section is present (even if it is
empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are
\&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted
that some software (for example Netscape) can't handle V2 CRLs. See
-\&\fIx509v3_config\fR\|(5) manual page for details of the
+\&\fBx509v3_config\fR\|(5) manual page for details of the
extension section format.
.SH "CONFIGURATION FILE OPTIONS"
.IX Header "CONFIGURATION FILE OPTIONS"
@@ -802,11 +806,11 @@ earlier than year 2049 (included), and as GeneralizedTime if the dates
are in year 2050 or later.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIreq\fR\|(1), \fIspkac\fR\|(1), \fIx509\fR\|(1), \s-1\fICA\s0.pl\fR\|(1),
-\&\fIconfig\fR\|(5), \fIx509v3_config\fR\|(5)
+\&\fBreq\fR\|(1), \fBspkac\fR\|(1), \fBx509\fR\|(1), \s-1\fBCA\s0.pl\fR\|(1),
+\&\fBconfig\fR\|(5), \fBx509v3_config\fR\|(5)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
-Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1
index 82d7870c8e31..98a408437bcb 100644
--- a/secure/usr.bin/openssl/man/ciphers.1
+++ b/secure/usr.bin/openssl/man/ciphers.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CIPHERS 1"
-.TH CIPHERS 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CIPHERS 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -190,7 +194,7 @@ When combined with \fB\-s\fR includes cipher suites which require \s-1SRP.\s0
.IP "\fB\-v\fR" 4
.IX Item "-v"
Verbose output: For each cipher suite, list details as provided by
-\&\fISSL_CIPHER_description\fR\|(3).
+\&\fBSSL_CIPHER_description\fR\|(3).
.IP "\fB\-V\fR" 4
.IX Item "-V"
Like \fB\-v\fR, but include the official cipher suite values in hex.
@@ -845,7 +849,7 @@ Set security level to 2 and display all ciphers consistent with level 2:
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIs_client\fR\|(1), \fIs_server\fR\|(1), \fIssl\fR\|(7)
+\&\fBs_client\fR\|(1), \fBs_server\fR\|(1), \fBssl\fR\|(7)
.SH "HISTORY"
.IX Header "HISTORY"
The \fB\-V\fR option for the \fBciphers\fR command was added in OpenSSL 1.0.0.
@@ -853,7 +857,7 @@ The \fB\-V\fR option for the \fBciphers\fR command was added in OpenSSL 1.0.0.
The \fB\-stdname\fR is only available if OpenSSL is built with tracing enabled
(\fBenable-ssl-trace\fR argument to Configure) before OpenSSL 1.1.1.
.PP
-The \fB\-convert\fR was added in OpenSSL 1.1.1.
+The \fB\-convert\fR option was added in OpenSSL 1.1.1.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1
index 152fc013ecc2..07e20e17f4f9 100644
--- a/secure/usr.bin/openssl/man/cms.1
+++ b/secure/usr.bin/openssl/man/cms.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS 1"
-.TH CMS 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CMS 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -397,8 +401,8 @@ default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
.IX Item "-cipher"
The encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR
or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the
-\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
-example \fB\-aes\-128\-cbc\fR. See \fIenc\fR\|(1) for a list of ciphers
+\&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
+example \fB\-aes\-128\-cbc\fR. See \fBenc\fR\|(1) for a list of ciphers
supported by your version of OpenSSL.
.Sp
If not specified triple \s-1DES\s0 is used. Only used with \fB\-encrypt\fR and
@@ -534,7 +538,7 @@ or to modify default parameters for \s-1ECDH.\s0
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
The private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-rand file...\fR" 4
.IX Item "-rand file..."
A file or files containing random data used to seed the random number
@@ -559,7 +563,7 @@ address matches that specified in the From: address.
.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4
.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict"
Set various certificate chain validation options. See the
-\&\fIverify\fR\|(1) manual page for details.
+\&\fBverify\fR\|(1) manual page for details.
.SH "NOTES"
.IX Header "NOTES"
The \s-1MIME\s0 message must be sent without any blank lines between the
@@ -606,7 +610,7 @@ tried whether they succeed or not and if no recipients match the message
is \*(L"decrypted\*(R" using a random key which will typically output garbage.
The \fB\-debug_decrypt\fR option can be used to disable the \s-1MMA\s0 attack protection
and return an error if no recipient can be found: this option should be used
-with caution. For a fuller description see \fICMS_decrypt\fR\|(3)).
+with caution. For a fuller description see \fBCMS_decrypt\fR\|(3)).
.SH "EXIT CODES"
.IX Header "EXIT CODES"
.IP "0" 4
@@ -798,14 +802,14 @@ No revocation checking is done on the signer's certificate.
The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first
added in OpenSSL 1.0.0.
.PP
-The \fBkeyopt\fR option was first added in OpenSSL 1.0.2.
+The \fBkeyopt\fR option was added in OpenSSL 1.0.2.
.PP
-Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
+Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2.
.PP
-The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR was first added
-to OpenSSL 1.0.2.
+The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR
+was added in OpenSSL 1.0.2.
.PP
-The \-no_alt_chains options was first added to OpenSSL 1.0.2b.
+The \-no_alt_chains option was added in OpenSSL 1.0.2b.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2008\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1
index 628cb3213b1b..31c680c498b2 100644
--- a/secure/usr.bin/openssl/man/crl.1
+++ b/secure/usr.bin/openssl/man/crl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CRL 1"
-.TH CRL 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CRL 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -184,7 +188,7 @@ Print out the \s-1CRL\s0 in text form.
.IP "\fB\-nameopt option\fR" 4
.IX Item "-nameopt option"
Option which determines how the subject or issuer names are displayed. See
-the description of \fB\-nameopt\fR in \fIx509\fR\|(1).
+the description of \fB\-nameopt\fR in \fBx509\fR\|(1).
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
Don't output the encoded version of the \s-1CRL.\s0
@@ -242,7 +246,7 @@ Ideally it should be possible to create a \s-1CRL\s0 using appropriate options
and files too.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIcrl2pkcs7\fR\|(1), \fIca\fR\|(1), \fIx509\fR\|(1)
+\&\fBcrl2pkcs7\fR\|(1), \fBca\fR\|(1), \fBx509\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1
index 20a5269e33f6..abb3876dcd3c 100644
--- a/secure/usr.bin/openssl/man/crl2pkcs7.1
+++ b/secure/usr.bin/openssl/man/crl2pkcs7.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CRL2PKCS7 1"
-.TH CRL2PKCS7 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH CRL2PKCS7 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -212,7 +216,7 @@ The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can b
install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIpkcs7\fR\|(1)
+\&\fBpkcs7\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1
index db0c6100ae4e..d959cf3572b5 100644
--- a/secure/usr.bin/openssl/man/dgst.1
+++ b/secure/usr.bin/openssl/man/dgst.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DGST 1"
-.TH DGST 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DGST 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -219,7 +223,7 @@ Names and values of these options are algorithm-specific.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
The private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-verify filename\fR" 4
.IX Item "-verify filename"
Verify the signature using the public key in \*(L"filename\*(R".
@@ -325,11 +329,11 @@ or similar program to transform the hex signature into a binary signature
prior to verification.
.SH "HISTORY"
.IX Header "HISTORY"
-The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0
-The FIPS-related options were removed in OpenSSL 1.1.0
+The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0.
+The FIPS-related options were removed in OpenSSL 1.1.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
-Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1
index f0a753566e98..5670aba30964 100644
--- a/secure/usr.bin/openssl/man/dhparam.1
+++ b/secure/usr.bin/openssl/man/dhparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DHPARAM 1"
-.TH DHPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DHPARAM 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -230,7 +234,7 @@ This option prints out the \s-1DH\s0 parameters in human readable form.
.IP "\fB\-C\fR" 4
.IX Item "-C"
This option converts the parameters into C code. The parameters can then
-be loaded by calling the \fIget_dhNNNN()\fR function.
+be loaded by calling the \fBget_dhNNNN()\fR function.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
Specifying an engine (by its unique \fBid\fR string) will cause \fBdhparam\fR
@@ -261,7 +265,7 @@ This program manipulates \s-1DH\s0 parameters not keys.
There should be a way to generate and manipulate \s-1DH\s0 keys.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdsaparam\fR\|(1)
+\&\fBdsaparam\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1
index a799b42bfff5..f4ac6765f9c2 100644
--- a/secure/usr.bin/openssl/man/dsa.1
+++ b/secure/usr.bin/openssl/man/dsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA 1"
-.TH DSA 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSA 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -198,7 +202,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output by
@@ -208,7 +212,7 @@ filename.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4
.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea"
These options encrypt the private key with the specified
@@ -290,8 +294,8 @@ To just output the public part of a private key:
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdsaparam\fR\|(1), \fIgendsa\fR\|(1), \fIrsa\fR\|(1),
-\&\fIgenrsa\fR\|(1)
+\&\fBdsaparam\fR\|(1), \fBgendsa\fR\|(1), \fBrsa\fR\|(1),
+\&\fBgenrsa\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1
index b9c6088097d1..06228699f9b3 100644
--- a/secure/usr.bin/openssl/man/dsaparam.1
+++ b/secure/usr.bin/openssl/man/dsaparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSAPARAM 1"
-.TH DSAPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH DSAPARAM 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -189,7 +193,7 @@ This option prints out the \s-1DSA\s0 parameters in human readable form.
.IP "\fB\-C\fR" 4
.IX Item "-C"
This option converts the parameters into C code. The parameters can then
-be loaded by calling the \fIget_dsaXXX()\fR function.
+be loaded by calling the \fBget_dsaXXX()\fR function.
.IP "\fB\-genkey\fR" 4
.IX Item "-genkey"
This option will generate a \s-1DSA\s0 either using the specified or generated
@@ -229,8 +233,8 @@ for all available algorithms.
\&\s-1DSA\s0 parameters is often used to generate several distinct keys.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIgendsa\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIrsa\fR\|(1)
+\&\fBgendsa\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBrsa\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1
index b2288579a600..d51ada449b94 100644
--- a/secure/usr.bin/openssl/man/ec.1
+++ b/secure/usr.bin/openssl/man/ec.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EC 1"
-.TH EC 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH EC 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -191,7 +195,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output by
@@ -201,7 +205,7 @@ filename.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-des|\-des3|\-idea\fR" 4
.IX Item "-des|-des3|-idea"
These options encrypt the private key with the \s-1DES,\s0 triple \s-1DES, IDEA\s0 or
@@ -218,9 +222,6 @@ Prints out the public, private key components and parameters.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
This option prevents output of the encoded version of the key.
-.IP "\fB\-modulus\fR" 4
-.IX Item "-modulus"
-This option prints out the value of the public key component of the key.
.IP "\fB\-pubin\fR" 4
.IX Item "-pubin"
By default, a private key is read from the input file. With this option a
@@ -314,10 +315,10 @@ To change the point conversion form to \fBcompressed\fR:
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIecparam\fR\|(1), \fIdsa\fR\|(1), \fIrsa\fR\|(1)
+\&\fBecparam\fR\|(1), \fBdsa\fR\|(1), \fBrsa\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
-Copyright 2003\-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2003\-2019 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1
index a422cf92a865..93bdd9b186b1 100644
--- a/secure/usr.bin/openssl/man/ecparam.1
+++ b/secure/usr.bin/openssl/man/ecparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ECPARAM 1"
-.TH ECPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ECPARAM 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -193,7 +197,7 @@ This option prints out the \s-1EC\s0 parameters in human readable form.
.IP "\fB\-C\fR" 4
.IX Item "-C"
This option converts the \s-1EC\s0 parameters into C code. The parameters can then
-be loaded by calling the \fIget_ec_group_XXX()\fR function.
+be loaded by calling the \fBget_ec_group_XXX()\fR function.
.IP "\fB\-check\fR" 4
.IX Item "-check"
Validate the elliptic curve parameters.
@@ -297,7 +301,7 @@ To print out the \s-1EC\s0 parameters to standard output:
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIec\fR\|(1), \fIdsaparam\fR\|(1)
+\&\fBec\fR\|(1), \fBdsaparam\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2003\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1
index c39476ff7383..927018cd2d0e 100644
--- a/secure/usr.bin/openssl/man/enc.1
+++ b/secure/usr.bin/openssl/man/enc.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ENC 1"
-.TH ENC 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ENC 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -194,7 +198,7 @@ The output filename, standard output by default.
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
The password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-e\fR" 4
.IX Item "-e"
Encrypt the input data: this is the default.
@@ -364,7 +368,7 @@ management issues also affect other modes currently exposed in \fBenc\fR,
but the failure modes are less extreme in these cases, and the
functionality cannot be removed with a stable release branch.
For bulk encryption of data, whether using authenticated encryption
-modes or other modes, \fIcms\fR\|(1) is recommended, as it provides a
+modes or other modes, \fBcms\fR\|(1) is recommended, as it provides a
standard data format and performs the needed key/iv/nonce management.
.PP
.Vb 1
@@ -522,7 +526,7 @@ certain parameters. So if, for example, you want to use \s-1RC2\s0 with a
76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program.
.SH "HISTORY"
.IX Header "HISTORY"
-The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in Openssl 1.1.0.
+The default digest was changed from \s-1MD5\s0 to \s-1SHA256\s0 in OpenSSL 1.1.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/engine.1 b/secure/usr.bin/openssl/man/engine.1
index 851f31e46ae3..ff7917274d3d 100644
--- a/secure/usr.bin/openssl/man/engine.1
+++ b/secure/usr.bin/openssl/man/engine.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ENGINE 1"
-.TH ENGINE 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ENGINE 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -225,7 +229,7 @@ To list the capabilities of the \fIrsax\fR engine:
The path to the engines directory.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIconfig\fR\|(5)
+\&\fBconfig\fR\|(5)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1
index 25f92828f289..3b6daca1a466 100644
--- a/secure/usr.bin/openssl/man/errstr.1
+++ b/secure/usr.bin/openssl/man/errstr.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERRSTR 1"
-.TH ERRSTR 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH ERRSTR 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1
index cdcaaf281d71..b72bc23f994a 100644
--- a/secure/usr.bin/openssl/man/gendsa.1
+++ b/secure/usr.bin/openssl/man/gendsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "GENDSA 1"
-.TH GENDSA 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH GENDSA 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -203,8 +207,8 @@ and examined using the \fBopenssl dsaparam\fR command.
much quicker that \s-1RSA\s0 key generation for example.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdsaparam\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIrsa\fR\|(1)
+\&\fBdsaparam\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBrsa\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1
index 1fd374770d10..bbb5c72b33ad 100644
--- a/secure/usr.bin/openssl/man/genpkey.1
+++ b/secure/usr.bin/openssl/man/genpkey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "GENPKEY 1"
-.TH GENPKEY 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH GENPKEY 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,11 +172,11 @@ This specifies the output format \s-1DER\s0 or \s-1PEM.\s0 The default format is
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-\f(BIcipher\fB\fR" 4
.IX Item "-cipher"
This option encrypts the private key with the supplied cipher. Any algorithm
-name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR.
+name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
Specifying an engine (by its unique \fBid\fR string) will cause \fBgenpkey\fR
@@ -417,9 +421,9 @@ Generate an \s-1ED448\s0 private key:
.SH "HISTORY"
.IX Header "HISTORY"
The ability to use \s-1NIST\s0 curve names, and to generate an \s-1EC\s0 key directly,
-were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in
-OpenSSL 1.1.0. The ability to generate X448, \s-1ED25519\s0 and \s-1ED448\s0 keys was added in
-OpenSSL 1.1.1.
+were added in OpenSSL 1.0.2.
+The ability to generate X25519 keys was added in OpenSSL 1.1.0.
+The ability to generate X448, \s-1ED25519\s0 and \s-1ED448\s0 keys was added in OpenSSL 1.1.1.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1
index f2221a082d6a..7845ce19fec7 100644
--- a/secure/usr.bin/openssl/man/genrsa.1
+++ b/secure/usr.bin/openssl/man/genrsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "GENRSA 1"
-.TH GENRSA 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH GENRSA 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -176,7 +180,7 @@ standard output is used.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
The output file password source. For more information about the format
-of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4
.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea"
These options encrypt the private key with specified
@@ -228,7 +232,7 @@ may vary somewhat. But in general, more primes lead to less generation time
of a key.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIgendsa\fR\|(1)
+\&\fBgendsa\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/list.1 b/secure/usr.bin/openssl/man/list.1
index 8b0d6cf3486f..573027fbbb31 100644
--- a/secure/usr.bin/openssl/man/list.1
+++ b/secure/usr.bin/openssl/man/list.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "LIST 1"
-.TH LIST 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH LIST 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,7 +172,7 @@ Display a list of standard commands.
.IP "\fB\-digest\-commands\fR" 4
.IX Item "-digest-commands"
Display a list of message digest commands, which are typically used
-as input to the \fIdgst\fR\|(1) or \fIspeed\fR\|(1) commands.
+as input to the \fBdgst\fR\|(1) or \fBspeed\fR\|(1) commands.
.IP "\fB\-digest\-algorithms\fR" 4
.IX Item "-digest-algorithms"
Display a list of message digest algorithms.
@@ -178,7 +182,7 @@ then \fBfoo\fR is an alias for the official algorithm name, \fBbar\fR.
.IP "\fB\-cipher\-commands\fR" 4
.IX Item "-cipher-commands"
Display a list of cipher commands, which are typically used as input
-to the \fIdgst\fR\|(1) or \fIspeed\fR\|(1) commands.
+to the \fBdgst\fR\|(1) or \fBspeed\fR\|(1) commands.
.IP "\fB\-cipher\-algorithms\fR" 4
.IX Item "-cipher-algorithms"
Display a list of cipher algorithms.
diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1
index c18182844792..6cf495394d75 100644
--- a/secure/usr.bin/openssl/man/nseq.1
+++ b/secure/usr.bin/openssl/man/nseq.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "NSEQ 1"
-.TH NSEQ 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH NSEQ 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1
index a8c9c564d3fe..b47b837a24de 100644
--- a/secure/usr.bin/openssl/man/ocsp.1
+++ b/secure/usr.bin/openssl/man/ocsp.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OCSP 1"
-.TH OCSP 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OCSP 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -313,7 +317,7 @@ Child processes will detect changes in the \s-1CA\s0 index file and automaticall
reload it.
When running as a responder \fB\-timeout\fR option is recommended to limit the time
each child is willing to wait for the client's \s-1OCSP\s0 response.
-This option is available on \s-1POSIX\s0 systems (that support the \fIfork()\fR and other
+This option is available on \s-1POSIX\s0 systems (that support the \fBfork()\fR and other
required unix system-calls).
.IP "\fB\-CAfile file\fR, \fB\-CApath pathname\fR" 4
.IX Item "-CAfile file, -CApath pathname"
@@ -328,7 +332,7 @@ Do not load the trusted \s-1CA\s0 certificates from the default directory locati
.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4
.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict"
Set different certificate verification options.
-See \fIverify\fR\|(1) manual page for details.
+See \fBverify\fR\|(1) manual page for details.
.IP "\fB\-verify_other file\fR" 4
.IX Item "-verify_other file"
File containing additional certificates to search when attempting to locate
@@ -569,7 +573,7 @@ to a second file.
.Ve
.SH "HISTORY"
.IX Header "HISTORY"
-The \-no_alt_chains options was first added to OpenSSL 1.1.0.
+The \-no_alt_chains option was added in OpenSSL 1.1.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2001\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1
index bd6dbf7a6976..cc688f485227 100644
--- a/secure/usr.bin/openssl/man/openssl.1
+++ b/secure/usr.bin/openssl/man/openssl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL 1"
-.TH OPENSSL 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH OPENSSL 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -173,7 +177,7 @@ The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in
(\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0).
.PP
Detailed documentation and use cases for most standard subcommands are available
-(e.g., \fIx509\fR\|(1) or \fIopenssl\-x509\fR\|(1)).
+(e.g., \fBx509\fR\|(1) or \fBopenssl\-x509\fR\|(1)).
.PP
Many commands use an external configuration file for some or all of their
arguments and have a \fB\-config\fR option to specify that file.
@@ -235,18 +239,18 @@ Message Digest Calculation.
.IP "\fBdh\fR" 4
.IX Item "dh"
Diffie-Hellman Parameter Management.
-Obsoleted by \fIdhparam\fR\|(1).
+Obsoleted by \fBdhparam\fR\|(1).
.IP "\fBdhparam\fR" 4
.IX Item "dhparam"
Generation and Management of Diffie-Hellman Parameters. Superseded by
-\&\fIgenpkey\fR\|(1) and \fIpkeyparam\fR\|(1).
+\&\fBgenpkey\fR\|(1) and \fBpkeyparam\fR\|(1).
.IP "\fBdsa\fR" 4
.IX Item "dsa"
\&\s-1DSA\s0 Data Management.
.IP "\fBdsaparam\fR" 4
.IX Item "dsaparam"
\&\s-1DSA\s0 Parameter Generation and Management. Superseded by
-\&\fIgenpkey\fR\|(1) and \fIpkeyparam\fR\|(1).
+\&\fBgenpkey\fR\|(1) and \fBpkeyparam\fR\|(1).
.IP "\fBec\fR" 4
.IX Item "ec"
\&\s-1EC\s0 (Elliptic curve) key processing.
@@ -265,17 +269,17 @@ Error Number to Error String Conversion.
.IP "\fBgendh\fR" 4
.IX Item "gendh"
Generation of Diffie-Hellman Parameters.
-Obsoleted by \fIdhparam\fR\|(1).
+Obsoleted by \fBdhparam\fR\|(1).
.IP "\fBgendsa\fR" 4
.IX Item "gendsa"
Generation of \s-1DSA\s0 Private Key from Parameters. Superseded by
-\&\fIgenpkey\fR\|(1) and \fIpkey\fR\|(1).
+\&\fBgenpkey\fR\|(1) and \fBpkey\fR\|(1).
.IP "\fBgenpkey\fR" 4
.IX Item "genpkey"
Generation of Private Key or Parameters.
.IP "\fBgenrsa\fR" 4
.IX Item "genrsa"
-Generation of \s-1RSA\s0 Private Key. Superseded by \fIgenpkey\fR\|(1).
+Generation of \s-1RSA\s0 Private Key. Superseded by \fBgenpkey\fR\|(1).
.IP "\fBnseq\fR" 4
.IX Item "nseq"
Create or examine a Netscape certificate sequence.
@@ -321,7 +325,7 @@ PKCS#10 X.509 Certificate Signing Request (\s-1CSR\s0) Management.
.IP "\fBrsautl\fR" 4
.IX Item "rsautl"
\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. Superseded
-by \fIpkeyutl\fR\|(1).
+by \fBpkeyutl\fR\|(1).
.IP "\fBs_client\fR" 4
.IX Item "s_client"
This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent
@@ -434,7 +438,7 @@ The following aliases provide convenient access to the most used encodings
and ciphers.
.PP
Depending on how OpenSSL was configured and built, not all ciphers listed
-here may be present. See \fIenc\fR\|(1) for more information and command usage.
+here may be present. See \fBenc\fR\|(1) for more information and command usage.
.IP "\fBaes128\fR, \fBaes\-128\-cbc\fR, \fBaes\-128\-cfb\fR, \fBaes\-128\-ctr\fR, \fBaes\-128\-ecb\fR, \fBaes\-128\-ofb\fR" 4
.IX Item "aes128, aes-128-cbc, aes-128-cfb, aes-128-ctr, aes-128-ecb, aes-128-ofb"
\&\s-1AES\-128\s0 Cipher
@@ -521,7 +525,7 @@ prompted to enter one: this will typically be read from the current
terminal with echoing turned off.
.PP
Note that character encoding may be relevant, please see
-\&\fIpassphrase\-encoding\fR\|(7).
+\&\fBpassphrase\-encoding\fR\|(7).
.IP "\fBpass:password\fR" 4
.IX Item "pass:password"
The actual password is \fBpassword\fR. Since the password is visible
@@ -548,22 +552,22 @@ send the data via a pipe for example.
Read the password from standard input.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIasn1parse\fR\|(1), \fIca\fR\|(1), \fIciphers\fR\|(1), \fIcms\fR\|(1), \fIconfig\fR\|(5),
-\&\fIcrl\fR\|(1), \fIcrl2pkcs7\fR\|(1), \fIdgst\fR\|(1),
-\&\fIdhparam\fR\|(1), \fIdsa\fR\|(1), \fIdsaparam\fR\|(1),
-\&\fIec\fR\|(1), \fIecparam\fR\|(1),
-\&\fIenc\fR\|(1), \fIengine\fR\|(1), \fIerrstr\fR\|(1), \fIgendsa\fR\|(1), \fIgenpkey\fR\|(1),
-\&\fIgenrsa\fR\|(1), \fInseq\fR\|(1), \fIocsp\fR\|(1),
-\&\fIpasswd\fR\|(1),
-\&\fIpkcs12\fR\|(1), \fIpkcs7\fR\|(1), \fIpkcs8\fR\|(1),
-\&\fIpkey\fR\|(1), \fIpkeyparam\fR\|(1), \fIpkeyutl\fR\|(1), \fIprime\fR\|(1),
-\&\fIrand\fR\|(1), \fIrehash\fR\|(1), \fIreq\fR\|(1), \fIrsa\fR\|(1),
-\&\fIrsautl\fR\|(1), \fIs_client\fR\|(1),
-\&\fIs_server\fR\|(1), \fIs_time\fR\|(1), \fIsess_id\fR\|(1),
-\&\fIsmime\fR\|(1), \fIspeed\fR\|(1), \fIspkac\fR\|(1), \fIsrp\fR\|(1), \fIstoreutl\fR\|(1),
-\&\fIts\fR\|(1),
-\&\fIverify\fR\|(1), \fIversion\fR\|(1), \fIx509\fR\|(1),
-\&\fIcrypto\fR\|(7), \fIssl\fR\|(7), \fIx509v3_config\fR\|(5)
+\&\fBasn1parse\fR\|(1), \fBca\fR\|(1), \fBciphers\fR\|(1), \fBcms\fR\|(1), \fBconfig\fR\|(5),
+\&\fBcrl\fR\|(1), \fBcrl2pkcs7\fR\|(1), \fBdgst\fR\|(1),
+\&\fBdhparam\fR\|(1), \fBdsa\fR\|(1), \fBdsaparam\fR\|(1),
+\&\fBec\fR\|(1), \fBecparam\fR\|(1),
+\&\fBenc\fR\|(1), \fBengine\fR\|(1), \fBerrstr\fR\|(1), \fBgendsa\fR\|(1), \fBgenpkey\fR\|(1),
+\&\fBgenrsa\fR\|(1), \fBnseq\fR\|(1), \fBocsp\fR\|(1),
+\&\fBpasswd\fR\|(1),
+\&\fBpkcs12\fR\|(1), \fBpkcs7\fR\|(1), \fBpkcs8\fR\|(1),
+\&\fBpkey\fR\|(1), \fBpkeyparam\fR\|(1), \fBpkeyutl\fR\|(1), \fBprime\fR\|(1),
+\&\fBrand\fR\|(1), \fBrehash\fR\|(1), \fBreq\fR\|(1), \fBrsa\fR\|(1),
+\&\fBrsautl\fR\|(1), \fBs_client\fR\|(1),
+\&\fBs_server\fR\|(1), \fBs_time\fR\|(1), \fBsess_id\fR\|(1),
+\&\fBsmime\fR\|(1), \fBspeed\fR\|(1), \fBspkac\fR\|(1), \fBsrp\fR\|(1), \fBstoreutl\fR\|(1),
+\&\fBts\fR\|(1),
+\&\fBverify\fR\|(1), \fBversion\fR\|(1), \fBx509\fR\|(1),
+\&\fBcrypto\fR\|(7), \fBssl\fR\|(7), \fBx509v3_config\fR\|(5)
.SH "HISTORY"
.IX Header "HISTORY"
The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-algorithms\fR pseudo-commands were added in OpenSSL 1.0.0;
diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1
index b44ea2d0d68a..7842c1f0cd7f 100644
--- a/secure/usr.bin/openssl/man/passwd.1
+++ b/secure/usr.bin/openssl/man/passwd.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PASSWD 1"
-.TH PASSWD 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PASSWD 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1
index dca9461fefad..1de3d361e9da 100644
--- a/secure/usr.bin/openssl/man/pkcs12.1
+++ b/secure/usr.bin/openssl/man/pkcs12.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12 1"
-.TH PKCS12 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS12 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -202,12 +206,12 @@ default. They are all written in \s-1PEM\s0 format.
.IX Item "-passin arg"
The PKCS#12 file (i.e. input file) password source. For more information about
the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
-\&\fIopenssl\fR\|(1).
+\&\fBopenssl\fR\|(1).
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
Pass phrase source to encrypt any outputted private keys with. For more
information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section
-in \fIopenssl\fR\|(1).
+in \fBopenssl\fR\|(1).
.IP "\fB\-password arg\fR" 4
.IX Item "-password arg"
With \-export, \-password is equivalent to \-passout.
@@ -260,7 +264,8 @@ Don't attempt to verify the integrity \s-1MAC\s0 before reading the file.
.IX Item "-twopass"
Prompt for separate integrity and encryption passwords: most software
always assumes these are the same so this option will render such
-PKCS#12 files unreadable.
+PKCS#12 files unreadable. Cannot be used in combination with the options
+\&\-password, \-passin (if importing) or \-passout (if exporting).
.SH "FILE CREATION OPTIONS"
.IX Header "FILE CREATION OPTIONS"
.IP "\fB\-export\fR" 4
@@ -300,12 +305,12 @@ displays them.
.IX Item "-pass arg, -passout arg"
The PKCS#12 file (i.e. output file) password source. For more information about
the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
-\&\fIopenssl\fR\|(1).
+\&\fBopenssl\fR\|(1).
.IP "\fB\-passin password\fR" 4
.IX Item "-passin password"
Pass phrase source to decrypt any input private keys with. For more information
about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
-\&\fIopenssl\fR\|(1).
+\&\fBopenssl\fR\|(1).
.IP "\fB\-chain\fR" 4
.IX Item "-chain"
If this option is present then an attempt is made to include the entire
@@ -462,10 +467,10 @@ Include some extra certificates:
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIpkcs8\fR\|(1)
+\&\fBpkcs8\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
-Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1
index 9154b12bf9c3..a25577c2333d 100644
--- a/secure/usr.bin/openssl/man/pkcs7.1
+++ b/secure/usr.bin/openssl/man/pkcs7.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7 1"
-.TH PKCS7 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS7 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -227,7 +231,7 @@ This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0
cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIcrl2pkcs7\fR\|(1)
+\&\fBcrl2pkcs7\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1
index ad6119457bea..711e150d1dc8 100644
--- a/secure/usr.bin/openssl/man/pkcs8.1
+++ b/secure/usr.bin/openssl/man/pkcs8.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS8 1"
-.TH PKCS8 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKCS8 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -196,7 +200,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output by
@@ -206,7 +210,7 @@ filename.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-iter count\fR" 4
.IX Item "-iter count"
When creating new PKCS#8 containers, use a given number of iterations on
@@ -415,11 +419,11 @@ There should be an option that prints out the encryption algorithm
in use and other details such as the iteration count.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdsa\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIgendsa\fR\|(1)
+\&\fBdsa\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBgendsa\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"
-The \fB\-iter\fR option was added to OpenSSL 1.1.0.
+The \fB\-iter\fR option was added in OpenSSL 1.1.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1
index 6a9196412fe8..c77fc34788c5 100644
--- a/secure/usr.bin/openssl/man/pkey.1
+++ b/secure/usr.bin/openssl/man/pkey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKEY 1"
-.TH PKEY 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKEY 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -180,7 +184,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output if this
@@ -190,7 +194,7 @@ filename.
.IP "\fB\-passout password\fR" 4
.IX Item "-passout password"
The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-traditional\fR" 4
.IX Item "-traditional"
Normally a private key is written using standard format: this is PKCS#8 form
@@ -199,7 +203,7 @@ option is specified then the older \*(L"traditional\*(R" format is used instead.
.IP "\fB\-\f(BIcipher\fB\fR" 4
.IX Item "-cipher"
These options encrypt the private key with the supplied cipher. Any algorithm
-name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR.
+name accepted by \fBEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR.
.IP "\fB\-text\fR" 4
.IX Item "-text"
Prints out the various public or private key components in
@@ -272,8 +276,8 @@ To just output the public part of a private key:
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIgenpkey\fR\|(1), \fIrsa\fR\|(1), \fIpkcs8\fR\|(1),
-\&\fIdsa\fR\|(1), \fIgenrsa\fR\|(1), \fIgendsa\fR\|(1)
+\&\fBgenpkey\fR\|(1), \fBrsa\fR\|(1), \fBpkcs8\fR\|(1),
+\&\fBdsa\fR\|(1), \fBgenrsa\fR\|(1), \fBgendsa\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2006\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1
index 0f84ec6ff4da..19b9d7623326 100644
--- a/secure/usr.bin/openssl/man/pkeyparam.1
+++ b/secure/usr.bin/openssl/man/pkeyparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKEYPARAM 1"
-.TH PKEYPARAM 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKEYPARAM 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -191,8 +195,8 @@ There are no \fB\-inform\fR or \fB\-outform\fR options for this command because
\&\s-1PEM\s0 format is supported because the key type is determined by the \s-1PEM\s0 headers.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIgenpkey\fR\|(1), \fIrsa\fR\|(1), \fIpkcs8\fR\|(1),
-\&\fIdsa\fR\|(1), \fIgenrsa\fR\|(1), \fIgendsa\fR\|(1)
+\&\fBgenpkey\fR\|(1), \fBrsa\fR\|(1), \fBpkcs8\fR\|(1),
+\&\fBdsa\fR\|(1), \fBgenrsa\fR\|(1), \fBgendsa\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1
index 1c413421a3a7..e1ff78e7a7fc 100644
--- a/secure/usr.bin/openssl/man/pkeyutl.1
+++ b/secure/usr.bin/openssl/man/pkeyutl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKEYUTL 1"
-.TH PKEYUTL 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PKEYUTL 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -195,7 +199,7 @@ The key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0 Default is \s-1PEM.\s0
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
The input key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-peerkey file\fR" 4
.IX Item "-peerkey file"
The peer key file, used by key derivation (agreement) operations.
@@ -238,7 +242,7 @@ Use key derivation function \fBalgorithm\fR. The supported algorithms are
at present \fB\s-1TLS1\-PRF\s0\fR and \fB\s-1HKDF\s0\fR.
Note: additional parameters and the \s-1KDF\s0 output length will normally have to be
set for this to work.
-See \fIEVP_PKEY_CTX_set_hkdf_md\fR\|(3) and \fIEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3)
+See \fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3) and \fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3)
for the supported string parameters of each algorithm.
.IP "\fB\-kdflen length\fR" 4
.IX Item "-kdflen length"
@@ -282,7 +286,7 @@ and its implementation. The OpenSSL operations and options are indicated below.
Unless otherwise mentioned all algorithms support the \fBdigest:alg\fR option
which specifies the digest in use for sign, verify and verifyrecover operations.
The value \fBalg\fR should represent a digest name as used in the
-\&\fIEVP_get_digestbyname()\fR function for example \fBsha1\fR. This value is not used to
+\&\fBEVP_get_digestbyname()\fR function for example \fBsha1\fR. This value is not used to
hash the input data. It is used (by some algorithms) for sanity-checking the
lengths of data passed in to the \fBpkeyutl\fR and for creating the structures that
make up the signature (e.g. \fBDigestInfo\fR in \s-1RSASSA\s0 PKCS#1 v1.5 signatures).
@@ -412,9 +416,9 @@ seed consisting of the single byte 0xFF:
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIgenpkey\fR\|(1), \fIpkey\fR\|(1), \fIrsautl\fR\|(1)
-\&\fIdgst\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIEVP_PKEY_CTX_set_hkdf_md\fR\|(3), \fIEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3)
+\&\fBgenpkey\fR\|(1), \fBpkey\fR\|(1), \fBrsautl\fR\|(1)
+\&\fBdgst\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBEVP_PKEY_CTX_set_hkdf_md\fR\|(3), \fBEVP_PKEY_CTX_set_tls1_prf_md\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/prime.1 b/secure/usr.bin/openssl/man/prime.1
index ded2a5e5ac52..a697aab69ccc 100644
--- a/secure/usr.bin/openssl/man/prime.1
+++ b/secure/usr.bin/openssl/man/prime.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PRIME 1"
-.TH PRIME 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH PRIME 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1
index ae88ed6a3b9b..23db172545be 100644
--- a/secure/usr.bin/openssl/man/rand.1
+++ b/secure/usr.bin/openssl/man/rand.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND 1"
-.TH RAND 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RAND 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -181,7 +185,7 @@ Perform base64 encoding on the output.
Show the output as a hex string.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIRAND_bytes\fR\|(3)
+\&\fBRAND_bytes\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2016 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1
index 20cf8fe68768..f44a0ee08401 100644
--- a/secure/usr.bin/openssl/man/req.1
+++ b/secure/usr.bin/openssl/man/req.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "REQ 1"
-.TH REQ 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH REQ 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -208,7 +212,7 @@ options (\fB\-new\fR and \fB\-newkey\fR) are not specified.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write to or standard output by
@@ -216,7 +220,7 @@ default.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-text\fR" 4
.IX Item "-text"
Prints out the certificate request in text form.
@@ -318,7 +322,7 @@ signatures always use \s-1SHA1, GOST R 34.10\s0 signatures always use
.IX Item "-config filename"
This allows an alternative configuration file to be specified.
Optional; for a description of the default value,
-see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1).
+see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1).
.IP "\fB\-subj arg\fR" 4
.IX Item "-subj arg"
Sets subject name for new request or supersedes the subject name
@@ -393,13 +397,13 @@ configuration file, must be valid \s-1UTF8\s0 strings.
Option which determines how the subject or issuer names are displayed. The
\&\fBoption\fR argument can be a single option or multiple options separated by
commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fIx509\fR\|(1) manual page for details.
+set multiple options. See the \fBx509\fR\|(1) manual page for details.
.IP "\fB\-reqopt\fR" 4
.IX Item "-reqopt"
Customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be
a single option or multiple options separated by commas.
.Sp
-See discussion of the \fB\-certopt\fR parameter in the \fIx509\fR\|(1)
+See discussion of the \fB\-certopt\fR parameter in the \fBx509\fR\|(1)
command.
.IP "\fB\-newhdr\fR" 4
.IX Item "-newhdr"
@@ -494,7 +498,7 @@ problems with BMPStrings and UTF8Strings: in particular Netscape.
This specifies the configuration file section containing a list of
extensions to add to the certificate request. It can be overridden
by the \fB\-reqexts\fR command line switch. See the
-\&\fIx509v3_config\fR\|(5) manual page for details of the
+\&\fBx509v3_config\fR\|(5) manual page for details of the
extension section format.
.IP "\fBx509_extensions\fR" 4
.IX Item "x509_extensions"
@@ -572,7 +576,7 @@ The actual permitted field names are any object identifier short or
long names. These are compiled into OpenSSL and include the usual
values such as commonName, countryName, localityName, organizationName,
organizationalUnitName, stateOrProvinceName. Additionally emailAddress
-is include as well as name, surname, givenName initials and dnQualifier.
+is included as well as name, surname, givenName, initials, and dnQualifier.
.PP
Additional object identifiers can be defined with the \fBoid_file\fR or
\&\fBoid_section\fR options in the configuration file. Any additional fields
@@ -775,9 +779,9 @@ statically defined in the configuration file. Some of these: like an email
address in subjectAltName should be input by the user.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIgendsa\fR\|(1), \fIconfig\fR\|(5),
-\&\fIx509v3_config\fR\|(5)
+\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBgendsa\fR\|(1), \fBconfig\fR\|(5),
+\&\fBx509v3_config\fR\|(5)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1
index 53e2d89a7f74..e658eee3b21d 100644
--- a/secure/usr.bin/openssl/man/rsa.1
+++ b/secure/usr.bin/openssl/man/rsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA 1"
-.TH RSA 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSA 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -198,7 +202,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output if this
@@ -208,7 +212,7 @@ filename.
.IP "\fB\-passout password\fR" 4
.IX Item "-passout password"
The output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4
.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea"
These options encrypt the private key with the specified
@@ -314,8 +318,8 @@ There should be an option that automatically handles .key files,
without having to manually edit them.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIpkcs8\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIgendsa\fR\|(1)
+\&\fBpkcs8\fR\|(1), \fBdsa\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBgendsa\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1
index 089d1ac60789..6b1486957ebd 100644
--- a/secure/usr.bin/openssl/man/rsautl.1
+++ b/secure/usr.bin/openssl/man/rsautl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSAUTL 1"
-.TH RSAUTL 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH RSAUTL 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -330,7 +334,7 @@ and its digest computed with:
which it can be seen agrees with the recovered value above.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIdgst\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1)
+\&\fBdgst\fR\|(1), \fBrsa\fR\|(1), \fBgenrsa\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1
index 3601cd511b79..395b3f56bee4 100644
--- a/secure/usr.bin/openssl/man/s_client.1
+++ b/secure/usr.bin/openssl/man/s_client.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "S_CLIENT 1"
-.TH S_CLIENT 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH S_CLIENT 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -231,6 +235,7 @@ openssl\-s_client, s_client \- SSL/TLS client program
[\fB\-dtls1\fR]
[\fB\-dtls1_2\fR]
[\fB\-sctp\fR]
+[\fB\-sctp_label_bug\fR]
[\fB\-fallback_scsv\fR]
[\fB\-async\fR]
[\fB\-max_send_frag\fR]
@@ -276,7 +281,7 @@ to a remote host using \s-1SSL/TLS.\s0 It is a \fIvery\fR useful diagnostic tool
.IX Header "OPTIONS"
In addition to the options below the \fBs_client\fR utility also supports the
common and client only options documented in the
-in the \*(L"Supported Command Line Commands\*(R" section of the \fISSL_CONF_cmd\fR\|(3)
+in the \*(L"Supported Command Line Commands\*(R" section of the \fBSSL_CONF_cmd\fR\|(3)
manual page.
.IP "\fB\-help\fR" 4
.IX Item "-help"
@@ -309,14 +314,17 @@ Use IPv6 only.
.IP "\fB\-servername name\fR" 4
.IX Item "-servername name"
Set the \s-1TLS SNI\s0 (Server Name Indication) extension in the ClientHello message to
-the given value. If both this option and the \fB\-noservername\fR are not given, the
-\&\s-1TLS SNI\s0 extension is still set to the hostname provided to the \fB\-connect\fR option,
-or \*(L"localhost\*(R" if \fB\-connect\fR has not been supplied. This is default since OpenSSL
-1.1.1.
+the given value.
+If \fB\-servername\fR is not provided, the \s-1TLS SNI\s0 extension will be populated with
+the name given to \fB\-connect\fR if it follows a \s-1DNS\s0 name format. If \fB\-connect\fR is
+not provided either, the \s-1SNI\s0 is set to \*(L"localhost\*(R".
+This is the default since OpenSSL 1.1.1.
.Sp
-Even though \s-1SNI\s0 name should normally be a \s-1DNS\s0 name and not an \s-1IP\s0 address, this
-option will not make the distinction when parsing \fB\-connect\fR and will send
-\&\s-1IP\s0 address if one passed.
+Even though \s-1SNI\s0 should normally be a \s-1DNS\s0 name and not an \s-1IP\s0 address, if
+\&\fB\-servername\fR is provided then that name will be sent, regardless of whether
+it is a \s-1DNS\s0 name or not.
+.Sp
+This option cannot be used in conjuction with \fB\-noservername\fR.
.IP "\fB\-noservername\fR" 4
.IX Item "-noservername"
Suppresses sending of the \s-1SNI\s0 (Server Name Indication) extension in the
@@ -362,7 +370,7 @@ Extra certificate and private key format respectively.
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-verify depth\fR" 4
.IX Item "-verify depth"
The verify depth to use. This specifies the maximum length of the
@@ -379,11 +387,11 @@ abort the handshake with a fatal error.
Option which determines how the subject or issuer names are displayed. The
\&\fBoption\fR argument can be a single option or multiple options separated by
commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fIx509\fR\|(1) manual page for details.
+set multiple options. See the \fBx509\fR\|(1) manual page for details.
.IP "\fB\-CApath directory\fR" 4
.IX Item "-CApath directory"
The directory to use for server certificate verification. This directory
-must be in \*(L"hash format\*(R", see \fIverify\fR\|(1) for more information. These are
+must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. These are
also used when building the client certificate chain.
.IP "\fB\-CAfile file\fR" 4
.IX Item "-CAfile file"
@@ -392,7 +400,7 @@ and to use when attempting to build the client certificate chain.
.IP "\fB\-chainCApath directory\fR" 4
.IX Item "-chainCApath directory"
The directory to use for building the chain provided to the server. This
-directory must be in \*(L"hash format\*(R", see \fIverify\fR\|(1) for more information.
+directory must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information.
.IP "\fB\-chainCAfile file\fR" 4
.IX Item "-chainCAfile file"
A file containing trusted certificates to use when attempting to build the
@@ -448,7 +456,7 @@ whitespace is ignored in the associated data field. For example:
.Ve
.IP "\fB\-dane_ee_no_namechecks\fR" 4
.IX Item "-dane_ee_no_namechecks"
-This disables server name checks when authenticating via \s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0
+This disables server name checks when authenticating via \s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0
records.
For some applications, primarily web browsers, it is not safe to disable name
checks due to \*(L"unknown key share\*(R" attacks, in which a malicious server can
@@ -457,7 +465,7 @@ connection to the malicious server.
The malicious server may then be able to violate cross-origin scripting
restrictions.
Thus, despite the text of \s-1RFC7671,\s0 name checks are by default enabled for
-\&\s-1\fIDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe
+\&\s-1\fBDANE\-EE\s0\fR\|(3) \s-1TLSA\s0 records, and can be disabled in applications where it is safe
to do so.
In particular, \s-1SMTP\s0 and \s-1XMPP\s0 clients should set this option as \s-1SRV\s0 and \s-1MX\s0
records already make it possible for a remote domain to redirect client
@@ -466,7 +474,7 @@ do not execute scripts downloaded from remote servers.
.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4
.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict"
Set various certificate chain validation options. See the
-\&\fIverify\fR\|(1) manual page for details.
+\&\fBverify\fR\|(1) manual page for details.
.IP "\fB\-reconnect\fR" 4
.IX Item "-reconnect"
Reconnects to the same server 5 times using the same session \s-1ID,\s0 this can
@@ -558,6 +566,13 @@ respectively.
Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS.\s0 Must be used in
conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only
available where OpenSSL has support for \s-1SCTP\s0 enabled.
+.IP "\fB\-sctp_label_bug\fR" 4
+.IX Item "-sctp_label_bug"
+Use the incorrect behaviour of older OpenSSL implementations when computing
+endpoint-pair shared secrets for \s-1DTLS/SCTP.\s0 This allows communication with
+older broken implementations but breaks interoperability with correct
+implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only
+available where OpenSSL has support for \s-1SCTP\s0 enabled.
.IP "\fB\-fallback_scsv\fR" 4
.IX Item "-fallback_scsv"
Send \s-1TLS_FALLBACK_SCSV\s0 in the ClientHello.
@@ -570,7 +585,7 @@ is also used via the \fB\-engine\fR option. For test purposes the dummy async en
.IP "\fB\-max_send_frag int\fR" 4
.IX Item "-max_send_frag int"
The maximum size of data fragment to send.
-See \fISSL_CTX_set_max_send_fragment\fR\|(3) for further information.
+See \fBSSL_CTX_set_max_send_fragment\fR\|(3) for further information.
.IP "\fB\-split_send_frag int\fR" 4
.IX Item "-split_send_frag int"
The size used to split data for encrypt pipelines. If more data is written in
@@ -578,18 +593,18 @@ one go than this value then it will be split into multiple pipelines, up to the
maximum number of pipelines defined by max_pipelines. This only has an effect if
a suitable cipher suite has been negotiated, an engine that supports pipelining
has been loaded, and max_pipelines is greater than 1. See
-\&\fISSL_CTX_set_split_send_fragment\fR\|(3) for further information.
+\&\fBSSL_CTX_set_split_send_fragment\fR\|(3) for further information.
.IP "\fB\-max_pipelines int\fR" 4
.IX Item "-max_pipelines int"
The maximum number of encrypt/decrypt pipelines to be used. This will only have
an effect if an engine has been loaded that supports pipelining (e.g. the dasync
engine) and a suitable cipher suite has been negotiated. The default value is 1.
-See \fISSL_CTX_set_max_pipelines\fR\|(3) for further information.
+See \fBSSL_CTX_set_max_pipelines\fR\|(3) for further information.
.IP "\fB\-read_buf int\fR" 4
.IX Item "-read_buf int"
The default read buffer size to be used for connections. This will only have an
effect if the buffer size is larger than the size that would otherwise be used
-and pipelining is in use (see \fISSL_CTX_set_default_read_buffer_len\fR\|(3) for
+and pipelining is in use (see \fBSSL_CTX_set_default_read_buffer_len\fR\|(3) for
further information).
.IP "\fB\-bugs\fR" 4
.IX Item "-bugs"
@@ -614,7 +629,7 @@ normal verbose output.
.IX Item "-sigalgs sigalglist"
Specifies the list of signature algorithms that are sent by the client.
The server selects one entry in the list based on its preferences.
-For example strings, see \fISSL_CTX_set1_sigalgs\fR\|(3)
+For example strings, see \fBSSL_CTX_set1_sigalgs\fR\|(3)
.IP "\fB\-curves curvelist\fR" 4
.IX Item "-curves curvelist"
Specifies the list of supported curves to be sent by the client. The curve is
@@ -730,7 +745,7 @@ for SCTs.
.IP "\fB\-ctlogfile\fR" 4
.IX Item "-ctlogfile"
A file containing a list of known Certificate Transparency logs. See
-\&\fISSL_CTX_set_ctlog_list_file\fR\|(3) for the expected file format.
+\&\fBSSL_CTX_set_ctlog_list_file\fR\|(3) for the expected file format.
.IP "\fB\-keylogfile file\fR" 4
.IX Item "-keylogfile file"
Appends \s-1TLS\s0 secrets to the specified keylog file such that external programs
@@ -831,16 +846,16 @@ The \fB\-prexit\fR option is a bit of a hack. We should really report
information whenever a session is renegotiated.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fISSL_CONF_cmd\fR\|(3), \fIsess_id\fR\|(1), \fIs_server\fR\|(1), \fIciphers\fR\|(1),
-\&\fISSL_CTX_set_max_send_fragment\fR\|(3), \fISSL_CTX_set_split_send_fragment\fR\|(3),
-\&\fISSL_CTX_set_max_pipelines\fR\|(3)
+\&\fBSSL_CONF_cmd\fR\|(3), \fBsess_id\fR\|(1), \fBs_server\fR\|(1), \fBciphers\fR\|(1),
+\&\fBSSL_CTX_set_max_send_fragment\fR\|(3), \fBSSL_CTX_set_split_send_fragment\fR\|(3),
+\&\fBSSL_CTX_set_max_pipelines\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-The \fB\-no_alt_chains\fR option was first added to OpenSSL 1.1.0.
+The \fB\-no_alt_chains\fR option was added in OpenSSL 1.1.0.
The \fB\-name\fR option was added in OpenSSL 1.1.1.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
-Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1
index f3fa8ae0e466..c6c1fe82e1a0 100644
--- a/secure/usr.bin/openssl/man/s_server.1
+++ b/secure/usr.bin/openssl/man/s_server.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "S_SERVER 1"
-.TH S_SERVER 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH S_SERVER 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -229,6 +233,7 @@ openssl\-s_server, s_server \- SSL/TLS server program
[\fB\-no_comp\fR]
[\fB\-comp\fR]
[\fB\-no_ticket\fR]
+[\fB\-num_tickets\fR]
[\fB\-serverpref\fR]
[\fB\-legacy_renegotiation\fR]
[\fB\-no_renegotiation\fR]
@@ -303,6 +308,7 @@ openssl\-s_server, s_server \- SSL/TLS server program
[\fB\-dtls1\fR]
[\fB\-dtls1_2\fR]
[\fB\-sctp\fR]
+[\fB\-sctp_label_bug\fR]
[\fB\-no_dhe\fR]
[\fB\-nextprotoneg val\fR]
[\fB\-use_srtp val\fR]
@@ -321,7 +327,7 @@ for connections on a given port using \s-1SSL/TLS.\s0
.IX Header "OPTIONS"
In addition to the options below the \fBs_server\fR utility also supports the
common and server only options documented in the
-in the \*(L"Supported Command Line Commands\*(R" section of the \fISSL_CONF_cmd\fR\|(3)
+in the \*(L"Supported Command Line Commands\*(R" section of the \fBSSL_CONF_cmd\fR\|(3)
manual page.
.IP "\fB\-help\fR" 4
.IX Item "-help"
@@ -378,7 +384,7 @@ provided to the client.
Option which determines how the subject or issuer names are displayed. The
\&\fBval\fR argument can be a single option or multiple options separated by
commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fIx509\fR\|(1) manual page for details.
+set multiple options. See the \fBx509\fR\|(1) manual page for details.
.IP "\fB\-naccept +int\fR" 4
.IX Item "-naccept +int"
The server will exit after receiving the specified number of connections,
@@ -403,7 +409,7 @@ The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-pass val\fR" 4
.IX Item "-pass val"
The private key password source. For more information about the format of \fBval\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-dcert infile\fR, \fB\-dkey infile\fR" 4
.IX Item "-dcert infile, -dkey infile"
Specify an additional certificate and private key, these behave in the
@@ -463,12 +469,12 @@ a certificate is requested.
.IP "\fB\-CApath dir\fR" 4
.IX Item "-CApath dir"
The directory to use for client certificate verification. This directory
-must be in \*(L"hash format\*(R", see \fIverify\fR\|(1) for more information. These are
+must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information. These are
also used when building the server certificate chain.
.IP "\fB\-chainCApath dir\fR" 4
.IX Item "-chainCApath dir"
The directory to use for building the chain provided to the client. This
-directory must be in \*(L"hash format\*(R", see \fIverify\fR\|(1) for more information.
+directory must be in \*(L"hash format\*(R", see \fBverify\fR\|(1) for more information.
.IP "\fB\-chainCAfile file\fR" 4
.IX Item "-chainCAfile file"
A file containing trusted certificates to use when attempting to build the
@@ -573,7 +579,7 @@ is also used via the \fB\-engine\fR option. For test purposes the dummy async en
.IP "\fB\-max_send_frag +int\fR" 4
.IX Item "-max_send_frag +int"
The maximum size of data fragment to send.
-See \fISSL_CTX_set_max_send_fragment\fR\|(3) for further information.
+See \fBSSL_CTX_set_max_send_fragment\fR\|(3) for further information.
.IP "\fB\-split_send_frag +int\fR" 4
.IX Item "-split_send_frag +int"
The size used to split data for encrypt pipelines. If more data is written in
@@ -581,18 +587,18 @@ one go than this value then it will be split into multiple pipelines, up to the
maximum number of pipelines defined by max_pipelines. This only has an effect if
a suitable cipher suite has been negotiated, an engine that supports pipelining
has been loaded, and max_pipelines is greater than 1. See
-\&\fISSL_CTX_set_split_send_fragment\fR\|(3) for further information.
+\&\fBSSL_CTX_set_split_send_fragment\fR\|(3) for further information.
.IP "\fB\-max_pipelines +int\fR" 4
.IX Item "-max_pipelines +int"
The maximum number of encrypt/decrypt pipelines to be used. This will only have
an effect if an engine has been loaded that supports pipelining (e.g. the dasync
engine) and a suitable cipher suite has been negotiated. The default value is 1.
-See \fISSL_CTX_set_max_pipelines\fR\|(3) for further information.
+See \fBSSL_CTX_set_max_pipelines\fR\|(3) for further information.
.IP "\fB\-read_buf +int\fR" 4
.IX Item "-read_buf +int"
The default read buffer size to be used for connections. This will only have an
effect if the buffer size is larger than the size that would otherwise be used
-and pipelining is in use (see \fISSL_CTX_set_default_read_buffer_len\fR\|(3) for
+and pipelining is in use (see \fBSSL_CTX_set_default_read_buffer_len\fR\|(3) for
further information).
.IP "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-tls1_1\fR, \fB\-tls1_2\fR, \fB\-tls1_3\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR, \fB\-no_tls1_1\fR, \fB\-no_tls1_2\fR, \fB\-no_tls1_3\fR" 4
.IX Item "-ssl2, -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl2, -no_ssl3, -no_tls1, -no_tls1_1, -no_tls1_2, -no_tls1_3"
@@ -620,7 +626,13 @@ This option was introduced in OpenSSL 1.1.0.
OpenSSL 1.1.0.
.IP "\fB\-no_ticket\fR" 4
.IX Item "-no_ticket"
-Disable RFC4507bis session ticket support.
+Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3
+is negotiated. See \fB\-num_tickets\fR.
+.IP "\fB\-num_tickets\fR" 4
+.IX Item "-num_tickets"
+Control the number of tickets that will be sent to the client after a full
+handshake in TLSv1.3. The default number of tickets is 2. This option does not
+affect the number of tickets sent after a resumption handshake.
.IP "\fB\-serverpref\fR" 4
.IX Item "-serverpref"
Use the server's cipher preferences, rather than the client's preferences.
@@ -669,7 +681,7 @@ program will be used.
.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-no_check_time\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4
.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -no_check_time, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict"
Set different peer certificate verification options.
-See the \fIverify\fR\|(1) manual page for details.
+See the \fBverify\fR\|(1) manual page for details.
.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4
.IX Item "-crl_check, -crl_check_all"
Check the peer certificate has not been revoked by its \s-1CA.\s0
@@ -716,6 +728,13 @@ respectively.
Use \s-1SCTP\s0 for the transport protocol instead of \s-1UDP\s0 in \s-1DTLS.\s0 Must be used in
conjunction with \fB\-dtls\fR, \fB\-dtls1\fR or \fB\-dtls1_2\fR. This option is only
available where OpenSSL has support for \s-1SCTP\s0 enabled.
+.IP "\fB\-sctp_label_bug\fR" 4
+.IX Item "-sctp_label_bug"
+Use the incorrect behaviour of older OpenSSL implementations when computing
+endpoint-pair shared secrets for \s-1DTLS/SCTP.\s0 This allows communication with
+older broken implementations but breaks interoperability with correct
+implementations. Must be used in conjunction with \fB\-sctp\fR. This option is only
+available where OpenSSL has support for \s-1SCTP\s0 enabled.
.IP "\fB\-no_dhe\fR" 4
.IX Item "-no_dhe"
If this option is set then no \s-1DH\s0 parameters will be loaded effectively
@@ -829,19 +848,19 @@ There should be a way for the \fBs_server\fR program to print out details of any
unknown cipher suites a client says it supports.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fISSL_CONF_cmd\fR\|(3), \fIsess_id\fR\|(1), \fIs_client\fR\|(1), \fIciphers\fR\|(1)
-\&\fISSL_CTX_set_max_send_fragment\fR\|(3),
-\&\fISSL_CTX_set_split_send_fragment\fR\|(3),
-\&\fISSL_CTX_set_max_pipelines\fR\|(3)
+\&\fBSSL_CONF_cmd\fR\|(3), \fBsess_id\fR\|(1), \fBs_client\fR\|(1), \fBciphers\fR\|(1)
+\&\fBSSL_CTX_set_max_send_fragment\fR\|(3),
+\&\fBSSL_CTX_set_split_send_fragment\fR\|(3),
+\&\fBSSL_CTX_set_max_pipelines\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-The \-no_alt_chains option was first added to OpenSSL 1.1.0.
+The \-no_alt_chains option was added in OpenSSL 1.1.0.
.PP
-The \-allow\-no\-dhe\-kex and \-prioritize_chacha options were first added to
-OpenSSL 1.1.1.
+The
+\&\-allow\-no\-dhe\-kex and \-prioritize_chacha options were added in OpenSSL 1.1.1.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
-Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1
index 0439fe218f68..d833e4435b8b 100644
--- a/secure/usr.bin/openssl/man/s_time.1
+++ b/secure/usr.bin/openssl/man/s_time.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "S_TIME 1"
-.TH S_TIME 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH S_TIME 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -198,7 +202,7 @@ will never fail due to a server certificate verify failure.
Option which determines how the subject or issuer names are displayed. The
\&\fBoption\fR argument can be a single option or multiple options separated by
commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fIx509\fR\|(1) manual page for details.
+set multiple options. See the \fBx509\fR\|(1) manual page for details.
.IP "\fB\-CApath directory\fR" 4
.IX Item "-CApath directory"
The directory to use for server certificate verification. This directory
@@ -231,7 +235,7 @@ the initial handshake uses a method which should be compatible with all
servers and permit them to use \s-1SSL\s0 v3 or \s-1TLS\s0 as appropriate.
.Sp
The timing program is not as rich in options to turn protocols on and off as
-the \fIs_client\fR\|(1) program and may not connect to all servers.
+the \fBs_client\fR\|(1) program and may not connect to all servers.
Unfortunately there are a lot of ancient and broken servers in use which
cannot handle this technique and will fail to connect. Some servers only
work if \s-1TLS\s0 is turned off with the \fB\-ssl3\fR option.
@@ -248,14 +252,14 @@ This allows the TLSv1.2 and below cipher list sent by the client to be modified.
This list will be combined with any TLSv1.3 ciphersuites that have been
configured. Although the server determines which cipher suite is used it should
take the first supported cipher in the list sent by the client. See
-\&\fIciphers\fR\|(1) for more information.
+\&\fBciphers\fR\|(1) for more information.
.IP "\fB\-ciphersuites val\fR" 4
.IX Item "-ciphersuites val"
This allows the TLSv1.3 ciphersuites sent by the client to be modified. This
list will be combined with any TLSv1.2 and below ciphersuites that have been
configured. Although the server determines which cipher suite is used it should
take the first supported cipher in the list sent by the client. See
-\&\fIciphers\fR\|(1) for more information. The format for this list is a simple
+\&\fBciphers\fR\|(1) for more information. The format for this list is a simple
colon (\*(L":\*(R") separated list of TLSv1.3 ciphersuite names.
.IP "\fB\-time length\fR" 4
.IX Item "-time length"
@@ -272,7 +276,7 @@ To connect to an \s-1SSL HTTP\s0 server and get the default page the command
.Ve
.PP
would typically be used (https uses port 443). 'commoncipher' is a cipher to
-which both client and server can agree, see the \fIciphers\fR\|(1) command
+which both client and server can agree, see the \fBciphers\fR\|(1) command
for details.
.PP
If the handshake fails then there are several possible causes, if it is
@@ -285,10 +289,10 @@ A frequent problem when attempting to get client certificates working
is that a web client complains it has no certificates or gives an empty
list to choose from. This is normally because the server is not sending
the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it
-requests a certificate. By using \fIs_client\fR\|(1) the \s-1CA\s0 list can be
+requests a certificate. By using \fBs_client\fR\|(1) the \s-1CA\s0 list can be
viewed and checked. However some servers only request client authentication
after a specific \s-1URL\s0 is requested. To obtain the list in this case it
-is necessary to use the \fB\-prexit\fR option of \fIs_client\fR\|(1) and
+is necessary to use the \fB\-prexit\fR option of \fBs_client\fR\|(1) and
send an \s-1HTTP\s0 request for an appropriate page.
.PP
If a certificate is specified on the command line using the \fB\-cert\fR
@@ -298,14 +302,14 @@ on the command line is no guarantee that the certificate works.
.SH "BUGS"
.IX Header "BUGS"
Because this program does not have all the options of the
-\&\fIs_client\fR\|(1) program to turn protocols on and off, you may not be
+\&\fBs_client\fR\|(1) program to turn protocols on and off, you may not be
able to measure the performance of all protocols with all servers.
.PP
The \fB\-verify\fR option should really exit if the server verification
fails.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIs_client\fR\|(1), \fIs_server\fR\|(1), \fIciphers\fR\|(1)
+\&\fBs_client\fR\|(1), \fBs_server\fR\|(1), \fBciphers\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2004\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1
index dac71229957c..22dc0382b521 100644
--- a/secure/usr.bin/openssl/man/sess_id.1
+++ b/secure/usr.bin/openssl/man/sess_id.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SESS_ID 1"
-.TH SESS_ID 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SESS_ID 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -257,7 +261,7 @@ strongly discouraged and should only be used for debugging purposes.
The cipher and start time should be printed out in human readable form.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIciphers\fR\|(1), \fIs_server\fR\|(1)
+\&\fBciphers\fR\|(1), \fBs_server\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1
index d200e89e52a9..c87a67a414f4 100644
--- a/secure/usr.bin/openssl/man/smime.1
+++ b/secure/usr.bin/openssl/man/smime.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME 1"
-.TH SMIME 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SMIME 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -312,7 +316,7 @@ default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
.IX Item "-cipher"
The encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR,
triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR,
-\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
+\&\fBEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
example \fB\-aes\-128\-cbc\fR. See \fBenc\fR for list of ciphers
supported by your version of OpenSSL.
.Sp
@@ -387,7 +391,7 @@ specified, the argument is given to the engine as a key identifier.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
The private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-rand file...\fR" 4
.IX Item "-rand file..."
A file or files containing random data used to seed the random number
@@ -412,7 +416,7 @@ address matches that specified in the From: address.
.IP "\fB\-attime\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR, \fB\-crl_check_all\fR, \fB\-explicit_policy\fR, \fB\-extended_crl\fR, \fB\-ignore_critical\fR, \fB\-inhibit_any\fR, \fB\-inhibit_map\fR, \fB\-no_alt_chains\fR, \fB\-partial_chain\fR, \fB\-policy\fR, \fB\-policy_check\fR, \fB\-policy_print\fR, \fB\-purpose\fR, \fB\-suiteB_128\fR, \fB\-suiteB_128_only\fR, \fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR, \fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR, \fB\-verify_name\fR, \fB\-x509_strict\fR" 4
.IX Item "-attime, -check_ss_sig, -crl_check, -crl_check_all, -explicit_policy, -extended_crl, -ignore_critical, -inhibit_any, -inhibit_map, -no_alt_chains, -partial_chain, -policy, -policy_check, -policy_print, -purpose, -suiteB_128, -suiteB_128_only, -suiteB_192, -trusted_first, -use_deltas, -auth_level, -verify_depth, -verify_email, -verify_hostname, -verify_ip, -verify_name, -x509_strict"
Set various options of certificate chain verification. See
-\&\fIverify\fR\|(1) manual page for details.
+\&\fBverify\fR\|(1) manual page for details.
.SH "NOTES"
.IX Header "NOTES"
The \s-1MIME\s0 message must be sent without any blank lines between the
@@ -602,7 +606,7 @@ structures may cause parsing errors.
The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first
added in OpenSSL 1.0.0
.PP
-The \-no_alt_chains options was first added to OpenSSL 1.1.0.
+The \-no_alt_chains option was added in OpenSSL 1.1.0.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1
index 1b556805bd00..6497cb985c86 100644
--- a/secure/usr.bin/openssl/man/speed.1
+++ b/secure/usr.bin/openssl/man/speed.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SPEED 1"
-.TH SPEED 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SPEED 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1
index 99cb3e60b390..a3fdc0896b48 100644
--- a/secure/usr.bin/openssl/man/spkac.1
+++ b/secure/usr.bin/openssl/man/spkac.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SPKAC 1"
-.TH SPKAC 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SPKAC 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -182,7 +186,7 @@ The default is \s-1PEM.\s0
.IP "\fB\-passin password\fR" 4
.IX Item "-passin password"
The input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-challenge string\fR" 4
.IX Item "-challenge string"
Specifies the challenge string if an \s-1SPKAC\s0 is being created.
@@ -259,7 +263,7 @@ some applications. Without this it is possible for a previous \s-1SPKAC\s0
to be used in a \*(L"replay attack\*(R".
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIca\fR\|(1)
+\&\fBca\fR\|(1)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/srp.1 b/secure/usr.bin/openssl/man/srp.1
index 109ca21f1015..666e7aab0a02 100644
--- a/secure/usr.bin/openssl/man/srp.1
+++ b/secure/usr.bin/openssl/man/srp.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SRP 1"
-.TH SRP 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SRP 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -175,7 +179,7 @@ The \fB\-gn\fR flag specifies the \fBg\fR and \fBN\fR values, using one of
the strengths defined in \s-1IETF RFC 5054.\s0
.PP
The \fB\-passin\fR and \fB\-passout\fR arguments are parsed as described in
-the \fIopenssl\fR\|(1) command.
+the \fBopenssl\fR\|(1) command.
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "[\fB\-help\fR]" 4
diff --git a/secure/usr.bin/openssl/man/storeutl.1 b/secure/usr.bin/openssl/man/storeutl.1
index b09f3f473297..742dd9c9ee0c 100644
--- a/secure/usr.bin/openssl/man/storeutl.1
+++ b/secure/usr.bin/openssl/man/storeutl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "STOREUTL 1"
-.TH STOREUTL 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH STOREUTL 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -175,7 +179,7 @@ this option prevents output of the \s-1PEM\s0 data.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-text\fR" 4
.IX Item "-text"
Prints out the objects in text form, similarly to the \fB\-text\fR output from
@@ -231,10 +235,10 @@ Search for an object having the given fingerprint.
The digest that was used to compute the fingerprint given with \fB\-fingerprint\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIopenssl\fR\|(1)
+\&\fBopenssl\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fBopenssl\fR \fBstoreutl\fR was added to OpenSSL 1.1.1.
+The \fBopenssl\fR \fBstoreutl\fR app was added in OpenSSL 1.1.1.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2016\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1
index 43ad019c7290..52c3242e1e75 100644
--- a/secure/usr.bin/openssl/man/ts.1
+++ b/secure/usr.bin/openssl/man/ts.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "TS 1"
-.TH TS 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH TS 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -264,7 +268,7 @@ This can be used with a subsequent \fB\-rand\fR flag.
.IX Item "-config configfile"
The configuration file to use.
Optional; for a description of the default value,
-see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1).
+see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1).
.IP "\fB\-data\fR file_to_hash" 4
.IX Item "-data file_to_hash"
The data file for which the time stamp request needs to be
@@ -325,7 +329,7 @@ otherwise it is a time stamp token (ContentInfo).
.IX Item "-config configfile"
The configuration file to use.
Optional; for a description of the default value,
-see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fIopenssl\fR\|(1).
+see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1).
See \fB\s-1CONFIGURATION FILE OPTIONS\s0\fR for configurable variables.
.IP "\fB\-section\fR tsa_section" 4
.IX Item "-section tsa_section"
@@ -338,7 +342,7 @@ The name of the file containing a \s-1DER\s0 encoded time stamp request. (Option
.IP "\fB\-passin\fR password_src" 4
.IX Item "-passin password_src"
Specifies the password source for the private key of the \s-1TSA.\s0 See
-\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fIopenssl\fR\|(1). (Optional)
+\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fBopenssl\fR\|(1). (Optional)
.IP "\fB\-signer\fR tsa_cert.pem" 4
.IX Item "-signer tsa_cert.pem"
The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing
@@ -435,13 +439,13 @@ of a time stamp response (TimeStampResp). (Optional)
.IP "\fB\-CApath\fR trusted_cert_path" 4
.IX Item "-CApath trusted_cert_path"
The name of the directory containing the trusted \s-1CA\s0 certificates of the
-client. See the similar option of \fIverify\fR\|(1) for additional
+client. See the similar option of \fBverify\fR\|(1) for additional
details. Either this option or \fB\-CAfile\fR must be specified. (Optional)
.IP "\fB\-CAfile\fR trusted_certs.pem" 4
.IX Item "-CAfile trusted_certs.pem"
The name of the file containing a set of trusted self-signed \s-1CA\s0
certificates in \s-1PEM\s0 format. See the similar option of
-\&\fIverify\fR\|(1) for additional details. Either this option
+\&\fBverify\fR\|(1) for additional details. Either this option
or \fB\-CApath\fR must be specified.
(Optional)
.IP "\fB\-untrusted\fR cert_file.pem" 4
@@ -461,11 +465,11 @@ The options \fB\-attime timestamp\fR, \fB\-check_ss_sig\fR, \fB\-crl_check\fR,
\&\fB\-suiteB_192\fR, \fB\-trusted_first\fR, \fB\-use_deltas\fR, \fB\-auth_level\fR,
\&\fB\-verify_depth\fR, \fB\-verify_email\fR, \fB\-verify_hostname\fR, \fB\-verify_ip\fR,
\&\fB\-verify_name\fR, and \fB\-x509_strict\fR can be used to control timestamp
-verification. See \fIverify\fR\|(1).
+verification. See \fBverify\fR\|(1).
.SH "CONFIGURATION FILE OPTIONS"
.IX Header "CONFIGURATION FILE OPTIONS"
The \fB\-query\fR and \fB\-reply\fR commands make use of a configuration file.
-See \fIconfig\fR\|(5)
+See \fBconfig\fR\|(5)
for a general description of the syntax of the config file. The
\&\fB\-query\fR command uses only the symbolic \s-1OID\s0 names section
and it can work without it. However, the \fB\-reply\fR command needs the
@@ -480,13 +484,13 @@ that contains all the options for the \fB\-reply\fR command. This default
section can be overridden with the \fB\-section\fR command line switch. (Optional)
.IP "\fBoid_file\fR" 4
.IX Item "oid_file"
-See \fIca\fR\|(1) for description. (Optional)
+See \fBca\fR\|(1) for description. (Optional)
.IP "\fBoid_section\fR" 4
.IX Item "oid_section"
-See \fIca\fR\|(1) for description. (Optional)
+See \fBca\fR\|(1) for description. (Optional)
.IP "\fB\s-1RANDFILE\s0\fR" 4
.IX Item "RANDFILE"
-See \fIca\fR\|(1) for description. (Optional)
+See \fBca\fR\|(1) for description. (Optional)
.IP "\fBserial\fR" 4
.IX Item "serial"
The name of the file containing the hexadecimal serial number of the
@@ -613,7 +617,7 @@ user certificate section of the config file to generate a proper certificate;
\& extendedKeyUsage = critical,timeStamping
.Ve
.PP
-See \fIreq\fR\|(1), \fIca\fR\|(1), and \fIx509\fR\|(1) for instructions. The examples
+See \fBreq\fR\|(1), \fBca\fR\|(1), and \fBx509\fR\|(1) for instructions. The examples
below assume that cacert.pem contains the certificate of the \s-1CA,\s0
tsacert.pem is the signing certificate issued by cacert.pem and
tsakey.pem is the private key of the \s-1TSA.\s0
@@ -690,14 +694,14 @@ You could also look at the 'test' directory for more examples.
.IX Header "BUGS"
.IP "\(bu" 2
No support for time stamps over \s-1SMTP,\s0 though it is quite easy
-to implement an automatic e\-mail based \s-1TSA\s0 with \fIprocmail\fR\|(1)
-and \fIperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of
+to implement an automatic e\-mail based \s-1TSA\s0 with \fBprocmail\fR\|(1)
+and \fBperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of
a separate apache module. \s-1HTTP\s0 client support is provided by
-\&\fItsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported.
+\&\fBtsget\fR\|(1). Pure \s-1TCP/IP\s0 protocol is not supported.
.IP "\(bu" 2
The file containing the last serial number of the \s-1TSA\s0 is not
locked when being read or written. This is a problem if more than one
-instance of \fIopenssl\fR\|(1) is trying to create a time stamp
+instance of \fBopenssl\fR\|(1) is trying to create a time stamp
response at the same time. This is not an issue when using the apache
server module, it does proper locking.
.IP "\(bu" 2
@@ -709,9 +713,9 @@ More testing is needed, I have done only some basic tests (see
test/testtsa).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fItsget\fR\|(1), \fIopenssl\fR\|(1), \fIreq\fR\|(1),
-\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIconfig\fR\|(5)
+\&\fBtsget\fR\|(1), \fBopenssl\fR\|(1), \fBreq\fR\|(1),
+\&\fBx509\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBconfig\fR\|(5)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2006\-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1
index 9dc722411cb0..b52398b6521e 100644
--- a/secure/usr.bin/openssl/man/tsget.1
+++ b/secure/usr.bin/openssl/man/tsget.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "TSGET 1"
-.TH TSGET 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH TSGET 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -157,7 +161,7 @@ openssl\-tsget, tsget \- Time Stamping HTTP/HTTPS client
The \fBtsget\fR command can be used for sending a time stamp request, as
specified in \fB\s-1RFC 3161\s0\fR, to a time stamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing
the time stamp response in a file. This tool cannot be used for creating the
-requests and verifying responses, you can use the OpenSSL \fB\f(BIts\fB\|(1)\fR command to
+requests and verifying responses, you can use the OpenSSL \fB\fBts\fB\|(1)\fR command to
do that. \fBtsget\fR can send several requests to the server without closing
the \s-1TCP\s0 connection if more than one requests are specified on the command
line.
@@ -309,7 +313,7 @@ example:
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIopenssl\fR\|(1), \fIts\fR\|(1), \fIcurl\fR\|(1),
+\&\fBopenssl\fR\|(1), \fBts\fR\|(1), \fBcurl\fR\|(1),
\&\fB\s-1RFC 3161\s0\fR
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1
index 92d18ae51430..57e1c6f3c8cb 100644
--- a/secure/usr.bin/openssl/man/verify.1
+++ b/secure/usr.bin/openssl/man/verify.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "VERIFY 1"
-.TH VERIFY 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH VERIFY 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -238,7 +242,7 @@ Checks the validity of \fBall\fR certificates in the chain by attempting
to look up valid CRLs.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
-Specifying an engine \fBid\fR will cause \fIverify\fR\|(1) to attempt to load the
+Specifying an engine \fBid\fR will cause \fBverify\fR\|(1) to attempt to load the
specified engine.
The engine will then be set as the default for all its supported algorithms.
If you want to load certificates or CRLs that require engine support via any of
@@ -267,7 +271,7 @@ Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0).
Option which determines how the subject or issuer names are displayed. The
\&\fBoption\fR argument can be a single option or multiple options separated by
commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fIx509\fR\|(1) manual page for details.
+set multiple options. See the \fBx509\fR\|(1) manual page for details.
.IP "\fB\-no_check_time\fR" 4
.IX Item "-no_check_time"
This option suppresses checking the validity period of certificates and CRLs
@@ -354,7 +358,7 @@ must meet the specified security \fBlevel\fR.
The signature algorithm security level is enforced for all the certificates in
the chain except for the chain's \fItrust anchor\fR, which is either directly
trusted or validated by means other than its signature.
-See \fISSL_CTX_set_security_level\fR\|(3) for the definitions of the available
+See \fBSSL_CTX_set_security_level\fR\|(3) for the definitions of the available
levels.
The default security level is \-1, or \*(L"not set\*(R".
At security level 0 or lower all algorithms are acceptable.
@@ -385,7 +389,7 @@ Use default verification policies like trust model and required certificate
policies identified by \fBname\fR.
The trust model determines which auxiliary trust or reject OIDs are applicable
to verifying the given certificate chain.
-See the \fB\-addtrust\fR and \fB\-addreject\fR options of the \fIx509\fR\|(1) command-line
+See the \fB\-addtrust\fR and \fB\-addreject\fR options of the \fBx509\fR\|(1) command-line
utility.
Supported policy names include: \fBdefault\fR, \fBpkcs7\fR, \fBsmime_sign\fR,
\&\fBssl_client\fR, \fBssl_server\fR.
@@ -710,7 +714,7 @@ Email address mismatch.
.IX Item "X509_V_ERR_DANE_NO_MATCH"
\&\s-1DANE TLSA\s0 authentication is enabled, but no \s-1TLSA\s0 records matched the
certificate chain.
-This error is only possible in \fIs_client\fR\|(1).
+This error is only possible in \fBs_client\fR\|(1).
.IP "\fBX509_V_ERR_EE_KEY_TOO_SMALL\fR" 4
.IX Item "X509_V_ERR_EE_KEY_TOO_SMALL"
\&\s-1EE\s0 certificate key too weak.
@@ -759,10 +763,10 @@ Previous versions of this documentation swapped the meaning of the
\&\fBX509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY\fR error codes.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIx509\fR\|(1)
+\&\fBx509\fR\|(1)
.SH "HISTORY"
.IX Header "HISTORY"
-The \fB\-show_chain\fR option was first added to OpenSSL 1.1.0.
+The \fB\-show_chain\fR option was added in OpenSSL 1.1.0.
.PP
The \fB\-issuer_checks\fR option is deprecated as of OpenSSL 1.1.0 and
is silently ignored.
diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1
index 7b4cb41e3701..9b7e37d092a8 100644
--- a/secure/usr.bin/openssl/man/version.1
+++ b/secure/usr.bin/openssl/man/version.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "VERSION 1"
-.TH VERSION 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH VERSION 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1
index c7a8c229929f..dec95bccb1cf 100644
--- a/secure/usr.bin/openssl/man/x509.1
+++ b/secure/usr.bin/openssl/man/x509.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509 1"
-.TH X509 1 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH X509 1 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -273,7 +277,7 @@ any extensions present and any trust settings.
.IX Item "-ext extensions"
Prints out the certificate extensions in text form. Extensions are specified
with a comma separated string, e.g., \*(L"subjectAltName,subjectKeyIdentifier\*(R".
-See the \fIx509v3_config\fR\|(5) manual page for the extension names.
+See the \fBx509v3_config\fR\|(5) manual page for the extension names.
.IP "\fB\-certopt option\fR" 4
.IX Item "-certopt option"
Customise the output format used with \fB\-text\fR. The \fBoption\fR argument
@@ -282,7 +286,7 @@ can be a single option or multiple options separated by commas. The
options. See the \fB\s-1TEXT OPTIONS\s0\fR section for more information.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
-This option prevents output of the encoded version of the request.
+This option prevents output of the encoded version of the certificate.
.IP "\fB\-pubkey\fR" 4
.IX Item "-pubkey"
Outputs the certificate's SubjectPublicKeyInfo block in \s-1PEM\s0 format.
@@ -437,7 +441,7 @@ the request.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
The key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fBopenssl\fR\|(1).
.IP "\fB\-clrext\fR" 4
.IX Item "-clrext"
Delete any extensions from a certificate. This option is used when a
@@ -511,7 +515,7 @@ The section to add certificate extensions from. If this option is not
specified then the extensions should either be contained in the unnamed
(default) section or the default section should contain a variable called
\&\*(L"extensions\*(R" which contains the section to use. See the
-\&\fIx509v3_config\fR\|(5) manual page for details of the
+\&\fBx509v3_config\fR\|(5) manual page for details of the
extension section format.
.IP "\fB\-force_pubkey key\fR" 4
.IX Item "-force_pubkey key"
@@ -925,9 +929,9 @@ There should be options to explicitly set such things as start and end
dates rather than an offset from the current time.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIreq\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1),
-\&\fIgendsa\fR\|(1), \fIverify\fR\|(1),
-\&\fIx509v3_config\fR\|(5)
+\&\fBreq\fR\|(1), \fBca\fR\|(1), \fBgenrsa\fR\|(1),
+\&\fBgendsa\fR\|(1), \fBverify\fR\|(1),
+\&\fBx509v3_config\fR\|(5)
.SH "HISTORY"
.IX Header "HISTORY"
The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options
@@ -937,7 +941,7 @@ canonical version of the \s-1DN\s0 using \s-1SHA1.\s0 This means that any direct
the old form must have their links rebuilt using \fBc_rehash\fR or similar.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
-Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy