aboutsummaryrefslogtreecommitdiffstats
path: root/secure/usr.bin/openssl/man
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2018-08-14 17:48:02 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2018-08-14 17:48:02 +0000
commitdea77ea6fc17930104a7cf5c04b7aa6acc4a33fb (patch)
tree9063b7bc29c788870f2821ff70405afe6d303e63 /secure/usr.bin/openssl/man
parent8c52a6dbf7d095edbbd3e1345dabca669cc0800c (diff)
parent43a67e02da9068b94df1c07fc6f0d70bafd9263b (diff)
downloadsrc-dea77ea6fc17930104a7cf5c04b7aa6acc4a33fb.tar.gz
src-dea77ea6fc17930104a7cf5c04b7aa6acc4a33fb.zip
Merge OpenSSL 1.0.2p.
Notes
Notes: svn path=/head/; revision=337791
Diffstat (limited to 'secure/usr.bin/openssl/man')
-rw-r--r--secure/usr.bin/openssl/man/CA.pl.14
-rw-r--r--secure/usr.bin/openssl/man/asn1parse.16
-rw-r--r--secure/usr.bin/openssl/man/ca.114
-rw-r--r--secure/usr.bin/openssl/man/ciphers.114
-rw-r--r--secure/usr.bin/openssl/man/cms.138
-rw-r--r--secure/usr.bin/openssl/man/crl.14
-rw-r--r--secure/usr.bin/openssl/man/crl2pkcs7.14
-rw-r--r--secure/usr.bin/openssl/man/dgst.18
-rw-r--r--secure/usr.bin/openssl/man/dhparam.14
-rw-r--r--secure/usr.bin/openssl/man/dsa.14
-rw-r--r--secure/usr.bin/openssl/man/dsaparam.16
-rw-r--r--secure/usr.bin/openssl/man/ec.14
-rw-r--r--secure/usr.bin/openssl/man/ecparam.14
-rw-r--r--secure/usr.bin/openssl/man/enc.14
-rw-r--r--secure/usr.bin/openssl/man/errstr.14
-rw-r--r--secure/usr.bin/openssl/man/gendsa.14
-rw-r--r--secure/usr.bin/openssl/man/genpkey.1135
-rw-r--r--secure/usr.bin/openssl/man/genrsa.14
-rw-r--r--secure/usr.bin/openssl/man/nseq.14
-rw-r--r--secure/usr.bin/openssl/man/ocsp.16
-rw-r--r--secure/usr.bin/openssl/man/openssl.18
-rw-r--r--secure/usr.bin/openssl/man/passwd.14
-rw-r--r--secure/usr.bin/openssl/man/pkcs12.14
-rw-r--r--secure/usr.bin/openssl/man/pkcs7.14
-rw-r--r--secure/usr.bin/openssl/man/pkcs8.16
-rw-r--r--secure/usr.bin/openssl/man/pkey.14
-rw-r--r--secure/usr.bin/openssl/man/pkeyparam.14
-rw-r--r--secure/usr.bin/openssl/man/pkeyutl.14
-rw-r--r--secure/usr.bin/openssl/man/rand.14
-rw-r--r--secure/usr.bin/openssl/man/req.18
-rw-r--r--secure/usr.bin/openssl/man/rsa.18
-rw-r--r--secure/usr.bin/openssl/man/rsautl.14
-rw-r--r--secure/usr.bin/openssl/man/s_client.114
-rw-r--r--secure/usr.bin/openssl/man/s_server.110
-rw-r--r--secure/usr.bin/openssl/man/s_time.14
-rw-r--r--secure/usr.bin/openssl/man/sess_id.14
-rw-r--r--secure/usr.bin/openssl/man/smime.110
-rw-r--r--secure/usr.bin/openssl/man/speed.14
-rw-r--r--secure/usr.bin/openssl/man/spkac.110
-rw-r--r--secure/usr.bin/openssl/man/ts.116
-rw-r--r--secure/usr.bin/openssl/man/tsget.18
-rw-r--r--secure/usr.bin/openssl/man/verify.14
-rw-r--r--secure/usr.bin/openssl/man/version.14
-rw-r--r--secure/usr.bin/openssl/man/x509.112
-rw-r--r--secure/usr.bin/openssl/man/x509v3_config.14
45 files changed, 256 insertions, 185 deletions
diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1
index e13d6ac7363f..348189f76080 100644
--- a/secure/usr.bin/openssl/man/CA.pl.1
+++ b/secure/usr.bin/openssl/man/CA.pl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CA.PL 1"
-.TH CA.PL 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CA.PL 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1
index 039e2a87c2d5..4641fc96bd87 100644
--- a/secure/usr.bin/openssl/man/asn1parse.1
+++ b/secure/usr.bin/openssl/man/asn1parse.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1PARSE 1"
-.TH ASN1PARSE 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ASN1PARSE 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -232,7 +232,7 @@ The output will typically contain lines like this:
.PP
This example is part of a self signed certificate. Each line starts with the
offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased
-within the scope of any \s-1SET\s0 or \s-1SEQUENCE. \s0\fBhl=XX\fR gives the header length
+within the scope of any \s-1SET\s0 or \s-1SEQUENCE.\s0 \fBhl=XX\fR gives the header length
(tag and length octets) of the current type. \fBl=XX\fR gives the length of
the contents octets.
.PP
diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1
index 8e1d70174af5..dd25df487f63 100644
--- a/secure/usr.bin/openssl/man/ca.1
+++ b/secure/usr.bin/openssl/man/ca.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CA 1"
-.TH CA 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CA 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -266,11 +266,11 @@ don't output the text form of a certificate to the output file.
.IP "\fB\-startdate date\fR" 4
.IX Item "-startdate date"
this allows the start date to be explicitly set. The format of the
-date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure).
+date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure).
.IP "\fB\-enddate date\fR" 4
.IX Item "-enddate date"
this allows the expiry date to be explicitly set. The format of the
-date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure).
+date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure).
.IP "\fB\-days arg\fR" 4
.IX Item "-days arg"
the number of days to certify the certificate for.
@@ -280,7 +280,7 @@ the message digest to use. Possible values include md5, sha1 and mdc2.
This option also applies to CRLs.
.IP "\fB\-policy arg\fR" 4
.IX Item "-policy arg"
-this option defines the \s-1CA \s0\*(L"policy\*(R" to use. This is a section in
+this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in
the configuration file which decides which fields should be mandatory
or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section
for more information.
@@ -413,8 +413,8 @@ be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section
of the configuration file (or in the default section of the
configuration file). Besides \fBdefault_ca\fR, the following options are
read directly from the \fBca\fR section:
- \s-1RANDFILE
-\&\s0 preserve
+ \s-1RANDFILE\s0
+ preserve
msie_hack
With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may
change in future releases.
diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1
index 0b40ca33d1aa..322381635569 100644
--- a/secure/usr.bin/openssl/man/ciphers.1
+++ b/secure/usr.bin/openssl/man/ciphers.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CIPHERS 1"
-.TH CIPHERS 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CIPHERS 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -194,7 +194,7 @@ algorithms.
.PP
Lists of cipher suites can be combined in a single cipher string using the
\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example
-\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1 \s0\fBand\fR the \s-1DES\s0
+\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0
algorithms.
.PP
Each cipher string can be optionally preceded by the characters \fB!\fR,
@@ -300,7 +300,7 @@ cipher suites using authenticated ephemeral \s-1DH\s0 key agreement.
.IP "\fB\s-1ADH\s0\fR" 4
.IX Item "ADH"
anonymous \s-1DH\s0 cipher suites, note that this does not include anonymous Elliptic
-Curve \s-1DH \s0(\s-1ECDH\s0) cipher suites.
+Curve \s-1DH\s0 (\s-1ECDH\s0) cipher suites.
.IP "\fB\s-1DH\s0\fR" 4
.IX Item "DH"
cipher suites using \s-1DH,\s0 including anonymous \s-1DH,\s0 ephemeral \s-1DH\s0 and fixed \s-1DH.\s0
@@ -364,7 +364,7 @@ cipher suites using 128 bit \s-1CAMELLIA, 256\s0 bit \s-1CAMELLIA\s0 or either 1
cipher suites using triple \s-1DES.\s0
.IP "\fB\s-1DES\s0\fR" 4
.IX Item "DES"
-cipher suites using \s-1DES \s0(not triple \s-1DES\s0).
+cipher suites using \s-1DES\s0 (not triple \s-1DES\s0).
.IP "\fB\s-1RC4\s0\fR" 4
.IX Item "RC4"
cipher suites using \s-1RC4.\s0
@@ -388,7 +388,7 @@ cipher suites using \s-1SHA1.\s0
ciphersuites using \s-1SHA256\s0 or \s-1SHA384.\s0
.IP "\fBaGOST\fR" 4
.IX Item "aGOST"
-cipher suites using \s-1GOST R 34.10 \s0(either 2001 or 94) for authenticaction
+cipher suites using \s-1GOST R 34.10\s0 (either 2001 or 94) for authenticaction
(needs an engine supporting \s-1GOST\s0 algorithms).
.IP "\fBaGOST01\fR" 4
.IX Item "aGOST01"
@@ -405,7 +405,7 @@ cipher suites, using \s-1VKO 34.10\s0 key exchange, specified in the \s-1RFC 435
cipher suites, using \s-1HMAC\s0 based on \s-1GOST R 34.11\-94.\s0
.IP "\fB\s-1GOST89MAC\s0\fR" 4
.IX Item "GOST89MAC"
-cipher suites using \s-1GOST 28147\-89 MAC \s0\fBinstead of\fR \s-1HMAC.\s0
+cipher suites using \s-1GOST 28147\-89 MAC\s0 \fBinstead of\fR \s-1HMAC.\s0
.IP "\fB\s-1PSK\s0\fR" 4
.IX Item "PSK"
cipher suites using pre-shared keys (\s-1PSK\s0).
diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1
index d2baab39998f..fe2bb714a92c 100644
--- a/secure/usr.bin/openssl/man/cms.1
+++ b/secure/usr.bin/openssl/man/cms.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CMS 1"
-.TH CMS 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CMS 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -242,29 +242,29 @@ takes an input message and writes out a \s-1PEM\s0 encoded \s-1CMS\s0 structure.
resign a message: take an existing message and one or more new signers.
.IP "\fB\-data_create\fR" 4
.IX Item "-data_create"
-Create a \s-1CMS \s0\fBData\fR type.
+Create a \s-1CMS\s0 \fBData\fR type.
.IP "\fB\-data_out\fR" 4
.IX Item "-data_out"
\&\fBData\fR type and output the content.
.IP "\fB\-digest_create\fR" 4
.IX Item "-digest_create"
-Create a \s-1CMS \s0\fBDigestedData\fR type.
+Create a \s-1CMS\s0 \fBDigestedData\fR type.
.IP "\fB\-digest_verify\fR" 4
.IX Item "-digest_verify"
-Verify a \s-1CMS \s0\fBDigestedData\fR type and output the content.
+Verify a \s-1CMS\s0 \fBDigestedData\fR type and output the content.
.IP "\fB\-compress\fR" 4
.IX Item "-compress"
-Create a \s-1CMS \s0\fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR
+Create a \s-1CMS\s0 \fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR
support for this option to work, otherwise it will output an error.
.IP "\fB\-uncompress\fR" 4
.IX Item "-uncompress"
-Uncompress a \s-1CMS \s0\fBCompressedData\fR type and output the content. OpenSSL must be
+Uncompress a \s-1CMS\s0 \fBCompressedData\fR type and output the content. OpenSSL must be
compiled with \fBzlib\fR support for this option to work, otherwise it will
output an error.
.IP "\fB\-EncryptedData_encrypt\fR" 4
.IX Item "-EncryptedData_encrypt"
-Encrypt content using supplied symmetric key and algorithm using a \s-1CMS
-\&\s0\fBEncrytedData\fR type and output the content.
+Encrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0
+\&\fBEncrytedData\fR type and output the content.
.IP "\fB\-sign_receipt\fR" 4
.IX Item "-sign_receipt"
Generate and output a signed receipt for the supplied message. The input
@@ -327,7 +327,7 @@ is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type.
.IX Item "-text"
this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of \s-1MIME \s0
+off text headers: if the decrypted or verified message is not of \s-1MIME\s0
type text/plain then an error occurs.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
@@ -353,8 +353,8 @@ digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
.IP "\fB\-[cipher]\fR" 4
.IX Item "-[cipher]"
-the encryption algorithm to use. For example triple \s-1DES \s0(168 bits) \- \fB\-des3\fR
-or 256 bit \s-1AES \- \s0\fB\-aes256\fR. Any standard algorithm name (as used by the
+the encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR
+or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the
\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
example \fB\-aes_128_cbc\fR. See \fBenc\fR for a list of ciphers
supported by your version of OpenSSL.
@@ -420,6 +420,9 @@ occurs.
When encrypting a message this option may be used multiple times to specify
each recipient. This form \fBmust\fR be used if customised parameters are
required (for example to specify RSA-OAEP).
+.Sp
+Only certificates carrying \s-1RSA,\s0 Diffie-Hellman or \s-1EC\s0 keys are supported by this
+option.
.IP "\fB\-keyid\fR" 4
.IX Item "-keyid"
use subject key identifier to identify certificates instead of issuer name and
@@ -735,16 +738,13 @@ No revocation checking is done on the signer's certificate.
.SH "HISTORY"
.IX Header "HISTORY"
The use of multiple \fB\-signer\fR options and the \fB\-resign\fR command were first
-added in OpenSSL 1.0.0
-.PP
-The \fBkeyopt\fR option was first added in OpenSSL 1.1.0
+added in OpenSSL 1.0.0.
.PP
-The use of \fB\-recip\fR to specify the recipient when encrypting mail was first
-added to OpenSSL 1.1.0
+The \fBkeyopt\fR option was first added in OpenSSL 1.0.2.
.PP
-Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
+Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
.PP
The use of non-RSA keys with \fB\-encrypt\fR and \fB\-decrypt\fR was first added
-to OpenSSL 1.1.0.
+to OpenSSL 1.0.2.
.PP
The \-no_alt_chains options was first added to OpenSSL 1.0.2b.
diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1
index ab3f41b06c9a..18a1a2edcbc7 100644
--- a/secure/usr.bin/openssl/man/crl.1
+++ b/secure/usr.bin/openssl/man/crl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CRL 1"
-.TH CRL 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CRL 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1
index aa63b54e463d..c1ae08dde2b3 100644
--- a/secure/usr.bin/openssl/man/crl2pkcs7.1
+++ b/secure/usr.bin/openssl/man/crl2pkcs7.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "CRL2PKCS7 1"
-.TH CRL2PKCS7 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH CRL2PKCS7 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1
index c0fcc3c0d6bf..eaddb0852226 100644
--- a/secure/usr.bin/openssl/man/dgst.1
+++ b/secure/usr.bin/openssl/man/dgst.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DGST 1"
-.TH DGST 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DGST 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -229,8 +229,8 @@ the actual signature to verify.
create a hashed \s-1MAC\s0 using \*(L"key\*(R".
.IP "\fB\-mac alg\fR" 4
.IX Item "-mac alg"
-create \s-1MAC \s0(keyed Message Authentication Code). The most popular \s-1MAC\s0
-algorithm is \s-1HMAC \s0(hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms
+create \s-1MAC\s0 (keyed Message Authentication Code). The most popular \s-1MAC\s0
+algorithm is \s-1HMAC\s0 (hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms
which are not based on hash, for instance \fBgost-mac\fR algorithm,
supported by \fBccgost\fR engine. \s-1MAC\s0 keys and other options should be set
via \fB\-macopt\fR parameter.
diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1
index 40dbe0876c31..33d01cdd00ac 100644
--- a/secure/usr.bin/openssl/man/dhparam.1
+++ b/secure/usr.bin/openssl/man/dhparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DHPARAM 1"
-.TH DHPARAM 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DHPARAM 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1
index 4e276e2a3523..ff600983c912 100644
--- a/secure/usr.bin/openssl/man/dsa.1
+++ b/secure/usr.bin/openssl/man/dsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSA 1"
-.TH DSA 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSA 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1
index 4e360a08f0b5..57a597d547f2 100644
--- a/secure/usr.bin/openssl/man/dsaparam.1
+++ b/secure/usr.bin/openssl/man/dsaparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "DSAPARAM 1"
-.TH DSAPARAM 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH DSAPARAM 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -159,7 +159,7 @@ This command is used to manipulate or generate \s-1DSA\s0 parameter files.
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
-form compatible with \s-1RFC2459 \s0(\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting
+form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting
of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists
of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines.
.IP "\fB\-outform DER|PEM\fR" 4
diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1
index 5d2baf59cfcf..ae749d1a2d7b 100644
--- a/secure/usr.bin/openssl/man/ec.1
+++ b/secure/usr.bin/openssl/man/ec.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "EC 1"
-.TH EC 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH EC 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1
index 8353f0c9e527..88c004c9dca1 100644
--- a/secure/usr.bin/openssl/man/ecparam.1
+++ b/secure/usr.bin/openssl/man/ecparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ECPARAM 1"
-.TH ECPARAM 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ECPARAM 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1
index 700e9e8ef57a..aff72b88afa4 100644
--- a/secure/usr.bin/openssl/man/enc.1
+++ b/secure/usr.bin/openssl/man/enc.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ENC 1"
-.TH ENC 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ENC 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1
index c46d27042abf..dec3c719aed8 100644
--- a/secure/usr.bin/openssl/man/errstr.1
+++ b/secure/usr.bin/openssl/man/errstr.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "ERRSTR 1"
-.TH ERRSTR 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH ERRSTR 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1
index a6bce3c05a47..33f91e533856 100644
--- a/secure/usr.bin/openssl/man/gendsa.1
+++ b/secure/usr.bin/openssl/man/gendsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "GENDSA 1"
-.TH GENDSA 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH GENDSA 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1
index 601085bbb888..ddc58bb64b03 100644
--- a/secure/usr.bin/openssl/man/genpkey.1
+++ b/secure/usr.bin/openssl/man/genpkey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "GENPKEY 1"
-.TH GENPKEY 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH GENPKEY 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -143,7 +143,7 @@ genpkey \- generate a private key
[\fB\-out filename\fR]
[\fB\-outform PEM|DER\fR]
[\fB\-pass arg\fR]
-[\fB\-cipher\fR]
+[\fB\-\f(BIcipher\fB\fR]
[\fB\-engine id\fR]
[\fB\-paramfile file\fR]
[\fB\-algorithm alg\fR]
@@ -161,36 +161,49 @@ the output filename. If this argument is not specified then standard output is
used.
.IP "\fB\-outform DER|PEM\fR" 4
.IX Item "-outform DER|PEM"
-This specifies the output format \s-1DER\s0 or \s-1PEM.\s0
+This specifies the output format \s-1DER\s0 or \s-1PEM.\s0 The default format is \s-1PEM.\s0
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
-the output file password source. For more information about the format of \fBarg\fR
+The output file password source. For more information about the format of \fBarg\fR
see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
-.IP "\fB\-cipher\fR" 4
+.IP "\fB\-\f(BIcipher\fB\fR" 4
.IX Item "-cipher"
This option encrypts the private key with the supplied cipher. Any algorithm
name accepted by \fIEVP_get_cipherbyname()\fR is acceptable such as \fBdes3\fR.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
-specifying an engine (by its unique \fBid\fR string) will cause \fBgenpkey\fR
+Specifying an engine (by its unique \fBid\fR string) will cause \fBgenpkey\fR
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms. If used this option should precede all other
options.
.IP "\fB\-algorithm alg\fR" 4
.IX Item "-algorithm alg"
-public key algorithm to use such as \s-1RSA, DSA\s0 or \s-1DH.\s0 If used this option must
+Public key algorithm to use such as \s-1RSA, DSA\s0 or \s-1DH.\s0 If used this option must
precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR
-are mutually exclusive.
+are mutually exclusive. Engines may add algorithms in addition to the standard
+built-in ones.
+.Sp
+Valid built-in algorithm names for private key generation are \s-1RSA\s0 and \s-1EC.\s0
+.Sp
+Valid built-in algorithm names for parameter generation (see the \fB\-genparam\fR
+option) are \s-1DH, DSA\s0 and \s-1EC.\s0
+.Sp
+Note that the algorithm name X9.42 \s-1DH\s0 may be used as a synonym for the \s-1DH\s0
+algorithm. These are identical and do not indicate the type of parameters that
+will be generated. Use the \fBdh_paramgen_type\fR option to indicate whether PKCS#3
+or X9.42 \s-1DH\s0 parameters are required. See \*(L"\s-1DH\s0 Parameter Generation Options\*(R"
+below for more details.
.IP "\fB\-pkeyopt opt:value\fR" 4
.IX Item "-pkeyopt opt:value"
-set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of
+Set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of
options supported depends on the public key algorithm used and its
-implementation. See \fB\s-1KEY GENERATION OPTIONS\s0\fR below for more details.
+implementation. See \*(L"\s-1KEY GENERATION OPTIONS\*(R"\s0 and
+\&\*(L"\s-1PARAMETER GENERATION OPTIONS\*(R"\s0 below for more details.
.IP "\fB\-genparam\fR" 4
.IX Item "-genparam"
-generate a set of parameters instead of a private key. If used this option must
-precede and \fB\-algorithm\fR, \fB\-paramfile\fR or \fB\-pkeyopt\fR options.
+Generate a set of parameters instead of a private key. If used this option must
+precede any \fB\-algorithm\fR, \fB\-paramfile\fR or \fB\-pkeyopt\fR options.
.IP "\fB\-paramfile filename\fR" 4
.IX Item "-paramfile filename"
Some public key algorithms generate a private key based on a set of parameters.
@@ -207,8 +220,8 @@ parameters along with the \s-1PEM\s0 or \s-1DER\s0 structure.
The options supported by each algorith and indeed each implementation of an
algorithm can vary. The options for the OpenSSL implementations are detailed
below.
-.SH "RSA KEY GENERATION OPTIONS"
-.IX Header "RSA KEY GENERATION OPTIONS"
+.SS "\s-1RSA\s0 Key Generation Options"
+.IX Subsection "RSA Key Generation Options"
.IP "\fBrsa_keygen_bits:numbits\fR" 4
.IX Item "rsa_keygen_bits:numbits"
The number of bits in the generated key. If not specified 1024 is used.
@@ -216,32 +229,68 @@ The number of bits in the generated key. If not specified 1024 is used.
.IX Item "rsa_keygen_pubexp:value"
The \s-1RSA\s0 public exponent value. This can be a large decimal or
hexadecimal value if preceded by \fB0x\fR. Default value is 65537.
-.SH "DSA PARAMETER GENERATION OPTIONS"
-.IX Header "DSA PARAMETER GENERATION OPTIONS"
+.SS "\s-1EC\s0 Key Generation Options"
+.IX Subsection "EC Key Generation Options"
+The \s-1EC\s0 key generation options can also be used for parameter generation.
+.IP "\fBec_paramgen_curve:curve\fR" 4
+.IX Item "ec_paramgen_curve:curve"
+The \s-1EC\s0 curve to use. OpenSSL supports \s-1NIST\s0 curve names such as \*(L"P\-256\*(R".
+.IP "\fBec_param_enc:encoding\fR" 4
+.IX Item "ec_param_enc:encoding"
+The encoding to use for parameters. The \*(L"encoding\*(R" parameter must be either
+\&\*(L"named_curve\*(R" or \*(L"explicit\*(R". The default value is \*(L"named_curve\*(R".
+.SH "PARAMETER GENERATION OPTIONS"
+.IX Header "PARAMETER GENERATION OPTIONS"
+The options supported by each algorithm and indeed each implementation of an
+algorithm can vary. The options for the OpenSSL implementations are detailed
+below.
+.SS "\s-1DSA\s0 Parameter Generation Options"
+.IX Subsection "DSA Parameter Generation Options"
.IP "\fBdsa_paramgen_bits:numbits\fR" 4
.IX Item "dsa_paramgen_bits:numbits"
-The number of bits in the generated parameters. If not specified 1024 is used.
-.SH "DH PARAMETER GENERATION OPTIONS"
-.IX Header "DH PARAMETER GENERATION OPTIONS"
+The number of bits in the generated prime. If not specified 1024 is used.
+.IP "\fBdsa_paramgen_q_bits:numbits\fR" 4
+.IX Item "dsa_paramgen_q_bits:numbits"
+The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
+specified 160 is used.
+.IP "\fBdsa_paramgen_md:digest\fR" 4
+.IX Item "dsa_paramgen_md:digest"
+The digest to use during parameter generation. Must be one of \fBsha1\fR, \fBsha224\fR
+or \fBsha256\fR. If set, then the number of bits in \fBq\fR will match the output size
+of the specified digest and the \fBdsa_paramgen_q_bits\fR parameter will be
+ignored. If not set, then a digest will be used that gives an output matching
+the number of bits in \fBq\fR, i.e. \fBsha1\fR if q length is 160, \fBsha224\fR if it 224
+or \fBsha256\fR if it is 256.
+.SS "\s-1DH\s0 Parameter Generation Options"
+.IX Subsection "DH Parameter Generation Options"
.IP "\fBdh_paramgen_prime_len:numbits\fR" 4
.IX Item "dh_paramgen_prime_len:numbits"
-The number of bits in the prime parameter \fBp\fR.
+The number of bits in the prime parameter \fBp\fR. The default is 1024.
+.IP "\fBdh_paramgen_subprime_len:numbits\fR" 4
+.IX Item "dh_paramgen_subprime_len:numbits"
+The number of bits in the sub prime parameter \fBq\fR. The default is 256 if the
+prime is at least 2048 bits long or 160 otherwise. Only relevant if used in
+conjunction with the \fBdh_paramgen_type\fR option to generate X9.42 \s-1DH\s0 parameters.
.IP "\fBdh_paramgen_generator:value\fR" 4
.IX Item "dh_paramgen_generator:value"
-The value to use for the generator \fBg\fR.
+The value to use for the generator \fBg\fR. The default is 2.
+.IP "\fBdh_paramgen_type:value\fR" 4
+.IX Item "dh_paramgen_type:value"
+The type of \s-1DH\s0 parameters to generate. Use 0 for PKCS#3 \s-1DH\s0 and 1 for X9.42 \s-1DH.\s0
+The default is 0.
.IP "\fBdh_rfc5114:num\fR" 4
.IX Item "dh_rfc5114:num"
-If this option is set then the appropriate \s-1RFC5114\s0 parameters are used
+If this option is set, then the appropriate \s-1RFC5114\s0 parameters are used
instead of generating new parameters. The value \fBnum\fR can take the
values 1, 2 or 3 corresponding to \s-1RFC5114 DH\s0 parameters consisting of
1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup
and 2048 bit group with 256 bit subgroup as mentioned in \s-1RFC5114\s0 sections
-2.1, 2.2 and 2.3 respectively.
-.SH "EC PARAMETER GENERATION OPTIONS"
-.IX Header "EC PARAMETER GENERATION OPTIONS"
-.IP "\fBec_paramgen_curve:curve\fR" 4
-.IX Item "ec_paramgen_curve:curve"
-the \s-1EC\s0 curve to use.
+2.1, 2.2 and 2.3 respectively. If present this overrides all other \s-1DH\s0 parameter
+options.
+.SS "\s-1EC\s0 Parameter Generation Options"
+.IX Subsection "EC Parameter Generation Options"
+The \s-1EC\s0 parameter generation options are the same as for key generation. See
+\&\*(L"\s-1EC\s0 Key Generation Options\*(R" above.
.SH "GOST2001 KEY GENERATION AND PARAMETER OPTIONS"
.IX Header "GOST2001 KEY GENERATION AND PARAMETER OPTIONS"
Gost 2001 support is not enabled by default. To enable this algorithm,
@@ -293,11 +342,11 @@ Generate a 2048 bit \s-1RSA\s0 key using 3 as the public exponent:
\& \-pkeyopt rsa_keygen_pubexp:3
.Ve
.PP
-Generate 1024 bit \s-1DSA\s0 parameters:
+Generate 2048 bit \s-1DSA\s0 parameters:
.PP
.Vb 2
\& openssl genpkey \-genparam \-algorithm DSA \-out dsap.pem \e
-\& \-pkeyopt dsa_paramgen_bits:1024
+\& \-pkeyopt dsa_paramgen_bits:2048
.Ve
.PP
Generate \s-1DSA\s0 key from parameters:
@@ -306,11 +355,19 @@ Generate \s-1DSA\s0 key from parameters:
\& openssl genpkey \-paramfile dsap.pem \-out dsakey.pem
.Ve
.PP
-Generate 1024 bit \s-1DH\s0 parameters:
+Generate 2048 bit \s-1DH\s0 parameters:
.PP
.Vb 2
\& openssl genpkey \-genparam \-algorithm DH \-out dhp.pem \e
-\& \-pkeyopt dh_paramgen_prime_len:1024
+\& \-pkeyopt dh_paramgen_prime_len:2048
+.Ve
+.PP
+Generate 2048 bit X9.42 \s-1DH\s0 parameters:
+.PP
+.Vb 3
+\& openssl genpkey \-genparam \-algorithm DH \-out dhpx.pem \e
+\& \-pkeyopt dh_paramgen_prime_len:2048 \e
+\& \-pkeyopt dh_paramgen_type:1
.Ve
.PP
Output \s-1RFC5114 2048\s0 bit \s-1DH\s0 parameters with 224 bit subgroup:
@@ -324,3 +381,15 @@ Generate \s-1DH\s0 key from parameters:
.Vb 1
\& openssl genpkey \-paramfile dhp.pem \-out dhkey.pem
.Ve
+.PP
+Generate \s-1EC\s0 key directly:
+.PP
+.Vb 3
+\& openssl genpkey \-algorithm EC \-out eckey.pem \e
+\& \-pkeyopt ec_paramgen_curve:P\-384 \e
+\& \-pkeyopt ec_param_enc:named_curve
+.Ve
+.SH "HISTORY"
+.IX Header "HISTORY"
+The ability to use \s-1NIST\s0 curve names, and to generate an \s-1EC\s0 key directly,
+were added in OpenSSL 1.0.2.
diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1
index 97882690823a..06b9833fde51 100644
--- a/secure/usr.bin/openssl/man/genrsa.1
+++ b/secure/usr.bin/openssl/man/genrsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "GENRSA 1"
-.TH GENRSA 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH GENRSA 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1
index fa6501eec012..d29c7f501eda 100644
--- a/secure/usr.bin/openssl/man/nseq.1
+++ b/secure/usr.bin/openssl/man/nseq.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "NSEQ 1"
-.TH NSEQ 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH NSEQ 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1
index 49dce4d6182f..74d822041e58 100644
--- a/secure/usr.bin/openssl/man/ocsp.1
+++ b/secure/usr.bin/openssl/man/ocsp.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OCSP 1"
-.TH OCSP 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH OCSP 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -247,7 +247,7 @@ if \s-1OCSP\s0 request or response creation is implied by other options (for exa
with \fBserial\fR, \fBcert\fR and \fBhost\fR options).
.IP "\fB\-url responder_url\fR" 4
.IX Item "-url responder_url"
-specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS \s0(\s-1SSL/TLS\s0) URLs can be specified.
+specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified.
.IP "\fB\-host hostname:port\fR, \fB\-path pathname\fR" 4
.IX Item "-host hostname:port, -path pathname"
if the \fBhost\fR option is present then the \s-1OCSP\s0 request is sent to the host
diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1
index 3077b771318b..f0b6837a3f36 100644
--- a/secure/usr.bin/openssl/man/openssl.1
+++ b/secure/usr.bin/openssl/man/openssl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL 1"
-.TH OPENSSL 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH OPENSSL 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -210,7 +210,7 @@ Certificate Authority (\s-1CA\s0) Management.
Cipher Suite Description Determination.
.IP "\fBcms\fR" 10
.IX Item "cms"
-\&\s-1CMS \s0(Cryptographic Message Syntax) utility
+\&\s-1CMS\s0 (Cryptographic Message Syntax) utility
.IP "\fBcrl\fR" 10
.IX Item "crl"
Certificate Revocation List (\s-1CRL\s0) Management.
@@ -237,7 +237,7 @@ Generation and Management of Diffie-Hellman Parameters. Superseded by
\&\fBgenpkey\fR and \fBpkeyparam\fR
.IP "\fBec\fR" 10
.IX Item "ec"
-\&\s-1EC \s0(Elliptic curve) key processing
+\&\s-1EC\s0 (Elliptic curve) key processing
.IP "\fBecparam\fR" 10
.IX Item "ecparam"
\&\s-1EC\s0 parameter manipulation and generation
diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1
index b44fdc448b11..c0419b1af5be 100644
--- a/secure/usr.bin/openssl/man/passwd.1
+++ b/secure/usr.bin/openssl/man/passwd.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PASSWD 1"
-.TH PASSWD 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PASSWD 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1
index 3e6bcd5f1614..d6b6851df98a 100644
--- a/secure/usr.bin/openssl/man/pkcs12.1
+++ b/secure/usr.bin/openssl/man/pkcs12.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12 1"
-.TH PKCS12 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS12 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1
index c0f558785194..3e0fcee9f20e 100644
--- a/secure/usr.bin/openssl/man/pkcs7.1
+++ b/secure/usr.bin/openssl/man/pkcs7.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7 1"
-.TH PKCS7 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS7 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1
index e2cceef8ad26..9a74c124ce34 100644
--- a/secure/usr.bin/openssl/man/pkcs8.1
+++ b/secure/usr.bin/openssl/man/pkcs8.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS8 1"
-.TH PKCS8 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKCS8 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -352,7 +352,7 @@ keys produced and Therefore it can be assumed that the PKCS#5 v2.0
implementation is reasonably accurate at least as far as these
algorithms are concerned.
.PP
-The format of PKCS#8 \s-1DSA \s0(and other) private keys is not well documented:
+The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented:
it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0
PKCS#8 private key format complies with this standard.
.SH "BUGS"
diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1
index 4e5961d6f371..797329601894 100644
--- a/secure/usr.bin/openssl/man/pkey.1
+++ b/secure/usr.bin/openssl/man/pkey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKEY 1"
-.TH PKEY 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKEY 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1
index c9a76a05f95a..f93976eb16fa 100644
--- a/secure/usr.bin/openssl/man/pkeyparam.1
+++ b/secure/usr.bin/openssl/man/pkeyparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKEYPARAM 1"
-.TH PKEYPARAM 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKEYPARAM 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1
index 49ad7b480996..c51a1170cbf3 100644
--- a/secure/usr.bin/openssl/man/pkeyutl.1
+++ b/secure/usr.bin/openssl/man/pkeyutl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "PKEYUTL 1"
-.TH PKEYUTL 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH PKEYUTL 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1
index 82f6f745e041..b3ce4d20b719 100644
--- a/secure/usr.bin/openssl/man/rand.1
+++ b/secure/usr.bin/openssl/man/rand.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RAND 1"
-.TH RAND 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RAND 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1
index 156f37e061a5..a2e8660a86a4 100644
--- a/secure/usr.bin/openssl/man/req.1
+++ b/secure/usr.bin/openssl/man/req.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "REQ 1"
-.TH REQ 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH REQ 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -310,7 +310,7 @@ the configuration file.
.Sp
Some public key algorithms may override this choice. For instance, \s-1DSA\s0
signatures always use \s-1SHA1, GOST R 34.10\s0 signatures always use
-\&\s-1GOST R 34.11\-94 \s0(\fB\-md_gost94\fR).
+\&\s-1GOST R 34.11\-94\s0 (\fB\-md_gost94\fR).
.IP "\fB\-config filename\fR" 4
.IX Item "-config filename"
this allows an alternative configuration file to be specified,
@@ -751,7 +751,7 @@ environment variable serves the same purpose but its use is discouraged.
.SH "BUGS"
.IX Header "BUGS"
OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
-treats them as \s-1ISO\-8859\-1 \s0(Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour.
+treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour.
This can cause problems if you need characters that aren't available in
PrintableStrings and you don't want to or can't use BMPStrings.
.PP
diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1
index 132fb6fc9042..59adddec669f 100644
--- a/secure/usr.bin/openssl/man/rsa.1
+++ b/secure/usr.bin/openssl/man/rsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSA 1"
-.TH RSA 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSA 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -265,7 +265,7 @@ The \s-1PEM\s0 public key format uses the header and footer lines:
\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
.Ve
.PP
-The \s-1PEM \s0\fBRSAPublicKey\fR format uses the header and footer lines:
+The \s-1PEM\s0 \fBRSAPublicKey\fR format uses the header and footer lines:
.PP
.Vb 2
\& \-\-\-\-\-BEGIN RSA PUBLIC KEY\-\-\-\-\-
@@ -273,7 +273,7 @@ The \s-1PEM \s0\fBRSAPublicKey\fR format uses the header and footer lines:
.Ve
.PP
The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers
-and Microsoft \s-1IIS \s0.key files, this uses unsalted \s-1RC4\s0 for its encryption.
+and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption.
It is not very secure and so should only be used when necessary.
.PP
Some newer version of \s-1IIS\s0 have additional data in the exported .key
diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1
index 5dc33a736f09..fc1a0da59a7e 100644
--- a/secure/usr.bin/openssl/man/rsautl.1
+++ b/secure/usr.bin/openssl/man/rsautl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "RSAUTL 1"
-.TH RSAUTL 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH RSAUTL 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1
index e9feb289d679..a02eab0c33a1 100644
--- a/secure/usr.bin/openssl/man/s_client.1
+++ b/secure/usr.bin/openssl/man/s_client.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "S_CLIENT 1"
-.TH S_CLIENT 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH S_CLIENT 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -202,7 +202,7 @@ This specifies the host and optional port to connect to. If not specified
then an attempt is made to connect to the local host on port 4433.
.IP "\fB\-servername name\fR" 4
.IX Item "-servername name"
-Set the \s-1TLS SNI \s0(Server Name Indication) extension in the ClientHello message.
+Set the \s-1TLS SNI\s0 (Server Name Indication) extension in the ClientHello message.
.IP "\fB\-cert certname\fR" 4
.IX Item "-cert certname"
The certificate to use, if one is requested by the server. The default is
@@ -254,8 +254,9 @@ be used as a test that session caching is working.
pauses 1 second between each read and write call.
.IP "\fB\-showcerts\fR" 4
.IX Item "-showcerts"
-display the whole server certificate chain: normally only the server
-certificate itself is displayed.
+Displays the server certificate list as sent by the server: it only consists of
+certificates the server has sent (in the order the server has sent them). It is
+\&\fBnot\fR a verified chain.
.IP "\fB\-prexit\fR" 4
.IX Item "-prexit"
print session information when the program exits. This will always attempt
@@ -438,7 +439,8 @@ a client certificate. Therefor merely including a client certificate
on the command line is no guarantee that the certificate works.
.PP
If there are problems verifying a server certificate then the
-\&\fB\-showcerts\fR option can be used to show the whole chain.
+\&\fB\-showcerts\fR option can be used to show all the certificates sent by the
+server.
.PP
Since the SSLv23 client hello cannot include compression methods or extensions
these will only be supported if its use is disabled, for example by using the
diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1
index dd571d601ef6..9e3198ad82a9 100644
--- a/secure/usr.bin/openssl/man/s_server.1
+++ b/secure/usr.bin/openssl/man/s_server.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "S_SERVER 1"
-.TH S_SERVER 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH S_SERVER 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -215,8 +215,8 @@ is not present a default value will be used.
.IX Item "-cert certname"
The certificate to use, most servers cipher suites require the use of a
certificate and some require a certificate with a certain public key type:
-for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS
-\&\s0(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
+for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0
+(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
.IP "\fB\-certform format\fR" 4
.IX Item "-certform format"
The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
@@ -238,7 +238,7 @@ same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no defau
if they are not specified (no additional certificate and key is used). As
noted above some cipher suites require a certificate containing a key of
a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key
-and some a \s-1DSS \s0(\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
+and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites
by using an appropriate certificate.
.IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4
diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1
index 41d790d21f79..dace18071052 100644
--- a/secure/usr.bin/openssl/man/s_time.1
+++ b/secure/usr.bin/openssl/man/s_time.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "S_TIME 1"
-.TH S_TIME 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH S_TIME 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1
index 1cad84657be9..55e577da5e15 100644
--- a/secure/usr.bin/openssl/man/sess_id.1
+++ b/secure/usr.bin/openssl/man/sess_id.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SESS_ID 1"
-.TH SESS_ID 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SESS_ID 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1
index c91a00ebf932..d7d1423917d5 100644
--- a/secure/usr.bin/openssl/man/smime.1
+++ b/secure/usr.bin/openssl/man/smime.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME 1"
-.TH SMIME 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SMIME 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -251,7 +251,7 @@ is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type.
.IX Item "-text"
this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of \s-1MIME \s0
+off text headers: if the decrypted or verified message is not of \s-1MIME\s0
type text/plain then an error occurs.
.IP "\fB\-CAfile file\fR" 4
.IX Item "-CAfile file"
@@ -268,8 +268,8 @@ digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
.IP "\fB\-[cipher]\fR" 4
.IX Item "-[cipher]"
-the encryption algorithm to use. For example \s-1DES \s0(56 bits) \- \fB\-des\fR,
-triple \s-1DES \s0(168 bits) \- \fB\-des3\fR,
+the encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR,
+triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR,
\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
example \fB\-aes_128_cbc\fR. See \fBenc\fR for list of ciphers
supported by your version of OpenSSL.
diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1
index 0b27152159d6..d249db4ab7e1 100644
--- a/secure/usr.bin/openssl/man/speed.1
+++ b/secure/usr.bin/openssl/man/speed.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SPEED 1"
-.TH SPEED 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SPEED 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1
index 1d5ca44be1ee..762b8a222540 100644
--- a/secure/usr.bin/openssl/man/spkac.1
+++ b/secure/usr.bin/openssl/man/spkac.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "SPKAC 1"
-.TH SPKAC 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH SPKAC 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -189,11 +189,11 @@ allows an alternative name form the section containing the
\&\s-1SPKAC.\s0 The default is the default section.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
-don't output the text version of the \s-1SPKAC \s0(not used if an
+don't output the text version of the \s-1SPKAC\s0 (not used if an
\&\s-1SPKAC\s0 is being created).
.IP "\fB\-pubkey\fR" 4
.IX Item "-pubkey"
-output the public key of an \s-1SPKAC \s0(not used if an \s-1SPKAC\s0 is
+output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is
being created).
.IP "\fB\-verify\fR" 4
.IX Item "-verify"
@@ -224,7 +224,7 @@ Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R":
\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf
.Ve
.PP
-Example of an \s-1SPKAC, \s0(long lines split up for clarity):
+Example of an \s-1SPKAC,\s0 (long lines split up for clarity):
.PP
.Vb 5
\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1
index 40ec82db3dbf..34c30ebffa6f 100644
--- a/secure/usr.bin/openssl/man/ts.1
+++ b/secure/usr.bin/openssl/man/ts.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "TS 1"
-.TH TS 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH TS 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -183,7 +183,7 @@ ts \- Time Stamping Authority tool (client/server)
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBts\fR command is a basic Time Stamping Authority (\s-1TSA\s0) client and server
-application as specified in \s-1RFC 3161 \s0(Time-Stamp Protocol, \s-1TSP\s0). A
+application as specified in \s-1RFC 3161\s0 (Time-Stamp Protocol, \s-1TSP\s0). A
\&\s-1TSA\s0 can be part of a \s-1PKI\s0 deployment and its role is to provide long
term proof of the existence of a certain datum before a particular
time. Here is a brief description of the protocol:
@@ -242,7 +242,7 @@ in use. (Optional)
.IX Item "-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160|..."
The message digest to apply to the data file, it supports all the message
digest algorithms that are supported by the openssl \fBdgst\fR command.
-The default is \s-1SHA\-1. \s0(Optional)
+The default is \s-1SHA\-1.\s0 (Optional)
.IP "\fB\-policy\fR object_id" 4
.IX Item "-policy object_id"
The policy that the client expects the \s-1TSA\s0 to use for creating the
@@ -273,7 +273,7 @@ is stdout. (Optional)
.IP "\fB\-text\fR" 4
.IX Item "-text"
If this option is specified the output is human-readable text format
-instead of \s-1DER. \s0(Optional)
+instead of \s-1DER.\s0 (Optional)
.SS "Time Stamp Response generation"
.IX Subsection "Time Stamp Response generation"
A time stamp response (TimeStampResp) consists of a response status
@@ -351,7 +351,7 @@ response (TimeStampResp). (Optional)
.IP "\fB\-text\fR" 4
.IX Item "-text"
If this option is specified the output is human-readable text format
-instead of \s-1DER. \s0(Optional)
+instead of \s-1DER.\s0 (Optional)
.IP "\fB\-engine\fR id" 4
.IX Item "-engine id"
Specifying an engine (by its unique \fBid\fR string) will cause \fBts\fR
@@ -394,7 +394,7 @@ client. See the similar option of \fIverify\fR\|(1) for additional
details. Either this option or \fB\-CAfile\fR must be specified. (Optional)
.IP "\fB\-CAfile\fR trusted_certs.pem" 4
.IX Item "-CAfile trusted_certs.pem"
-The name of the file containing a set of trusted self-signed \s-1CA \s0
+The name of the file containing a set of trusted self-signed \s-1CA\s0
certificates in \s-1PEM\s0 format. See the similar option of
\&\fIverify\fR\|(1) for additional details. Either this option
or \fB\-CApath\fR must be specified.
@@ -511,7 +511,7 @@ configuration file, e.g. the example configuration file
openssl/apps/openssl.cnf will do.
.SS "Time Stamp Request"
.IX Subsection "Time Stamp Request"
-To create a time stamp request for design1.txt with \s-1SHA\-1 \s0
+To create a time stamp request for design1.txt with \s-1SHA\-1\s0
without nonce and policy and no certificate is required in the response:
.PP
.Vb 2
diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1
index 45fb124013d4..a04cc9594b20 100644
--- a/secure/usr.bin/openssl/man/tsget.1
+++ b/secure/usr.bin/openssl/man/tsget.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "TSGET 1"
-.TH TSGET 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH TSGET 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -225,13 +225,13 @@ certificate-based client authentication will take place. (Optional)
.IX Item "-C CA_certs.pem"
(\s-1HTTPS\s0) The trusted \s-1CA\s0 certificate store. The certificate chain of the peer's
certificate must include one of the \s-1CA\s0 certificates specified in this file.
-Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS. \s0(Optional)
+Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS.\s0 (Optional)
.IP "\fB\-P\fR CA_path" 4
.IX Item "-P CA_path"
(\s-1HTTPS\s0) The path containing the trusted \s-1CA\s0 certificates to verify the peer's
certificate. The directory must be prepared with the \fBc_rehash\fR
OpenSSL utility. Either option \fB\-C\fR or option \fB\-P\fR must be given in case of
-\&\s-1HTTPS. \s0(Optional)
+\&\s-1HTTPS.\s0 (Optional)
.IP "\fB\-rand\fR file:file..." 4
.IX Item "-rand file:file..."
The files containing random data for seeding the random number
diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1
index f55ce75addb0..60649b8a6c8f 100644
--- a/secure/usr.bin/openssl/man/verify.1
+++ b/secure/usr.bin/openssl/man/verify.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "VERIFY 1"
-.TH VERIFY 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH VERIFY 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1
index fa1e53308793..df5ab0084033 100644
--- a/secure/usr.bin/openssl/man/version.1
+++ b/secure/usr.bin/openssl/man/version.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "VERSION 1"
-.TH VERSION 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH VERSION 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1
index 84d5cca794b6..df969c81ed3f 100644
--- a/secure/usr.bin/openssl/man/x509.1
+++ b/secure/usr.bin/openssl/man/x509.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509 1"
-.TH X509 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -559,8 +559,8 @@ field contents. For example \*(L"\s-1BMPSTRING:\s0 Hello World\*(R".
.IX Item "dump_der"
when this option is set any fields that need to be hexdumped will
be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the
-content octets will be displayed. Both options use the \s-1RFC2253
-\&\s0\fB#XXXX...\fR format.
+content octets will be displayed. Both options use the \s-1RFC2253\s0
+\&\fB#XXXX...\fR format.
.IP "\fBdump_nostr\fR" 4
.IX Item "dump_nostr"
dump non character string types (for example \s-1OCTET STRING\s0) if this
@@ -780,7 +780,7 @@ so this section is useful if a chain is rejected by the verify code.
.PP
The basicConstraints extension \s-1CA\s0 flag is used to determine whether the
certificate can be used as a \s-1CA.\s0 If the \s-1CA\s0 flag is true then it is a \s-1CA,\s0
-if the \s-1CA\s0 flag is false then it is not a \s-1CA. \s0\fBAll\fR CAs should have the
+if the \s-1CA\s0 flag is false then it is not a \s-1CA.\s0 \fBAll\fR CAs should have the
\&\s-1CA\s0 flag set to true.
.PP
If the basicConstraints extension is absent then the certificate is
@@ -808,7 +808,7 @@ basicConstraints and keyUsage and V1 certificates above apply to \fBall\fR
.IP "\fB\s-1SSL\s0 Client\fR" 4
.IX Item "SSL Client"
The extended key usage extension must be absent or include the \*(L"web client
-authentication\*(R" \s-1OID. \s0 keyUsage must be absent or it must have the
+authentication\*(R" \s-1OID.\s0 keyUsage must be absent or it must have the
digitalSignature bit set. Netscape certificate type must be absent or it must
have the \s-1SSL\s0 client bit set.
.IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4
diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1
index aeb5fb532a09..ab46f48c8a03 100644
--- a/secure/usr.bin/openssl/man/x509v3_config.1
+++ b/secure/usr.bin/openssl/man/x509v3_config.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -129,7 +129,7 @@
.\" ========================================================================
.\"
.IX Title "X509V3_CONFIG 1"
-.TH X509V3_CONFIG 1 "2018-03-27" "1.0.2o" "OpenSSL"
+.TH X509V3_CONFIG 1 "2018-08-14" "1.0.2p" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l