aboutsummaryrefslogtreecommitdiffstats
path: root/secure/usr.bin/openssl
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2015-01-08 23:42:41 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2015-01-08 23:42:41 +0000
commit751d29910bd05fdfb3ff3b62e493633e5de76bf9 (patch)
tree6c2f3cb14d70e0247fe500835bed3d3588c3025e /secure/usr.bin/openssl
parent91d03e2e181be9eaa7a9f8d8944bbeb40f5a2cd7 (diff)
parentc6485458b37e3f0f5d1c69c0452e4551ac3b1824 (diff)
downloadsrc-751d29910bd05fdfb3ff3b62e493633e5de76bf9.tar.gz
src-751d29910bd05fdfb3ff3b62e493633e5de76bf9.zip
Merge OpenSSL 1.0.1k.
Notes
Notes: svn path=/head/; revision=276861
Diffstat (limited to 'secure/usr.bin/openssl')
-rw-r--r--secure/usr.bin/openssl/man/CA.pl.135
-rw-r--r--secure/usr.bin/openssl/man/asn1parse.143
-rw-r--r--secure/usr.bin/openssl/man/c_rehash.131
-rw-r--r--secure/usr.bin/openssl/man/ca.169
-rw-r--r--secure/usr.bin/openssl/man/ciphers.185
-rw-r--r--secure/usr.bin/openssl/man/cms.155
-rw-r--r--secure/usr.bin/openssl/man/crl.133
-rw-r--r--secure/usr.bin/openssl/man/crl2pkcs7.131
-rw-r--r--secure/usr.bin/openssl/man/dgst.158
-rw-r--r--secure/usr.bin/openssl/man/dhparam.135
-rw-r--r--secure/usr.bin/openssl/man/dsa.139
-rw-r--r--secure/usr.bin/openssl/man/dsaparam.133
-rw-r--r--secure/usr.bin/openssl/man/ec.147
-rw-r--r--secure/usr.bin/openssl/man/ecparam.141
-rw-r--r--secure/usr.bin/openssl/man/enc.135
-rw-r--r--secure/usr.bin/openssl/man/errstr.129
-rw-r--r--secure/usr.bin/openssl/man/gendsa.129
-rw-r--r--secure/usr.bin/openssl/man/genpkey.143
-rw-r--r--secure/usr.bin/openssl/man/genrsa.131
-rw-r--r--secure/usr.bin/openssl/man/nseq.129
-rw-r--r--secure/usr.bin/openssl/man/ocsp.140
-rw-r--r--secure/usr.bin/openssl/man/openssl.145
-rw-r--r--secure/usr.bin/openssl/man/passwd.129
-rw-r--r--secure/usr.bin/openssl/man/pkcs12.149
-rw-r--r--secure/usr.bin/openssl/man/pkcs7.131
-rw-r--r--secure/usr.bin/openssl/man/pkcs8.157
-rw-r--r--secure/usr.bin/openssl/man/pkey.135
-rw-r--r--secure/usr.bin/openssl/man/pkeyparam.129
-rw-r--r--secure/usr.bin/openssl/man/pkeyutl.141
-rw-r--r--secure/usr.bin/openssl/man/rand.129
-rw-r--r--secure/usr.bin/openssl/man/req.169
-rw-r--r--secure/usr.bin/openssl/man/rsa.141
-rw-r--r--secure/usr.bin/openssl/man/rsautl.133
-rw-r--r--secure/usr.bin/openssl/man/s_client.149
-rw-r--r--secure/usr.bin/openssl/man/s_server.147
-rw-r--r--secure/usr.bin/openssl/man/s_time.133
-rw-r--r--secure/usr.bin/openssl/man/sess_id.133
-rw-r--r--secure/usr.bin/openssl/man/smime.141
-rw-r--r--secure/usr.bin/openssl/man/speed.129
-rw-r--r--secure/usr.bin/openssl/man/spkac.143
-rw-r--r--secure/usr.bin/openssl/man/ts.165
-rw-r--r--secure/usr.bin/openssl/man/tsget.141
-rw-r--r--secure/usr.bin/openssl/man/verify.145
-rw-r--r--secure/usr.bin/openssl/man/version.129
-rw-r--r--secure/usr.bin/openssl/man/x509.1101
-rw-r--r--secure/usr.bin/openssl/man/x509v3_config.141
46 files changed, 1191 insertions, 765 deletions
diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1
index fd4461078a3e..9076fc99b09d 100644
--- a/secure/usr.bin/openssl/man/CA.pl.1
+++ b/secure/usr.bin/openssl/man/CA.pl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CA.PL 1"
-.TH CA.PL 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CA.PL 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -196,7 +205,7 @@ to standard output.
.IX Item "-signCA"
this option is the same as the \fB\-signreq\fR option except it uses the configuration
file section \fBv3_ca\fR and so makes the signed request a valid \s-1CA\s0 certificate. This
-is useful when creating intermediate \s-1CA\s0 from a root \s-1CA\s0.
+is useful when creating intermediate \s-1CA\s0 from a root \s-1CA.\s0
.IP "\fB\-signcert\fR" 4
.IX Item "-signcert"
this option is the same as \fB\-sign\fR except it expects a self signed certificate
@@ -216,7 +225,7 @@ Create a \s-1CA\s0 hierarchy:
\& CA.pl \-newca
.Ve
.PP
-Complete certificate creation example: create a \s-1CA\s0, create a request, sign
+Complete certificate creation example: create a \s-1CA,\s0 create a request, sign
the request and finally create a PKCS#12 file containing it.
.PP
.Vb 4
@@ -237,7 +246,7 @@ Create some \s-1DSA\s0 parameters:
\& openssl dsaparam \-out dsap.pem 1024
.Ve
.PP
-Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key:
+Create a \s-1DSA CA\s0 certificate and private key:
.PP
.Vb 1
\& openssl req \-x509 \-newkey dsa:dsap.pem \-keyout cacert.pem \-out cacert.pem
diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1
index b1a1b61dfe27..568b151fc05f 100644
--- a/secure/usr.bin/openssl/man/asn1parse.1
+++ b/secure/usr.bin/openssl/man/asn1parse.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ASN1PARSE 1"
-.TH ASN1PARSE 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ASN1PARSE 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -149,8 +158,8 @@ asn1parse \- ASN.1 parsing tool
[\fB\-genconf file\fR]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN\s0.1
-structures. It can also be used to extract data from \s-1ASN\s0.1 formatted data.
+The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN.1\s0
+structures. It can also be used to extract data from \s-1ASN.1\s0 formatted data.
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-inform\fR \fBDER|PEM\fR" 4
@@ -189,7 +198,7 @@ dump unknown data in hex format.
like \fB\-dump\fR, but only the first \fBnum\fR bytes are output.
.IP "\fB\-strparse offset\fR" 4
.IX Item "-strparse offset"
-parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This
+parse the contents octets of the \s-1ASN.1\s0 object starting at \fBoffset\fR. This
option can be used multiple times to \*(L"drill down\*(R" into a nested structure.
.IP "\fB\-genstr string\fR, \fB\-genconf file\fR" 4
.IX Item "-genstr string, -genconf file"
@@ -226,15 +235,15 @@ The output will typically contain lines like this:
.PP
This example is part of a self signed certificate. Each line starts with the
offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased
-within the scope of any \s-1SET\s0 or \s-1SEQUENCE\s0. \fBhl=XX\fR gives the header length
+within the scope of any \s-1SET\s0 or \s-1SEQUENCE. \s0\fBhl=XX\fR gives the header length
(tag and length octets) of the current type. \fBl=XX\fR gives the length of
the contents octets.
.PP
The \fB\-i\fR option can be used to make the output more readable.
.PP
-Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output.
+Some knowledge of the \s-1ASN.1\s0 structure is needed to interpret the output.
.PP
-In this example the \s-1BIT\s0 \s-1STRING\s0 at offset 229 is the certificate public key.
+In this example the \s-1BIT STRING\s0 at offset 229 is the certificate public key.
The contents octets of this will contain the public key information. This can
be examined using the option \fB\-strparse 229\fR to yield:
.PP
@@ -299,7 +308,7 @@ Example config file:
.SH "BUGS"
.IX Header "BUGS"
There should be options to change the format of output lines. The output of some
-\&\s-1ASN\s0.1 types is not well handled (if at all).
+\&\s-1ASN.1\s0 types is not well handled (if at all).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIASN1_generate_nconf\fR\|(3)
diff --git a/secure/usr.bin/openssl/man/c_rehash.1 b/secure/usr.bin/openssl/man/c_rehash.1
index 83735ede3320..cd69a9f3a3b0 100644
--- a/secure/usr.bin/openssl/man/c_rehash.1
+++ b/secure/usr.bin/openssl/man/c_rehash.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "C_REHASH 1"
-.TH C_REHASH 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH C_REHASH 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -166,7 +175,7 @@ full \s-1SHA\-1\s0 fingerprint. A warning will be displayed if a duplicate
is found.
.PP
A warning will also be displayed if there are \fB.pem\fR files that
-cannot be parsed as either a certificate or a \s-1CRL\s0.
+cannot be parsed as either a certificate or a \s-1CRL.\s0
.PP
The program uses the \fBopenssl\fR program to compute the hashes and
fingerprints. If not found in the user's \fB\s-1PATH\s0\fR, then set the
diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1
index f28f6369bc20..86fdd3f741d5 100644
--- a/secure/usr.bin/openssl/man/ca.1
+++ b/secure/usr.bin/openssl/man/ca.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CA 1"
-.TH CA 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CA 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -196,14 +205,14 @@ specifies the configuration file section to use (overrides
.IP "\fB\-in filename\fR" 4
.IX Item "-in filename"
an input filename containing a single certificate request to be
-signed by the \s-1CA\s0.
+signed by the \s-1CA.\s0
.IP "\fB\-ss_cert filename\fR" 4
.IX Item "-ss_cert filename"
-a single self signed certificate to be signed by the \s-1CA\s0.
+a single self signed certificate to be signed by the \s-1CA.\s0
.IP "\fB\-spkac filename\fR" 4
.IX Item "-spkac filename"
a file containing a single Netscape signed public key and challenge
-and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1SPKAC\s0 \s-1FORMAT\s0\fR
+and additional field values to be signed by the \s-1CA.\s0 See the \fB\s-1SPKAC FORMAT\s0\fR
section for information on the required input and output format.
.IP "\fB\-infiles\fR" 4
.IX Item "-infiles"
@@ -228,7 +237,7 @@ the private key to sign requests with.
.IP "\fB\-keyform PEM|DER\fR" 4
.IX Item "-keyform PEM|DER"
the format of the data in the private key file.
-The default is \s-1PEM\s0.
+The default is \s-1PEM.\s0
.IP "\fB\-key password\fR" 4
.IX Item "-key password"
the password used to encrypt the private key. Since on some
@@ -250,7 +259,7 @@ self-signed certificate.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-verbose\fR" 4
.IX Item "-verbose"
this prints extra details about the operations being performed.
@@ -260,11 +269,11 @@ don't output the text form of a certificate to the output file.
.IP "\fB\-startdate date\fR" 4
.IX Item "-startdate date"
this allows the start date to be explicitly set. The format of the
-date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure).
+date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure).
.IP "\fB\-enddate date\fR" 4
.IX Item "-enddate date"
this allows the expiry date to be explicitly set. The format of the
-date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure).
+date is \s-1YYMMDDHHMMSSZ \s0(the same as an \s-1ASN1\s0 UTCTime structure).
.IP "\fB\-days arg\fR" 4
.IX Item "-days arg"
the number of days to certify the certificate for.
@@ -274,9 +283,9 @@ the message digest to use. Possible values include md5, sha1 and mdc2.
This option also applies to CRLs.
.IP "\fB\-policy arg\fR" 4
.IX Item "-policy arg"
-this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in
+this option defines the \s-1CA \s0\*(L"policy\*(R" to use. This is a section in
the configuration file which decides which fields should be mandatory
-or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section
+or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY FORMAT\s0\fR section
for more information.
.IP "\fB\-msie_hack\fR" 4
.IX Item "-msie_hack"
@@ -295,7 +304,7 @@ DNs match the order of the request. This is not needed for Xenroll.
.IP "\fB\-noemailDN\fR" 4
.IX Item "-noemailDN"
The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the
-request \s-1DN\s0, however it is good policy just having the e\-mail set into
+request \s-1DN,\s0 however it is good policy just having the e\-mail set into
the altName extension of the certificate. When this option is set the
\&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in
the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be
@@ -332,7 +341,7 @@ characters may be escaped by \e (backslash), no spaces are skipped.
.IP "\fB\-utf8\fR" 4
.IX Item "-utf8"
this option causes field values to be interpreted as \s-1UTF8\s0 strings, by
-default they are interpreted as \s-1ASCII\s0. This means that the field
+default they are interpreted as \s-1ASCII.\s0 This means that the field
values, whether prompted from a terminal or obtained from a
configuration file, must be valid \s-1UTF8\s0 strings.
.IP "\fB\-multivalue\-rdn\fR" 4
@@ -377,7 +386,7 @@ in delta CRLs which are not currently implemented.
.IP "\fB\-crl_hold instruction\fR" 4
.IX Item "-crl_hold instruction"
This sets the \s-1CRL\s0 revocation reason code to \fBcertificateHold\fR and the hold
-instruction to \fBinstruction\fR which must be an \s-1OID\s0. Although any \s-1OID\s0 can be
+instruction to \fBinstruction\fR which must be an \s-1OID.\s0 Although any \s-1OID\s0 can be
used only \fBholdInstructionNone\fR (the use of which is discouraged by \s-1RFC2459\s0)
\&\fBholdInstructionCallIssuer\fR or \fBholdInstructionReject\fR will normally be used.
.IP "\fB\-crl_compromise time\fR" 4
@@ -407,8 +416,8 @@ be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section
of the configuration file (or in the default section of the
configuration file). Besides \fBdefault_ca\fR, the following options are
read directly from the \fBca\fR section:
- \s-1RANDFILE\s0
- preserve
+ \s-1RANDFILE
+\&\s0 preserve
msie_hack
With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may
change in future releases.
@@ -421,7 +430,7 @@ the configuration file or the command line equivalent (if
any) used.
.IP "\fBoid_file\fR" 4
.IX Item "oid_file"
-This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR.
+This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR.
Each line of the file should consist of the numerical form of the
object identifier followed by white space then the short name followed
by white space and finally the long name.
@@ -464,7 +473,7 @@ present.
.IX Item "default_crl_hours default_crl_days"
the same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These
will only be used if neither command line option is present. At
-least one of these must be present to generate a \s-1CRL\s0.
+least one of these must be present to generate a \s-1CRL.\s0
.IP "\fBdefault_md\fR" 4
.IX Item "default_md"
the same as the \fB\-md\fR option. The message digest to use. Mandatory.
@@ -503,13 +512,13 @@ the same as \fB\-preserveDN\fR
.IX Item "email_in_dn"
the same as \fB\-noemailDN\fR. If you want the \s-1EMAIL\s0 field to be removed
from the \s-1DN\s0 of the certificate simply set this to 'no'. If not present
-the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN\s0.
+the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN.\s0
.IP "\fBmsie_hack\fR" 4
.IX Item "msie_hack"
the same as \fB\-msie_hack\fR
.IP "\fBpolicy\fR" 4
.IX Item "policy"
-the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section
+the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY FORMAT\s0\fR section
for more information.
.IP "\fBname_opt\fR, \fBcert_opt\fR" 4
.IX Item "name_opt, cert_opt"
@@ -701,7 +710,7 @@ exposed at either a command or interface level so a more friendly utility
.PP
Any fields in a request that are not present in a policy are silently
deleted. This does not happen if the \fB\-preserveDN\fR option is used. To
-enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN\s0, as suggested by
+enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN,\s0 as suggested by
RFCs, regardless the contents of the request' subject the \fB\-noemailDN\fR
option can be used. The behaviour should be more friendly and
configurable.
@@ -713,7 +722,7 @@ create an empty file.
The \fBca\fR command is quirky and at times downright unfriendly.
.PP
The \fBca\fR utility was originally meant as an example of how to do things
-in a \s-1CA\s0. It was not supposed to be used as a full blown \s-1CA\s0 itself:
+in a \s-1CA.\s0 It was not supposed to be used as a full blown \s-1CA\s0 itself:
nevertheless some people are using it for this purpose.
.PP
The \fBca\fR command is effectively a single user command: no locking is
diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1
index b46cf88cbf4a..c2dfe43af9ed 100644
--- a/secure/usr.bin/openssl/man/ciphers.1
+++ b/secure/usr.bin/openssl/man/ciphers.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CIPHERS 1"
-.TH CIPHERS 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CIPHERS 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -191,7 +200,7 @@ algorithms.
.PP
Lists of cipher suites can be combined in a single cipher string using the
\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example
-\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0
+\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1 \s0\fBand\fR the \s-1DES\s0
algorithms.
.PP
Each cipher string can be optionally preceded by the characters \fB!\fR,
@@ -258,7 +267,7 @@ export encryption algorithms. Including 40 and 56 bits algorithms.
with support for experimental ciphers.
.IP "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4
.IX Item "eNULL, NULL"
-the \*(L"\s-1NULL\s0\*(R" ciphers that is those offering no encryption. Because these offer no
+the \*(L"\s-1NULL\*(R"\s0 ciphers that is those offering no encryption. Because these offer no
encryption at all and are a security risk they are disabled unless explicitly
included.
.IP "\fBaNULL\fR" 4
@@ -283,10 +292,10 @@ cipher suites using authenticated ephemeral \s-1DH\s0 key agreement.
.IP "\fB\s-1ADH\s0\fR" 4
.IX Item "ADH"
anonymous \s-1DH\s0 cipher suites, note that this does not include anonymous Elliptic
-Curve \s-1DH\s0 (\s-1ECDH\s0) cipher suites.
+Curve \s-1DH \s0(\s-1ECDH\s0) cipher suites.
.IP "\fB\s-1DH\s0\fR" 4
.IX Item "DH"
-cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0, ephemeral \s-1DH\s0 and fixed \s-1DH\s0.
+cipher suites using \s-1DH,\s0 including anonymous \s-1DH,\s0 ephemeral \s-1DH\s0 and fixed \s-1DH.\s0
.IP "\fBkECDHr\fR, \fBkECDHe\fR, \fBkECDH\fR" 4
.IX Item "kECDHr, kECDHe, kECDH"
cipher suites using fixed \s-1ECDH\s0 key agreement signed by CAs with \s-1RSA\s0 and \s-1ECDSA\s0
@@ -304,7 +313,7 @@ anonymous Elliptic Curve Diffie Hellman cipher suites.
.IP "\fB\s-1ECDH\s0\fR" 4
.IX Item "ECDH"
cipher suites using \s-1ECDH\s0 key exchange, including anonymous, ephemeral and
-fixed \s-1ECDH\s0.
+fixed \s-1ECDH.\s0
.IP "\fBaRSA\fR" 4
.IX Item "aRSA"
cipher suites using \s-1RSA\s0 authentication, i.e. the certificates carry \s-1RSA\s0 keys.
@@ -333,62 +342,62 @@ ciphers suites using \s-1FORTEZZA\s0 key exchange, authentication, encryption or
there are no ciphersuites specific to \s-1TLS\s0 v1.1.
.IP "\fB\s-1AES128\s0\fR, \fB\s-1AES256\s0\fR, \fB\s-1AES\s0\fR" 4
.IX Item "AES128, AES256, AES"
-cipher suites using 128 bit \s-1AES\s0, 256 bit \s-1AES\s0 or either 128 or 256 bit \s-1AES\s0.
+cipher suites using 128 bit \s-1AES, 256\s0 bit \s-1AES\s0 or either 128 or 256 bit \s-1AES.\s0
.IP "\fB\s-1AESGCM\s0\fR" 4
.IX Item "AESGCM"
\&\s-1AES\s0 in Galois Counter Mode (\s-1GCM\s0): these ciphersuites are only supported
in \s-1TLS\s0 v1.2.
.IP "\fB\s-1CAMELLIA128\s0\fR, \fB\s-1CAMELLIA256\s0\fR, \fB\s-1CAMELLIA\s0\fR" 4
.IX Item "CAMELLIA128, CAMELLIA256, CAMELLIA"
-cipher suites using 128 bit \s-1CAMELLIA\s0, 256 bit \s-1CAMELLIA\s0 or either 128 or 256 bit
-\&\s-1CAMELLIA\s0.
+cipher suites using 128 bit \s-1CAMELLIA, 256\s0 bit \s-1CAMELLIA\s0 or either 128 or 256 bit
+\&\s-1CAMELLIA.\s0
.IP "\fB3DES\fR" 4
.IX Item "3DES"
-cipher suites using triple \s-1DES\s0.
+cipher suites using triple \s-1DES.\s0
.IP "\fB\s-1DES\s0\fR" 4
.IX Item "DES"
-cipher suites using \s-1DES\s0 (not triple \s-1DES\s0).
+cipher suites using \s-1DES \s0(not triple \s-1DES\s0).
.IP "\fB\s-1RC4\s0\fR" 4
.IX Item "RC4"
-cipher suites using \s-1RC4\s0.
+cipher suites using \s-1RC4.\s0
.IP "\fB\s-1RC2\s0\fR" 4
.IX Item "RC2"
-cipher suites using \s-1RC2\s0.
+cipher suites using \s-1RC2.\s0
.IP "\fB\s-1IDEA\s0\fR" 4
.IX Item "IDEA"
-cipher suites using \s-1IDEA\s0.
+cipher suites using \s-1IDEA.\s0
.IP "\fB\s-1SEED\s0\fR" 4
.IX Item "SEED"
-cipher suites using \s-1SEED\s0.
+cipher suites using \s-1SEED.\s0
.IP "\fB\s-1MD5\s0\fR" 4
.IX Item "MD5"
-cipher suites using \s-1MD5\s0.
+cipher suites using \s-1MD5.\s0
.IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4
.IX Item "SHA1, SHA"
-cipher suites using \s-1SHA1\s0.
+cipher suites using \s-1SHA1.\s0
.IP "\fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR" 4
.IX Item "SHA256, SHA384"
-ciphersuites using \s-1SHA256\s0 or \s-1SHA384\s0.
+ciphersuites using \s-1SHA256\s0 or \s-1SHA384.\s0
.IP "\fBaGOST\fR" 4
.IX Item "aGOST"
-cipher suites using \s-1GOST\s0 R 34.10 (either 2001 or 94) for authenticaction
+cipher suites using \s-1GOST R 34.10 \s0(either 2001 or 94) for authenticaction
(needs an engine supporting \s-1GOST\s0 algorithms).
.IP "\fBaGOST01\fR" 4
.IX Item "aGOST01"
-cipher suites using \s-1GOST\s0 R 34.10\-2001 authentication.
+cipher suites using \s-1GOST R 34.10\-2001\s0 authentication.
.IP "\fBaGOST94\fR" 4
.IX Item "aGOST94"
-cipher suites using \s-1GOST\s0 R 34.10\-94 authentication (note that R 34.10\-94
-standard has been expired so use \s-1GOST\s0 R 34.10\-2001)
+cipher suites using \s-1GOST R 34.10\-94\s0 authentication (note that R 34.10\-94
+standard has been expired so use \s-1GOST R 34.10\-2001\s0)
.IP "\fBkGOST\fR" 4
.IX Item "kGOST"
-cipher suites, using \s-1VKO\s0 34.10 key exchange, specified in the \s-1RFC\s0 4357.
+cipher suites, using \s-1VKO 34.10\s0 key exchange, specified in the \s-1RFC 4357.\s0
.IP "\fB\s-1GOST94\s0\fR" 4
.IX Item "GOST94"
-cipher suites, using \s-1HMAC\s0 based on \s-1GOST\s0 R 34.11\-94.
+cipher suites, using \s-1HMAC\s0 based on \s-1GOST R 34.11\-94.\s0
.IP "\fB\s-1GOST89MAC\s0\fR" 4
.IX Item "GOST89MAC"
-cipher suites using \s-1GOST\s0 28147\-89 \s-1MAC\s0 \fBinstead of\fR \s-1HMAC\s0.
+cipher suites using \s-1GOST 28147\-89 MAC \s0\fBinstead of\fR \s-1HMAC.\s0
.IP "\fB\s-1PSK\s0\fR" 4
.IX Item "PSK"
cipher suites using pre-shared keys (\s-1PSK\s0).
@@ -397,7 +406,7 @@ cipher suites using pre-shared keys (\s-1PSK\s0).
The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the
relevant specification and their OpenSSL equivalents. It should be noted,
that several cipher suite names do not include the authentication used,
-e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used.
+e.g. \s-1DES\-CBC3\-SHA.\s0 In these cases, \s-1RSA\s0 authentication is used.
.SS "\s-1SSL\s0 v3.0 cipher suites."
.IX Subsection "SSL v3.0 cipher suites."
.Vb 10
@@ -468,7 +477,7 @@ e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used.
\& TLS_DH_anon_WITH_DES_CBC_SHA ADH\-DES\-CBC\-SHA
\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA
.Ve
-.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0"
+.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268,\s0 extending \s-1TLS\s0 v1.0"
.IX Subsection "AES ciphersuites from RFC3268, extending TLS v1.0"
.Vb 2
\& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA
@@ -487,7 +496,7 @@ e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used.
\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA
\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA
.Ve
-.SS "Camellia ciphersuites from \s-1RFC4132\s0, extending \s-1TLS\s0 v1.0"
+.SS "Camellia ciphersuites from \s-1RFC4132,\s0 extending \s-1TLS\s0 v1.0"
.IX Subsection "Camellia ciphersuites from RFC4132, extending TLS v1.0"
.Vb 2
\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA
@@ -506,7 +515,7 @@ e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used.
\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA
\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA
.Ve
-.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162\s0, extending \s-1TLS\s0 v1.0"
+.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162,\s0 extending \s-1TLS\s0 v1.0"
.IX Subsection "SEED ciphersuites from RFC4162, extending TLS v1.0"
.Vb 1
\& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA
diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1
index 2c396844494f..13c27025976f 100644
--- a/secure/usr.bin/openssl/man/cms.1
+++ b/secure/usr.bin/openssl/man/cms.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CMS 1"
-.TH CMS 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CMS 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -231,29 +240,29 @@ takes an input message and writes out a \s-1PEM\s0 encoded \s-1CMS\s0 structure.
resign a message: take an existing message and one or more new signers.
.IP "\fB\-data_create\fR" 4
.IX Item "-data_create"
-Create a \s-1CMS\s0 \fBData\fR type.
+Create a \s-1CMS \s0\fBData\fR type.
.IP "\fB\-data_out\fR" 4
.IX Item "-data_out"
\&\fBData\fR type and output the content.
.IP "\fB\-digest_create\fR" 4
.IX Item "-digest_create"
-Create a \s-1CMS\s0 \fBDigestedData\fR type.
+Create a \s-1CMS \s0\fBDigestedData\fR type.
.IP "\fB\-digest_verify\fR" 4
.IX Item "-digest_verify"
-Verify a \s-1CMS\s0 \fBDigestedData\fR type and output the content.
+Verify a \s-1CMS \s0\fBDigestedData\fR type and output the content.
.IP "\fB\-compress\fR" 4
.IX Item "-compress"
-Create a \s-1CMS\s0 \fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR
+Create a \s-1CMS \s0\fBCompressedData\fR type. OpenSSL must be compiled with \fBzlib\fR
support for this option to work, otherwise it will output an error.
.IP "\fB\-uncompress\fR" 4
.IX Item "-uncompress"
-Uncompress a \s-1CMS\s0 \fBCompressedData\fR type and output the content. OpenSSL must be
+Uncompress a \s-1CMS \s0\fBCompressedData\fR type and output the content. OpenSSL must be
compiled with \fBzlib\fR support for this option to work, otherwise it will
output an error.
.IP "\fB\-EncryptedData_encrypt\fR" 4
.IX Item "-EncryptedData_encrypt"
-Encrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0
-\&\fBEncrytedData\fR type and output the content.
+Encrypt content using supplied symmetric key and algorithm using a \s-1CMS
+\&\s0\fBEncrytedData\fR type and output the content.
.IP "\fB\-sign_receipt\fR" 4
.IX Item "-sign_receipt"
Generate and output a signed receipt for the supplied message. The input
@@ -316,7 +325,7 @@ is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type.
.IX Item "-text"
this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of \s-1MIME\s0
+off text headers: if the decrypted or verified message is not of \s-1MIME \s0
type text/plain then an error occurs.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
@@ -342,8 +351,8 @@ digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
.IP "\fB\-[cipher]\fR" 4
.IX Item "-[cipher]"
-the encryption algorithm to use. For example triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR
-or 256 bit \s-1AES\s0 \- \fB\-aes256\fR. Any standard algorithm name (as used by the
+the encryption algorithm to use. For example triple \s-1DES \s0(168 bits) \- \fB\-des3\fR
+or 256 bit \s-1AES \- \s0\fB\-aes256\fR. Any standard algorithm name (as used by the
\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
example \fB\-aes_128_cbc\fR. See \fBenc\fR for a list of ciphers
supported by your version of OpenSSL.
@@ -455,7 +464,7 @@ multiple times to specify successive keys.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-rand file(s)\fR" 4
.IX Item "-rand file(s)"
a file or files containing random data used to seed the random number
@@ -508,12 +517,12 @@ signer using the same message digest or this operation will fail.
.PP
The \fB\-stream\fR and \fB\-indef\fR options enable experimental streaming I/O support.
As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding
-and no longer \s-1DER\s0. Streaming is supported for the \fB\-encrypt\fR operation and the
+and no longer \s-1DER.\s0 Streaming is supported for the \fB\-encrypt\fR operation and the
\&\fB\-sign\fR operation if the content is not detached.
.PP
Streaming is always used for the \fB\-sign\fR operation with detached data but
since the content is no longer part of the \s-1CMS\s0 structure the encoding
-remains \s-1DER\s0.
+remains \s-1DER.\s0
.PP
If the \fB\-decrypt\fR option is used without a recipient certificate then an
attempt is made to locate the recipient by trying each potential recipient
diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1
index 79bed6413f73..93f6916fdeed 100644
--- a/secure/usr.bin/openssl/man/crl.1
+++ b/secure/usr.bin/openssl/man/crl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CRL 1"
-.TH CRL 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CRL 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -178,7 +187,7 @@ option which determines how the subject or issuer names are displayed. See
the description of \fB\-nameopt\fR in \fIx509\fR\|(1).
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
-don't output the encoded version of the \s-1CRL\s0.
+don't output the encoded version of the \s-1CRL.\s0
.IP "\fB\-hash\fR" 4
.IX Item "-hash"
output a hash of the issuer name. This can be use to lookup CRLs in
@@ -208,7 +217,7 @@ is a hash of each subject name (using \fBx509 \-hash\fR) should be linked
to each certificate.
.SH "NOTES"
.IX Header "NOTES"
-The \s-1PEM\s0 \s-1CRL\s0 format uses the header and footer lines:
+The \s-1PEM CRL\s0 format uses the header and footer lines:
.PP
.Vb 2
\& \-\-\-\-\-BEGIN X509 CRL\-\-\-\-\-
diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1
index 7e430eaee425..15854ef5bcde 100644
--- a/secure/usr.bin/openssl/man/crl2pkcs7.1
+++ b/secure/usr.bin/openssl/man/crl2pkcs7.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "CRL2PKCS7 1"
-.TH CRL2PKCS7 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH CRL2PKCS7 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -193,7 +202,7 @@ different certificates:
.SH "NOTES"
.IX Header "NOTES"
The output file is a PKCS#7 signed data structure containing no signers and
-just certificates and an optional \s-1CRL\s0.
+just certificates and an optional \s-1CRL.\s0
.PP
This utility can be used to send certificates and CAs to Netscape as part of
the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output
diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1
index 42e5acc58f28..c319e636b2a9 100644
--- a/secure/usr.bin/openssl/man/dgst.1
+++ b/secure/usr.bin/openssl/man/dgst.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DGST 1"
-.TH DGST 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DGST 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -140,6 +149,8 @@ dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5,
[\fB\-hex\fR]
[\fB\-binary\fR]
[\fB\-r\fR]
+[\fB\-hmac arg\fR]
+[\fB\-non\-fips\-allow\fR]
[\fB\-out filename\fR]
[\fB\-sign filename\fR]
[\fB\-keyform arg\fR]
@@ -180,6 +191,13 @@ output the digest or signature in binary form.
.IP "\fB\-r\fR" 4
.IX Item "-r"
output the digest in the \*(L"coreutils\*(R" format used by programs like \fBsha1sum\fR.
+.IP "\fB\-hmac arg\fR" 4
+.IX Item "-hmac arg"
+set the \s-1HMAC\s0 key to \*(L"arg\*(R".
+.IP "\fB\-non\-fips\-allow\fR" 4
+.IX Item "-non-fips-allow"
+Allow use of non \s-1FIPS\s0 digest when in \s-1FIPS\s0 mode. This has no effect when not in
+\&\s-1FIPS\s0 mode.
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
filename to output to, or standard output by default.
@@ -188,7 +206,7 @@ filename to output to, or standard output by default.
digitally sign the digest using the private key in \*(L"filename\*(R".
.IP "\fB\-keyform arg\fR" 4
.IX Item "-keyform arg"
-Specifies the key format to sign digest with. The \s-1DER\s0, \s-1PEM\s0, P12,
+Specifies the key format to sign digest with. The \s-1DER, PEM, P12,\s0
and \s-1ENGINE\s0 formats are supported.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
@@ -202,11 +220,11 @@ Names and values of these options are algorithm-specific.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-verify filename\fR" 4
.IX Item "-verify filename"
verify the signature using the public key in \*(L"filename\*(R".
-The output is either \*(L"Verification \s-1OK\s0\*(R" or \*(L"Verification Failure\*(R".
+The output is either \*(L"Verification \s-1OK\*(R"\s0 or \*(L"Verification Failure\*(R".
.IP "\fB\-prverify filename\fR" 4
.IX Item "-prverify filename"
verify the signature using the private key in \*(L"filename\*(R".
@@ -218,8 +236,8 @@ the actual signature to verify.
create a hashed \s-1MAC\s0 using \*(L"key\*(R".
.IP "\fB\-mac alg\fR" 4
.IX Item "-mac alg"
-create \s-1MAC\s0 (keyed Message Authentication Code). The most popular \s-1MAC\s0
-algorithm is \s-1HMAC\s0 (hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms
+create \s-1MAC \s0(keyed Message Authentication Code). The most popular \s-1MAC\s0
+algorithm is \s-1HMAC \s0(hash-based \s-1MAC\s0), but there are other \s-1MAC\s0 algorithms
which are not based on hash, for instance \fBgost-mac\fR algorithm,
supported by \fBccgost\fR engine. \s-1MAC\s0 keys and other options should be set
via \fB\-macopt\fR parameter.
@@ -273,17 +291,17 @@ To verify a signature:
file.txt
.SH "NOTES"
.IX Header "NOTES"
-The digest of choice for all new applications is \s-1SHA1\s0. Other digests are
+The digest of choice for all new applications is \s-1SHA1.\s0 Other digests are
however still widely used.
.PP
When signing a file, \fBdgst\fR will automatically determine the algorithm
-(\s-1RSA\s0, \s-1ECC\s0, etc) to use for signing based on the private key's \s-1ASN\s0.1 info.
-When verifying signatures, it only handles the \s-1RSA\s0, \s-1DSA\s0, or \s-1ECDSA\s0 signature
+(\s-1RSA, ECC,\s0 etc) to use for signing based on the private key's \s-1ASN.1\s0 info.
+When verifying signatures, it only handles the \s-1RSA, DSA,\s0 or \s-1ECDSA\s0 signature
itself, not the related data to identify the signer and algorithm used in
-formats such as x.509, \s-1CMS\s0, and S/MIME.
+formats such as x.509, \s-1CMS,\s0 and S/MIME.
.PP
A source of random numbers is required for certain signing algorithms, in
-particular \s-1ECDSA\s0 and \s-1DSA\s0.
+particular \s-1ECDSA\s0 and \s-1DSA.\s0
.PP
The signing and verify options should only be used if a single file is
being signed or verified.
diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1
index 77d469c579b6..cf0be318106d 100644
--- a/secure/usr.bin/openssl/man/dhparam.1
+++ b/secure/usr.bin/openssl/man/dhparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DHPARAM 1"
-.TH DHPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DHPARAM 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,7 +164,7 @@ This command is used to manipulate \s-1DH\s0 parameter files.
.IX Header "OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
form compatible with the PKCS#3 DHparameter structure. The \s-1PEM\s0 form is the
default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with
additional header and footer lines.
@@ -234,8 +243,8 @@ versions of OpenSSL.
\& \-\-\-\-\-END DH PARAMETERS\-\-\-\-\-
.Ve
.PP
-OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42
-\&\s-1DH\s0.
+OpenSSL currently only supports the older PKCS#3 \s-1DH,\s0 not the newer X9.42
+\&\s-1DH.\s0
.PP
This program manipulates \s-1DH\s0 parameters not keys.
.SH "BUGS"
diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1
index 99097471707d..63c2fbd1d40a 100644
--- a/secure/usr.bin/openssl/man/dsa.1
+++ b/secure/usr.bin/openssl/man/dsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSA 1"
-.TH DSA 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSA 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -166,10 +175,10 @@ applications should use the more secure PKCS#8 format using the \fBpkcs8\fR
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses
-an \s-1ASN1\s0 \s-1DER\s0 encoded form of an \s-1ASN\s0.1 \s-1SEQUENCE\s0 consisting of the values of
+an \s-1ASN1 DER\s0 encoded form of an \s-1ASN.1 SEQUENCE\s0 consisting of the values of
version (currently zero), p, q, g, the public and private key components
-respectively as \s-1ASN\s0.1 INTEGERs. When used with a public key it uses a
-SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA\s0.
+respectively as \s-1ASN.1\s0 INTEGERs. When used with a public key it uses a
+SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA.\s0
.Sp
The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
encoded with additional header and footer lines. In the case of a private key
@@ -186,7 +195,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output by
@@ -196,7 +205,7 @@ filename.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4
.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea"
These options encrypt the private key with the specified
diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1
index f0bdb753063b..2a5ca6154d01 100644
--- a/secure/usr.bin/openssl/man/dsaparam.1
+++ b/secure/usr.bin/openssl/man/dsaparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "DSAPARAM 1"
-.TH DSAPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH DSAPARAM 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,8 +161,8 @@ This command is used to manipulate or generate \s-1DSA\s0 parameter files.
.IX Header "OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
-form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
+form compatible with \s-1RFC2459 \s0(\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting
of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists
of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines.
.IP "\fB\-outform DER|PEM\fR" 4
diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1
index f3e2749c322f..97afab5665f3 100644
--- a/secure/usr.bin/openssl/man/ec.1
+++ b/secure/usr.bin/openssl/man/ec.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "EC 1"
-.TH EC 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH EC 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,7 +164,7 @@ ec \- EC key processing
.IX Header "DESCRIPTION"
The \fBec\fR command processes \s-1EC\s0 keys. They can be converted between various
forms and their components printed out. \fBNote\fR OpenSSL uses the
-private key format specified in '\s-1SEC\s0 1: Elliptic Curve Cryptography'
+private key format specified in '\s-1SEC 1:\s0 Elliptic Curve Cryptography'
(http://www.secg.org/). To convert a OpenSSL \s-1EC\s0 private key into the
PKCS#8 private key format use the \fBpkcs8\fR command.
.SH "COMMAND OPTIONS"
@@ -163,8 +172,8 @@ PKCS#8 private key format use the \fBpkcs8\fR command.
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses
-an \s-1ASN\s0.1 \s-1DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it
-uses the SubjectPublicKeyInfo structure as specified in \s-1RFC\s0 3280.
+an \s-1ASN.1 DER\s0 encoded \s-1SEC1\s0 private key. When used with a public key it
+uses the SubjectPublicKeyInfo structure as specified in \s-1RFC 3280.\s0
The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
encoded with additional header and footer lines. In the case of a private key
PKCS#8 format is also accepted.
@@ -180,7 +189,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output by
@@ -190,10 +199,10 @@ filename.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-des|\-des3|\-idea\fR" 4
.IX Item "-des|-des3|-idea"
-These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, \s-1IDEA\s0 or
+These options encrypt the private key with the \s-1DES,\s0 triple \s-1DES, IDEA\s0 or
any other cipher supported by OpenSSL before outputting it. A pass phrase is
prompted for.
If none of these options is specified the key is written in plain text. This
@@ -232,10 +241,10 @@ the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time.
.IX Item "-param_enc arg"
This specifies how the elliptic curve parameters are encoded.
Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are
-specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are
-explicitly given (see \s-1RFC\s0 3279 for the definition of the
+specified by a \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are
+explicitly given (see \s-1RFC 3279\s0 for the definition of the
\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR.
-\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279,
+\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC 3279,\s0
is currently not implemented in OpenSSL.
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1
index d8124b9b6aaa..5b0b3a28582e 100644
--- a/secure/usr.bin/openssl/man/ecparam.1
+++ b/secure/usr.bin/openssl/man/ecparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ECPARAM 1"
-.TH ECPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ECPARAM 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -157,8 +166,8 @@ This command is used to manipulate or generate \s-1EC\s0 parameter files.
.IX Header "OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN\s0.1 \s-1DER\s0 encoded
-form compatible with \s-1RFC\s0 3279 EcpkParameters. The \s-1PEM\s0 form is the default
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN.1 DER\s0 encoded
+form compatible with \s-1RFC 3279\s0 EcpkParameters. The \s-1PEM\s0 form is the default
format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with additional
header and footer lines.
.IP "\fB\-outform DER|PEM\fR" 4
@@ -208,15 +217,15 @@ the preprocessor macro \fB\s-1OPENSSL_EC_BIN_PT_COMP\s0\fR at compile time.
.IX Item "-param_enc arg"
This specifies how the elliptic curve parameters are encoded.
Possible value are: \fBnamed_curve\fR, i.e. the ec parameters are
-specified by a \s-1OID\s0, or \fBexplicit\fR where the ec parameters are
-explicitly given (see \s-1RFC\s0 3279 for the definition of the
+specified by a \s-1OID,\s0 or \fBexplicit\fR where the ec parameters are
+explicitly given (see \s-1RFC 3279\s0 for the definition of the
\&\s-1EC\s0 parameters structures). The default value is \fBnamed_curve\fR.
-\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC\s0 3279,
+\&\fBNote\fR the \fBimplicitlyCA\fR alternative ,as specified in \s-1RFC 3279,\s0
is currently not implemented in OpenSSL.
.IP "\fB\-no_seed\fR" 4
.IX Item "-no_seed"
This option inhibits that the 'seed' for the parameter generation
-is included in the ECParameters structure (see \s-1RFC\s0 3279).
+is included in the ECParameters structure (see \s-1RFC 3279\s0).
.IP "\fB\-genkey\fR" 4
.IX Item "-genkey"
This option will generate a \s-1EC\s0 private key using the specified parameters.
diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1
index 941bed56f360..fa609d0f3b0e 100644
--- a/secure/usr.bin/openssl/man/enc.1
+++ b/secure/usr.bin/openssl/man/enc.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ENC 1"
-.TH ENC 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ENC 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -174,13 +183,13 @@ the output filename, standard output by default.
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
the password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-salt\fR" 4
.IX Item "-salt"
use a salt in the key derivation routines. This is the default.
.IP "\fB\-nosalt\fR" 4
.IX Item "-nosalt"
-don't use a salt in the key derivation routines. This option \fB\s-1SHOULD\s0 \s-1NOT\s0\fR be
+don't use a salt in the key derivation routines. This option \fB\s-1SHOULD NOT\s0\fR be
used except for test purposes or compatibility with ancient versions of OpenSSL
and SSLeay.
.IP "\fB\-e\fR" 4
@@ -312,7 +321,7 @@ list of ciphers, supported by your versesion of OpenSSL, including
ones provided by configured engines.
.PP
The \fBenc\fR program does not support authenticated encryption modes
-like \s-1CCM\s0 and \s-1GCM\s0. The utility does not store or retrieve the
+like \s-1CCM\s0 and \s-1GCM.\s0 The utility does not store or retrieve the
authentication tag.
.PP
.Vb 1
diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1
index 2cdc01f5f5f6..c153ba302d55 100644
--- a/secure/usr.bin/openssl/man/errstr.1
+++ b/secure/usr.bin/openssl/man/errstr.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "ERRSTR 1"
-.TH ERRSTR 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH ERRSTR 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1
index ae95cefaec68..093c77e80e84 100644
--- a/secure/usr.bin/openssl/man/gendsa.1
+++ b/secure/usr.bin/openssl/man/gendsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "GENDSA 1"
-.TH GENDSA 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH GENDSA 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1
index 1c56f39ab362..d978c942f5c8 100644
--- a/secure/usr.bin/openssl/man/genpkey.1
+++ b/secure/usr.bin/openssl/man/genpkey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "GENPKEY 1"
-.TH GENPKEY 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH GENPKEY 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,11 +164,11 @@ the output filename. If this argument is not specified then standard output is
used.
.IP "\fB\-outform DER|PEM\fR" 4
.IX Item "-outform DER|PEM"
-This specifies the output format \s-1DER\s0 or \s-1PEM\s0.
+This specifies the output format \s-1DER\s0 or \s-1PEM.\s0
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-cipher\fR" 4
.IX Item "-cipher"
This option encrypts the private key with the supplied cipher. Any algorithm
@@ -173,14 +182,14 @@ for all available algorithms. If used this option should precede all other
options.
.IP "\fB\-algorithm alg\fR" 4
.IX Item "-algorithm alg"
-public key algorithm to use such as \s-1RSA\s0, \s-1DSA\s0 or \s-1DH\s0. If used this option must
+public key algorithm to use such as \s-1RSA, DSA\s0 or \s-1DH.\s0 If used this option must
precede any \fB\-pkeyopt\fR options. The options \fB\-paramfile\fR and \fB\-algorithm\fR
are mutually exclusive.
.IP "\fB\-pkeyopt opt:value\fR" 4
.IX Item "-pkeyopt opt:value"
set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of
options supported depends on the public key algorithm used and its
-implementation. See \fB\s-1KEY\s0 \s-1GENERATION\s0 \s-1OPTIONS\s0\fR below for more details.
+implementation. See \fB\s-1KEY GENERATION OPTIONS\s0\fR below for more details.
.IP "\fB\-genparam\fR" 4
.IX Item "-genparam"
generate a set of parameters instead of a private key. If used this option must
@@ -235,14 +244,14 @@ one should load the ccgost engine in the OpenSSL configuration file.
See \s-1README\s0.gost file in the engines/ccgost directiry of the source
distribution for more details.
.PP
-Use of a parameter file for the \s-1GOST\s0 R 34.10 algorithm is optional.
+Use of a parameter file for the \s-1GOST R 34.10\s0 algorithm is optional.
Parameters can be specified during key generation directly as well as
during generation of parameter file.
.IP "\fBparamset:name\fR" 4
.IX Item "paramset:name"
-Specifies \s-1GOST\s0 R 34.10\-2001 parameter set according to \s-1RFC\s0 4357.
+Specifies \s-1GOST R 34.10\-2001\s0 parameter set according to \s-1RFC 4357.\s0
Parameter set can be specified using abbreviated name, object short name or
-numeric \s-1OID\s0. Following parameter sets are supported:
+numeric \s-1OID.\s0 Following parameter sets are supported:
.Sp
.Vb 7
\& paramset OID Usage
diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1
index 7db0df04cc23..965aadff306d 100644
--- a/secure/usr.bin/openssl/man/genrsa.1
+++ b/secure/usr.bin/openssl/man/genrsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "GENRSA 1"
-.TH GENRSA 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH GENRSA 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,7 +177,7 @@ used.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4
.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea"
These options encrypt the private key with specified
diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1
index 81f13c75a85a..b3d28a58ad02 100644
--- a/secure/usr.bin/openssl/man/nseq.1
+++ b/secure/usr.bin/openssl/man/nseq.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "NSEQ 1"
-.TH NSEQ 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH NSEQ 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1
index 67c833634b99..9003a1d72719 100644
--- a/secure/usr.bin/openssl/man/ocsp.1
+++ b/secure/usr.bin/openssl/man/ocsp.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OCSP 1"
-.TH OCSP 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH OCSP 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -182,7 +191,7 @@ ocsp \- Online Certificate Status Protocol utility
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to
-determine the (revocation) state of an identified certificate (\s-1RFC\s0 2560).
+determine the (revocation) state of an identified certificate (\s-1RFC 2560\s0).
.PP
The \fBocsp\fR command performs many common \s-1OCSP\s0 tasks. It can be used
to print out requests and responses, create requests and send queries
@@ -238,12 +247,15 @@ if \s-1OCSP\s0 request or response creation is implied by other options (for exa
with \fBserial\fR, \fBcert\fR and \fBhost\fR options).
.IP "\fB\-url responder_url\fR" 4
.IX Item "-url responder_url"
-specify the responder \s-1URL\s0. Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified.
+specify the responder \s-1URL.\s0 Both \s-1HTTP\s0 and \s-1HTTPS \s0(\s-1SSL/TLS\s0) URLs can be specified.
.IP "\fB\-host hostname:port\fR, \fB\-path pathname\fR" 4
.IX Item "-host hostname:port, -path pathname"
if the \fBhost\fR option is present then the \s-1OCSP\s0 request is sent to the host
\&\fBhostname\fR on port \fBport\fR. \fBpath\fR specifies the \s-1HTTP\s0 path name to use
or \*(L"/\*(R" by default.
+.IP "\fB\-timeout seconds\fR" 4
+.IX Item "-timeout seconds"
+connection timeout to the \s-1OCSP\s0 responder in seconds
.IP "\fB\-CAfile file\fR, \fB\-CApath pathname\fR" 4
.IX Item "-CAfile file, -CApath pathname"
file or pathname containing trusted \s-1CA\s0 certificates. These are used to verify
@@ -339,7 +351,7 @@ Additional certificates to include in the \s-1OCSP\s0 response.
Don't include any certificates in the \s-1OCSP\s0 response.
.IP "\fB\-resp_key_id\fR" 4
.IX Item "-resp_key_id"
-Identify the signer certificate using the key \s-1ID\s0, default is to use the subject name.
+Identify the signer certificate using the key \s-1ID,\s0 default is to use the subject name.
.IP "\fB\-rkey file\fR" 4
.IX Item "-rkey file"
The private key to sign \s-1OCSP\s0 responses with: if not present the file specified in the
@@ -358,7 +370,7 @@ Number of minutes or days when fresh revocation information is available: used i
omitted meaning fresh revocation information is immediately available.
.SH "OCSP Response verification."
.IX Header "OCSP Response verification."
-\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560\s0.
+\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560.\s0
.PP
Initially the \s-1OCSP\s0 responder certificate is located and the signature on
the \s-1OCSP\s0 request checked using the responder certificate's public key.
diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1
index 6a79a5188941..07049c592299 100644
--- a/secure/usr.bin/openssl/man/openssl.1
+++ b/secure/usr.bin/openssl/man/openssl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OPENSSL 1"
-.TH OPENSSL 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH OPENSSL 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -192,11 +201,11 @@ same name, this provides an easy way for shell scripts to test for the
availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is
not able to detect pseudo-commands such as \fBquit\fR,
\&\fBlist\-\fR\fI...\fR\fB\-commands\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.)
-.SS "\s-1STANDARD\s0 \s-1COMMANDS\s0"
+.SS "\s-1STANDARD COMMANDS\s0"
.IX Subsection "STANDARD COMMANDS"
.IP "\fBasn1parse\fR" 10
.IX Item "asn1parse"
-Parse an \s-1ASN\s0.1 sequence.
+Parse an \s-1ASN.1\s0 sequence.
.IP "\fBca\fR" 10
.IX Item "ca"
Certificate Authority (\s-1CA\s0) Management.
@@ -205,7 +214,7 @@ Certificate Authority (\s-1CA\s0) Management.
Cipher Suite Description Determination.
.IP "\fBcms\fR" 10
.IX Item "cms"
-\&\s-1CMS\s0 (Cryptographic Message Syntax) utility
+\&\s-1CMS \s0(Cryptographic Message Syntax) utility
.IP "\fBcrl\fR" 10
.IX Item "crl"
Certificate Revocation List (\s-1CRL\s0) Management.
@@ -232,7 +241,7 @@ Generation and Management of Diffie-Hellman Parameters. Superseded by
\&\fBgenpkey\fR and \fBpkeyparam\fR
.IP "\fBec\fR" 10
.IX Item "ec"
-\&\s-1EC\s0 (Elliptic curve) key processing
+\&\s-1EC \s0(Elliptic curve) key processing
.IP "\fBecparam\fR" 10
.IX Item "ecparam"
\&\s-1EC\s0 parameter manipulation and generation
@@ -299,13 +308,13 @@ by \fBpkeyutl\fR
.IP "\fBs_client\fR" 10
.IX Item "s_client"
This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent
-connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing
+connection to a remote server speaking \s-1SSL/TLS.\s0 It's intended for testing
purposes only and provides only rudimentary interface functionality but
internally uses mostly all functionality of the OpenSSL \fBssl\fR library.
.IP "\fBs_server\fR" 10
.IX Item "s_server"
This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote
-clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides
+clients speaking \s-1SSL/TLS.\s0 It's intended for testing purposes only and provides
only rudimentary interface functionality but internally uses mostly all
functionality of the OpenSSL \fBssl\fR library. It provides both an own command
line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response
@@ -337,7 +346,7 @@ OpenSSL Version Information.
.IP "\fBx509\fR" 10
.IX Item "x509"
X.509 Certificate Data Management.
-.SS "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0"
+.SS "\s-1MESSAGE DIGEST COMMANDS\s0"
.IX Subsection "MESSAGE DIGEST COMMANDS"
.IP "\fBmd2\fR" 10
.IX Item "md2"
@@ -369,7 +378,7 @@ X.509 Certificate Data Management.
.IP "\fBsha512\fR" 10
.IX Item "sha512"
\&\s-1SHA\-512\s0 Digest
-.SS "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0"
+.SS "\s-1ENCODING AND CIPHER COMMANDS\s0"
.IX Subsection "ENCODING AND CIPHER COMMANDS"
.IP "\fBbase64\fR" 10
.IX Item "base64"
diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1
index 8648dc998351..5f790a36f908 100644
--- a/secure/usr.bin/openssl/man/passwd.1
+++ b/secure/usr.bin/openssl/man/passwd.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PASSWD 1"
-.TH PASSWD 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PASSWD 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1
index 8c174709b639..9cb4418ee06b 100644
--- a/secure/usr.bin/openssl/man/pkcs12.1
+++ b/secure/usr.bin/openssl/man/pkcs12.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS12 1"
-.TH PKCS12 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS12 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -189,12 +198,12 @@ default. They are all written in \s-1PEM\s0 format.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the PKCS#12 file (i.e. input file) password source. For more information about
-the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
\&\fIopenssl\fR\|(1).
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
pass phrase source to encrypt any outputted private keys with. For more
-information about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section
+information about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section
in \fIopenssl\fR\|(1).
.IP "\fB\-password arg\fR" 4
.IX Item "-password arg"
@@ -282,12 +291,12 @@ displays them.
.IP "\fB\-pass arg\fR, \fB\-passout arg\fR" 4
.IX Item "-pass arg, -passout arg"
the PKCS#12 file (i.e. output file) password source. For more information about
-the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
\&\fIopenssl\fR\|(1).
.IP "\fB\-passin password\fR" 4
.IX Item "-passin password"
pass phrase source to decrypt any input private keys with. For more information
-about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in
+about the format of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in
\&\fIopenssl\fR\|(1).
.IP "\fB\-chain\fR" 4
.IX Item "-chain"
@@ -296,9 +305,9 @@ certificate chain of the user certificate. The standard \s-1CA\s0 store is used
for this search. If the search fails it is considered a fatal error.
.IP "\fB\-descert\fR" 4
.IX Item "-descert"
-encrypt the certificate using triple \s-1DES\s0, this may render the PKCS#12
+encrypt the certificate using triple \s-1DES,\s0 this may render the PKCS#12
file unreadable by some \*(L"export grade\*(R" software. By default the private
-key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0.
+key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2.\s0
.IP "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4
.IX Item "-keypbe alg, -certpbe alg"
these options allow the algorithm used to encrypt the private key and
@@ -315,7 +324,7 @@ This option is only interpreted by \s-1MSIE\s0 and similar \s-1MS\s0 software. N
encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR
option marks the key for signing only. Signing only keys can be used for
S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client
-authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support
+authentication, however due to a bug only \s-1MSIE 5.0\s0 and later support
the use of signing only keys for \s-1SSL\s0 client authentication.
.IP "\fB\-macalg digest\fR" 4
.IX Item "-macalg digest"
@@ -323,7 +332,7 @@ specify the \s-1MAC\s0 digest algorithm. If not included them \s-1SHA1\s0 will b
.IP "\fB\-nomaciter\fR, \fB\-noiter\fR" 4
.IX Item "-nomaciter, -noiter"
these options affect the iteration counts on the \s-1MAC\s0 and key algorithms.
-Unless you wish to produce files compatible with \s-1MSIE\s0 4.0 you should leave
+Unless you wish to produce files compatible with \s-1MSIE 4.0\s0 you should leave
these options alone.
.Sp
To discourage attacks by using large dictionaries of common passwords the
@@ -335,7 +344,7 @@ By default both \s-1MAC\s0 and encryption iteration counts are set to 2048, usin
these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since
this reduces the file security you should not use these options unless you
really have to. Most software supports both \s-1MAC\s0 and key iteration counts.
-\&\s-1MSIE\s0 4.0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR
+\&\s-1MSIE 4.0\s0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR
option.
.IP "\fB\-maciter\fR" 4
.IX Item "-maciter"
@@ -383,7 +392,7 @@ The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms allow the precise encryption
algorithms for private keys and certificates to be specified. Normally
the defaults are fine but occasionally software can't handle triple \s-1DES\s0
encrypted private keys, then the option \fB\-keypbe \s-1PBE\-SHA1\-RC2\-40\s0\fR can
-be used to reduce the private key encryption to 40 bit \s-1RC2\s0. A complete
+be used to reduce the private key encryption to 40 bit \s-1RC2. A\s0 complete
description of all algorithms is contained in the \fBpkcs8\fR manual page.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1
index 0335b069b220..eea2006a40f3 100644
--- a/secure/usr.bin/openssl/man/pkcs7.1
+++ b/secure/usr.bin/openssl/man/pkcs7.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS7 1"
-.TH PKCS7 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS7 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -215,7 +224,7 @@ For compatibility with some CAs it will also accept:
There is no option to print out all the fields of a PKCS#7 file.
.PP
This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 they
-cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630\s0.
+cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630.\s0
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIcrl2pkcs7\fR\|(1)
diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1
index 644cb679aa68..a5df03ffc125 100644
--- a/secure/usr.bin/openssl/man/pkcs8.1
+++ b/secure/usr.bin/openssl/man/pkcs8.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKCS8 1"
-.TH PKCS8 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKCS8 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -180,7 +189,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output by
@@ -190,7 +199,7 @@ filename.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-nocrypt\fR" 4
.IX Item "-nocrypt"
PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
@@ -202,15 +211,15 @@ code signing software used unencrypted private keys.
.IP "\fB\-nooct\fR" 4
.IX Item "-nooct"
This option generates \s-1RSA\s0 private keys in a broken format that some software
-uses. Specifically the private key should be enclosed in a \s-1OCTET\s0 \s-1STRING\s0
+uses. Specifically the private key should be enclosed in a \s-1OCTET STRING\s0
but some software just includes the structure itself without the
-surrounding \s-1OCTET\s0 \s-1STRING\s0.
+surrounding \s-1OCTET STRING.\s0
.IP "\fB\-embed\fR" 4
.IX Item "-embed"
This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are
-embedded inside the PrivateKey structure. In this form the \s-1OCTET\s0 \s-1STRING\s0
-contains an \s-1ASN1\s0 \s-1SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing
-the parameters and an \s-1ASN1\s0 \s-1INTEGER\s0 containing the private key.
+embedded inside the PrivateKey structure. In this form the \s-1OCTET STRING\s0
+contains an \s-1ASN1 SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing
+the parameters and an \s-1ASN1 INTEGER\s0 containing the private key.
.IP "\fB\-nsdb\fR" 4
.IX Item "-nsdb"
This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape
@@ -276,17 +285,17 @@ level whereas the traditional format includes them at a \s-1PEM\s0 level.
Various algorithms can be used with the \fB\-v1\fR command line option,
including PKCS#5 v1.5 and PKCS#12. These are described in more detail
below.
-.IP "\fB\s-1PBE\-MD2\-DES\s0 \s-1PBE\-MD5\-DES\s0\fR" 4
+.IP "\fB\s-1PBE\-MD2\-DES PBE\-MD5\-DES\s0\fR" 4
.IX Item "PBE-MD2-DES PBE-MD5-DES"
These algorithms were included in the original PKCS#5 v1.5 specification.
-They only offer 56 bits of protection since they both use \s-1DES\s0.
-.IP "\fB\s-1PBE\-SHA1\-RC2\-64\s0 \s-1PBE\-MD2\-RC2\-64\s0 \s-1PBE\-MD5\-RC2\-64\s0 \s-1PBE\-SHA1\-DES\s0\fR" 4
+They only offer 56 bits of protection since they both use \s-1DES.\s0
+.IP "\fB\s-1PBE\-SHA1\-RC2\-64 PBE\-MD2\-RC2\-64 PBE\-MD5\-RC2\-64 PBE\-SHA1\-DES\s0\fR" 4
.IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES"
These algorithms are not mentioned in the original PKCS#5 v1.5 specification
but they use the same key derivation algorithm and are supported by some
software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or
-56 bit \s-1DES\s0.
-.IP "\fB\s-1PBE\-SHA1\-RC4\-128\s0 \s-1PBE\-SHA1\-RC4\-40\s0 \s-1PBE\-SHA1\-3DES\s0 \s-1PBE\-SHA1\-2DES\s0 \s-1PBE\-SHA1\-RC2\-128\s0 \s-1PBE\-SHA1\-RC2\-40\s0\fR" 4
+56 bit \s-1DES.\s0
+.IP "\fB\s-1PBE\-SHA1\-RC4\-128 PBE\-SHA1\-RC4\-40 PBE\-SHA1\-3DES PBE\-SHA1\-2DES PBE\-SHA1\-RC2\-128 PBE\-SHA1\-RC2\-40\s0\fR" 4
.IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40"
These algorithms use the PKCS#12 password based encryption algorithm and
allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used.
@@ -327,13 +336,13 @@ Convert a private key from any PKCS#8 format to traditional format:
.SH "STANDARDS"
.IX Header "STANDARDS"
Test vectors from this PKCS#5 v2.0 implementation were posted to the
-pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration
+pkcs-tng mailing list using triple \s-1DES, DES\s0 and \s-1RC2\s0 with high iteration
counts, several people confirmed that they could decrypt the private
keys produced and Therefore it can be assumed that the PKCS#5 v2.0
implementation is reasonably accurate at least as far as these
algorithms are concerned.
.PP
-The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented:
+The format of PKCS#8 \s-1DSA \s0(and other) private keys is not well documented:
it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0
PKCS#8 private key format complies with this standard.
.SH "BUGS"
diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1
index 9177c1d6a584..bef65c03848f 100644
--- a/secure/usr.bin/openssl/man/pkey.1
+++ b/secure/usr.bin/openssl/man/pkey.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKEY 1"
-.TH PKEY 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKEY 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -155,7 +164,7 @@ between various forms and their components printed out.
.IX Header "COMMAND OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format \s-1DER\s0 or \s-1PEM\s0.
+This specifies the input format \s-1DER\s0 or \s-1PEM.\s0
.IP "\fB\-outform DER|PEM\fR" 4
.IX Item "-outform DER|PEM"
This specifies the output format, the options have the same meaning as the
@@ -168,7 +177,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output if this
@@ -178,7 +187,7 @@ filename.
.IP "\fB\-passout password\fR" 4
.IX Item "-passout password"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-cipher\fR" 4
.IX Item "-cipher"
These options encrypt the private key with the supplied cipher. Any algorithm
diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1
index aee08336fdec..f04a29c153ac 100644
--- a/secure/usr.bin/openssl/man/pkeyparam.1
+++ b/secure/usr.bin/openssl/man/pkeyparam.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKEYPARAM 1"
-.TH PKEYPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKEYPARAM 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1
index 857d758d652e..437961beb4d6 100644
--- a/secure/usr.bin/openssl/man/pkeyutl.1
+++ b/secure/usr.bin/openssl/man/pkeyutl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "PKEYUTL 1"
-.TH PKEYUTL 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH PKEYUTL 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -174,17 +183,17 @@ default.
the input key file, by default it should be a private key.
.IP "\fB\-keyform PEM|DER\fR" 4
.IX Item "-keyform PEM|DER"
-the key format \s-1PEM\s0, \s-1DER\s0 or \s-1ENGINE\s0.
+the key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-peerkey file\fR" 4
.IX Item "-peerkey file"
the peer key file, used by key derivation (agreement) operations.
.IP "\fB\-peerform PEM|DER\fR" 4
.IX Item "-peerform PEM|DER"
-the peer key format \s-1PEM\s0, \s-1DER\s0 or \s-1ENGINE\s0.
+the peer key format \s-1PEM, DER\s0 or \s-1ENGINE.\s0
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
specifying an engine (by its unique \fBid\fR string) will cause \fBpkeyutl\fR
@@ -246,7 +255,7 @@ operations however.
.IX Item "-rsa_padding_mode:mode"
This sets the \s-1RSA\s0 padding mode. Acceptable values for \fBmode\fR are \fBpkcs1\fR for
PKCS#1 padding, \fBsslv23\fR for SSLv23 padding, \fBnone\fR for no padding, \fBoaep\fR
-for \fB\s-1OAEP\s0\fR mode, \fBx931\fR for X9.31 mode and \fBpss\fR for \s-1PSS\s0.
+for \fB\s-1OAEP\s0\fR mode, \fBx931\fR for X9.31 mode and \fBpss\fR for \s-1PSS.\s0
.Sp
In PKCS#1 padding if the message digest is not set then the supplied data is
signed or verified directly instead of using a \fBDigestInfo\fR structure. If a
@@ -256,7 +265,7 @@ must correspond to the digest type.
For \fBoeap\fR mode only encryption and decryption is supported.
.Sp
For \fBx931\fR if the digest type is set it is used to format the block data
-otherwise the first byte is used to specify the X9.31 digest \s-1ID\s0. Sign,
+otherwise the first byte is used to specify the X9.31 digest \s-1ID.\s0 Sign,
verify and verifyrecover are can be performed in this mode.
.Sp
For \fBpss\fR mode only sign and verify are supported and the digest type must be
@@ -280,7 +289,7 @@ options.
.SH "EC ALGORITHM"
.IX Header "EC ALGORITHM"
The \s-1EC\s0 algorithm supports sign, verify and derive operations. The sign and
-verify operations use \s-1ECDSA\s0 and derive uses \s-1ECDH\s0. Currently there are no
+verify operations use \s-1ECDSA\s0 and derive uses \s-1ECDH.\s0 Currently there are no
additional options other than \fBdigest\fR. Only the \s-1SHA1\s0 digest can be used and
this digest is assumed by default.
.SH "EXAMPLES"
diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1
index d08901153745..c321a7276b06 100644
--- a/secure/usr.bin/openssl/man/rand.1
+++ b/secure/usr.bin/openssl/man/rand.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RAND 1"
-.TH RAND 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RAND 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1
index 5b48dd1b8c26..2e27d89bda24 100644
--- a/secure/usr.bin/openssl/man/req.1
+++ b/secure/usr.bin/openssl/man/req.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "REQ 1"
-.TH REQ 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH REQ 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -183,7 +192,7 @@ for use as root CAs for example.
.IX Header "COMMAND OPTIONS"
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
form compatible with the PKCS#10. The \fB\s-1PEM\s0\fR form is the default format: it
consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and
footer lines.
@@ -199,7 +208,7 @@ options (\fB\-new\fR and \fB\-newkey\fR) are not specified.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write to or standard output by
@@ -207,7 +216,7 @@ default.
.IP "\fB\-passout arg\fR" 4
.IX Item "-passout arg"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-text\fR" 4
.IX Item "-text"
prints out the certificate request in text form.
@@ -270,15 +279,15 @@ if neccessary should be specified via \fB\-pkeyopt\fR parameter.
.Sp
\&\fBdsa:filename\fR generates a \s-1DSA\s0 key using the parameters
in the file \fBfilename\fR. \fBec:filename\fR generates \s-1EC\s0 key (usable both with
-\&\s-1ECDSA\s0 or \s-1ECDH\s0 algorithms), \fBgost2001:filename\fR generates \s-1GOST\s0 R
-34.10\-2001 key (requires \fBccgost\fR engine configured in the configuration
+\&\s-1ECDSA\s0 or \s-1ECDH\s0 algorithms), \fBgost2001:filename\fR generates \s-1GOST R
+34.10\-2001\s0 key (requires \fBccgost\fR engine configured in the configuration
file). If just \fBgost2001\fR is specified a parameter set should be
specified by \fB\-pkeyopt paramset:X\fR
.IP "\fB\-pkeyopt opt:value\fR" 4
.IX Item "-pkeyopt opt:value"
set the public key algorithm option \fBopt\fR to \fBvalue\fR. The precise set of
options supported depends on the public key algorithm used and its
-implementation. See \fB\s-1KEY\s0 \s-1GENERATION\s0 \s-1OPTIONS\s0\fR in the \fBgenpkey\fR manual page
+implementation. See \fB\s-1KEY GENERATION OPTIONS\s0\fR in the \fBgenpkey\fR manual page
for more details.
.IP "\fB\-key filename\fR" 4
.IX Item "-key filename"
@@ -304,8 +313,8 @@ this specifies the message digest to sign the request with (such as
the configuration file.
.Sp
Some public key algorithms may override this choice. For instance, \s-1DSA\s0
-signatures always use \s-1SHA1\s0, \s-1GOST\s0 R 34.10 signatures always use
-\&\s-1GOST\s0 R 34.11\-94 (\fB\-md_gost94\fR).
+signatures always use \s-1SHA1, GOST R 34.10\s0 signatures always use
+\&\s-1GOST R 34.11\-94 \s0(\fB\-md_gost94\fR).
.IP "\fB\-config filename\fR" 4
.IX Item "-config filename"
this allows an alternative configuration file to be specified,
@@ -329,7 +338,7 @@ If \-multi\-rdn is not used then the \s-1UID\s0 value is \fI123456+CN=John Doe\f
.IX Item "-x509"
this option outputs a self signed certificate instead of a certificate
request. This is typically used to generate a test certificate or
-a self signed root \s-1CA\s0. The extensions added to the certificate
+a self signed root \s-1CA.\s0 The extensions added to the certificate
(if any) are specified in the configuration file. Unless specified
using the \fBset_serial\fR option \fB0\fR will be used for the serial
number.
@@ -356,7 +365,7 @@ a variety of purposes.
.IP "\fB\-utf8\fR" 4
.IX Item "-utf8"
this option causes field values to be interpreted as \s-1UTF8\s0 strings, by
-default they are interpreted as \s-1ASCII\s0. This means that the field
+default they are interpreted as \s-1ASCII.\s0 This means that the field
values, whether prompted from a terminal or obtained from a
configuration file, must be valid \s-1UTF8\s0 strings.
.IP "\fB\-nameopt option\fR" 4
@@ -380,10 +389,10 @@ accept requests containing no attributes in an invalid form: this
option produces this invalid format.
.Sp
More precisely the \fBAttributes\fR in a PKCS#10 certificate request
-are defined as a \fB\s-1SET\s0 \s-1OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so
+are defined as a \fB\s-1SET OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so
if no attributes are present then they should be encoded as an
-empty \fB\s-1SET\s0 \s-1OF\s0\fR. The invalid form does not include the empty
-\&\fB\s-1SET\s0 \s-1OF\s0\fR whereas the correct form does.
+empty \fB\s-1SET OF\s0\fR. The invalid form does not include the empty
+\&\fB\s-1SET OF\s0\fR whereas the correct form does.
.Sp
It should be noted that very few CAs still require the use of this option.
.IP "\fB\-no\-asn1\-kludge\fR" 4
@@ -435,7 +444,7 @@ specified the key is written to standard output. This can be
overridden by the \fB\-keyout\fR option.
.IP "\fBoid_file\fR" 4
.IX Item "oid_file"
-This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR.
+This specifies a file containing additional \fB\s-1OBJECT IDENTIFIERS\s0\fR.
Each line of the file should consist of the numerical form of the
object identifier followed by white space then the short name followed
by white space and finally the long name.
@@ -468,7 +477,7 @@ fields. Most users will not need to change this option.
It can be set to several values \fBdefault\fR which is also the default
option uses PrintableStrings, T61Strings and BMPStrings if the
\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will
-be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0. If the
+be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459.\s0 If the
\&\fButf8only\fR option is used then only UTF8Strings will be used: this
is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR
option just uses PrintableStrings and T61Strings: certain software has
@@ -493,7 +502,7 @@ expected format of the \fBdistinguished_name\fR and \fBattributes\fR sections.
.IP "\fButf8\fR" 4
.IX Item "utf8"
if set to the value \fByes\fR then field values to be interpreted as \s-1UTF8\s0
-strings, by default they are interpreted as \s-1ASCII\s0. This means that
+strings, by default they are interpreted as \s-1ASCII.\s0 This means that
the field values, whether prompted from a terminal or obtained from a
configuration file, must be valid \s-1UTF8\s0 strings.
.IP "\fBattributes\fR" 4
@@ -546,7 +555,7 @@ on the field being used (for example countryName can only ever be
two characters long and must fit in a PrintableString).
.PP
Some fields (such as organizationName) can be used more than once
-in a \s-1DN\s0. This presents a problem because configuration files will
+in a \s-1DN.\s0 This presents a problem because configuration files will
not recognize the same name occurring twice. To avoid this problem
if the fieldName contains some characters followed by a full stop
they will be ignored. So for example a second organizationName can
@@ -721,14 +730,14 @@ Another puzzling message is this:
.Ve
.PP
this is displayed when no attributes are present and the request includes
-the correct empty \fB\s-1SET\s0 \s-1OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0
+the correct empty \fB\s-1SET OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0
0x00). If you just see:
.PP
.Vb 1
\& Attributes:
.Ve
.PP
-then the \fB\s-1SET\s0 \s-1OF\s0\fR is missing and the encoding is technically invalid (but
+then the \fB\s-1SET OF\s0\fR is missing and the encoding is technically invalid (but
it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR
for more information.
.SH "ENVIRONMENT VARIABLES"
@@ -740,7 +749,7 @@ environment variable serves the same purpose but its use is discouraged.
.SH "BUGS"
.IX Header "BUGS"
OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
-treats them as \s-1ISO\-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour.
+treats them as \s-1ISO\-8859\-1 \s0(Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour.
This can cause problems if you need characters that aren't available in
PrintableStrings and you don't want to or can't use BMPStrings.
.PP
diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1
index 2db06265038e..b97d7d05ea93 100644
--- a/secure/usr.bin/openssl/man/rsa.1
+++ b/secure/usr.bin/openssl/man/rsa.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSA 1"
-.TH RSA 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSA 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -170,7 +179,7 @@ utility.
.IX Header "COMMAND OPTIONS"
.IP "\fB\-inform DER|NET|PEM\fR" 4
.IX Item "-inform DER|NET|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64
encoded with additional header and footer lines. On input PKCS#8 format private
@@ -188,7 +197,7 @@ prompted for.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-out filename\fR" 4
.IX Item "-out filename"
This specifies the output filename to write a key to or standard output if this
@@ -198,7 +207,7 @@ filename.
.IP "\fB\-passout password\fR" 4
.IX Item "-passout password"
the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-sgckey\fR" 4
.IX Item "-sgckey"
use the modified \s-1NET\s0 algorithm used with some versions of Microsoft \s-1IIS\s0 and \s-1SGC\s0
@@ -259,7 +268,7 @@ The \s-1PEM\s0 public key format uses the header and footer lines:
\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\-
.Ve
.PP
-The \s-1PEM\s0 \fBRSAPublicKey\fR format uses the header and footer lines:
+The \s-1PEM \s0\fBRSAPublicKey\fR format uses the header and footer lines:
.PP
.Vb 2
\& \-\-\-\-\-BEGIN RSA PUBLIC KEY\-\-\-\-\-
@@ -267,13 +276,13 @@ The \s-1PEM\s0 \fBRSAPublicKey\fR format uses the header and footer lines:
.Ve
.PP
The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers
-and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption.
+and Microsoft \s-1IIS \s0.key files, this uses unsalted \s-1RC4\s0 for its encryption.
It is not very secure and so should only be used when necessary.
.PP
Some newer version of \s-1IIS\s0 have additional data in the exported .key
files. To use these with the utility, view the file with a binary editor
and look for the string \*(L"private-key\*(R", then trace back to the byte
-sequence 0x30, 0x82 (this is an \s-1ASN1\s0 \s-1SEQUENCE\s0). Copy all the data
+sequence 0x30, 0x82 (this is an \s-1ASN1 SEQUENCE\s0). Copy all the data
from this point onwards to another file and use that as the input
to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option. If you get
an error after entering the password try the \fB\-sgckey\fR option.
diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1
index bda3b3043abc..d0cffc320543 100644
--- a/secure/usr.bin/openssl/man/rsautl.1
+++ b/secure/usr.bin/openssl/man/rsautl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "RSAUTL 1"
-.TH RSAUTL 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH RSAUTL 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -186,7 +195,7 @@ encrypt the input data using an \s-1RSA\s0 public key.
decrypt the input data using an \s-1RSA\s0 private key.
.IP "\fB\-pkcs, \-oaep, \-ssl, \-raw\fR" 4
.IX Item "-pkcs, -oaep, -ssl, -raw"
-the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP\s0,
+the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP,\s0
special padding used in \s-1SSL\s0 v2 backwards compatible handshakes,
or no padding, respectively.
For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used.
@@ -261,7 +270,7 @@ example in certs/pca\-cert.pem . Running \fBasn1parse\fR as follows yields:
\& 614:d=1 hl=3 l= 129 prim: BIT STRING
.Ve
.PP
-The final \s-1BIT\s0 \s-1STRING\s0 contains the actual signature. It can be extracted with:
+The final \s-1BIT STRING\s0 contains the actual signature. It can be extracted with:
.PP
.Vb 1
\& openssl asn1parse \-in pca\-cert.pem \-out sig \-noout \-strparse 614
diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1
index b973e343accd..c6b41a4bfad4 100644
--- a/secure/usr.bin/openssl/man/s_client.1
+++ b/secure/usr.bin/openssl/man/s_client.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "S_CLIENT 1"
-.TH S_CLIENT 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH S_CLIENT 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -178,7 +187,7 @@ s_client \- SSL/TLS client program
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects
-to a remote host using \s-1SSL/TLS\s0. It is a \fIvery\fR useful diagnostic tool for
+to a remote host using \s-1SSL/TLS.\s0 It is a \fIvery\fR useful diagnostic tool for
\&\s-1SSL\s0 servers.
.SH "OPTIONS"
.IX Header "OPTIONS"
@@ -188,25 +197,25 @@ This specifies the host and optional port to connect to. If not specified
then an attempt is made to connect to the local host on port 4433.
.IP "\fB\-servername name\fR" 4
.IX Item "-servername name"
-Set the \s-1TLS\s0 \s-1SNI\s0 (Server Name Indication) extension in the ClientHello message.
+Set the \s-1TLS SNI \s0(Server Name Indication) extension in the ClientHello message.
.IP "\fB\-cert certname\fR" 4
.IX Item "-cert certname"
The certificate to use, if one is requested by the server. The default is
not to use a certificate.
.IP "\fB\-certform format\fR" 4
.IX Item "-certform format"
-The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-key keyfile\fR" 4
.IX Item "-key keyfile"
The private key to use. If not specified then the certificate file will
be used.
.IP "\fB\-keyform format\fR" 4
.IX Item "-keyform format"
-The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-verify depth\fR" 4
.IX Item "-verify depth"
The verify depth to use. This specifies the maximum length of the
@@ -233,7 +242,7 @@ Set various certificate chain valiadition option. See the
\&\fBverify\fR manual page for details.
.IP "\fB\-reconnect\fR" 4
.IX Item "-reconnect"
-reconnects to the same server 5 times using the same session \s-1ID\s0, this can
+reconnects to the same server 5 times using the same session \s-1ID,\s0 this can
be used as a test that session caching is working.
.IP "\fB\-pause\fR" 4
.IX Item "-pause"
@@ -249,7 +258,7 @@ to print out information even if the connection fails. Normally information
will only be printed out once if the connection succeeds. This option is useful
because the cipher in use may be renegotiated or the connection may fail
because a client certificate is required or is requested only after an
-attempt is made to access a certain \s-1URL\s0. Note: the output produced by this
+attempt is made to access a certain \s-1URL.\s0 Note: the output produced by this
option is not always accurate because a connection might never have been
established.
.IP "\fB\-state\fR" 4
@@ -313,7 +322,7 @@ supported cipher in the list sent by the client. See the \fBciphers\fR
command for more information.
.IP "\fB\-serverpref\fR" 4
.IX Item "-serverpref"
-use the server's cipher preferences; only used for \s-1SSLV2\s0.
+use the server's cipher preferences; only used for \s-1SSLV2.\s0
.IP "\fB\-starttls protocol\fR" 4
.IX Item "-starttls protocol"
send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication.
@@ -369,7 +378,7 @@ have been given), the session will be renegotiated if the line begins with an
connection will be closed down.
.SH "NOTES"
.IX Header "NOTES"
-\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL\s0 \s-1HTTP\s0
+\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL HTTP\s0
server the command:
.PP
.Vb 1
@@ -377,7 +386,7 @@ server the command:
.Ve
.PP
would typically be used (https uses port 443). If the connection succeeds
-then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET\s0 /\*(R" to retrieve a web page.
+then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET /\*(R"\s0 to retrieve a web page.
.PP
If the handshake fails then there are several possible causes, if it is
nothing obvious like no client certificate then the \fB\-bugs\fR, \fB\-ssl2\fR,
diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1
index 53efb8292571..32a6004e3828 100644
--- a/secure/usr.bin/openssl/man/s_server.1
+++ b/secure/usr.bin/openssl/man/s_server.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "S_SERVER 1"
-.TH S_SERVER 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH S_SERVER 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -190,7 +199,7 @@ s_server \- SSL/TLS server program
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens
-for connections on a given port using \s-1SSL/TLS\s0.
+for connections on a given port using \s-1SSL/TLS.\s0
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\fB\-accept port\fR" 4
@@ -204,22 +213,22 @@ is not present a default value will be used.
.IX Item "-cert certname"
The certificate to use, most servers cipher suites require the use of a
certificate and some require a certificate with a certain public key type:
-for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0
-(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
+for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS
+\&\s0(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used.
.IP "\fB\-certform format\fR" 4
.IX Item "-certform format"
-The certificate format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+The certificate format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-key keyfile\fR" 4
.IX Item "-key keyfile"
The private key to use. If not specified then the certificate file will
be used.
.IP "\fB\-keyform format\fR" 4
.IX Item "-keyform format"
-The private format to use: \s-1DER\s0 or \s-1PEM\s0. \s-1PEM\s0 is the default.
+The private format to use: \s-1DER\s0 or \s-1PEM. PEM\s0 is the default.
.IP "\fB\-pass arg\fR" 4
.IX Item "-pass arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4
.IX Item "-dcert filename, -dkey keyname"
specify an additional certificate and private key, these behave in the
@@ -227,7 +236,7 @@ same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no defau
if they are not specified (no additional certificate and key is used). As
noted above some cipher suites require a certificate containing a key of
a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key
-and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
+and some a \s-1DSS \s0(\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys
a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites
by using an appropriate certificate.
.IP "\fB\-dcertform format\fR, \fB\-dkeyform format\fR, \fB\-dpass arg\fR" 4
@@ -268,7 +277,7 @@ If the ciphersuite cannot request a client certificate (for example an
anonymous ciphersuite or \s-1PSK\s0) this option has no effect.
.IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4
.IX Item "-crl_check, -crl_check_all"
-Check the peer certificate has not been revoked by its \s-1CA\s0.
+Check the peer certificate has not been revoked by its \s-1CA.\s0
The \s-1CRL\s0(s) are appended to the certificate file. With the \fB\-crl_check_all\fR
option all CRLs of all CAs in the chain are checked.
.IP "\fB\-CApath directory\fR" 4
@@ -299,7 +308,7 @@ tests non blocking I/O
turns on non blocking I/O
.IP "\fB\-crlf\fR" 4
.IX Item "-crlf"
-this option translated a line feed from the terminal into \s-1CR+LF\s0.
+this option translated a line feed from the terminal into \s-1CR+LF.\s0
.IP "\fB\-quiet\fR" 4
.IX Item "-quiet"
inhibit printing of session and certificate information.
diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1
index a314b7b5561a..4e68aa71f4b1 100644
--- a/secure/usr.bin/openssl/man/s_time.1
+++ b/secure/usr.bin/openssl/man/s_time.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "S_TIME 1"
-.TH S_TIME 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH S_TIME 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -152,7 +161,7 @@ s_time \- SSL/TLS performance timing program
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects to a
-remote host using \s-1SSL/TLS\s0. It can request a page from the server and includes
+remote host using \s-1SSL/TLS.\s0 It can request a page from the server and includes
the time to transfer the payload data in its timing measurements. It measures
the number of connections within a given timeframe, the amount of data
transferred (if any), and calculates the average time spent for one connection.
@@ -234,7 +243,7 @@ and the link speed determine how many connections \fBs_time\fR can establish.
.SH "NOTES"
.IX Header "NOTES"
\&\fBs_client\fR can be used to measure the performance of an \s-1SSL\s0 connection.
-To connect to an \s-1SSL\s0 \s-1HTTP\s0 server and get the default page the command
+To connect to an \s-1SSL HTTP\s0 server and get the default page the command
.PP
.Vb 1
\& openssl s_time \-connect servername:443 \-www / \-CApath yourdir \-CAfile yourfile.pem \-cipher commoncipher [\-ssl3]
diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1
index f1a240f3409f..3d1099a644de 100644
--- a/secure/usr.bin/openssl/man/sess_id.1
+++ b/secure/usr.bin/openssl/man/sess_id.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SESS_ID 1"
-.TH SESS_ID 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SESS_ID 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +159,7 @@ needs some knowledge of the \s-1SSL\s0 protocol to use properly, most users will
not need to use it.
.IP "\fB\-inform DER|PEM\fR" 4
.IX Item "-inform DER|PEM"
-This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded
+This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1 DER\s0 encoded
format containing session details. The precise format can vary from one version
to the next. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR
format base64 encoded with additional header and footer lines.
@@ -180,7 +189,7 @@ this option prevents output of the encoded version of the session.
.IP "\fB\-context \s-1ID\s0\fR" 4
.IX Item "-context ID"
this option can set the session id so the output session information uses the
-supplied \s-1ID\s0. The \s-1ID\s0 can be any string of characters. This option wont normally
+supplied \s-1ID.\s0 The \s-1ID\s0 can be any string of characters. This option wont normally
be used.
.SH "OUTPUT"
.IX Header "OUTPUT"
diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1
index 5a50a6a2768a..591c499a8e57 100644
--- a/secure/usr.bin/openssl/man/smime.1
+++ b/secure/usr.bin/openssl/man/smime.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SMIME 1"
-.TH SMIME 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SMIME 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -241,7 +250,7 @@ is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type.
.IX Item "-text"
this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of \s-1MIME\s0
+off text headers: if the decrypted or verified message is not of \s-1MIME \s0
type text/plain then an error occurs.
.IP "\fB\-CAfile file\fR" 4
.IX Item "-CAfile file"
@@ -258,8 +267,8 @@ digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually \s-1SHA1\s0).
.IP "\fB\-[cipher]\fR" 4
.IX Item "-[cipher]"
-the encryption algorithm to use. For example \s-1DES\s0 (56 bits) \- \fB\-des\fR,
-triple \s-1DES\s0 (168 bits) \- \fB\-des3\fR,
+the encryption algorithm to use. For example \s-1DES \s0(56 bits) \- \fB\-des\fR,
+triple \s-1DES \s0(168 bits) \- \fB\-des3\fR,
\&\fIEVP_get_cipherbyname()\fR function) can also be used preceded by a dash, for
example \fB\-aes_128_cbc\fR. See \fBenc\fR for list of ciphers
supported by your version of OpenSSL.
@@ -329,7 +338,7 @@ multiple times to specify successive keys.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the private key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-rand file(s)\fR" 4
.IX Item "-rand file(s)"
a file or files containing random data used to seed the random number
@@ -382,12 +391,12 @@ signer using the same message digest or this operation will fail.
.PP
The \fB\-stream\fR and \fB\-indef\fR options enable experimental streaming I/O support.
As a result the encoding is \s-1BER\s0 using indefinite length constructed encoding
-and no longer \s-1DER\s0. Streaming is supported for the \fB\-encrypt\fR operation and the
+and no longer \s-1DER.\s0 Streaming is supported for the \fB\-encrypt\fR operation and the
\&\fB\-sign\fR operation if the content is not detached.
.PP
Streaming is always used for the \fB\-sign\fR operation with detached data but
since the content is no longer part of the PKCS#7 structure the encoding
-remains \s-1DER\s0.
+remains \s-1DER.\s0
.SH "EXIT CODES"
.IX Header "EXIT CODES"
.IP "0" 4
diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1
index c134531b25d4..67eb528801d3 100644
--- a/secure/usr.bin/openssl/man/speed.1
+++ b/secure/usr.bin/openssl/man/speed.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SPEED 1"
-.TH SPEED 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SPEED 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1
index a08ed95f3bdd..d91f3efe31b6 100644
--- a/secure/usr.bin/openssl/man/spkac.1
+++ b/secure/usr.bin/openssl/man/spkac.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SPKAC 1"
-.TH SPKAC 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH SPKAC 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -168,30 +177,30 @@ present.
.IP "\fB\-passin password\fR" 4
.IX Item "-passin password"
the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-challenge string\fR" 4
.IX Item "-challenge string"
specifies the challenge string if an \s-1SPKAC\s0 is being created.
.IP "\fB\-spkac spkacname\fR" 4
.IX Item "-spkac spkacname"
allows an alternative name form the variable containing the
-\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both
+\&\s-1SPKAC.\s0 The default is \*(L"\s-1SPKAC\*(R".\s0 This option affects both
generated and input \s-1SPKAC\s0 files.
.IP "\fB\-spksect section\fR" 4
.IX Item "-spksect section"
allows an alternative name form the section containing the
-\&\s-1SPKAC\s0. The default is the default section.
+\&\s-1SPKAC.\s0 The default is the default section.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
-don't output the text version of the \s-1SPKAC\s0 (not used if an
+don't output the text version of the \s-1SPKAC \s0(not used if an
\&\s-1SPKAC\s0 is being created).
.IP "\fB\-pubkey\fR" 4
.IX Item "-pubkey"
-output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is
+output the public key of an \s-1SPKAC \s0(not used if an \s-1SPKAC\s0 is
being created).
.IP "\fB\-verify\fR" 4
.IX Item "-verify"
-verifies the digital signature on the supplied \s-1SPKAC\s0.
+verifies the digital signature on the supplied \s-1SPKAC.\s0
.IP "\fB\-engine id\fR" 4
.IX Item "-engine id"
specifying an engine (by its unique \fBid\fR string) will cause \fBspkac\fR
@@ -218,7 +227,7 @@ Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R":
\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf
.Ve
.PP
-Example of an \s-1SPKAC\s0, (long lines split up for clarity):
+Example of an \s-1SPKAC, \s0(long lines split up for clarity):
.PP
.Vb 5
\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1
index 7ce2e5b3fcb1..fcd9c79f6ced 100644
--- a/secure/usr.bin/openssl/man/ts.1
+++ b/secure/usr.bin/openssl/man/ts.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "TS 1"
-.TH TS 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH TS 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -177,13 +186,13 @@ ts \- Time Stamping Authority tool (client/server)
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBts\fR command is a basic Time Stamping Authority (\s-1TSA\s0) client and server
-application as specified in \s-1RFC\s0 3161 (Time-Stamp Protocol, \s-1TSP\s0). A
+application as specified in \s-1RFC 3161 \s0(Time-Stamp Protocol, \s-1TSP\s0). A
\&\s-1TSA\s0 can be part of a \s-1PKI\s0 deployment and its role is to provide long
term proof of the existence of a certain datum before a particular
time. Here is a brief description of the protocol:
.IP "1." 4
The \s-1TSA\s0 client computes a one-way hash value for a data file and sends
-the hash to the \s-1TSA\s0.
+the hash to the \s-1TSA.\s0
.IP "2." 4
The \s-1TSA\s0 attaches the current date and time to the received hash value,
signs them and sends the time stamp token back to the client. By
@@ -192,7 +201,7 @@ data file at the time of response generation.
.IP "3." 4
The \s-1TSA\s0 client receives the time stamp token and verifies the
signature on it. It also checks if the token contains the same hash
-value that it had sent to the \s-1TSA\s0.
+value that it had sent to the \s-1TSA.\s0
.PP
There is one \s-1DER\s0 encoded protocol data unit defined for transporting a time
stamp request to the \s-1TSA\s0 and one for sending the time stamp response
@@ -202,7 +211,7 @@ creating a time stamp response based on a request, verifying if a
response corresponds to a particular request or a data file.
.PP
There is no support for sending the requests/responses automatically
-over \s-1HTTP\s0 or \s-1TCP\s0 yet as suggested in \s-1RFC\s0 3161. The users must send the
+over \s-1HTTP\s0 or \s-1TCP\s0 yet as suggested in \s-1RFC 3161.\s0 The users must send the
requests either by ftp or e\-mail.
.SH "OPTIONS"
.IX Header "OPTIONS"
@@ -236,7 +245,7 @@ in use. (Optional)
.IX Item "-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160|..."
The message digest to apply to the data file, it supports all the message
digest algorithms that are supported by the openssl \fBdgst\fR command.
-The default is \s-1SHA\-1\s0. (Optional)
+The default is \s-1SHA\-1. \s0(Optional)
.IP "\fB\-policy\fR object_id" 4
.IX Item "-policy object_id"
The policy that the client expects the \s-1TSA\s0 to use for creating the
@@ -267,7 +276,7 @@ is stdout. (Optional)
.IP "\fB\-text\fR" 4
.IX Item "-text"
If this option is specified the output is human-readable text format
-instead of \s-1DER\s0. (Optional)
+instead of \s-1DER. \s0(Optional)
.SS "Time Stamp Response generation"
.IX Subsection "Time Stamp Response generation"
A time stamp response (TimeStampResp) consists of a response status
@@ -280,20 +289,20 @@ otherwise it is a time stamp token (ContentInfo).
.IP "\fB\-config\fR configfile" 4
.IX Item "-config configfile"
The configuration file to use, this option overrides the
-\&\fB\s-1OPENSSL_CONF\s0\fR environment variable. See \fB\s-1CONFIGURATION\s0 \s-1FILE\s0
-\&\s-1OPTIONS\s0\fR for configurable variables. (Optional)
+\&\fB\s-1OPENSSL_CONF\s0\fR environment variable. See \fB\s-1CONFIGURATION FILE
+OPTIONS\s0\fR for configurable variables. (Optional)
.IP "\fB\-section\fR tsa_section" 4
.IX Item "-section tsa_section"
The name of the config file section conatining the settings for the
response generation. If not specified the default \s-1TSA\s0 section is
-used, see \fB\s-1CONFIGURATION\s0 \s-1FILE\s0 \s-1OPTIONS\s0\fR for details. (Optional)
+used, see \fB\s-1CONFIGURATION FILE OPTIONS\s0\fR for details. (Optional)
.IP "\fB\-queryfile\fR request.tsq" 4
.IX Item "-queryfile request.tsq"
The name of the file containing a \s-1DER\s0 encoded time stamp request. (Optional)
.IP "\fB\-passin\fR password_src" 4
.IX Item "-passin password_src"
-Specifies the password source for the private key of the \s-1TSA\s0. See
-\&\fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR in \fIopenssl\fR\|(1). (Optional)
+Specifies the password source for the private key of the \s-1TSA.\s0 See
+\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fIopenssl\fR\|(1). (Optional)
.IP "\fB\-signer\fR tsa_cert.pem" 4
.IX Item "-signer tsa_cert.pem"
The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing
@@ -345,7 +354,7 @@ response (TimeStampResp). (Optional)
.IP "\fB\-text\fR" 4
.IX Item "-text"
If this option is specified the output is human-readable text format
-instead of \s-1DER\s0. (Optional)
+instead of \s-1DER. \s0(Optional)
.IP "\fB\-engine\fR id" 4
.IX Item "-engine id"
Specifying an engine (by its unique \fBid\fR string) will cause \fBts\fR
@@ -388,7 +397,7 @@ client. See the similar option of \fIverify\fR\|(1) for additional
details. Either this option or \fB\-CAfile\fR must be specified. (Optional)
.IP "\fB\-CAfile\fR trusted_certs.pem" 4
.IX Item "-CAfile trusted_certs.pem"
-The name of the file containing a set of trusted self-signed \s-1CA\s0
+The name of the file containing a set of trusted self-signed \s-1CA \s0
certificates in \s-1PEM\s0 format. See the similar option of
\&\fIverify\fR\|(1) for additional details. Either this option
or \fB\-CApath\fR must be specified.
@@ -488,7 +497,7 @@ the \s-1TSA\s0 name field of the response. Default is no. (Optional)
.IX Item "ess_cert_id_chain"
The SignedData objects created by the \s-1TSA\s0 always contain the
certificate identifier of the signing certificate in a signed
-attribute (see \s-1RFC\s0 2634, Enhanced Security Services). If this option
+attribute (see \s-1RFC 2634,\s0 Enhanced Security Services). If this option
is set to yes and either the \fBcerts\fR variable or the \fB\-chain\fR option
is specified then the certificate identifiers of the chain will also
be included in the SigningCertificate signed attribute. If this
@@ -505,7 +514,7 @@ configuration file, e.g. the example configuration file
openssl/apps/openssl.cnf will do.
.SS "Time Stamp Request"
.IX Subsection "Time Stamp Request"
-To create a time stamp request for design1.txt with \s-1SHA\-1\s0
+To create a time stamp request for design1.txt with \s-1SHA\-1 \s0
without nonce and policy and no certificate is required in the response:
.PP
.Vb 2
@@ -544,9 +553,9 @@ without any other key usage extensions. You can add the
\&'extendedKeyUsage = critical,timeStamping' line to the user certificate section
of the config file to generate a proper certificate. See \fIreq\fR\|(1),
\&\fIca\fR\|(1), \fIx509\fR\|(1) for instructions. The examples
-below assume that cacert.pem contains the certificate of the \s-1CA\s0,
+below assume that cacert.pem contains the certificate of the \s-1CA,\s0
tsacert.pem is the signing certificate issued by cacert.pem and
-tsakey.pem is the private key of the \s-1TSA\s0.
+tsakey.pem is the private key of the \s-1TSA.\s0
.PP
To create a time stamp response for a request:
.PP
@@ -621,7 +630,7 @@ You could also look at the 'test' directory for more examples.
If you find any bugs or you have suggestions please write to
Zoltan Glozik <zglozik@opentsa.org>. Known issues:
.IP "\(bu" 4
-No support for time stamps over \s-1SMTP\s0, though it is quite easy
+No support for time stamps over \s-1SMTP,\s0 though it is quite easy
to implement an automatic e\-mail based \s-1TSA\s0 with \fIprocmail\fR\|(1)
and \fIperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of
a separate apache module. \s-1HTTP\s0 client support is provided by
diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1
index d31062310dd1..264ec7de2c07 100644
--- a/secure/usr.bin/openssl/man/tsget.1
+++ b/secure/usr.bin/openssl/man/tsget.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "TSGET 1"
-.TH TSGET 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH TSGET 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -150,7 +159,7 @@ tsget \- Time Stamping HTTP/HTTPS client
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBtsget\fR command can be used for sending a time stamp request, as
-specified in \fB\s-1RFC\s0 3161\fR, to a time stamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing
+specified in \fB\s-1RFC 3161\s0\fR, to a time stamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing
the time stamp response in a file. This tool cannot be used for creating the
requests and verifying responses, you can use the OpenSSL \fB\f(BIts\fB\|(1)\fR command to
do that. \fBtsget\fR can send several requests to the server without closing
@@ -219,13 +228,13 @@ certificate-based client authentication will take place. (Optional)
.IX Item "-C CA_certs.pem"
(\s-1HTTPS\s0) The trusted \s-1CA\s0 certificate store. The certificate chain of the peer's
certificate must include one of the \s-1CA\s0 certificates specified in this file.
-Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS\s0. (Optional)
+Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS. \s0(Optional)
.IP "\fB\-P\fR CA_path" 4
.IX Item "-P CA_path"
(\s-1HTTPS\s0) The path containing the trusted \s-1CA\s0 certificates to verify the peer's
certificate. The directory must be prepared with the \fBc_rehash\fR
OpenSSL utility. Either option \fB\-C\fR or option \fB\-P\fR must be given in case of
-\&\s-1HTTPS\s0. (Optional)
+\&\s-1HTTPS. \s0(Optional)
.IP "\fB\-rand\fR file:file..." 4
.IX Item "-rand file:file..."
The files containing random data for seeding the random number
@@ -236,7 +245,7 @@ MS-Windows, \fB,\fR for \s-1VMS\s0 and \fB:\fR for all other platforms. (Optiona
The name of an \s-1EGD\s0 socket to get random data from. (Optional)
.IP "[request]..." 4
.IX Item "[request]..."
-List of files containing \fB\s-1RFC\s0 3161\fR DER-encoded time stamp requests. If no
+List of files containing \fB\s-1RFC 3161\s0\fR DER-encoded time stamp requests. If no
requests are specified only one request will be sent to the server and it will be
read from the standard input. (Optional)
.SH "ENVIRONMENT VARIABLES"
@@ -251,7 +260,7 @@ time stamp requests, tsa.opentsa.org listens at port 8080 for \s-1HTTP\s0 reques
and at port 8443 for \s-1HTTPS\s0 requests, the \s-1TSA\s0 service is available at the /tsa
absolute path.
.PP
-Get a time stamp response for file1.tsq over \s-1HTTP\s0, output is written to
+Get a time stamp response for file1.tsq over \s-1HTTP,\s0 output is written to
file1.tsr:
.PP
.Vb 1
@@ -308,4 +317,4 @@ Zoltan Glozik <zglozik@opentsa.org>, OpenTSA project (http://www.opentsa.org)
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIopenssl\fR\|(1), \fIts\fR\|(1), \fIcurl\fR\|(1),
-\&\fB\s-1RFC\s0 3161\fR
+\&\fB\s-1RFC 3161\s0\fR
diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1
index 01cd00021ab0..4be9cd538b09 100644
--- a/secure/usr.bin/openssl/man/verify.1
+++ b/secure/usr.bin/openssl/man/verify.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "VERIFY 1"
-.TH VERIFY 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH VERIFY 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -181,7 +190,7 @@ in \s-1PEM\s0 format concatenated together.
The intended use for the certificate. If this option is not specified,
\&\fBverify\fR will not consider certificate purpose during chain verification.
Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, \fBnssslserver\fR,
-\&\fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY\s0 \s-1OPERATION\s0\fR section for more
+\&\fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY OPERATION\s0\fR section for more
information.
.IP "\fB\-help\fR" 4
.IX Item "-help"
@@ -223,7 +232,7 @@ Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0).
Print out diagnostics related to policy processing.
.IP "\fB\-crl_check\fR" 4
.IX Item "-crl_check"
-Checks end entity certificate validity by attempting to look up a valid \s-1CRL\s0.
+Checks end entity certificate validity by attempting to look up a valid \s-1CRL.\s0
If a valid \s-1CRL\s0 cannot be found an error occurs.
.IP "\fB\-crl_check_all\fR" 4
.IX Item "-crl_check_all"
@@ -247,7 +256,7 @@ signing keys.
Enable support for delta CRLs.
.IP "\fB\-check_ss_sig\fR" 4
.IX Item "-check_ss_sig"
-Verify the signature on the self-signed root \s-1CA\s0. This is disabled by default
+Verify the signature on the self-signed root \s-1CA.\s0 This is disabled by default
because it doesn't add any security.
.IP "\fB\-\fR" 4
.IX Item "-"
@@ -274,10 +283,10 @@ determined.
The verify operation consists of a number of separate steps.
.PP
Firstly a certificate chain is built up starting from the supplied certificate
-and ending in the root \s-1CA\s0. It is an error if the whole chain cannot be built
+and ending in the root \s-1CA.\s0 It is an error if the whole chain cannot be built
up. The chain is built up by looking up the issuers certificate of the current
certificate. If a certificate is found which is its own issuer it is assumed
-to be the root \s-1CA\s0.
+to be the root \s-1CA.\s0
.PP
The process of 'looking up the issuers certificate' itself involves a number
of steps. In versions of OpenSSL before 0.9.5a the first certificate whose
@@ -301,9 +310,9 @@ consistency with the supplied purpose. If the \fB\-purpose\fR option is not incl
then no checks are done. The supplied or \*(L"leaf\*(R" certificate must have extensions
compatible with the supplied purpose and all other certificates must also be valid
\&\s-1CA\s0 certificates. The precise extensions required are described in more detail in
-the \fB\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\fR section of the \fBx509\fR utility.
+the \fB\s-1CERTIFICATE EXTENSIONS\s0\fR section of the \fBx509\fR utility.
.PP
-The third operation is to check the trust settings on the root \s-1CA\s0. The root
+The third operation is to check the trust settings on the root \s-1CA.\s0 The root
\&\s-1CA\s0 should be trusted for the supplied purpose. For compatibility with previous
versions of SSLeay and OpenSSL a certificate with no trust settings is considered
to be valid for all purposes.
@@ -454,7 +463,7 @@ an application specific error. Unused.
.SH "BUGS"
.IX Header "BUGS"
Although the issuer checks are a considerable improvement over the old technique they still
-suffer from limitations in the underlying X509_LOOKUP \s-1API\s0. One consequence of this is that
+suffer from limitations in the underlying X509_LOOKUP \s-1API.\s0 One consequence of this is that
trusted certificates with matching subject name must either appear in a file (as specified by the
\&\fB\-CAfile\fR option) or a directory (as specified by \fB\-CApath\fR. If they occur in both then only
the certificates in the file will be recognised.
diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1
index b3c01bad2988..1b5408a02fa1 100644
--- a/secure/usr.bin/openssl/man/version.1
+++ b/secure/usr.bin/openssl/man/version.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "VERSION 1"
-.TH VERSION 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH VERSION 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1
index 66530e5ed0d4..b3a0b9a21617 100644
--- a/secure/usr.bin/openssl/man/x509.1
+++ b/secure/usr.bin/openssl/man/x509.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509 1"
-.TH X509 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -189,14 +198,14 @@ x509 \- Certificate display and signing utility
.IX Header "DESCRIPTION"
The \fBx509\fR command is a multi purpose certificate utility. It can be
used to display certificate information, convert certificates to
-various forms, sign certificate requests like a \*(L"mini \s-1CA\s0\*(R" or edit
+various forms, sign certificate requests like a \*(L"mini \s-1CA\*(R"\s0 or edit
certificate trust settings.
.PP
Since there are a large number of options they will split up into
various sections.
.SH "OPTIONS"
.IX Header "OPTIONS"
-.SS "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0"
+.SS "\s-1INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS\s0"
.IX Subsection "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS"
.IP "\fB\-inform DER|PEM|NET\fR" 4
.IX Item "-inform DER|PEM|NET"
@@ -230,10 +239,10 @@ specifying an engine (by its unique \fBid\fR string) will cause \fBx509\fR
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
-.SS "\s-1DISPLAY\s0 \s-1OPTIONS\s0"
+.SS "\s-1DISPLAY OPTIONS\s0"
.IX Subsection "DISPLAY OPTIONS"
Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options
-but are described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR section.
+but are described in the \fB\s-1TRUST SETTINGS\s0\fR section.
.IP "\fB\-text\fR" 4
.IX Item "-text"
prints out the certificate in text form. Full details are output including the
@@ -243,7 +252,7 @@ any extensions present and any trust settings.
.IX Item "-certopt option"
customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be
a single option or multiple options separated by commas. The \fB\-certopt\fR switch
-may be also be used more than once to set multiple options. See the \fB\s-1TEXT\s0 \s-1OPTIONS\s0\fR
+may be also be used more than once to set multiple options. See the \fB\s-1TEXT OPTIONS\s0\fR
section for more information.
.IP "\fB\-noout\fR" 4
.IX Item "-noout"
@@ -291,7 +300,7 @@ outputs the issuer name.
option which determines how the subject or issuer names are displayed. The
\&\fBoption\fR argument can be a single option or multiple options separated by
commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to
-set multiple options. See the \fB\s-1NAME\s0 \s-1OPTIONS\s0\fR section for more information.
+set multiple options. See the \fB\s-1NAME OPTIONS\s0\fR section for more information.
.IP "\fB\-email\fR" 4
.IX Item "-email"
outputs the email address(es) if any.
@@ -318,7 +327,7 @@ prints out the digest of the \s-1DER\s0 encoded version of the whole certificate
.IP "\fB\-C\fR" 4
.IX Item "-C"
this outputs the certificate in the form of a C source file.
-.SS "\s-1TRUST\s0 \s-1SETTINGS\s0"
+.SS "\s-1TRUST SETTINGS\s0"
.IX Subsection "TRUST SETTINGS"
Please note these options are currently experimental and may well change.
.PP
@@ -331,7 +340,7 @@ must be \*(L"trusted\*(R". By default a trusted certificate must be stored
locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0
is then usable for any purpose.
.PP
-Trust settings currently are only used with a root \s-1CA\s0. They allow a finer
+Trust settings currently are only used with a root \s-1CA.\s0 They allow a finer
control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0
may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use.
.PP
@@ -373,12 +382,12 @@ option.
.IP "\fB\-purpose\fR" 4
.IX Item "-purpose"
this option performs tests on the certificate extensions and outputs
-the results. For a more complete description see the \fB\s-1CERTIFICATE\s0
-\&\s-1EXTENSIONS\s0\fR section.
-.SS "\s-1SIGNING\s0 \s-1OPTIONS\s0"
+the results. For a more complete description see the \fB\s-1CERTIFICATE
+EXTENSIONS\s0\fR section.
+.SS "\s-1SIGNING OPTIONS\s0"
.IX Subsection "SIGNING OPTIONS"
The \fBx509\fR utility can be used to sign certificates and requests: it
-can thus behave like a \*(L"mini \s-1CA\s0\*(R".
+can thus behave like a \*(L"mini \s-1CA\*(R".\s0
.IP "\fB\-signkey filename\fR" 4
.IX Item "-signkey filename"
this option causes the input file to be self signed using the supplied
@@ -397,7 +406,7 @@ the request.
.IP "\fB\-passin arg\fR" 4
.IX Item "-passin arg"
the key password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
+see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
.IP "\fB\-clrext\fR" 4
.IX Item "-clrext"
delete any extensions from a certificate. This option is used when a
@@ -432,7 +441,7 @@ serial numbers can also be specified but their use is not recommended.
.IP "\fB\-CA filename\fR" 4
.IX Item "-CA filename"
specifies the \s-1CA\s0 certificate to be used for signing. When this option is
-present \fBx509\fR behaves like a \*(L"mini \s-1CA\s0\*(R". The input file is signed by this
+present \fBx509\fR behaves like a \*(L"mini \s-1CA\*(R".\s0 The input file is signed by this
\&\s-1CA\s0 using this option: that is its issuer name is set to the subject name
of the \s-1CA\s0 and it is digitally signed using the CAs private key.
.Sp
@@ -473,7 +482,7 @@ specified then the extensions should either be contained in the unnamed
\&\*(L"extensions\*(R" which contains the section to use. See the
\&\fIx509v3_config\fR\|(5) manual page for details of the
extension section format.
-.SS "\s-1NAME\s0 \s-1OPTIONS\s0"
+.SS "\s-1NAME OPTIONS\s0"
.IX Subsection "NAME OPTIONS"
The \fBnameopt\fR command line switch determines how the subject and issuer
names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R"
@@ -490,7 +499,7 @@ displays names compatible with \s-1RFC2253\s0 equivalent to \fBesc_2253\fR, \fBe
\&\fBsep_comma_plus\fR, \fBdn_rev\fR and \fBsname\fR.
.IP "\fBoneline\fR" 4
.IX Item "oneline"
-a oneline format which is more readable than \s-1RFC2253\s0. It is equivalent to
+a oneline format which is more readable than \s-1RFC2253.\s0 It is equivalent to
specifying the \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR,
\&\fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_space\fR, \fBspace_eq\fR and \fBsname\fR
options.
@@ -519,7 +528,7 @@ escapes some characters by surrounding the whole string with \fB"\fR characters,
without the option all escaping is done with the \fB\e\fR character.
.IP "\fButf8\fR" 4
.IX Item "utf8"
-convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253\s0. If
+convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253.\s0 If
you are lucky enough to have a \s-1UTF8\s0 compatible terminal then the use
of this option (and \fBnot\fR setting \fBesc_msb\fR) may result in the correct
display of multibyte (international) characters. Is this option is not
@@ -541,11 +550,11 @@ field contents. For example \*(L"\s-1BMPSTRING:\s0 Hello World\*(R".
.IX Item "dump_der"
when this option is set any fields that need to be hexdumped will
be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the
-content octets will be displayed. Both options use the \s-1RFC2253\s0
-\&\fB#XXXX...\fR format.
+content octets will be displayed. Both options use the \s-1RFC2253
+\&\s0\fB#XXXX...\fR format.
.IP "\fBdump_nostr\fR" 4
.IX Item "dump_nostr"
-dump non character string types (for example \s-1OCTET\s0 \s-1STRING\s0) if this
+dump non character string types (for example \s-1OCTET STRING\s0) if this
option is not set then non character string types will be displayed
as though each content octet represents a single character.
.IP "\fBdump_all\fR" 4
@@ -566,7 +575,7 @@ the \s-1RDN\s0 separator and a spaced \fB+\fR for the \s-1AVA\s0 separator. It a
indents the fields by four characters.
.IP "\fBdn_rev\fR" 4
.IX Item "dn_rev"
-reverse the fields of the \s-1DN\s0. This is required by \s-1RFC2253\s0. As a side
+reverse the fields of the \s-1DN.\s0 This is required by \s-1RFC2253.\s0 As a side
effect this also reverses the order of multiple AVAs but this is
permissible.
.IP "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4
@@ -584,7 +593,7 @@ align field values for a more readable output. Only usable with
.IX Item "space_eq"
places spaces round the \fB=\fR character which follows the field
name.
-.SS "\s-1TEXT\s0 \s-1OPTIONS\s0"
+.SS "\s-1TEXT OPTIONS\s0"
.IX Subsection "TEXT OPTIONS"
As well as customising the name output format, it is also possible to
customise the actual fields printed using the \fBcertopt\fR options when
@@ -718,7 +727,7 @@ certificate extensions:
.Ve
.PP
Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to
-\&\*(L"Steve's Class 1 \s-1CA\s0\*(R"
+\&\*(L"Steve's Class 1 \s-1CA\*(R"\s0
.PP
.Vb 2
\& openssl x509 \-in cert.pem \-addtrust clientAuth \e
@@ -757,7 +766,7 @@ This is commonly called a \*(L"fingerprint\*(R". Because of the nature of messag
digests the fingerprint of a certificate is unique to that certificate and
two certificates with the same fingerprint can be considered to be the same.
.PP
-The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1\s0.
+The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1.\s0
.PP
The \fB\-email\fR option searches the subject name and the subject alternative
name extension. Only unique email addresses will be printed out: it will
@@ -773,12 +782,12 @@ The same code is used when verifying untrusted certificates in chains
so this section is useful if a chain is rejected by the verify code.
.PP
The basicConstraints extension \s-1CA\s0 flag is used to determine whether the
-certificate can be used as a \s-1CA\s0. If the \s-1CA\s0 flag is true then it is a \s-1CA\s0,
-if the \s-1CA\s0 flag is false then it is not a \s-1CA\s0. \fBAll\fR CAs should have the
+certificate can be used as a \s-1CA.\s0 If the \s-1CA\s0 flag is true then it is a \s-1CA,\s0
+if the \s-1CA\s0 flag is false then it is not a \s-1CA. \s0\fBAll\fR CAs should have the
\&\s-1CA\s0 flag set to true.
.PP
If the basicConstraints extension is absent then the certificate is
-considered to be a \*(L"possible \s-1CA\s0\*(R" other extensions are checked according
+considered to be a \*(L"possible \s-1CA\*(R"\s0 other extensions are checked according
to the intended use of the certificate. A warning is given in this case
because the certificate should really not be regarded as a \s-1CA:\s0 however
it is allowed to be a \s-1CA\s0 to work around some broken software.
@@ -802,14 +811,14 @@ basicConstraints and keyUsage and V1 certificates above apply to \fBall\fR
.IP "\fB\s-1SSL\s0 Client\fR" 4
.IX Item "SSL Client"
The extended key usage extension must be absent or include the \*(L"web client
-authentication\*(R" \s-1OID\s0. keyUsage must be absent or it must have the
+authentication\*(R" \s-1OID. \s0 keyUsage must be absent or it must have the
digitalSignature bit set. Netscape certificate type must be absent or it must
have the \s-1SSL\s0 client bit set.
.IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4
.IX Item "SSL Client CA"
The extended key usage extension must be absent or include the \*(L"web client
-authentication\*(R" \s-1OID\s0. Netscape certificate type must be absent or it must have
-the \s-1SSL\s0 \s-1CA\s0 bit set: this is used as a work around if the basicConstraints
+authentication\*(R" \s-1OID.\s0 Netscape certificate type must be absent or it must have
+the \s-1SSL CA\s0 bit set: this is used as a work around if the basicConstraints
extension is absent.
.IP "\fB\s-1SSL\s0 Server\fR" 4
.IX Item "SSL Server"
@@ -821,7 +830,7 @@ Netscape certificate type must be absent or have the \s-1SSL\s0 server bit set.
.IX Item "SSL Server CA"
The extended key usage extension must be absent or include the \*(L"web server
authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must
-be absent or the \s-1SSL\s0 \s-1CA\s0 bit must be set: this is used as a work around if the
+be absent or the \s-1SSL CA\s0 bit must be set: this is used as a work around if the
basicConstraints extension is absent.
.IP "\fBNetscape \s-1SSL\s0 Server\fR" 4
.IX Item "Netscape SSL Server"
@@ -832,7 +841,7 @@ Otherwise it is the same as a normal \s-1SSL\s0 server.
.IP "\fBCommon S/MIME Client Tests\fR" 4
.IX Item "Common S/MIME Client Tests"
The extended key usage extension must be absent or include the \*(L"email
-protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or should have the
+protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or should have the
S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown:
this is because some Verisign certificates don't set the S/MIME bit.
@@ -847,7 +856,7 @@ if the keyUsage extension is present.
.IP "\fBS/MIME \s-1CA\s0\fR" 4
.IX Item "S/MIME CA"
The extended key usage extension must be absent or include the \*(L"email
-protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the
+protection\*(R" \s-1OID.\s0 Netscape certificate type must be absent or must have the
S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints
extension is absent.
.IP "\fB\s-1CRL\s0 Signing\fR" 4
@@ -870,7 +879,7 @@ be checked.
There should be options to explicitly set such things as start and end
dates rather than an offset from the current time.
.PP
-The code to implement the verify behaviour described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR
+The code to implement the verify behaviour described in the \fB\s-1TRUST SETTINGS\s0\fR
is currently being developed. It thus describes the intended behaviour rather
than the current behaviour. It is hoped that it will represent reality in
OpenSSL 0.9.5 and later.
@@ -881,10 +890,10 @@ OpenSSL 0.9.5 and later.
\&\fIx509v3_config\fR\|(5)
.SH "HISTORY"
.IX Header "HISTORY"
-Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5\s0.
+Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5.\s0
.PP
The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options
before OpenSSL 1.0.0 was based on the deprecated \s-1MD5\s0 algorithm and the encoding
of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
-canonical version of the \s-1DN\s0 using \s-1SHA1\s0. This means that any directories using
+canonical version of the \s-1DN\s0 using \s-1SHA1.\s0 This means that any directories using
the old form must have their links rebuilt using \fBc_rehash\fR or similar.
diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1
index aeb006080a04..27dd7c72086a 100644
--- a/secure/usr.bin/openssl/man/x509v3_config.1
+++ b/secure/usr.bin/openssl/man/x509v3_config.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "X509V3_CONFIG 1"
-.TH X509V3_CONFIG 1 "2014-10-15" "1.0.1j" "OpenSSL"
+.TH X509V3_CONFIG 1 "2015-01-08" "1.0.1k" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -185,7 +194,7 @@ use is defined by the extension code itself: check out the certificate
policies extension for an example.
.PP
If an extension type is unsupported then the \fIarbitrary\fR extension syntax
-must be used, see the \s-1ARBITRARY\s0 \s-1EXTENSIONS\s0 section for more details.
+must be used, see the \s-1ARBITRARY EXTENSIONS\s0 section for more details.
.SH "STANDARD EXTENSIONS"
.IX Header "STANDARD EXTENSIONS"
The following sections describe each supported extension in detail.
@@ -207,7 +216,7 @@ For example:
.Ve
.PP
A \s-1CA\s0 certificate \fBmust\fR include the basicConstraints value with the \s-1CA\s0 field
-set to \s-1TRUE\s0. An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the
+set to \s-1TRUE.\s0 An end user certificate must either set \s-1CA\s0 to \s-1FALSE\s0 or exclude the
extension entirely. Some software may require the inclusion of basicConstraints
with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates.
.PP
@@ -237,7 +246,7 @@ the certificate public key can be used for,
.PP
These can either be object short names of the dotted numerical form of OIDs.
While any \s-1OID\s0 can be used only certain values make sense. In particular the
-following \s-1PKIX\s0, \s-1NS\s0 and \s-1MS\s0 values are meaningful:
+following \s-1PKIX, NS\s0 and \s-1MS\s0 values are meaningful:
.PP
.Vb 10
\& Value Meaning
@@ -296,7 +305,7 @@ Example:
The subject alternative name extension allows various literal values to be
included in the configuration file. These include \fBemail\fR (an email address)
\&\fB\s-1URI\s0\fR a uniform resource indicator, \fB\s-1DNS\s0\fR (a \s-1DNS\s0 domain name), \fB\s-1RID\s0\fR (a
-registered \s-1ID:\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR
+registered \s-1ID: OBJECT IDENTIFIER\s0), \fB\s-1IP\s0\fR (an \s-1IP\s0 address), \fBdirName\fR
(a distinguished name) and otherName.
.PP
The email option include a special 'copy' value. This will automatically
@@ -346,7 +355,7 @@ Example:
.SS "Authority Info Access."
.IX Subsection "Authority Info Access."
The authority information access extension gives details about how to access
-certain information relating to the \s-1CA\s0. Its syntax is accessOID;location
+certain information relating to the \s-1CA.\s0 Its syntax is accessOID;location
where \fIlocation\fR has the same syntax as subject alternative name (except
that email:copy is not supported). accessOID can be any valid \s-1OID\s0 but only
certain values are meaningful, for example \s-1OCSP\s0 and caIssuers.
@@ -443,7 +452,7 @@ This is a \fIraw\fR extension. All the fields of this extension can be set by
using the appropriate syntax.
.PP
If you follow the \s-1PKIX\s0 recommendations and just using one \s-1OID\s0 then you just
-include the value of that \s-1OID\s0. Multiple OIDs can be set separated by commas,
+include the value of that \s-1OID.\s0 Multiple OIDs can be set separated by commas,
for example:
.PP
.Vb 1