diff options
author | Job Snijders <job@sobornost.net> | 2024-02-27 19:14:32 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-04-04 08:36:10 +0200 |
commit | 203f46a30b3a7b00bb1d7f545744ec0574c2fee2 (patch) | |
tree | d4906d73c844023df68c0ce0af90e3d890cc5340 | |
parent | 4c70500801a833eaafbfb454340cb3c7662f21ad (diff) |
Align 'openssl req' string_mask docs to how the software really works
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23699)
(cherry picked from commit 2410cb42e62c3be69dcf1aad1bdf1eb0233b670f)
-rw-r--r-- | doc/man1/openssl-req.pod.in | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index c2232006e5..85d7fef4ba 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -495,16 +495,29 @@ any digest that has been set. =item B<string_mask> This option masks out the use of certain string types in certain -fields. Most users will not need to change this option. - -It can be set to several values B<default> which is also the default -option uses PrintableStrings, T61Strings and BMPStrings if the -B<pkix> value is used then only PrintableStrings and BMPStrings will -be used. This follows the PKIX recommendation in RFC2459. If the -B<utf8only> option is used then only UTF8Strings will be used: this -is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr> -option just uses PrintableStrings and T61Strings: certain software has -problems with BMPStrings and UTF8Strings: in particular Netscape. +fields. Most users will not need to change this option. It can be set to +several values: + +=over 4 + +=item B<utf8only> +- only UTF8Strings are used (this is the default value) + +=item B<pkix> +- any string type except T61Strings + +=item B<nombstr> +- any string type except BMPStrings and UTF8Strings + +=item B<default> +- any kind of string type + +=back + +Note that B<utf8only> is the PKIX recommendation in RFC2459 after 2003, and the +default B<string_mask>; B<default> is not the default option. The B<nombstr> +value is a workaround for some software that has problems with variable-sized +BMPStrings and UTF8Strings. =item B<req_extensions> |