diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-10-01 18:16:29 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-10-09 10:42:57 +0200 |
| commit | 2f0ea9365806895c313b6d8e2ce33428260e856c (patch) | |
| tree | 0069c113cb570b4df19cf8446a2a55a736f21f34 | |
| parent | fed8bd90e4cf02066eeed9426e29d709e3630cc9 (diff) | |
Command docs: replacables are in italics, options always start with a dash
Quite a lot of replacables were still bold, and some options were
mentioned without a beginning dash.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10065)
45 files changed, 343 insertions, 337 deletions
diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod index 17745d6769..1e4d223ddb 100644 --- a/doc/man1/CA.pl.pod +++ b/doc/man1/CA.pl.pod @@ -120,7 +120,7 @@ Verifies certificates against the CA certificate for "demoCA". If no certificates are specified on the command line it tries to verify the file "newcert.pem". Invokes B<openssl verify> command. -=item B<-extra-req> | B<-extra-ca> | B<-extra-pkcs12> | B<-extra-x509> | B<-extra-verify> <extra-params> +=item B<-extra-req> | B<-extra-ca> | B<-extra-pkcs12> | B<-extra-x509> | B<-extra-verify> I<extra-params> The purpose of these parameters is to allow optional parameters to be supplied to B<openssl> that this command executes. The B<-extra-cmd> are specific to the diff --git a/doc/man1/openssl-asn1parse.pod b/doc/man1/openssl-asn1parse.pod index 73824bfe14..7b81c51f49 100644 --- a/doc/man1/openssl-asn1parse.pod +++ b/doc/man1/openssl-asn1parse.pod @@ -39,7 +39,7 @@ Print out a usage message. =item B<-inform> B<DER>|B<PEM> -The input format. I<DER> is binary format and I<PEM> (the default) is base64 +The input format. B<DER> is binary format and B<PEM> (the default) is base64 encoded. =item B<-in> I<filename> @@ -88,12 +88,12 @@ option can be used multiple times to "drill down" into a nested structure. =item B<-genstr> I<string>, B<-genconf> I<file> -Generate encoded data based on B<string>, B<file> or both using -L<ASN1_generate_nconf(3)> format. If B<file> only is +Generate encoded data based on I<string>, I<file> or both using +L<ASN1_generate_nconf(3)> format. If I<file> only is present then the string is obtained from the default section using the name B<asn1>. The encoded data is passed through the ASN1 parser and printed out as though it came from a file, the contents can thus be examined and written to a -file using the B<out> option. +file using the B<-out> option. =item B<-strictpem> @@ -105,8 +105,8 @@ END marker in a PEM file. =item B<-item> I<name> -Attempt to decode and print the data as B<ASN1_ITEM name>. This can be used to -print out the fields of any supported ASN.1 structure if the type is known. +Attempt to decode and print the data as B<ASN1_ITEM> I<name>. This can be used +to print out the fields of any supported ASN.1 structure if the type is known. =back diff --git a/doc/man1/openssl-ca.pod b/doc/man1/openssl-ca.pod index 4ba230f46b..4780f2aa97 100644 --- a/doc/man1/openssl-ca.pod +++ b/doc/man1/openssl-ca.pod @@ -251,7 +251,7 @@ used). =item B<-engine> I<id> -Specifying an engine (by its unique B<id> string) will cause B<ca> +Specifying an engine (by its unique I<id> string) will cause B<ca> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -259,7 +259,7 @@ for all available algorithms. =item B<-subj> I<arg> Supersedes subject name given in the request. -The arg must be formatted as I</type0=value0/type1=value1/type2=...>. +The arg must be formatted as C</type0=value0/type1=value1/type2=...>. Keyword characters may be escaped by \ (backslash), and whitespace is retained. Empty values are permitted, but the corresponding type will not be included in the resulting certificate. @@ -291,7 +291,7 @@ support for multivalued RDNs. Example: I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe> -If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>. +If B<-multi-rdn> is not used then the UID value is I<123456+CN=John Doe>. =item B<-rand> I<files> @@ -353,9 +353,9 @@ Updates the database index to purge expired certificates. =item B<-crl_reason> I<reason> -Revocation reason, where B<reason> is one of: B<unspecified>, B<keyCompromise>, +Revocation reason, where I<reason> is one of: B<unspecified>, B<keyCompromise>, B<CACompromise>, B<affiliationChanged>, B<superseded>, B<cessationOfOperation>, -B<certificateHold> or B<removeFromCRL>. The matching of B<reason> is case +B<certificateHold> or B<removeFromCRL>. The matching of I<reason> is case insensitive. Setting any revocation reason will make the CRL v2. In practice B<removeFromCRL> is not particularly useful because it is only used @@ -364,14 +364,14 @@ in delta CRLs which are not currently implemented. =item B<-crl_hold> I<instruction> This sets the CRL revocation reason code to B<certificateHold> and the hold -instruction to B<instruction> which must be an OID. Although any OID can be +instruction to I<instruction> which must be an OID. Although any OID can be used only B<holdInstructionNone> (the use of which is discouraged by RFC2459) B<holdInstructionCallIssuer> or B<holdInstructionReject> will normally be used. =item B<-crl_compromise> I<time> This sets the revocation reason to B<keyCompromise> and the compromise time to -B<time>. B<time> should be in GeneralizedTime format that is B<YYYYMMDDHHMMSSZ>. +I<time>. I<time> should be in GeneralizedTime format that is I<YYYYMMDDHHMMSSZ>. =item B<-crl_CA_compromise> I<time> diff --git a/doc/man1/openssl-ciphers.pod b/doc/man1/openssl-ciphers.pod index 0ed7d14eaf..ca1f8fc0c4 100644 --- a/doc/man1/openssl-ciphers.pod +++ b/doc/man1/openssl-ciphers.pod @@ -22,7 +22,7 @@ B<openssl> B<ciphers> [B<-stdname>] [B<-convert> I<name>] [B<-ciphersuites> I<val>] -[B<cipherlist>] +[I<cipherlist>] =for comment ifdef ssl3 tls1 tls1_1 tls1_2 tls1_3 psk srp @@ -87,7 +87,7 @@ Precede each cipher suite by its standard name. =item B<-convert> I<name> -Convert a standard cipher B<name> to its OpenSSL name. +Convert a standard cipher I<name> to its OpenSSL name. =item B<-ciphersuites> I<val> @@ -147,8 +147,8 @@ will not moved to the end of the list. The cipher string B<@STRENGTH> can be used at any point to sort the current cipher list in order of encryption algorithm key length. -The cipher string B<@SECLEVEL=n> can be used at any point to set the security -level to B<n>, which should be a number between zero and five, inclusive. +The cipher string B<@SECLEVEL>=I<n> can be used at any point to set the security +level to I<n>, which should be a number between zero and five, inclusive. See L<SSL_CTX_set_security_level> for a description of what each level means. The cipher list can be prefixed with the B<DEFAULT> keyword, which enables diff --git a/doc/man1/openssl-cmds.pod b/doc/man1/openssl-cmds.pod index cab89f126d..5c4f06e1de 100644 --- a/doc/man1/openssl-cmds.pod +++ b/doc/man1/openssl-cmds.pod @@ -57,13 +57,13 @@ x509 =for comment generic -B<openssl> B<cmd> [B<-help>] [B<...>] +B<openssl> I<cmd> B<-help> | [I<-option> | I<-option> I<arg>] ... [I<arg>] ... =head1 DESCRIPTION -Every B<cmd> listed above is a (sub-)command of the L<openssl(1)> application. -It has its own detailed manual page at B<openssl-cmd(1)>. For example, to view -the manual page for the B<openssl dgst> command, type B<man openssl-dgst>. +Every I<cmd> listed above is a (sub-)command of the L<openssl(1)> application. +It has its own detailed manual page at B<openssl-I<cmd>>(1). For example, to +view the manual page for the B<openssl dgst> command, type C<man openssl-dgst>. =head1 OPTIONS @@ -132,8 +132,8 @@ L<openssl-x509(1)>, =head1 HISTORY -Initially, the manual page entry for the B<openssl cmd> command used -to be available at B<cmd(1)>. Later, the alias B<openssl-cmd(1)> was +Initially, the manual page entry for the C<openssl I<cmd>> command used +to be available at I<cmd>(1). Later, the alias B<openssl-I<cmd>>(1) was introduced, which made it easier to group the openssl commands using the L<apropos(1)> command or the shell's tab completion. diff --git a/doc/man1/openssl-cms.pod b/doc/man1/openssl-cms.pod index 1de618d0c7..24cf797702 100644 --- a/doc/man1/openssl-cms.pod +++ b/doc/man1/openssl-cms.pod @@ -385,7 +385,7 @@ the signers certificates. The certificates should be in PEM format. =item B<-certsout> I<file> -Any certificates contained in the message are written to B<file>. +Any certificates contained in the message are written to I<file>. =item B<-signer> I<file> @@ -446,14 +446,14 @@ content encryption key using an AES key in the B<KEKRecipientInfo> type. The key identifier for the supplied symmetric key for B<KEKRecipientInfo> type. This option B<must> be present if the B<-secretkey> option is used with -B<-encrypt>. With B<-decrypt> operations the B<id> is used to locate the +B<-encrypt>. With B<-decrypt> operations the I<id> is used to locate the relevant key if it is not supplied then an attempt is used to decrypt any B<KEKRecipientInfo> structures. =item B<-econtent_type> I<type> -Set the encapsulated content type to B<type> if not supplied the B<Data> type -is used. The B<type> argument can be any valid OID name in either text or +Set the encapsulated content type to I<type> if not supplied the B<Data> type +is used. The I<type> argument can be any valid OID name in either text or numerical format. =item B<-inkey> I<file> @@ -766,7 +766,7 @@ No revocation checking is done on the signer's certificate. The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0. -The B<keyopt> option was added in OpenSSL 1.0.2. +The B<-keyopt> option was added in OpenSSL 1.0.2. Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2. diff --git a/doc/man1/openssl-crl.pod b/doc/man1/openssl-crl.pod index 7a715fd9a6..acf3465b55 100644 --- a/doc/man1/openssl-crl.pod +++ b/doc/man1/openssl-crl.pod @@ -95,12 +95,12 @@ Output the nextUpdate field. =item B<-CAfile> I<file> Verify the signature on a CRL by looking up the issuing certificate in -B<file>. +I<file>. =item B<-CApath> I<dir> Verify the signature on a CRL by looking up the issuing certificate in -B<dir>. This directory must be a standard certificate directory: that +I<dir>. This directory must be a standard certificate directory: that is a hash of each subject name (using B<x509 -hash>) should be linked to each certificate. diff --git a/doc/man1/openssl-dgst.pod b/doc/man1/openssl-dgst.pod index ebafece6d8..436b2fd1fe 100644 --- a/doc/man1/openssl-dgst.pod +++ b/doc/man1/openssl-dgst.pod @@ -39,7 +39,7 @@ signatures using message digests. The generic name, B<dgst>, may be used with an option specifying the algorithm to be used. -The default digest is I<sha256>. +The default digest is B<sha256>. A supported I<digest> name may also be used as the command name. To see the list of supported algorithms, use the I<list --digest-commands> command. @@ -60,7 +60,7 @@ supported digests, use the command C<list --digest-commands>. =item B<-c> Print out the digest in two digit groups separated by colons, only relevant if -B<hex> format output is used. +the B<-hex> option is given as well. =item B<-d> @@ -103,7 +103,7 @@ Names and values of these options are algorithm-specific. =item B<-passin> I<arg> -The private key password source. For more information about the format of B<arg> +The private key password source. For more information about the format of I<arg> see L<openssl(1)/Pass phrase options>. =item B<-verify> I<filename> @@ -144,13 +144,13 @@ Following options are supported by both by B<HMAC> and B<gost-mac>: =over 4 -=item B<key:string> +=item B<key>:I<string> Specifies MAC key as alphanumeric string (use if key contain printable characters only). String length must conform to any restrictions of the MAC algorithm for example exactly 32 chars for gost-mac. -=item B<hexkey:string> +=item B<hexkey>:I<string> Specifies MAC key in hexadecimal form (two hex digits per byte). Key length must conform to any restrictions of the MAC algorithm @@ -179,7 +179,7 @@ Compute HMAC using a specific key for certain OpenSSL-FIPS operations. =item B<-engine> I<id> -Use engine B<id> for operations (including private key storage). +Use engine I<id> for operations (including private key storage). This engine is not used as source for digest algorithms, unless it is also specified in the configuration file or B<-engine_impl> is also specified. @@ -187,7 +187,7 @@ specified. =item B<-engine_impl> When used with the B<-engine> option, it specifies to also use -engine B<id> for digest operations. +engine I<id> for digest operations. =item I<file> ... diff --git a/doc/man1/openssl-dhparam.pod b/doc/man1/openssl-dhparam.pod index 79fda3d48b..0abd0d9748 100644 --- a/doc/man1/openssl-dhparam.pod +++ b/doc/man1/openssl-dhparam.pod @@ -83,7 +83,7 @@ displays a warning if not. The generator to use, either 2, 3 or 5. If present then the input file is ignored and parameters are generated instead. If not -present but B<numbits> is present, parameters are generated with the +present but I<numbits> is present, parameters are generated with the default generator 2. =item B<-rand> I<files> @@ -122,7 +122,7 @@ be loaded by calling the get_dhNNNN() function. =item B<-engine> I<id> -Specifying an engine (by its unique B<id> string) will cause B<dhparam> +Specifying an engine (by its unique I<id> string) will cause B<dhparam> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/doc/man1/openssl-dsa.pod b/doc/man1/openssl-dsa.pod index 9c34dde658..6f7ccb6ef7 100644 --- a/doc/man1/openssl-dsa.pod +++ b/doc/man1/openssl-dsa.pod @@ -75,7 +75,7 @@ prompted for. =item B<-passin> I<arg> -The input file password source. For more information about the format of B<arg> +The input file password source. For more information about the format of I<arg> see L<openssl(1)/Pass phrase options>. =item B<-out> I<filename> @@ -87,7 +87,7 @@ filename. =item B<-passout> I<arg> -The output file password source. For more information about the format of B<arg> +The output file password source. For more information about the format of I<arg> see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> @@ -125,7 +125,7 @@ a public key. =item B<-engine> I<id> -Specifying an engine (by its unique B<id> string) will cause B<dsa> +Specifying an engine (by its unique I<id> string) will cause B<dsa> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/doc/man1/openssl-dsaparam.pod b/doc/man1/openssl-dsaparam.pod index 133c206461..5ae64ae83a 100644 --- a/doc/man1/openssl-dsaparam.pod +++ b/doc/man1/openssl-dsaparam.pod @@ -49,7 +49,7 @@ as the B<-inform> option. =item B<-in> I<filename> This specifies the input filename to read parameters from or standard input if -this option is not specified. If the B<numbits> parameter is included then +this option is not specified. If the I<numbits> parameter is included then this option will be ignored. =item B<-out> I<filename> @@ -90,7 +90,7 @@ This can be used with a subsequent B<-rand> flag. =item B<-engine> I<id> -Specifying an engine (by its unique B<id> string) will cause B<dsaparam> +Specifying an engine (by its unique I<id> string) will cause B<dsaparam> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -99,10 +99,10 @@ for all available algorithms. Print extra details about the operations being performed. -=item B<numbits> +=item I<numbits> This option specifies that a parameter set should be generated of size -B<numbits>. It must be the last option. If this option is included then +I<numbits>. It must be the last option. If this option is included then the input file (if any) is ignored. =back diff --git a/doc/man1/openssl-ec.pod b/doc/man1/openssl-ec.pod index b43af6df52..dfc01bc490 100644 --- a/doc/man1/openssl-ec.pod +++ b/doc/man1/openssl-ec.pod @@ -68,7 +68,7 @@ prompted for. =item B<-passin> I<arg> -The input file password source. For more information about the format of B<arg> +The input file password source. For more information about the format of I<arg> see L<openssl(1)/Pass phrase options>. =item B<-out> I<filename> @@ -80,7 +80,7 @@ filename. =item B<-passout> I<arg> -The output file password source. For more information about the format of B<arg> +The output file password source. For more information about the format of I<arg> see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. =item B<-des>|B<-des3>|B<-idea> @@ -113,7 +113,7 @@ By default a private key is output. With this option a public key will be output instead. This option is automatically set if the input is a public key. -=item B<-conv_form> +=item B<-conv_form> I<arg> This specifies how the points on the elliptic curve are converted into octet strings. Possible values are: B<compressed> (the default @@ -143,7 +143,7 @@ This option checks the consistency of an EC private or public key. =item B<-engine> I<id> -Specifying an engine (by its unique B<id> string) will cause B<ec> +Specifying an engine (by its unique I<id> string) will cause B<ec> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/doc/man1/openssl-ecparam.pod b/doc/man1/openssl-ecparam.pod index e8de181c23..46a93ca95b 100644 --- a/doc/man1/openssl-ecparam.pod +++ b/doc/man1/openssl-ecparam.pod @@ -96,7 +96,7 @@ to get a list of all currently implemented EC parameters. If this options is specified B<ecparam> will print out a list of all currently implemented EC parameters names and exit. -=item B<-conv_form> +=item B<-conv_form> I<arg> This specifies how the points on the elliptic curve are converted into octet strings. Possible values are: B<compressed>, B<uncompressed> (the @@ -139,7 +139,7 @@ This can be used with a subsequent B<-rand> flag. =item B<-engine> I<id> -Specifying an engine (by its unique B<id> string) will cause B<ecparam> +Specifying an engine (by its unique I<id> string) will cause B<ecparam> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. diff --git a/doc/man1/openssl-enc.pod b/doc/man1/openssl-enc.pod index 9c4954f1bc..8c6f279b04 100644 --- a/doc/man1/openssl-enc.pod +++ b/doc/man1/openssl-enc.pod @@ -72,7 +72,7 @@ The output filename, standard output by default. =item B<-pass> I<arg> -The password source. For more information about the format of B<arg> +The password source. For more information about the format of I<arg> see L<openssl(1)/Pass phrase options>. =item B<-e> @@ -104,7 +104,7 @@ versions of OpenSSL. Superseded by the B<-pass> argument. =item B<-kfile> I<filename> -Read the password to derive the key from the first line of B<filename>. +Read the password to derive the key from the first line of I<filename>. This is for compatibility with previous versions of OpenSSL. Superseded by the B<-pass> argument. @@ -202,7 +202,7 @@ This can be used with a subsequent B<-rand> flag. =head1 NOTES The program can be called either as B<openssl cipher> or -B<openssl enc -cipher>. The first form doesn't work with +B<openssl enc -I<cipher>>. The first form doesn't work with engine-provided ciphers, because this form is processed before the configuration file is read and any ENGINEs loaded. Use the B<list> command to get a list of supported ciphers. @@ -251,7 +251,7 @@ Blowfish and RC5 algorithms use a 128 bit key. Note that some of these ciphers can be disabled at compile time and some are available only if an appropriate engine is configured in the configuration file. The output of the B<enc> command run with -the B<-ciphers> option (that is B<openssl enc -ciphers>) produces a +the B<-I<ciphers>> option (that is B<openssl enc -I<ciphers>>) produces a list of ciphers, supported by your version of OpenSSL, including ones provided by configured engines. diff --git a/doc/man1/openssl-engine.pod b/doc/man1/openssl-engine.pod index 58383338c1..f04baf720d 100644 --- a/doc/man1/openssl-engine.pod +++ b/doc/man1/openssl-engine.pod @@ -15,14 +15,14 @@ B<openssl engine> [B<-c>] [B<-t>] [B<-tt>] -[B<-pre> I<command>] -[B<-post> I<command>] +[B<-pre> I<command>] ... +[B<-post> I<command>] ... [I<engine> ...] =head1 DESCRIPTION The B<engine> command is used to query the status and capabilities -of the specified B<engine>'s. +of the specified I<engine>'s. Engines may be specified before and after all other command-line flags. Only those specified are queried. @@ -56,10 +56,13 @@ Displays an error trace for any unavailable engine. Command-line configuration of engines. The B<-pre> command is given to the engine before it is loaded and the B<-post> command is given after the engine is loaded. -The I<command> is of the form I<cmd:val> where I<cmd> is the command, +The I<command> is of the form I<cmd>:I<val> where I<cmd> is the command, and I<val> is the value for the command. See the example below. +These two options are cumulative, so they may be given more than once in the +same command. + =back =head1 EXAMPLES diff --git a/doc/man1/openssl-errstr.pod b/doc/man1/openssl-errstr.pod index c910f84f09..97ac1eb0bc 100644 --- a/doc/man1/openssl-errstr.pod +++ b/doc/man1/openssl-errstr.pod @@ -6,7 +6,7 @@ openssl-errstr - lookup error codes =head1 SYNOPSIS -B<openssl errstr error_code> +B<openssl errstr> I<error_code> =head1 DESCRIPTION diff --git a/doc/man1/openssl-fipsinstall.pod b/doc/man1/openssl-fipsinstall.pod index daa6d608af..c6e2cde2fe 100644 --- a/doc/man1/openssl-fipsinstall.pod +++ b/doc/man1/openssl-fipsinstall.pod @@ -83,20 +83,20 @@ Common control strings used for fipsinstall are: =over 4 -=item B<key:string> +=item B<key>:I<string> Specifies the MAC key as an alphanumeric string (use if the key contains printable characters only). The string length must conform to any restrictions of the MAC algorithm. A key must be specified for every MAC algorithm. -=item B<hexkey:string> +=item B<hexkey>:I<string> Specifies the MAC key in hexadecimal form (two hex digits |