diff options
author | Job Snijders <job@sobornost.net> | 2024-02-27 19:14:32 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-04-04 08:36:19 +0200 |
commit | 581c40c5e6fe417b1020bdb377d083674c730560 (patch) | |
tree | cd2de9821fcfb4b1fc3064da4a912533a894b46d | |
parent | c7d6936ffb52df33b25efa60cfca46ebe1cc4838 (diff) |
Align 'openssl req' string_mask docs to how the software really works
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23699)
(cherry picked from commit 2410cb42e62c3be69dcf1aad1bdf1eb0233b670f)
-rw-r--r-- | doc/man1/openssl-req.pod.in | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 31fd714187..81181bdb4e 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -472,16 +472,29 @@ any digest that has been set. =item B<string_mask> This option masks out the use of certain string types in certain -fields. Most users will not need to change this option. - -It can be set to several values B<default> which is also the default -option uses PrintableStrings, T61Strings and BMPStrings if the -B<pkix> value is used then only PrintableStrings and BMPStrings will -be used. This follows the PKIX recommendation in RFC2459. If the -B<utf8only> option is used then only UTF8Strings will be used: this -is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr> -option just uses PrintableStrings and T61Strings: certain software has -problems with BMPStrings and UTF8Strings: in particular Netscape. +fields. Most users will not need to change this option. It can be set to +several values: + +=over 4 + +=item B<utf8only> +- only UTF8Strings are used (this is the default value) + +=item B<pkix> +- any string type except T61Strings + +=item B<nombstr> +- any string type except BMPStrings and UTF8Strings + +=item B<default> +- any kind of string type + +=back + +Note that B<utf8only> is the PKIX recommendation in RFC2459 after 2003, and the +default B<string_mask>; B<default> is not the default option. The B<nombstr> +value is a workaround for some software that has problems with variable-sized +BMPStrings and UTF8Strings. =item B<req_extensions> |