diff options
author | Job Snijders <job@sobornost.net> | 2024-02-27 19:14:32 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-04-04 08:36:03 +0200 |
commit | f670040b8623cfd5163dfc80cffbaa6de0e3f718 (patch) | |
tree | 5ec729b75a756f089c103fc0191df5d5f977804e | |
parent | f601ab7758bcfcc968571270a04ffee164993f04 (diff) |
Align 'openssl req' string_mask docs to how the software really works
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23699)
(cherry picked from commit 2410cb42e62c3be69dcf1aad1bdf1eb0233b670f)
-rw-r--r-- | doc/man1/openssl-req.pod.in | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 386c7f292d..77a1dab025 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -497,16 +497,29 @@ any digest that has been set. =item B<string_mask> This option masks out the use of certain string types in certain -fields. Most users will not need to change this option. - -It can be set to several values B<default> which is also the default -option uses PrintableStrings, T61Strings and BMPStrings if the -B<pkix> value is used then only PrintableStrings and BMPStrings will -be used. This follows the PKIX recommendation in RFC2459. If the -B<utf8only> option is used then only UTF8Strings will be used: this -is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr> -option just uses PrintableStrings and T61Strings: certain software has -problems with BMPStrings and UTF8Strings: in particular Netscape. +fields. Most users will not need to change this option. It can be set to +several values: + +=over 4 + +=item B<utf8only> +- only UTF8Strings are used (this is the default value) + +=item B<pkix> +- any string type except T61Strings + +=item B<nombstr> +- any string type except BMPStrings and UTF8Strings + +=item B<default> +- any kind of string type + +=back + +Note that B<utf8only> is the PKIX recommendation in RFC2459 after 2003, and the +default B<string_mask>; B<default> is not the default option. The B<nombstr> +value is a workaround for some software that has problems with variable-sized +BMPStrings and UTF8Strings. =item B<req_extensions> |