diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-04-30 18:36:00 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-05-04 18:27:57 +0200 |
commit | 79a2bccdb058683f6a43d9f2f5dbc1998f7518e9 (patch) | |
tree | 69beff8671eced67a907f5921dff6ce02eb2d53f /doc/man1 | |
parent | 9520fe5f4987f3bd1a568ac4cf73e1a5401d5f6f (diff) |
HTTP client: Correct the use of optional proxy URL and its documentation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15104)
Diffstat (limited to 'doc/man1')
-rw-r--r-- | doc/man1/openssl-cmp.pod.in | 36 |
1 files changed, 19 insertions, 17 deletions
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 8700d6bdcf..f27443ca9c 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -260,7 +260,7 @@ if any, or else the current client key, if given. Pass phrase source for the key given with the B<-newkey> option. If not given here, the password will be prompted for if needed. -For more information about the format of B<arg> see +For more information about the format of I<arg> see L<openssl-passphrase-options(1)>. =item B<-subject> I<name> @@ -441,9 +441,10 @@ Reason numbers defined in RFC 5280 are: =item B<-server> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]> -The IP address or DNS hostname and optionally port (defaulting to 80 or 443) +The IP address or DNS hostname and optionally port of the CMP server to connect to using HTTP(S) transport. -The scheme I<https> may be given only if the B<tls_used> option is used. +The scheme C<https> may be given only if the B<-tls_used> option is used. +In this case the default port is 443, else 80. The optional userinfo and fragment components are ignored. Any given query component is handled as part of the path component. If a path is included it provides the default value for the B<-path> option. @@ -453,12 +454,13 @@ If a path is included it provides the default value for the B<-path> option. HTTP path at the CMP server (aka CMP alias) to use for POST requests. Defaults to any path given with B<-server>, else C<"/">. -=item B<-proxy> I<[http[s]://][userinfo@]host[:port] [/path][?query][#fragment]> +=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]> -The HTTP(S) proxy server to use for reaching the CMP server unless B<no_proxy> +The HTTP(S) proxy server to use for reaching the CMP server unless B<-no_proxy> applies, see below. -The optional I<http://> or I<https://> prefix is ignored (note that TLS may be -selected by B<tls_used>), as well as any path, userinfo, and query, and fragment +The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that +the optional C<http://> or C<https://> prefix is ignored (note that TLS may be +selected by B<-tls_used>), as well as any path, userinfo, and query, and fragment components. Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY> in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>. @@ -635,7 +637,7 @@ and (as far as needed) for validating PBM-based protection of incoming messages. PBM stands for Password-Based Message Authentication Code. This takes precedence over the B<-cert> and B<-key> options. -For more information about the format of B<arg> see +For more information about the format of I<arg> see L<openssl-passphrase-options(1)>. =item B<-cert> I<filename>|I<uri> @@ -684,7 +686,7 @@ Pass phrase source for the private key given with the B<-key> option. Also used for B<-cert> and B<-oldcert> in case it is an encrypted PKCS#12 file. If not given here, the password will be prompted for if needed. -For more information about the format of B<arg> see +For more information about the format of I<arg> see L<openssl-passphrase-options(1)>. =item B<-digest> I<name> @@ -693,13 +695,13 @@ Specifies name of supported digest to use in RFC 4210's MSG_SIG_ALG and as the one-way function (OWF) in MSG_MAC_ALG. If applicable, this is used for message protection and Proof-of-Possession (POPO) signatures. -To see the list of supported digests, use B<openssl list -digest-commands>. +To see the list of supported digests, use C<openssl list -digest-commands>. Defaults to C<sha256>. =item B<-mac> I<name> Specifies the name of the MAC algorithm in MSG_MAC_ALG. -To get the names of supported MAC algorithms use B<openssl list -mac-algorithms> +To get the names of supported MAC algorithms use C<openssl list -mac-algorithms> and possibly combine such a name with the name of a supported digest algorithm, e.g., hmacWithSHA256. Defaults to C<hmac-sha1> as per RFC 4210. @@ -742,7 +744,7 @@ B<-srv_trusted>, B<-srv_untrusted>, B<-rsp_extracerts>, B<-rsp_capubs>, B<-tls_extra>, and B<-tls_trusted> options. If not given here, the password will be prompted for if needed. -For more information about the format of B<arg> see +For more information about the format of I<arg> see L<openssl-passphrase-options(1)>. {- $OpenSSL::safe::opt_engine_item -} @@ -800,11 +802,11 @@ Private key for the client's TLS certificate. =item B<-tls_keypass> I<arg> -Pass phrase source for client's private TLS key B<tls_key>. +Pass phrase source for client's private TLS key B<-tls_key>. Also used for B<-tls_cert> in case it is an encrypted PKCS#12 file. If not given here, the password will be prompted for if needed. -For more information about the format of B<arg> see +For more information about the format of I<arg> see L<openssl-passphrase-options(1)>. =item B<-tls_extra> I<filenames>|I<uris> @@ -1061,7 +1063,7 @@ It can be viewed using, e.g., openssl x509 -noout -text -in insta.cert.pem In case the network setup requires using an HTTP proxy it may be given as usual -via the environment variable B<http_proxy> or via the B<proxy> option in the +via the environment variable B<http_proxy> or via the B<-proxy> option in the configuration file or the CMP command-line argument B<-proxy>, for example -proxy http://192.168.1.1:8080 @@ -1108,7 +1110,7 @@ Many more options can be given in the configuration file and/or on the command line. For instance, the B<-reqexts> CLI option may refer to a section in the configuration file defining X.509 extensions to use in certificate requests, -such as B<v3_req> in F<openssl/apps/openssl.cnf>: +such as C<v3_req> in F<openssl/apps/openssl.cnf>: openssl cmp -section insta,cr -reqexts v3_req @@ -1165,7 +1167,7 @@ For CMP client invocations, in particular for certificate enrollment, usually many parameters need to be set, which is tedious and error-prone to do on the command line. Therefore, the client offers the possibility to read -options from sections of the OpenSSL config file, usually called B<openssl.cnf>. +options from sections of the OpenSSL config file, usually called F<openssl.cnf>. The values found there can still be extended and even overridden by any subsequently loaded sections and on the command line. |