diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-10-01 21:57:00 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-10-09 10:45:10 +0200 |
| commit | 8bc93d2f220de9750c6934d8d2f2346d14616180 (patch) | |
| tree | b9d8633b339f7ac965993300dfefde7d0c70f2aa /doc | |
| parent | 0503f08d6f6b94c5a985b47671acb124915c82f9 (diff) | |
Command docs: more reference fixes
Normalise on L<openssl-cmd(1)> over L<cmd(1)>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10065)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man1/CA.pl.pod | 24 | ||||
| -rw-r--r-- | doc/man1/openssl-cms.pod | 4 | ||||
| -rw-r--r-- | doc/man1/openssl-crl.pod | 2 | ||||
| -rw-r--r-- | doc/man1/openssl-genpkey.pod | 2 | ||||
| -rw-r--r-- | doc/man1/openssl-list.pod | 4 | ||||
| -rw-r--r-- | doc/man1/openssl-ocsp.pod | 2 | ||||
| -rw-r--r-- | doc/man1/openssl-req.pod | 4 | ||||
| -rw-r--r-- | doc/man1/openssl-s_client.pod | 11 | ||||
| -rw-r--r-- | doc/man1/openssl-s_server.pod | 11 | ||||
| -rw-r--r-- | doc/man1/openssl-s_time.pod | 16 | ||||
| -rw-r--r-- | doc/man1/openssl-smime.pod | 2 | ||||
| -rw-r--r-- | doc/man1/openssl-ts.pod | 18 | ||||
| -rw-r--r-- | doc/man1/openssl-verify.pod | 4 | ||||
| -rw-r--r-- | doc/man1/openssl.pod | 19 |
14 files changed, 63 insertions, 60 deletions
diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod index c0ecabc538..db444d5683 100644 --- a/doc/man1/CA.pl.pod +++ b/doc/man1/CA.pl.pod @@ -48,18 +48,18 @@ Prints a usage message. Creates a new self signed certificate. The private key is written to the file F<newkey.pem> and the request written to the file F<newreq.pem>. -This argument invokes L<openssl-req(1)> command. +Invokes L<openssl-req(1)>. =item B<-newreq> Creates a new certificate request. The private key is written to the file F<newkey.pem> and the request written to the file F<newreq.pem>. -Executes L<openssl-req(1)> command below the hood. +Executes L<openssl-req(1)> under the hood. =item B<-newreq-nodes> Is like B<-newreq> except that the private key will not be encrypted. -Uses L<openssl-req(1)> command. +Uses L<openssl-req(1)>. =item B<-newca> @@ -68,7 +68,7 @@ and B<-xsign> options). The user is prompted to enter the filename of the CA certificates (which should also contain the private key) or by hitting ENTER details of the CA will be prompted for. The relevant files and directories are created in a directory called F<demoCA> in the current directory. -L<openssl-req(1)> and L<openssl-ca(1)> commands are get invoked. +Uses L<openssl-req(1)> and L<openssl-ca(1)>. =item B<-pkcs12> @@ -80,31 +80,31 @@ B<-sign> option. The PKCS#12 file can be imported directly into a browser. If there is an additional argument on the command line it will be used as the "friendly name" for the certificate (which is typically displayed in the browser list box), otherwise the name "My Certificate" is used. -Delegates work to L<openssl-pkcs12(1)> command. +Delegates work to L<openssl-pkcs12(1)>. =item B<-sign>, B<-signcert>, B<-xsign> Calls the L<openssl-ca(1)> command to sign a certificate request. It expects the request to be in the file F<newreq.pem>. The new certificate is written to the file F<newcert.pem> except in the case of the B<-xsign> option when it is -written to standard output. Leverages L<openssl-ca(1)> command. +written to standard output. =item B<-signCA> This option is the same as the B<-signreq> option except it uses the configuration file section B<v3_ca> and so makes the signed request a valid CA certificate. This is useful when creating intermediate CA from -a root CA. Extra params are passed on to L<openssl-ca(1)> command. +a root CA. Extra params are passed to L<openssl-ca(1)>. =item B<-signcert> This option is the same as B<-sign> except it expects a self signed certificate to be present in the file F<newreq.pem>. -Extra params are passed on to L<openssl-x509(1)> and L<openssl-ca(1)> commands. +Extra params are passed to L<openssl-x509(1)> and L<openssl-ca(1)>. =item B<-crl> -Generate a CRL. Executes L<openssl-ca(1)> command. +Generate a CRL. Executes L<openssl-ca(1)>. =item B<-revoke> I<certfile> [I<reason>] @@ -112,13 +112,13 @@ Revoke the certificate contained in the specified B<certfile>. An optional reason may be specified, and must be one of: B<unspecified>, B<keyCompromise>, B<CACompromise>, B<affiliationChanged>, B<superseded>, B<cessationOfOperation>, B<certificateHold>, or B<removeFromCRL>. -Leverages L<openssl-ca(1)> command. +Leverages L<openssl-ca(1)>. =item B<-verify> Verifies certificates against the CA certificate for F<demoCA>. If no certificates are specified on the command line it tries to verify the file -F<newcert.pem>. Invokes L<openssl-verify(1)> command. +F<newcert.pem>. Invokes L<openssl-verify(1)>. =item B<-extra-req> | B<-extra-ca> | B<-extra-pkcs12> | B<-extra-x509> | B<-extra-verify> I<extra-params> @@ -147,7 +147,7 @@ the request and finally create a PKCS#12 file containing it. =head1 DSA CERTIFICATES Although the B<CA.pl> creates RSA CAs and requests it is still possible to -use it with DSA certificates and requests using the L<req(1)> command +use it with DSA certificates and requests using the L<openssl-req(1)> command directly. The following example shows the steps that would typically be taken. Create some DSA parameters: diff --git a/doc/man1/openssl-cms.pod b/doc/man1/openssl-cms.pod index ddadbc5bb3..0468fdbd9e 100644 --- a/doc/man1/openssl-cms.pod +++ b/doc/man1/openssl-cms.pod @@ -314,7 +314,7 @@ default digest algorithm for the signing key will be used (usually SHA1). The encryption algorithm to use. For example triple DES (168 bits) - B<-des3> or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the EVP_get_cipherbyname() function) can also be used preceded by a dash, for -example B<-aes-128-cbc>. See L<enc(1)> for a list of ciphers +example B<-aes-128-cbc>. See L<openssl-enc(1)> for a list of ciphers supported by your version of OpenSSL. If not specified triple DES is used. Only used with B<-encrypt> and @@ -509,7 +509,7 @@ B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict> Set various certificate chain validation options. See the -L<verify(1)> manual page for details. +L<openssl-verify(1)> manual page for details. =back diff --git a/doc/man1/openssl-crl.pod b/doc/man1/openssl-crl.pod index 5394a2af1c..1dcf6b0bb1 100644 --- a/doc/man1/openssl-crl.pod +++ b/doc/man1/openssl-crl.pod @@ -64,7 +64,7 @@ Print out the CRL in text form. =item B<-nameopt> I<option> Option which determines how the subject or issuer names are displayed. See -the description of B<-nameopt> in L<x509(1)>. +the description of B<-nameopt> in L<openssl-x509(1)>. =item B<-noout> diff --git a/doc/man1/openssl-genpkey.pod b/doc/man1/openssl-genpkey.pod index 08cffa36fc..bace33a38a 100644 --- a/doc/man1/openssl-genpkey.pod +++ b/doc/man1/openssl-genpkey.pod @@ -76,7 +76,7 @@ option) are DH, DSA and EC. Note that the algorithm name X9.42 DH may be used as a synonym for the DH algorithm. These are identical and do not indicate the type of parameters that will be generated. Use the B<dh_paramgen_type> option to indicate whether PKCS#3 -or X9.42 DH parameters are required. See L<DH Parameter Generation Options> +or X9.42 DH parameters are required. See L</DH Parameter Generation Options> below for more details. =item B<-pkeyopt> I<opt>:I<value> diff --git a/doc/man1/openssl-list.pod b/doc/man1/openssl-list.pod index 46ea02bc8d..9e691c60ce 100644 --- a/doc/man1/openssl-list.pod +++ b/doc/man1/openssl-list.pod @@ -52,7 +52,7 @@ Display a list of standard commands. =item B<-digest-commands> Display a list of message digest commands, which are typically used -as input to the L<dgst(1)> or L<speed(1)> commands. +as input to the L<openssl-dgst(1)> or L<openssl-speed(1)> commands. =item B<-digest-algorithms> @@ -76,7 +76,7 @@ Display a list of message authentication code algorithms. =item B<-cipher-commands> Display a list of cipher commands, which are typically used as input -to the L<dgst(1)> or L<speed(1)> commands. +to the L<openssl-dgst(1)> or L<openssl-speed(1)> commands. =item B<-cipher-algorithms> diff --git a/doc/man1/openssl-ocsp.pod b/doc/man1/openssl-ocsp.pod index 50d0080e50..7f6c31fe94 100644 --- a/doc/man1/openssl-ocsp.pod +++ b/doc/man1/openssl-ocsp.pod @@ -229,7 +229,7 @@ B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict> Set different certificate verification options. -See L<verify(1)> manual page for details. +See L<openssl-verify(1)> manual page for details. =item B<-verify_other> I<file> diff --git a/doc/man1/openssl-req.pod b/doc/man1/openssl-req.pod index 877e9362ea..d0d1700ef8 100644 --- a/doc/man1/openssl-req.pod +++ b/doc/man1/openssl-req.pod @@ -306,14 +306,14 @@ configuration file, must be valid UTF8 strings. Option which determines how the subject or issuer names are displayed. The I<option> argument can be a single option or multiple options separated by commas. Alternatively the B<-nameopt> switch may be used more than once to -set multiple options. See the L<x509(1)> manual page for details. +set multiple options. See the L<openssl-x509(1)> manual page for details. =item B<-reqopt> I<option> Customise the output format used with B<-text>. The I<option> argument can be a single option or multiple options separated by commas. -See discussion of the B<-certopt> parameter in the L<x509(1)> +See discussion of the B<-certopt> parameter in the L<openssl-x509(1)> command. =item B<-newhdr> diff --git a/doc/man1/openssl-s_client.pod b/doc/man1/openssl-s_client.pod index c76f3d1fd8..8ad2679b63 100644 --- a/doc/man1/openssl-s_client.pod +++ b/doc/man1/openssl-s_client.pod @@ -304,13 +304,13 @@ abort the handshake with a fatal error. Option which determines how the subject or issuer names are displayed. The I<option> argument can be a single option or multiple options separated by commas. Alternatively the B<-nameopt> switch may be used more than once to -set multiple options. See the L<x509(1)> manual page for details. +set multiple options. See the L<openssl-x509(1)> manual page for details. =item B<-CApath> I<directory> The directory to use for server certificate verification. This directory -must be in "hash format", see L<verify(1)> for more information. These are -also used when building the client certificate chain. +must be in "hash format", see L<openssl-verify(1)> for more information. +These are also used when building the client certificate chain. =item B<-CAfile> I<file> @@ -320,7 +320,8 @@ and to use when attempting to build the client certificate chain. =item B<-chainCApath> I<directory> The directory to use for building the chain provided to the server. This -directory must be in "hash format", see L<verify(1)> for more information. +directory must be in "hash format", see L<openssl-verify(1)> for more +information. =item B<-chainCAfile> I<file> @@ -406,7 +407,7 @@ B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict> Set various certificate chain validation options. See the -L<verify(1)> manual page for details. +L<openssl-verify(1)> manual page for details. =item B<-reconnect> diff --git a/doc/man1/openssl-s_server.pod b/doc/man1/openssl-s_server.pod index a9aa08505f..e99d3b6a66 100644 --- a/doc/man1/openssl-s_server.pod +++ b/doc/man1/openssl-s_server.pod @@ -275,7 +275,7 @@ provided to the client. Option which determines how the subject or issuer names are displayed. The I<val> argument can be a single option or multiple options separated by commas. Alternatively the B<-nameopt> switch may be used more than once to -set multiple options. See the L<x509(1)> manual page for details. +set multiple options. See the L<openssl-x509(1)> manual page for details. =item B<-naccept> I<+int> @@ -380,13 +380,14 @@ a certificate is requested. =item B<-CApath> I<dir> The directory to use for client certificate verification. This directory -must be in "hash format", see L<verify(1)> for more information. These are -also used when building the server certificate chain. +must be in "hash format", see L<openssl-verify(1)> for more information. +These are also used when building the server certificate chain. =item B<-chainCApath> I<dir> The directory to use for building the chain provided to the client. This -directory must be in "hash format", see L<verify(1)> for more information. +directory must be in "hash format", see L<openssl-verify(1)> for more +information. =item B<-chainCAfile> I<file> @@ -637,7 +638,7 @@ B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict> Set different peer certificate verification options. -See the L<verify(1)> manual page for details. +See the L<openssl-verify(1)> manual page for details. =item B<-crl_check>, B<-crl_check_all> diff --git a/doc/man1/openssl-s_time.pod b/doc/man1/openssl-s_time.pod index 4e095c29e0..edeeb87b69 100644 --- a/doc/man1/openssl-s_time.pod +++ b/doc/man1/openssl-s_time.pod @@ -83,7 +83,7 @@ will never fail due to a server certificate verify failure. Option which determines how the subject or issuer names are displayed. The I<option> argument can be a single option or multiple options separated by commas. Alternatively the B<-nameopt> switch may be used more than once to -set multiple options. See the L<x509(1)> manual page for details. +set multiple options. See the L<openssl-x509(1)> manual page for details. =item B<-CApath> I<directory> @@ -136,7 +136,7 @@ This allows the TLSv1.2 and below cipher list sent by the client to be modified. This list will be combined with any TLSv1.3 ciphersuites that have been configured. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See -L<ciphers(1)> for more information. +L<openssl-ciphers(1)> for more information. =item B<-ciphersuites> I<val> @@ -144,8 +144,8 @@ This allows the TLSv1.3 ciphersuites sent by the client to be modified. This list will be combined with any TLSv1.2 and below ciphersuites that have been configured. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See -L<ciphers(1)> for more information. The format for this list is a simple -colon (":") separated list of TLSv1.3 ciphersuite names. +L<openssl-ciphers(1)> for more information. The format for this list is a +simple colon (":") separated list of TLSv1.3 ciphersuite names. =item B<-time> I<length> @@ -177,10 +177,10 @@ A frequent problem when attempting to get client certificates working is that a web client complains it has no certificates or gives an empty list to choose from. This is normally because the server is not sending the clients certificate authority in its "acceptable CA list" when it -requests a certificate. By using L<s_client(1)> the CA list can be +requests a certificate. By using L<openssl-s_client(1)> the CA list can be viewed and checked. However some servers only request client authentication after a specific URL is requested. To obtain the list in this case it -is necessary to use the B<-prexit> option of L<s_client(1)> and +is necessary to use the B<-prexit> option of L<openssl-s_client(1)> and send an HTTP request for an appropriate page. If a certificate is specified on the command line using the B<-cert> @@ -191,8 +191,8 @@ on the command line is no guarantee that the certificate works. =head1 BUGS Because this program does not have all the options of the -L<s_client(1)> program to turn protocols on and off, you may not be -able to measure the performance of all protocols with all servers. +L<openssl-s_client(1)> program to turn protocols on and off, you may not +be able to measure the performance of all protocols with all servers. The B<-verify> option should really exit if the server verification fails. diff --git a/doc/man1/openssl-smime.pod b/doc/man1/openssl-smime.pod index 872e202556..4faf37868d 100644 --- a/doc/man1/openssl-smime.pod +++ b/doc/man1/openssl-smime.pod @@ -326,7 +326,7 @@ B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict> Set various options of certificate chain verification. See -L<verify(1)> manual page for details. +L<openssl-verify(1)> manual page for details. =item I<cert.pem> ... diff --git a/doc/man1/openssl-ts.pod b/doc/man1/openssl-ts.pod index d879f49579..c97909d526 100644 --- a/doc/man1/openssl-ts.pod +++ b/doc/man1/openssl-ts.pod @@ -361,7 +361,7 @@ of a timestamp response (TimeStampResp). (Optional) =item B<-CApath> I<trusted_cert_path> The name of the directory containing the trusted CA certificates of the -client. See the similar option of L<verify(1)> for additional +client. See the similar option of L<openssl-verify(1)> for additional details. Either this option or B<-CAfile> must be specified. (Optional) @@ -369,7 +369,7 @@ details. Either this option or B<-CAfile> must be specified. (Optional) The name of the file containing a set of trusted self-signed CA certificates in PEM format. See the similar option of -L<verify(1)> for additional details. Either this option +L<openssl-verify(1)> for additional details. Either this option or B<-CApath> must be specified. (Optional) @@ -417,15 +417,15 @@ section can be overridden with the B<-section> command line switch. (Optional) =item B<oid_file> -See L<ca(1)> for description. (Optional) +See L<openssl-ca(1)> for description. (Optional) =item B<oid_section> -See L<ca(1)> for description. (Optional) +See L<openssl-ca(1)> for description. (Optional) =item B<RANDFILE> -See L<ca(1)> for description. (Optional) +See L<openssl-ca(1)> for description. (Optional) =item B<serial> @@ -564,10 +564,10 @@ user certificate section of the config file to generate a proper certificate; extendedKeyUsage = critical,timeStamping -See L<req(1)>, L<ca(1)>, and L<x509(1)> for instructions. The examples -below assume that F<cacert.pem> contains the certificate of the CA, -F<tsacert.pem> is the signing certificate issued by F<cacert.pem> and -F<tsakey.pem> is the private key of the TSA. +See L<openssl-req(1)>, L<openssl-ca(1)>, and L<openssl-x509(1)> for +instructions. The examples below assume that F<cacert.pem> contains the +certificate of the CA, F<tsacert.pem> is the signing certificate issued +by F<cacert.pem> and F<tsakey.pem> is the private key of the TSA. To create a timestamp response for a request: diff --git a/doc/man1/openssl-verify.pod b/doc/man1/openssl-verify.pod index f89461e3bd..d795afca5d 100644 --- a/doc/man1/openssl-verify.pod +++ b/doc/man1/openssl-verify.pod @@ -161,7 +161,7 @@ Set policy variable inhibit-policy-mapping (see RFC5280). Option which determines how the subject or issuer names are displayed. The I<option> argument can be a single option or multiple options separated by commas. Alternatively the B<-nameopt> switch may be used more than once to -set multiple options. See the L<x509(1)> manual page for details. +set multiple options. See the L<openssl-x509(1)> manual page for details. =item B<-no_check_time> @@ -709,7 +709,7 @@ IP address mismatch. DANE TLSA authentication is enabled, but no TLSA records matched the certificate chain. -This error is only possible in L<s_client(1)>. +This error is only possible in L<openssl-s_client(1)>. =item B<X509_V_ERR_EE_KEY_TOO_SMALL> diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 10d38c9343..00800d8c0b 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -116,17 +116,17 @@ CRL to PKCS#7 Conversion. =item B<dgst> Message Digest calculation. MAC calculations are superseded by -L<mac(1)>. +L<openssl-mac(1)>. =item B<dh> Diffie-Hellman Parameter Management. -Obsoleted by L<dhparam(1)>. +Obsoleted by L<openssl-dhparam(1)>. =item B<dhparam> Generation and Management of Diffie-Hellman Parameters. Superseded by -L<genpkey(1)> and L<pkeyparam(1)>. +L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>. =item B<dsa> @@ -135,7 +135,7 @@ DSA Data Management. =item B<dsaparam> DSA Parameter Generation and Management. Superseded by -L<genpkey(1)> and L<pkeyparam(1)>. +L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>. =item B<ec> @@ -160,12 +160,12 @@ Error Number to Error String Conversion. =item B<gendh> Generation of Diffie-Hellman Parameters. -Obsoleted by L<dhparam(1)>. +Obsoleted by L<openssl-dhparam(1)>. =item B<gendsa> Generation of DSA Private Key from Parameters. Superseded by -L<genpkey(1)> and L<pkey(1)>. +L<openssl-genpkey(1)> and L<openssl-pkey(1)>. =item B<genpkey> @@ -173,7 +173,7 @@ Generation of Private Key or Parameters. =item B<genrsa> -Generation of RSA Private Key. Superseded by L<genpkey(1)>. +Generation of RSA Private Key. Superseded by L<openssl-genpkey(1)>. =item B<info> @@ -246,7 +246,7 @@ RSA key management. =item B<rsautl> RSA utility for signing, verification, encryption, and decryption. Superseded -by L<pkeyutl(1)>. +by L<openssl-pkeyutl(1)>. =item B<s_client> @@ -398,7 +398,8 @@ The following aliases provide convenient access to the most used encodings and ciphers. Depending on how OpenSSL was configured and built, not all ciphers listed -here may be present. See L<enc(1)> for more information and command usage. +here may be present. See L<openssl-enc(1)> for more information and command +usage. =over 4 |