diff options
31 files changed, 385 insertions, 79 deletions
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 62ca26dde5..14e6627d62 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -516,7 +516,7 @@ clean: libclean -$(RM) `find . -name '*{- platform->depext() -}' \! -name '.*' \! -type d -print` -$(RM) `find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -print` $(RM) core - $(RM) tags TAGS doc-nits + $(RM) tags TAGS doc-nits cmd-nits $(RM) -r test/test-runs $(RM) openssl.pc libcrypto.pc libssl.pc -$(RM) `find . -type l \! -name '.*' -print` @@ -950,10 +950,13 @@ update: generate errors ordinals generate: generate_apps generate_crypto_bn generate_crypto_objects \ generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids -.PHONY: doc-nits +.PHONY: doc-nits cmd-nits doc-nits: build_generated (cd $(SRCDIR); $(PERL) util/find-doc-nits -n -l -e ) +cmd-nits: build_generated apps/openssl + (cd $(SRCDIR); $(PERL) util/find-doc-nits -c ) + # Test coverage is a good idea for the future #coverage: $(PROGRAMS) $(TESTPROGRAMS) # ... diff --git a/apps/list.c b/apps/list.c index a5382ac24f..ed6f1c71ac 100644 --- a/apps/list.c +++ b/apps/list.c @@ -364,10 +364,12 @@ static void list_options_for_command(const char *command) for ( ; o->name != NULL; o++) { char c = o->valtype; + if (o->name == OPT_PARAM_STR) + break; + if (o->name == OPT_HELP_STR || o->name == OPT_MORE_STR || o->name == OPT_SECTION_STR - || o->name == OPT_PARAM_STR || o->name[0] == '\0') continue; BIO_printf(bio_out, "%s %c\n", o->name, c == '\0' ? '-' : c); diff --git a/apps/s_time.c b/apps/s_time.c index d5816a1b16..babbdbe13e 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -89,6 +89,7 @@ const OPTIONS s_time_options[] = { {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"}, {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"}, {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"}, + {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"}, {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"}, {"CAstore", OPT_CASTORE, ':', "URI to store of CA's"}, {"no-CAfile", OPT_NOCAFILE, '-', diff --git a/doc/man1/build.info b/doc/man1/build.info index 10e1bbdb53..13012d4432 100644 --- a/doc/man1/build.info +++ b/doc/man1/build.info @@ -39,75 +39,75 @@ DEPEND[]= \ openssl-x509.pod DEPEND[openssl-ca.pod]=../perlvars.pm -GENERATE[openssl-ca.pod]=openssl-ca.pod.in DEPEND[openssl-cms.pod]=../perlvars.pm -GENERATE[openssl-cms.pod]=openssl-cms.pod.in DEPEND[openssl-crl.pod]=../perlvars.pm -GENERATE[openssl-crl.pod]=openssl-crl.pod.in DEPEND[openssl-dgst.pod]=../perlvars.pm -GENERATE[openssl-dgst.pod]=openssl-dgst.pod.in DEPEND[openssl-dhparam.pod]=../perlvars.pm -GENERATE[openssl-dhparam.pod]=openssl-dhparam.pod.in DEPEND[openssl-dsa.pod]=../perlvars.pm -GENERATE[openssl-dsa.pod]=openssl-dsa.pod.in DEPEND[openssl-dsaparam.pod]=../perlvars.pm -GENERATE[openssl-dsaparam.pod]=openssl-dsaparam.pod.in DEPEND[openssl-ec.pod]=../perlvars.pm -GENERATE[openssl-ec.pod]=openssl-ec.pod.in DEPEND[openssl-ecparam.pod]=../perlvars.pm -GENERATE[openssl-ecparam.pod]=openssl-ecparam.pod.in -DEPEND[openssl-ec.pod]=../perlvars.pm DEPEND[openssl-enc.pod]=../perlvars.pm -GENERATE[openssl-enc.pod]=openssl-enc.pod.in DEPEND[openssl-gendsa.pod]=../perlvars.pm -GENERATE[openssl-gendsa.pod]=openssl-gendsa.pod.in DEPEND[openssl-genpkey.pod]=../perlvars.pm -GENERATE[openssl-genpkey.pod]=openssl-genpkey.pod.in DEPEND[openssl-genrsa.pod]=../perlvars.pm -GENERATE[openssl-genrsa.pod]=openssl-genrsa.pod.in DEPEND[openssl-ocsp.pod]=../perlvars.pm -GENERATE[openssl-ocsp.pod]=openssl-ocsp.pod.in DEPEND[openssl-passwd.pod]=../perlvars.pm -GENERATE[openssl-passwd.pod]=openssl-passwd.pod.in +DEPEND[openssl-pkcs12.pod]=../perlvars.pm DEPEND[openssl-pkcs7.pod]=../perlvars.pm -GENERATE[openssl-pkcs7.pod]=openssl-pkcs7.pod.in DEPEND[openssl-pkcs8.pod]=../perlvars.pm -GENERATE[openssl-pkcs8.pod]=openssl-pkcs8.pod.in -DEPEND[openssl-pkcs12.pod]=../perlvars.pm -GENERATE[openssl-pkcs12.pod]=openssl-pkcs12.pod.in DEPEND[openssl-pkey.pod]=../perlvars.pm -GENERATE[openssl-pkey.pod]=openssl-pkey.pod.in DEPEND[openssl-pkeyparam.pod]=../perlvars.pm -GENERATE[openssl-pkeyparam.pod]=openssl-pkeyparam.pod.in DEPEND[openssl-pkeyutl.pod]=../perlvars.pm -GENERATE[openssl-pkeyutl.pod]=openssl-pkeyutl.pod.in DEPEND[openssl-rand.pod]=../perlvars.pm -GENERATE[openssl-rand.pod]=openssl-rand.pod.in DEPEND[openssl-req.pod]=../perlvars.pm -GENERATE[openssl-req.pod]=openssl-req.pod.in DEPEND[openssl-rsa.pod]=../perlvars.pm -GENERATE[openssl-rsa.pod]=openssl-rsa.pod.in DEPEND[openssl-rsautl.pod]=../perlvars.pm -GENERATE[openssl-rsautl.pod]=openssl-rsautl.pod.in DEPEND[openssl-s_client.pod]=../perlvars.pm -GENERATE[openssl-s_client.pod]=openssl-s_client.pod.in DEPEND[openssl-s_server.pod]=../perlvars.pm -GENERATE[openssl-s_server.pod]=openssl-s_server.pod.in DEPEND[openssl-s_time.pod]=../perlvars.pm -GENERATE[openssl-s_time.pod]=openssl-s_time.pod.in DEPEND[openssl-smime.pod]=../perlvars.pm -GENERATE[openssl-smime.pod]=openssl-smime.pod.in DEPEND[openssl-speed.pod]=../perlvars.pm -GENERATE[openssl-speed.pod]=openssl-speed.pod.in DEPEND[openssl-spkac.pod]=../perlvars.pm -GENERATE[openssl-spkac.pod]=openssl-spkac.pod.in DEPEND[openssl-srp.pod]=../perlvars.pm -GENERATE[openssl-srp.pod]=openssl-srp.pod.in DEPEND[openssl-storeutl.pod]=../perlvars.pm -GENERATE[openssl-storeutl.pod]=openssl-storeutl.pod.in DEPEND[openssl-ts.pod]=../perlvars.pm -GENERATE[openssl-ts.pod]=openssl-ts.pod.in DEPEND[openssl-verify.pod]=../perlvars.pm -GENERATE[openssl-verify.pod]=openssl-verify.pod.in DEPEND[openssl-x509.pod]=../perlvars.pm + +GENERATE[openssl-ca.pod]=openssl-ca.pod.in +GENERATE[openssl-cms.pod]=openssl-cms.pod.in +GENERATE[openssl-crl.pod]=openssl-crl.pod.in +GENERATE[openssl-dgst.pod]=openssl-dgst.pod.in +GENERATE[openssl-dhparam.pod]=openssl-dhparam.pod.in +GENERATE[openssl-dsa.pod]=openssl-dsa.pod.in +GENERATE[openssl-dsaparam.pod]=openssl-dsaparam.pod.in +GENERATE[openssl-ec.pod]=openssl-ec.pod.in +GENERATE[openssl-ecparam.pod]=openssl-ecparam.pod.in +GENERATE[openssl-enc.pod]=openssl-enc.pod.in +GENERATE[openssl-gendsa.pod]=openssl-gendsa.pod.in +GENERATE[openssl-genpkey.pod]=openssl-genpkey.pod.in +GENERATE[openssl-genrsa.pod]=openssl-genrsa.pod.in +GENERATE[openssl-ocsp.pod]=openssl-ocsp.pod.in +GENERATE[openssl-passwd.pod]=openssl-passwd.pod.in +GENERATE[openssl-pkcs12.pod]=openssl-pkcs12.pod.in +GENERATE[openssl-pkcs7.pod]=openssl-pkcs7.pod.in +GENERATE[openssl-pkcs8.pod]=openssl-pkcs8.pod.in +GENERATE[openssl-pkey.pod]=openssl-pkey.pod.in +GENERATE[openssl-pkeyparam.pod]=openssl-pkeyparam.pod.in +GENERATE[openssl-pkeyutl.pod]=openssl-pkeyutl.pod.in +GENERATE[openssl-rand.pod]=openssl-rand.pod.in +GENERATE[openssl-req.pod]=openssl-req.pod.in +GENERATE[openssl-rsa.pod]=openssl-rsa.pod.in +GENERATE[openssl-rsautl.pod]=openssl-rsautl.pod.in +GENERATE[openssl-s_client.pod]=openssl-s_client.pod.in +GENERATE[openssl-s_server.pod]=openssl-s_server.pod.in +GENERATE[openssl-s_time.pod]=openssl-s_time.pod.in +GENERATE[openssl-smime.pod]=openssl-smime.pod.in +GENERATE[openssl-speed.pod]=openssl-speed.pod.in +GENERATE[openssl-spkac.pod]=openssl-spkac.pod.in +GENERATE[openssl-srp.pod]=openssl-srp.pod.in +GENERATE[openssl-storeutl.pod]=openssl-storeutl.pod.in +GENERATE[openssl-ts.pod]=openssl-ts.pod.in +GENERATE[openssl-verify.pod]=openssl-verify.pod.in GENERATE[openssl-x509.pod]=openssl-x509.pod.in diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in index 6d351ae1cc..720db228cb 100644 --- a/doc/man1/openssl-ca.pod.in +++ b/doc/man1/openssl-ca.pod.in @@ -23,6 +23,7 @@ B<openssl> B<ca> [B<-crl_CA_compromise> I<time>] [B<-crldays> I<days>] [B<-crlhours> I<hours>] +[B<-crlsec> I<seconds>] [B<-crlexts> I<section>] [B<-startdate> I<date>] [B<-enddate> I<date>] @@ -326,6 +327,10 @@ now to place in the CRL nextUpdate field. The number of hours before the next CRL is due. +=item B<-crlsec> I<num> + +The number of seconds before the next CRL is due. + =item B<-revoke> I<filename> A filename containing a certificate to revoke. diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index 3a919edae5..31e0f8bfc9 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -11,8 +11,13 @@ B<openssl> B<cms> [B<-help>] [B<-encrypt>] [B<-decrypt>] +[B<-debug_decrypt>] [B<-sign>] [B<-verify>] +[B<-verify_retcode>] +[B<-no_attr_verify>] +[B<-nosigs>] +[B<-no_content_verify>] [B<-cmsout>] [B<-resign>] [B<-cades>] @@ -22,6 +27,7 @@ B<openssl> B<cms> [B<-digest_verify>] [B<-compress>] [B<-uncompress>] +[B<-EncryptedData_decrypt>] [B<-EncryptedData_encrypt>] [B<-sign_receipt>] [B<-verify_receipt> I<receipt>] @@ -34,7 +40,6 @@ B<openssl> B<cms> [B<-stream>] [B<-indef>] [B<-noindef>] -[B<-noindef>] [B<-content> I<filename>] [B<-text>] [B<-noout>] @@ -59,6 +64,7 @@ B<openssl> B<cms> [B<-receipt_request_from> I<emailaddress>] [B<-receipt_request_to> I<emailaddress>] [B<-receipt_request_print>] +[B<-pwri_password> I<password>] [B<-secretkey> I<key>] [B<-secretkeyid> I<id>] [B<-econtent_type> I<type>] @@ -71,6 +77,7 @@ B<openssl> B<cms> {- $OpenSSL::safe::opt_v_synopsis -} {- $OpenSSL::safe::opt_trust_synopsis -} {- $OpenSSL::safe::opt_r_synopsis -} +{- $OpenSSL::safe::opt_engine_synopsis -} [I<cert.pem> ...] =for openssl ifdef des-wrap engine @@ -123,6 +130,22 @@ to the output file. Verify signed mail. Expects a signed mail message on input and outputs the signed data. Both clear text and opaque signing is supported. +=item B<-verify_retcode> + +Exit nonzero on verification failure. + +=item B<-no_attr_verify> + +Do not verify signed attribute signatures. + +=item B<-no_content_verify> + +Do not verify signed content signatures. + +=item B<-nosigs> + +Don't verify message signature. + =item B<-cmsout> Takes an input message and writes out a PEM encoded CMS structure. @@ -164,6 +187,11 @@ Uncompress a CMS B<CompressedData> type and output the content. OpenSSL must be compiled with B<zlib> support for this option to work, otherwise it will output an error. +=item B<-EncryptedData_decrypt> + +Decrypt content using supplied symmetric key and algorithm using a CMS +B<EncryptedData> type and output the content. + =item B<-EncryptedData_encrypt> Encrypt content using supplied symmetric key and algorithm using a CMS @@ -214,7 +242,7 @@ The signed receipt format for use with the B<-receipt_verify>; the default is B<SMIME>. See L<openssl(1)/Format Options> for details. -=item B<-stream>, B<-indef>, B<-noindef> +=item B<-stream>, B<-indef> The B<-stream> and B<-indef> options are equivalent and enable streaming I/O for encoding operations. This permits single pass processing of data without @@ -385,6 +413,10 @@ option B<must> but supplied if a signed receipt it requested. For the B<-verify> operation print out the contents of any signed receipt requests. +=item B<-pwri_password> I<password> + +Specify password for recipient. + =item B<-secretkey> I<key> Specify symmetric key to use. The key must be supplied in hex format and be @@ -442,6 +474,8 @@ Any verification errors cause the command to exit. {- $OpenSSL::safe::opt_r_item -} +{- $OpenSSL::safe::opt_engine_item -} + =item I<cert.pem> ... One or more certificates of message recipients: used when encrypting diff --git a/doc/man1/openssl-crl.pod.in b/doc/man1/openssl-crl.pod.in index 680a11d06c..c1272c2580 100644 --- a/doc/man1/openssl-crl.pod.in +++ b/doc/man1/openssl-crl.pod.in @@ -11,12 +11,19 @@ B<openssl> B<crl> [B<-help>] [B<-inform> B<DER>|B<PEM>] [B<-outform> B<DER>|B<PEM>] +[B<-key> I<filename>] [B<-keyform> B<DER>|B<PEM>|B<ENGINE>] [B<-text>] [B<-in> I<filename>] [B<-out> I<filename>] +[B<-gendelta> I<filename>] +[B<-badsig>] +[B<-verify>] [B<-noout>] [B<-hash>] +[B<-hash_old>] +[B<-fingerprint>] +[B<-crlnumber>] [B<-issuer>] [B<-lastupdate>] [B<-nextupdate>] @@ -42,6 +49,10 @@ Print out a usage message. The input and output formats of the CRL; the default is B<PEM>. See L<openssl(1)/Format Options> for details. +=item B<-key> I<filename> + +The private key to be used to sign the CRL. + =item B<-keyform> B<DER>|B<PEM>|B<ENGINE> The format of the private key file; the default is B<PEM>. @@ -57,14 +68,35 @@ option is not specified. Specifies the output filename to write to or standard output by default. +=item B<-gendelta> I<filename> + +Output a comparison of the main CRL and the one specified here. + +=item B<-badsig> + +Corrupt the signature before writing it; this can be useful +for testing. + =item B<-text> Print out the CRL in text form. +=item B<-verify> + +Verify the signature in the CRL. + =item B<-noout> Don't output the encoded version of the CRL. +=item B<-fingerprint> + +Output the fingerprint of the CRL. + +=item B<-crlnumber> + +Output the number of the CRL. + =item B<-hash> Output a hash of the issuer name. This can be use to lookup CRLs in diff --git a/doc/man1/openssl-dgst.pod.in b/doc/man1/openssl-dgst.pod.in index bd7b41cb37..caa5b0a45a 100644 --- a/doc/man1/openssl-dgst.pod.in +++ b/doc/man1/openssl-dgst.pod.in @@ -12,6 +12,7 @@ B<openssl> B<dgst>|I<digest> [B<-help>] [B<-c>] [B<-d>] +[B<-debug>] [B<-list>] [B<-hex>] [B<-binary>] @@ -25,10 +26,11 @@ B<openssl> B<dgst>|I<digest> [B<-signature> I<filename>] [B<-sigopt> I<nm>:I<v>] [B<-hmac> I<key>] +[B<-mac> I<alg>] +[B<-macopt> I<nm>:I<v>] [B<-fips-fingerprint>] -[B<-engine> I<id>] -[B<-engine_impl> I<id>] {- $OpenSSL::safe::opt_engine_synopsis -} +[B<-engine_impl> I<id>] {- $OpenSSL::safe::opt_r_synopsis -} [I<file> ...] @@ -62,7 +64,7 @@ supported digests, use the command C<list --digest-commands>. Print out the digest in two digit groups separated by colons, only relevant if the B<-hex> option is given as well. -=item B<-d> +=item B<-d>, B<-debug> Print out BIO debugging information. @@ -177,7 +179,7 @@ Compute HMAC using a specific key for certain OpenSSL-FIPS operations. The engine is not used for digests unless the B<-engine_impl> option is used or it is configured to do so, see L<config(5)/Engine Configuration Module>. -=item B<-engine_impl> +=item B<-engine_impl> I<id> When used with the B<-engine> option, it specifies to also use engine I<id> for digest operations. diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in index cff127d211..515a452f70 100644 --- a/doc/man1/openssl-enc.pod.in +++ b/doc/man1/openssl-enc.pod.in @@ -35,12 +35,13 @@ B<openssl> B<enc>|I<cipher> [B<-P>] [B<-bufsize> I<number>] [B<-nopad>] +[B<-v>] [B<-debug>] [B<-none>] {- $OpenSSL::safe::opt_engine_synopsis -} {- $OpenSSL::safe::opt_r_synopsis -} -=for openssl ifdef z engine +=for openssl ifdef z engine ciphers B<openssl> I<cipher> [B<...>] @@ -176,6 +177,10 @@ Set the buffer size for I/O. Disable standard block padding. +=item B<-v> + +Verbose print; display some statistics about I/O and buffer sizes. + =item B<-debug> Debug the BIOs used for I/O. diff --git a/doc/man1/openssl-engine.pod b/doc/man1/openssl-engine.pod index 30e391fd4e..7110ceecbc 100644 --- a/doc/man1/openssl-engine.pod +++ b/doc/man1/openssl-engine.pod @@ -7,6 +7,7 @@ openssl-engine - load and query engines =head1 SYNOPSIS B<openssl engine> +[B<-help>] [B<-v>] [B<-vv>] [B<-vvv>] @@ -29,6 +30,10 @@ Only those specified are queried. =over 4 +=item B<-help> + +Display an option summary. + =item B<-v> B<-vv> B<-vvv> B<-vvvv> Provides information about each specified engine. The first flag lists diff --git a/doc/man1/openssl-errstr.pod b/doc/man1/openssl-errstr.pod index b19b9da75c..ea838d9eb2 100644 --- a/doc/man1/openssl-errstr.pod +++ b/doc/man1/openssl-errstr.pod @@ -6,24 +6,32 @@ openssl-errstr - lookup error codes =head1 SYNOPSIS -B<openssl errstr> I<error_code> +B<openssl errstr> +[B<-help>] +I<error_code...> =head1 DESCRIPTION -Sometimes an application will not load error message and only +Sometimes an application will not load error message texts and only numerical forms will be available. This command can be used to display the meaning of the hex code. The hex code is the hex digits after the second colon. =head1 OPTIONS -None. +=over 4 + +=item B<-help> + +Display a usage message. + +=back =head1 EXAMPLES The error code: - 27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107: + 27594:error:2006D080:lib(32)::reason(128)::107: can be displayed with: @@ -31,7 +39,7 @@ can be displayed with: to produce the error message: - error:2006D080:BIO routines:BIO_new_file:no such file + error:2006D080:BIO routines::no such file =head1 COPYRIGHT diff --git a/doc/man1/openssl-gendsa.pod.in b/doc/man1/openssl-gendsa.pod.in index 46b9c70bba..e98d662a5a 100644 --- a/doc/man1/openssl-gendsa.pod.in +++ b/doc/man1/openssl-gendsa.pod.in @@ -10,6 +10,7 @@ openssl-gendsa - generate a DSA private key from a set of parameters B<openssl> B<gendsa> [B<-help>] [B<-out> I<filename>] +[B<-passout> I<arg>] [B<-aes128>] [B<-aes192>] [B<-aes256>] @@ -47,6 +48,11 @@ Print out a usage message. Output the key to the specified file. If this argument is not specified then standard output is used. +=item B<-passout> I<arg> + +The passphrase used for the output file. +See L<openssl(1)/Pass Phrase Options>. + =item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> These options encrypt the private key with specified diff --git a/doc/man1/openssl-genrsa.pod.in b/doc/man1/openssl-genrsa.pod.in index 8a815ee960..ed264332ba 100644 --- a/doc/man1/openssl-genrsa.pod.in +++ b/doc/man1/openssl-genrsa.pod.in @@ -23,7 +23,9 @@ B<openssl> B<genrsa> [B<-des>] [B<-des3>] [B<-idea>] -[B<-f4>|B<-3>] +[B<-F4>] +[B<-f4>] +[B<-3>] [B<-primes> I<num>] [B<-verbose>] {- $OpenSSL::safe::opt_r_synopsis -} @@ -61,7 +63,7 @@ cipher before outputting it. If none of these options is specified no encryption is used. If encryption is used a pass phrase is prompted for if it is not supplied via the B<-passout> argument. -=item B<-F4>|B<-3> +=item B<-F4>, B<-f4>, B<-3> The public exponent to use, either 65537 or 3. The default is 65537. diff --git a/doc/man1/openssl-list.pod b/doc/man1/openssl-list.pod index 5388b478a5..88bcc751e6 100644 --- a/doc/man1/openssl-list.pod +++ b/doc/man1/openssl-list.pod @@ -21,6 +21,8 @@ B<openssl list> [B<-public-key-methods>] [B<-engines>] [B<-disabled>] +[B<-objects>] +[B<-options> I<command>] =head1 DESCRIPTION @@ -92,6 +94,14 @@ of the installation. Display a list of built in objects, i.e. OIDs with names. They're listed in the format described in L<config(5)/ASN1 Object Configuration Module>. +=item B<-options> I<command> + +Output a two-column list of the options accepted by the specified I<command>. +The first is the option name, and the second is a one-character indication +of what type of parameter it takes, if any. +This is an internal option, used for checking that the documentation +is complete. + =back =head2 Display of algorithm names diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in index a866a38ebc..c04d3659b9 100644 --- a/doc/man1/openssl-ocsp.pod.in +++ b/doc/man1/openssl-ocsp.pod.in @@ -30,6 +30,7 @@ B<openssl> B<ocsp> [B<-host> I<host>:I<port>] [B<-multi> I<process-count>] [B<-header>] +[B<-timeout> I<seconds>] [B<-path>] [B<-VAfile> I<file>] [B<-validity_period> I<n>] @@ -52,6 +53,8 @@ B<openssl> B<ocsp> [B<-passin> I<arg>] [B<-rother> I<file>] [B<-rsigopt> I<nm>:I<v>] +[B<-rmd> I<digest>] +[B<-badsig>] [B<-resp_no_certs>] [B<-nmin> I<n>] [B<-ndays> I<n>] @@ -328,6 +331,15 @@ see L<openssl(1)/Pass Phrase Options>. Pass options to the signature algorithm when signing OCSP responses. Names and values of these options are algorithm-specific. +=item B<-rmd> I<digest> + +The digest to use when signing the response. + +=item B<-badsig> + +Corrupt the response signature before writing it; this can be useful +for testing. + =item B<-port> I<portnum> Port to listen for OCSP requests on. The port may also be specified diff --git a/doc/man1/openssl-passwd.pod.in b/doc/man1/openssl-passwd.pod.in index 93039090a3..83ef7ba674 100644 --- a/doc/man1/openssl-passwd.pod.in +++ b/doc/man1/openssl-passwd.pod.in @@ -21,6 +21,7 @@ B<openssl passwd> [B<-noverify>] [B<-quiet>] [B<-table>] +[B<-reverse>] {- $OpenSSL::safe::opt_r_synopsis -} [I<password>] @@ -93,6 +94,10 @@ Don't output warnings when passwords given at the command line are truncated. In the output list, prepend the cleartext password and a TAB character to each password hash. +=item B<-reverse> + +When the B<-table> option is used, reverse the order of cleartext and hash. + {- $OpenSSL::safe::opt_r_item -} =back diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in index bc2f4963d5..7d562b002e 100644 --- a/doc/man1/openssl-pkcs12.pod.in +++ b/doc/man1/openssl-pkcs12.pod.in @@ -24,8 +24,22 @@ B<openssl> B<pkcs12> [B<-cacerts>] [B<-nokeys>] [B<-info>] -[B<-des> B<-des3> B<-idea> B<-aes128> B<-aes192> B<-aes256> B<-aria128> B<-aria192> B<-aria256> B<-camellia128> B<-camellia192> B<-camellia256> B<-nodes>] -[B<-iter> I<count> | B<-noiter> | B<-nomaciter>] +[B<-des>] +[B<-des3>] +[B<-idea>] +[B<-aes128>] +[B<-aes192>] +[B<-aes256>] +[B<-aria128>] +[B<-aria192>] +[B<-aria256>] +[B<-camellia128>] +[B<-camellia192>] +[B<-camellia256>] +[B<-nodes>] +[B<-iter> I<count>] +[B<-noiter>] +[B<-nomaciter>] [B<-maciter>] [B<-nomac>] [B<-twopass>] @@ -38,6 +52,7 @@ B<openssl> B<pkcs12> [B<-password> I<arg>] [B<-passin> I<arg>] [B<-passout> I<arg>] +[B<-LMK>] [B<-CSP> I<name>] {- $OpenSSL::safe::opt_trust_synopsis -} {- $OpenSSL::safe::opt_r_synopsis -} @@ -264,6 +279,10 @@ to be needed to use MAC iterations counts but they are now used by default. Don't attempt to provide the MAC integrity. +=item B<-LMK> + +Add the "Local Key Set" identifier to the attributes. + =item B<-CSP> I<name> Write I<name> as a Microsoft CSP name. diff --git a/doc/man1/openssl-pkcs7.pod.in b/doc/man1/openssl-pkcs7.pod.in index f62b69b52b..77ef9f9558 100644 --- a/doc/man1/openssl-pkcs7.pod.in +++ b/doc/man1/openssl-pkcs7.pod.in @@ -17,6 +17,7 @@ B<openssl> B<pkcs7> [B<-outform> B<DER>|B<PEM>] [B<-in> I<filename>] [B<-out> I<filename>] +[B<-print>] [B<-print_certs>] [B<-text>] [B<-noout>] @@ -30,8 +31,6 @@ This command processes PKCS#7 files. Note that it only understands PKCS#7 v 1.5 as specified in IETF RFC 2315. It cannot currently parse CMS as described in IETF RFC 2630. -There is no option to print out all the fields of a PKCS#7 file. - =head1 OPTIONS =over 4 @@ -57,6 +56,10 @@ option is not specified. Specifies the output filename to write to or standard output by default. +=item B<-print> + +Print out the full PK |