From 581c40c5e6fe417b1020bdb377d083674c730560 Mon Sep 17 00:00:00 2001 From: Job Snijders Date: Tue, 27 Feb 2024 19:14:32 +0000 Subject: Align 'openssl req' string_mask docs to how the software really works Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/23699) (cherry picked from commit 2410cb42e62c3be69dcf1aad1bdf1eb0233b670f) --- doc/man1/openssl-req.pod.in | 33 +++++++++++++++++++++++---------- 1 file changed, 23 insertions(+), 10 deletions(-) diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 31fd714187..81181bdb4e 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -472,16 +472,29 @@ any digest that has been set. =item B This option masks out the use of certain string types in certain -fields. Most users will not need to change this option. - -It can be set to several values B which is also the default -option uses PrintableStrings, T61Strings and BMPStrings if the -B value is used then only PrintableStrings and BMPStrings will -be used. This follows the PKIX recommendation in RFC2459. If the -B option is used then only UTF8Strings will be used: this -is the PKIX recommendation in RFC2459 after 2003. Finally the B -option just uses PrintableStrings and T61Strings: certain software has -problems with BMPStrings and UTF8Strings: in particular Netscape. +fields. Most users will not need to change this option. It can be set to +several values: + +=over 4 + +=item B +- only UTF8Strings are used (this is the default value) + +=item B +- any string type except T61Strings + +=item B +- any string type except BMPStrings and UTF8Strings + +=item B +- any kind of string type + +=back + +Note that B is the PKIX recommendation in RFC2459 after 2003, and the +default B; B is not the default option. The B +value is a workaround for some software that has problems with variable-sized +BMPStrings and UTF8Strings. =item B -- cgit v1.2.3