summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason McIntyre <jmc@cvs.openbsd.org>2016-07-23 19:31:36 +0000
committerJason McIntyre <jmc@cvs.openbsd.org>2016-07-23 19:31:36 +0000
commitbae5871ee1b6ee49183c1d5be7398f7ff8eee343 (patch)
tree30d5c2f06875f0065245ddd5bbff5077946aceb8
parent2ac3944b3bf854a75ad72d8c0abe9158a0e5c71c (diff)
rework crl2pkcs7; with help from jsing
-rw-r--r--usr.bin/openssl/openssl.175
1 files changed, 18 insertions, 57 deletions
diff --git a/usr.bin/openssl/openssl.1 b/usr.bin/openssl/openssl.1
index 047c3a186e7..1d77ad92192 100644
--- a/usr.bin/openssl/openssl.1
+++ b/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.39 2016/07/21 18:40:26 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.40 2016/07/23 19:31:35 jmc Exp $
.\" ====================================================================
.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
.\"
@@ -112,7 +112,7 @@
.\"
.\" OPENSSL
.\"
-.Dd $Mdocdate: July 21 2016 $
+.Dd $Mdocdate: July 23 2016 $
.Dt OPENSSL 1
.Os
.Sh NAME
@@ -1017,20 +1017,15 @@ The output format.
.It Fl text
Print out the CRL in text form.
.El
-.\"
-.\" CRL2PKCS7
-.\"
.Sh CRL2PKCS7
.nr nS 1
.Nm "openssl crl2pkcs7"
-.Bk -words
.Op Fl certfile Ar file
.Op Fl in Ar file
-.Op Fl inform Ar DER | PEM
+.Op Fl inform Cm der | pem
.Op Fl nocrl
.Op Fl out Ar file
-.Op Fl outform Ar DER | PEM
-.Ek
+.Op Fl outform Cm der | pem
.nr nS 0
.Pp
The
@@ -1043,62 +1038,28 @@ structure.
The options are as follows:
.Bl -tag -width Ds
.It Fl certfile Ar file
-Specifies a
+Add the certificates in PEM
.Ar file
-containing one or more certificates in PEM format.
-All certificates in the file will be added to the PKCS#7 structure.
-This option can be used more than once to read certificates from multiple
-files.
+to the PKCS#7 structure.
+This option can be used more than once
+to read certificates from multiple files.
.It Fl in Ar file
-This specifies the input
-.Ar file
-to read a CRL from, or standard input if this option is not specified.
-.It Fl inform Ar DER | PEM
-This specifies the CRL input format.
-.Ar DER
-format is a DER-encoded CRL structure.
-.Ar PEM
-.Pq the default
-is a base64-encoded version of the DER form with header and footer lines.
+Read the CRL from
+.Ar file ,
+or standard input if not specified.
+.It Fl inform Cm der | pem
+Specify the CRL input format.
.It Fl nocrl
Normally, a CRL is included in the output file.
With this option, no CRL is
included in the output file and a CRL is not read from the input file.
.It Fl out Ar file
-Specifies the output
-.Ar file
-to write the PKCS#7 structure to, or standard output by default.
-.It Fl outform Ar DER | PEM
-This specifies the PKCS#7 structure output format.
-.Ar DER
-format is a DER-encoded PKCS#7 structure.
-.Ar PEM
-.Pq the default
-is a base64-encoded version of the DER form with header and footer lines.
+Write the PKCS#7 structure to
+.Ar file ,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+Specify the PKCS#7 structure output format.
.El
-.Sh CRL2PKCS7 EXAMPLES
-Create a PKCS#7 structure from a certificate and CRL:
-.Pp
-.Dl $ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
-.Pp
-Create a PKCS#7 structure in DER format with no CRL from several
-different certificates:
-.Bd -literal -offset indent
-$ openssl crl2pkcs7 -nocrl -certfile newcert.pem \e
- -certfile demoCA/cacert.pem -outform DER -out p7.der
-.Ed
-.Sh CRL2PKCS7 NOTES
-The output file is a PKCS#7 signed data structure containing no signers and
-just certificates and an optional CRL.
-.Pp
-This utility can be used to send certificates and CAs to Netscape as part of
-the certificate enrollment process.
-This involves sending the DER-encoded output
-as MIME type
-.Em application/x-x509-user-cert .
-.Pp
-The PEM-encoded form with the header and footer lines removed can be used to
-install user certificates and CAs in MSIE using the Xenroll control.
.\"
.\" DGST
.\"