fix previous;

1 files changed, 31 insertions, 21 deletions

diff --git a/usr.bin/nc/nc.1 b/usr.bin/nc/nc.1
index 8cb96e8734f..461e9e41be9 100644
--- a/usr.bin/nc/nc.1
+++ b/usr.bin/nc/nc.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: nc.1,v 1.69 2015/09/11 21:07:01 beck Exp $
+.\"     $OpenBSD: nc.1,v 1.70 2015/09/12 07:56:56 jmc Exp $
 .\"
 .\" Copyright (c) 1996 David Sacerdote
 .\" All rights reserved.
@@ -25,7 +25,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 11 2015 $
+.Dd $Mdocdate: September 12 2015 $
 .Dt NC 1
 .Os
 .Sh NAME
@@ -34,12 +34,17 @@
 .Sh SYNOPSIS
 .Nm nc
 .Bk -words
-.Op Fl 46DdFhklNnrStUuvz
+.Op Fl 46cDdFhklNnrStUuvz
+.Op Fl C Ar certfile
+.Op Fl e Ar name
+.Op Fl H Ar hash
 .Op Fl I Ar length
 .Op Fl i Ar interval
+.Op Fl K Ar keyfile
 .Op Fl O Ar length
 .Op Fl P Ar proxy_username
 .Op Fl p Ar source_port
+.Op Fl R Ar CAfile
 .Op Fl s Ar source
 .Op Fl T Ar keyword
 .Op Fl V Ar rtable
@@ -98,17 +103,19 @@ to use IPv4 addresses only.
 Forces
 .Nm
 to use IPv6 addresses only.
-.It Fl C Ar certificate_filename
+.It Fl C Ar certfile
 Specifies the filename from which the public key part of the TLS
-certificate is loaded, in PEM format. May only be used with TLS.
+certificate is loaded, in PEM format.
+May only be used with TLS.
 .It Fl c
-If using a TCP socket to connect or listen, use TLS. Illegal if not using TCP sockets.
+If using a TCP socket to connect or listen, use TLS.
+Illegal if not using TCP sockets.
 .It Fl D
 Enable debugging on the socket.
 .It Fl d
 Do not attempt to read from stdin.
 .It Fl e Ar name
-specify the name that must be present in the peer certificate when using TLS.
+Specify the name that must be present in the peer certificate when using TLS.
 Illegal if not using TLS.
 .It Fl F
 Pass the first connected socket using
@@ -125,7 +132,7 @@ using the
 .Xr ssh_config 5
 .Cm ProxyUseFdpass
 option).
-.It Fl H Ar hash_string
+.It Fl H Ar hash
 Specifies the required hash string of the peer certificate when using TLS.
 The string format required is that used by
 .Xr tls_peer_cert_hash 3 .
@@ -139,9 +146,10 @@ Specifies the size of the TCP receive buffer.
 .It Fl i Ar interval
 Specifies a delay time interval between lines of text sent and received.
 Also causes a delay time between connections to multiple ports.
-.It Fl K Ar key_filename
+.It Fl K Ar keyfile
 Specifies the filename from which the private key
-is loaded in PEM format. May only be used with TLS.
+is loaded in PEM format.
+May only be used with TLS.
 .It Fl k
 Forces
 .Nm
@@ -188,10 +196,11 @@ should use, subject to privilege restrictions and availability.
 It is an error to use this option in conjunction with the
 .Fl l
 option.
-.It Fl R Ar CA_filename
-Specifies the filename from which the root CA bundle for Certificate
-verification is loaded in pem format. Illegal if not using TLS.
-Default value is
+.It Fl R Ar CAfile
+Specifies the filename from which the root CA bundle for certificate
+verification is loaded, in PEM format.
+Illegal if not using TLS.
+The default is
 .Pa /etc/ssl/cert.pem .
 .It Fl r
 Specifies that source and/or destination ports should be chosen randomly
@@ -214,14 +223,15 @@ For TLS options
 .Ar keyword
 may be one of
 .Ar tlslegacy ,
-which allows legacy TLS protocols,
+which allows legacy TLS protocols;
 .Ar noverify ,
-which disables certificate verification
+which disables certificate verification;
 .Ar noname ,
-which disables certificate name checking, or
-.Ar clientcert,
-which requires a client certificate on incoming connections .
+which disables certificate name checking; or
+.Ar clientcert ,
+which requires a client certificate on incoming connections.
 It is illegal to specify TLS options if not using TLS.
+.Pp
 For IPv4 TOS value
 .Ar keyword
 may be one of
@@ -463,8 +473,8 @@ the source port, with a timeout of 5 seconds:
 .Pp
 .Dl $ nc -p 31337 -w 5 host.example.com 42
 .Pp
-Open a TCP connection to port 443 of www.google.ca, and negotiate
-TLS. Check for a different name in the certificate for validation.
+Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
+Check for a different name in the certificate for validation.
 .Pp
 .Dl $  nc -v -c -e adsf.au.doubleclick.net www.google.ca 443
 .Pp