summaryrefslogtreecommitdiff
path: root/usr.bin/openssl
diff options
context:
space:
mode:
authorJason McIntyre <jmc@cvs.openbsd.org>2019-10-04 06:22:52 +0000
committerJason McIntyre <jmc@cvs.openbsd.org>2019-10-04 06:22:52 +0000
commit8db5a48d495a8d9504c01fe28f4139d710d3ef27 (patch)
tree081613591bf8ad7a2bb347a3f42ba3451691e9f8 /usr.bin/openssl
parentad6c6488812ede4a918f8d9e66607a45a9775eaa (diff)
the formatting for the mini synopses in this page did not render well
on html or groff. the solution, to replace the non-standard .nr macros with a hang list, was provided by ingo - thanks! ok schwarze
Diffstat (limited to 'usr.bin/openssl')
-rw-r--r--usr.bin/openssl/openssl.1294
1 files changed, 179 insertions, 115 deletions
diff --git a/usr.bin/openssl/openssl.1 b/usr.bin/openssl/openssl.1
index 690b91ae96b..958e517c199 100644
--- a/usr.bin/openssl/openssl.1
+++ b/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.113 2019/08/05 12:01:51 inoguchi Exp $
+.\" $OpenBSD: openssl.1,v 1.114 2019/10/04 06:22:51 jmc Exp $
.\" ====================================================================
.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
.\"
@@ -110,7 +110,7 @@
.\" copied and put under another distribution licence
.\" [including the GNU Public Licence.]
.\"
-.Dd $Mdocdate: August 5 2019 $
+.Dd $Mdocdate: October 4 2019 $
.Dt OPENSSL 1
.Os
.Sh NAME
@@ -201,8 +201,9 @@ or
.Cm no- Ns Ar command
itself.
.Sh ASN1PARSE
-.nr nS 1
-.Nm "openssl asn1parse"
+.Bl -hang -width "openssl asn1parse"
+.It Nm openssl asn1parse
+.Bk -words
.Op Fl i
.Op Fl dlimit Ar number
.Op Fl dump
@@ -216,7 +217,8 @@ itself.
.Op Fl oid Ar file
.Op Fl out Ar file
.Op Fl strparse Ar offset
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm asn1parse
@@ -295,8 +297,9 @@ This option can be used multiple times to
into a nested structure.
.El
.Sh CA
-.nr nS 1
-.Nm "openssl ca"
+.Bl -hang -width "openssl ca"
+.It Nm openssl ca
+.Bk -words
.Op Fl batch
.Op Fl cert Ar file
.Op Fl config Ar file
@@ -341,7 +344,8 @@ into a nested structure.
.Op Fl updatedb
.Op Fl utf8
.Op Fl verbose
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm ca
@@ -874,8 +878,9 @@ Like
but without cipher suite codes.
.El
.Sh CRL
-.nr nS 1
-.Nm "openssl crl"
+.Bl -hang -width "openssl crl"
+.It Nm openssl crl
+.Bk -words
.Op Fl CAfile Ar file
.Op Fl CApath Ar dir
.Op Fl crlnumber
@@ -893,7 +898,8 @@ but without cipher suite codes.
.Op Fl outform Cm der | pem
.Op Fl text
.Op Fl verify
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm crl
@@ -948,15 +954,17 @@ Print the CRL in plain text.
Verify the signature on the CRL.
.El
.Sh CRL2PKCS7
-.nr nS 1
-.Nm "openssl crl2pkcs7"
+.Bl -hang -width "openssl crl2pkcs7"
+.It Nm openssl crl2pkcs7
+.Bk -words
.Op Fl certfile Ar file
.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl nocrl
.Op Fl out Ar file
.Op Fl outform Cm der | pem
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm crl2pkcs7
@@ -991,8 +999,9 @@ or standard output if not specified.
The output format.
.El
.Sh DGST
-.nr nS 1
-.Nm "openssl dgst"
+.Bl -hang -width "openssl dgst"
+.It Nm openssl dgst
+.Bk -words
.Op Fl cdr
.Op Fl binary
.Op Fl Ar digest
@@ -1009,7 +1018,8 @@ The output format.
.Op Fl sigopt Ar nm : Ns Ar v
.Op Fl verify Ar file
.Op Ar
-.nr nS 0
+.Ek
+.El
.Pp
The digest functions output the message digest of a supplied
.Ar file
@@ -1103,8 +1113,9 @@ File or files to digest.
If no files are specified then standard input is used.
.El
.Sh DHPARAM
-.nr nS 1
-.Nm "openssl dhparam"
+.Bl -hang -width "openssl dhparam"
+.It Nm openssl dhparam
+.Bk -words
.Op Fl 2 | 5
.Op Fl C
.Op Fl check
@@ -1116,7 +1127,8 @@ If no files are specified then standard input is used.
.Op Fl outform Cm der | pem
.Op Fl text
.Op Ar numbits
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm dhparam
@@ -1177,8 +1189,9 @@ If this value is present, the input file is ignored and
parameters are generated instead.
.El
.Sh DSA
-.nr nS 1
-.Nm "openssl dsa"
+.Bl -hang -width "openssl dsa"
+.It Nm openssl dsa
+.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 |
.Fl des | des3
@@ -1195,7 +1208,8 @@ parameters are generated instead.
.Op Fl pubout
.Op Fl pvk-none | pvk-strong | pvk-weak
.Op Fl text
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm dsa
@@ -1263,8 +1277,9 @@ The default is
Print the public/private key in plain text.
.El
.Sh DSAPARAM
-.nr nS 1
-.Nm "openssl dsaparam"
+.Bl -hang -width "openssl dsaparam"
+.It Nm openssl dsaparam
+.Bk -words
.Op Fl C
.Op Fl genkey
.Op Fl in Ar file
@@ -1274,7 +1289,8 @@ Print the public/private key in plain text.
.Op Fl outform Cm der | pem
.Op Fl text
.Op Ar numbits
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm dsaparam
@@ -1313,8 +1329,9 @@ Generate a parameter set of size
If this option is included, the input file is ignored.
.El
.Sh EC
-.nr nS 1
-.Nm "openssl ec"
+.Bl -hang -width "openssl ec"
+.It Nm openssl ec
+.Bk -words
.Op Fl conv_form Ar arg
.Op Fl des
.Op Fl des3
@@ -1330,7 +1347,8 @@ If this option is included, the input file is ignored.
.Op Fl pubin
.Op Fl pubout
.Op Fl text
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm ec
@@ -1423,8 +1441,9 @@ Automatically set if the input is a public key.
Print the public/private key in plain text.
.El
.Sh ECPARAM
-.nr nS 1
-.Nm "openssl ecparam"
+.Bl -hang -width "openssl ecparam"
+.It Nm openssl ecparam
+.Bk -words
.Op Fl C
.Op Fl check
.Op Fl conv_form Ar arg
@@ -1439,7 +1458,8 @@ Print the public/private key in plain text.
.Op Fl outform Cm der | pem
.Op Fl param_enc Ar arg
.Op Fl text
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm ecparam
@@ -1516,8 +1536,9 @@ is currently not implemented.
Print the EC parameters in plain text.
.El
.Sh ENC
-.nr nS 1
-.Nm "openssl enc"
+.Bl -hang -width "openssl enc"
+.It Nm openssl enc
+.Bk -words
.Fl ciphername
.Op Fl AadePpv
.Op Fl base64
@@ -1538,7 +1559,8 @@ Print the EC parameters in plain text.
.Op Fl pbkdf2
.Op Fl S Ar salt
.Op Fl salt
-.nr nS 0
+.Ek
+.El
.Pp
The symmetric cipher commands allow data to be encrypted or decrypted
using various block and stream ciphers using keys based on passwords
@@ -1710,8 +1732,9 @@ The options are as follows:
Print debugging statistics about various aspects of the hash table.
.El
.Sh GENDSA
-.nr nS 1
-.Nm "openssl gendsa"
+.Bl -hang -width "openssl gendsa"
+.It Nm openssl gendsa
+.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 | camellia128 |
.Fl camellia192 | camellia256 | des | des3 | idea
@@ -1719,7 +1742,8 @@ Print debugging statistics about various aspects of the hash table.
.Op Fl out Ar file
.Op Fl passout Ar arg
.Ar paramfile
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm gendsa
@@ -1754,8 +1778,9 @@ Specify the DSA parameter file to use.
The parameters in this file determine the size of the private key.
.El
.Sh GENPKEY
-.nr nS 1
-.Nm "openssl genpkey"
+.Bl -hang -width "openssl genpkey"
+.It Nm openssl genpkey
+.Bk -words
.Op Fl algorithm Ar alg
.Op Ar cipher
.Op Fl genparam
@@ -1765,7 +1790,8 @@ The parameters in this file determine the size of the private key.
.Op Fl pass Ar arg
.Op Fl pkeyopt Ar opt : Ns Ar value
.Op Fl text
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm genpkey
@@ -1856,8 +1882,9 @@ The EC curve to use.
Print the private/public key in plain text.
.El
.Sh GENRSA
-.nr nS 1
-.Nm "openssl genrsa"
+.Bl -hang -width "openssl genrsa"
+.It Nm openssl genrsa
+.Bk -words
.Op Fl 3 | f4
.Oo
.Fl aes128 | aes192 | aes256 | camellia128 |
@@ -1866,7 +1893,8 @@ Print the private/public key in plain text.
.Op Fl out Ar file
.Op Fl passout Ar arg
.Op Ar numbits
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm genrsa
@@ -1941,8 +1969,9 @@ option the situation is reversed:
a Netscape certificate sequence is created from a file of certificates.
.El
.Sh OCSP
-.nr nS 1
-.Nm "openssl ocsp"
+.Bl -hang -width "openssl ocsp"
+.It Nm openssl ocsp
+.Bk -words
.Op Fl CA Ar file
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
@@ -1992,7 +2021,8 @@ a Netscape certificate sequence is created from a file of certificates.
.Op Fl VAfile Ar file
.Op Fl validity_period Ar nsec
.Op Fl verify_other Ar file
-.nr nS 0
+.Ek
+.El
.Pp
The Online Certificate Status Protocol (OCSP)
enables applications to determine the (revocation) state
@@ -2291,8 +2321,9 @@ with the
.Fl VAfile
option.
.Sh PASSWD
-.nr nS 1
-.Nm "openssl passwd"
+.Bl -hang -width "openssl passwd"
+.It Nm openssl passwd
+.Bk -words
.Op Fl 1 | apr1 | crypt
.Op Fl in Ar file
.Op Fl noverify
@@ -2302,7 +2333,8 @@ option.
.Op Fl stdin
.Op Fl table
.Op Ar password
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm passwd
@@ -2352,8 +2384,9 @@ In the output list, prepend the cleartext password and a TAB character
to each password hash.
.El
.Sh PKCS7
-.nr nS 1
-.Nm "openssl pkcs7"
+.Bl -hang -width "openssl pkcs7"
+.It Nm openssl pkcs7
+.Bk -words
.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl noout
@@ -2362,7 +2395,8 @@ to each password hash.
.Op Fl print
.Op Fl print_certs
.Op Fl text
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm pkcs7
@@ -2395,8 +2429,9 @@ preceded by their subject and issuer names in a one-line format.
Print certificate details in full rather than just subject and issuer names.
.El
.Sh PKCS8
-.nr nS 1
-.Nm "openssl pkcs8"
+.Bl -hang -width "openssl pkcs8"
+.It Nm openssl pkcs8
+.Bk -words
.Op Fl in Ar file
.Op Fl inform Cm der | pem
.Op Fl nocrypt
@@ -2408,7 +2443,8 @@ Print certificate details in full rather than just subject and issuer names.
.Op Fl topk8
.Op Fl v1 Ar alg
.Op Fl v2 Ar alg
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm pkcs8
@@ -2476,8 +2512,9 @@ valid values include des, des3, and rc2.
It is recommended that des3 is used.
.El
.Sh PKCS12
-.nr nS 1
-.Nm "openssl pkcs12"
+.Bl -hang -width "openssl pkcs12"
+.It Nm openssl pkcs12
+.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 | camellia128 |
.Fl camellia192 | camellia256 | des | des3 | idea
@@ -2516,7 +2553,8 @@ It is recommended that des3 is used.
.Op Fl passout Ar arg
.Op Fl password Ar arg
.Op Fl twopass
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm pkcs12
@@ -2691,8 +2729,9 @@ is equivalent to
.Fl passin .
.El
.Sh PKEY
-.nr nS 1
-.Nm "openssl pkey"
+.Bl -hang -width "openssl pkey"
+.It Nm openssl pkey
+.Bk -words
.Op Ar cipher
.Op Fl in Ar file
.Op Fl inform Cm der | pem
@@ -2705,7 +2744,8 @@ is equivalent to
.Op Fl pubout
.Op Fl text
.Op Fl text_pub
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm pkey
@@ -2777,8 +2817,9 @@ or standard output if not specified.
Print the parameters in plain text.
.El
.Sh PKEYUTL
-.nr nS 1
-.Nm "openssl pkeyutl"
+.Bl -hang -width "openssl pkeyutl"
+.It Nm openssl pkeyutl
+.Bk -words
.Op Fl asn1parse
.Op Fl certin
.Op Fl decrypt
@@ -2799,7 +2840,8 @@ Print the parameters in plain text.
.Op Fl sign
.Op Fl verify
.Op Fl verifyrecover
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm pkeyutl
@@ -2971,13 +3013,15 @@ Test if number
is prime.
.El
.Sh RAND
-.nr nS 1
-.Nm "openssl rand"
+.Bl -hang -width "openssl rand"
+.It Nm openssl rand
+.Bk -words
.Op Fl base64
.Op Fl hex
.Op Fl out Ar file
.Ar num
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm rand
@@ -2996,8 +3040,9 @@ The output file to write to,
or standard output if not specified.
.El
.Sh REQ
-.nr nS 1
-.Nm "openssl req"
+.Bl -hang -width "openssl req"
+.It Nm openssl req
+.Bk -words
.Op Fl asn1-kludge
.Op Fl batch
.Op Fl config Ar file
@@ -3035,7 +3080,8 @@ or standard output if not specified.
.Op Fl verbose
.Op Fl verify
.Op Fl x509
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm req
@@ -3435,8 +3481,9 @@ options in the configuration file.
Any additional fields will be treated as though they were a
.Cm DirectoryString .
.Sh RSA
-.nr nS 1
-.Nm "openssl rsa"
+.Bl -hang -width "openssl rsa"
+.It Nm openssl rsa
+.Bk -words
.Op Fl aes128 | aes192 | aes256 | des | des3
.Op Fl check
.Op Fl in Ar file
@@ -3454,7 +3501,8 @@ Any additional fields will be treated as though they were a
.Op Fl RSAPublicKey_out
.Op Fl sgckey
.Op Fl text
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm rsa
@@ -3530,8 +3578,9 @@ and SGC keys.
Print the public/private key components in plain text.
.El
.Sh RSAUTL
-.nr nS 1
-.Nm "openssl rsautl"
+.Bl -hang -width "openssl rsautl"
+.It Nm openssl rsautl
+.Bk -words
.Op Fl asn1parse
.Op Fl certin
.Op Fl decrypt
@@ -3547,7 +3596,8 @@ Print the public/private key components in plain text.
.Op Fl rev
.Op Fl sign
.Op Fl verify
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm rsautl
@@ -3602,8 +3652,9 @@ This requires an RSA private key.
Verify the input data and output the recovered data.
.El
.Sh S_CLIENT
-.nr nS 1
-.Nm "openssl s_client"
+.Bl -hang -width "openssl s_client"
+.It Nm openssl s_client
+.Bk -words
.Op Fl 4 | 6
.Op Fl alpn Ar protocols
.Op Fl bugs
@@ -3667,7 +3718,8 @@ Verify the input data and output the recovered data.
.Op Fl verify_return_error
.Op Fl x509_strict
.Op Fl xmpphost Ar host
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm s_client
@@ -3896,8 +3948,9 @@ If this option is not specified then the host specified with
will be used.
.El
.Sh S_SERVER
-.nr nS 1
-.Nm "openssl s_server"
+.Bl -hang -width "openssl s_server"
+.It Nm openssl s_server
+.Bk -words
.Op Fl accept Ar port
.Op Fl alpn Ar protocols
.Op Fl bugs
@@ -3961,7 +4014,8 @@ will be used.
.Op Fl verify_return_error
.Op Fl WWW
.Op Fl www
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm s_server
@@ -4199,8 +4253,9 @@ with
a certificate is requested but the client does not have to send one.
.El
.Sh S_TIME
-.nr nS 1
-.Nm "openssl s_time"
+.Bl -hang -width "openssl s_time"
+.It Nm openssl s_time
+.Bk -words
.Op Fl bugs
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
@@ -4215,7 +4270,8 @@ a certificate is requested but the client does not have to send one.
.Op Fl time Ar seconds
.Op Fl verify Ar depth
.Op Fl www Ar page
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm s_time
@@ -4307,8 +4363,9 @@ will only perform the handshake to establish SSL connections
but not transfer any payload data.
.El
.Sh SESS_ID
-.nr nS 1
-.Nm "openssl sess_id"
+.Bl -hang -width "openssl sess_id"
+.It Nm openssl sess_id
+.Bk -words
.Op Fl cert
.Op Fl context Ar ID
.Op Fl in Ar file
@@ -4317,7 +4374,8 @@ but not transfer any payload data.
.Op Fl out Ar file
.Op Fl outform Cm der | pem
.Op Fl text
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm sess_id
@@ -4397,8 +4455,9 @@ application.
This is, however, strongly discouraged and should only be used for
debugging purposes.
.Sh SMIME
-.nr nS 1
-.Nm "openssl smime"
+.Bl -hang -width "openssl smime"
+.It Nm openssl smime
+.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 | des |
.Fl des3 | rc2-40 | rc2-64 | rc2-128
@@ -4448,7 +4507,8 @@ debugging purposes.
.Op Fl verify
.Op Fl x509_strict
.Op Ar cert.pem ...
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm smime
@@ -4691,15 +4751,17 @@ An error occurred decrypting or verifying the message.
An error occurred writing certificates.
.El
.Sh SPEED
-.nr nS 1
-.Nm "openssl speed"
+.Bl -hang -width "openssl speed"
+.It Nm openssl speed
+.Bk -words
.Op Ar algorithm
.Op Fl decrypt
.Op Fl elapsed
.Op Fl evp Ar algorithm
.Op Fl mr
.Op Fl multi Ar number
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm speed
@@ -4726,8 +4788,9 @@ Run
benchmarks in parallel.
.El
.Sh SPKAC
-.nr nS 1
-.Nm "openssl spkac"
+.Bl -hang -width "openssl spkac"
+.It Nm openssl spkac
+.Bk -words
.Op Fl challenge Ar string
.Op Fl in Ar file
.Op Fl key Ar keyfile
@@ -4738,7 +4801,8 @@ benchmarks in parallel.
.Op Fl spkac Ar spkacname
.Op Fl spksect Ar section
.Op Fl verify
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm spkac
@@ -4785,8 +4849,9 @@ containing the SPKAC.
Verify the digital signature on the supplied SPKAC.
.El
.Sh TS
-.nr nS 1
-.Nm "openssl ts"
+.Bk -words
+.Bl -hang -width "openssl ts"
+.It Nm openssl ts
.Fl query
.Op Fl md4 | md5 | ripemd160 | sha1
.Op Fl cert
@@ -4798,10 +4863,7 @@ Verify the digital signature on the supplied SPKAC.
.Op Fl out Ar request.tsq
.Op Fl policy Ar object_id
.Op Fl text
-.nr nS 0
-.Pp
-.nr nS 1
-.Nm "openssl ts"
+.It Nm openssl ts
.Fl reply
.Op Fl chain Ar certs_file.pem
.Op Fl config Ar configfile
@@ -4816,10 +4878,7 @@ Verify the digital signature on the supplied SPKAC.
.Op Fl text
.Op Fl token_in
.Op Fl token_out
-.nr nS 0
-.Pp
-.nr nS 1
-.Nm "openssl ts"
+.It Nm openssl ts
.Fl verify
.Op Fl CAfile Ar trusted_certs.pem
.Op Fl CApath Ar trusted_cert_path
@@ -4829,7 +4888,8 @@ Verify the digital signature on the supplied SPKAC.
.Op Fl queryfile Ar request.tsq
.Op Fl token_in
.Op Fl untrusted Ar cert_file.pem
-.nr nS 0
+.El
+.Ek
.Pp
The
.Nm ts
@@ -5151,8 +5211,9 @@ only the signing certificate identifier is included.
The default is no.
.El
.Sh VERIFY
-.nr nS 1
-.Nm "openssl verify"
+.Bl -hang -width "openssl verify"
+.It Nm openssl verify
+.Bk -words
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
.Op Fl check_ss_sig
@@ -5173,7 +5234,8 @@ The default is no.
.Op Fl verbose
.Op Fl x509_strict
.Op Ar certificates
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm verify
@@ -5507,8 +5569,9 @@ The current
version.
.El
.Sh X509
-.nr nS 1
-.Nm "openssl x509"
+.Bl -hang -width "openssl x509"
+.It Nm openssl x509
+.Bk -words
.Op Fl C
.Op Fl addreject Ar arg
.Op Fl addtrust Ar arg
@@ -5563,7 +5626,8 @@ version.
.Op Fl text
.Op Fl trustout
.Op Fl x509toreq
-.nr nS 0
+.Ek
+.El
.Pp
The
.Nm x509