diff options
author | Jason McIntyre <jmc@cvs.openbsd.org> | 2019-10-04 06:22:52 +0000 |
---|---|---|
committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2019-10-04 06:22:52 +0000 |
commit | 8db5a48d495a8d9504c01fe28f4139d710d3ef27 (patch) | |
tree | 081613591bf8ad7a2bb347a3f42ba3451691e9f8 /usr.bin/openssl | |
parent | ad6c6488812ede4a918f8d9e66607a45a9775eaa (diff) |
the formatting for the mini synopses in this page did not render well
on html or groff. the solution, to replace the non-standard .nr macros
with a hang list, was provided by ingo - thanks!
ok schwarze
Diffstat (limited to 'usr.bin/openssl')
-rw-r--r-- | usr.bin/openssl/openssl.1 | 294 |
1 files changed, 179 insertions, 115 deletions
diff --git a/usr.bin/openssl/openssl.1 b/usr.bin/openssl/openssl.1 index 690b91ae96b..958e517c199 100644 --- a/usr.bin/openssl/openssl.1 +++ b/usr.bin/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.113 2019/08/05 12:01:51 inoguchi Exp $ +.\" $OpenBSD: openssl.1,v 1.114 2019/10/04 06:22:51 jmc Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -110,7 +110,7 @@ .\" copied and put under another distribution licence .\" [including the GNU Public Licence.] .\" -.Dd $Mdocdate: August 5 2019 $ +.Dd $Mdocdate: October 4 2019 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -201,8 +201,9 @@ or .Cm no- Ns Ar command itself. .Sh ASN1PARSE -.nr nS 1 -.Nm "openssl asn1parse" +.Bl -hang -width "openssl asn1parse" +.It Nm openssl asn1parse +.Bk -words .Op Fl i .Op Fl dlimit Ar number .Op Fl dump @@ -216,7 +217,8 @@ itself. .Op Fl oid Ar file .Op Fl out Ar file .Op Fl strparse Ar offset -.nr nS 0 +.Ek +.El .Pp The .Nm asn1parse @@ -295,8 +297,9 @@ This option can be used multiple times to into a nested structure. .El .Sh CA -.nr nS 1 -.Nm "openssl ca" +.Bl -hang -width "openssl ca" +.It Nm openssl ca +.Bk -words .Op Fl batch .Op Fl cert Ar file .Op Fl config Ar file @@ -341,7 +344,8 @@ into a nested structure. .Op Fl updatedb .Op Fl utf8 .Op Fl verbose -.nr nS 0 +.Ek +.El .Pp The .Nm ca @@ -874,8 +878,9 @@ Like but without cipher suite codes. .El .Sh CRL -.nr nS 1 -.Nm "openssl crl" +.Bl -hang -width "openssl crl" +.It Nm openssl crl +.Bk -words .Op Fl CAfile Ar file .Op Fl CApath Ar dir .Op Fl crlnumber @@ -893,7 +898,8 @@ but without cipher suite codes. .Op Fl outform Cm der | pem .Op Fl text .Op Fl verify -.nr nS 0 +.Ek +.El .Pp The .Nm crl @@ -948,15 +954,17 @@ Print the CRL in plain text. Verify the signature on the CRL. .El .Sh CRL2PKCS7 -.nr nS 1 -.Nm "openssl crl2pkcs7" +.Bl -hang -width "openssl crl2pkcs7" +.It Nm openssl crl2pkcs7 +.Bk -words .Op Fl certfile Ar file .Op Fl in Ar file .Op Fl inform Cm der | pem .Op Fl nocrl .Op Fl out Ar file .Op Fl outform Cm der | pem -.nr nS 0 +.Ek +.El .Pp The .Nm crl2pkcs7 @@ -991,8 +999,9 @@ or standard output if not specified. The output format. .El .Sh DGST -.nr nS 1 -.Nm "openssl dgst" +.Bl -hang -width "openssl dgst" +.It Nm openssl dgst +.Bk -words .Op Fl cdr .Op Fl binary .Op Fl Ar digest @@ -1009,7 +1018,8 @@ The output format. .Op Fl sigopt Ar nm : Ns Ar v .Op Fl verify Ar file .Op Ar -.nr nS 0 +.Ek +.El .Pp The digest functions output the message digest of a supplied .Ar file @@ -1103,8 +1113,9 @@ File or files to digest. If no files are specified then standard input is used. .El .Sh DHPARAM -.nr nS 1 -.Nm "openssl dhparam" +.Bl -hang -width "openssl dhparam" +.It Nm openssl dhparam +.Bk -words .Op Fl 2 | 5 .Op Fl C .Op Fl check @@ -1116,7 +1127,8 @@ If no files are specified then standard input is used. .Op Fl outform Cm der | pem .Op Fl text .Op Ar numbits -.nr nS 0 +.Ek +.El .Pp The .Nm dhparam @@ -1177,8 +1189,9 @@ If this value is present, the input file is ignored and parameters are generated instead. .El .Sh DSA -.nr nS 1 -.Nm "openssl dsa" +.Bl -hang -width "openssl dsa" +.It Nm openssl dsa +.Bk -words .Oo .Fl aes128 | aes192 | aes256 | .Fl des | des3 @@ -1195,7 +1208,8 @@ parameters are generated instead. .Op Fl pubout .Op Fl pvk-none | pvk-strong | pvk-weak .Op Fl text -.nr nS 0 +.Ek +.El .Pp The .Nm dsa @@ -1263,8 +1277,9 @@ The default is Print the public/private key in plain text. .El .Sh DSAPARAM -.nr nS 1 -.Nm "openssl dsaparam" +.Bl -hang -width "openssl dsaparam" +.It Nm openssl dsaparam +.Bk -words .Op Fl C .Op Fl genkey .Op Fl in Ar file @@ -1274,7 +1289,8 @@ Print the public/private key in plain text. .Op Fl outform Cm der | pem .Op Fl text .Op Ar numbits -.nr nS 0 +.Ek +.El .Pp The .Nm dsaparam @@ -1313,8 +1329,9 @@ Generate a parameter set of size If this option is included, the input file is ignored. .El .Sh EC -.nr nS 1 -.Nm "openssl ec" +.Bl -hang -width "openssl ec" +.It Nm openssl ec +.Bk -words .Op Fl conv_form Ar arg .Op Fl des .Op Fl des3 @@ -1330,7 +1347,8 @@ If this option is included, the input file is ignored. .Op Fl pubin .Op Fl pubout .Op Fl text -.nr nS 0 +.Ek +.El .Pp The .Nm ec @@ -1423,8 +1441,9 @@ Automatically set if the input is a public key. Print the public/private key in plain text. .El .Sh ECPARAM -.nr nS 1 -.Nm "openssl ecparam" +.Bl -hang -width "openssl ecparam" +.It Nm openssl ecparam +.Bk -words .Op Fl C .Op Fl check .Op Fl conv_form Ar arg @@ -1439,7 +1458,8 @@ Print the public/private key in plain text. .Op Fl outform Cm der | pem .Op Fl param_enc Ar arg .Op Fl text -.nr nS 0 +.Ek +.El .Pp The .Nm ecparam @@ -1516,8 +1536,9 @@ is currently not implemented. Print the EC parameters in plain text. .El .Sh ENC -.nr nS 1 -.Nm "openssl enc" +.Bl -hang -width "openssl enc" +.It Nm openssl enc +.Bk -words .Fl ciphername .Op Fl AadePpv .Op Fl base64 @@ -1538,7 +1559,8 @@ Print the EC parameters in plain text. .Op Fl pbkdf2 .Op Fl S Ar salt .Op Fl salt -.nr nS 0 +.Ek +.El .Pp The symmetric cipher commands allow data to be encrypted or decrypted using various block and stream ciphers using keys based on passwords @@ -1710,8 +1732,9 @@ The options are as follows: Print debugging statistics about various aspects of the hash table. .El .Sh GENDSA -.nr nS 1 -.Nm "openssl gendsa" +.Bl -hang -width "openssl gendsa" +.It Nm openssl gendsa +.Bk -words .Oo .Fl aes128 | aes192 | aes256 | camellia128 | .Fl camellia192 | camellia256 | des | des3 | idea @@ -1719,7 +1742,8 @@ Print debugging statistics about various aspects of the hash table. .Op Fl out Ar file .Op Fl passout Ar arg .Ar paramfile -.nr nS 0 +.Ek +.El .Pp The .Nm gendsa @@ -1754,8 +1778,9 @@ Specify the DSA parameter file to use. The parameters in this file determine the size of the private key. .El .Sh GENPKEY -.nr nS 1 -.Nm "openssl genpkey" +.Bl -hang -width "openssl genpkey" +.It Nm openssl genpkey +.Bk -words .Op Fl algorithm Ar alg .Op Ar cipher .Op Fl genparam @@ -1765,7 +1790,8 @@ The parameters in this file determine the size of the private key. .Op Fl pass Ar arg .Op Fl pkeyopt Ar opt : Ns Ar value .Op Fl text -.nr nS 0 +.Ek +.El .Pp The .Nm genpkey @@ -1856,8 +1882,9 @@ The EC curve to use. Print the private/public key in plain text. .El .Sh GENRSA -.nr nS 1 -.Nm "openssl genrsa" +.Bl -hang -width "openssl genrsa" +.It Nm openssl genrsa +.Bk -words .Op Fl 3 | f4 .Oo .Fl aes128 | aes192 | aes256 | camellia128 | @@ -1866,7 +1893,8 @@ Print the private/public key in plain text. .Op Fl out Ar file .Op Fl passout Ar arg .Op Ar numbits -.nr nS 0 +.Ek +.El .Pp The .Nm genrsa @@ -1941,8 +1969,9 @@ option the situation is reversed: a Netscape certificate sequence is created from a file of certificates. .El .Sh OCSP -.nr nS 1 -.Nm "openssl ocsp" +.Bl -hang -width "openssl ocsp" +.It Nm openssl ocsp +.Bk -words .Op Fl CA Ar file .Op Fl CAfile Ar file .Op Fl CApath Ar directory @@ -1992,7 +2021,8 @@ a Netscape certificate sequence is created from a file of certificates. .Op Fl VAfile Ar file .Op Fl validity_period Ar nsec .Op Fl verify_other Ar file -.nr nS 0 +.Ek +.El .Pp The Online Certificate Status Protocol (OCSP) enables applications to determine the (revocation) state @@ -2291,8 +2321,9 @@ with the .Fl VAfile option. .Sh PASSWD -.nr nS 1 -.Nm "openssl passwd" +.Bl -hang -width "openssl passwd" +.It Nm openssl passwd +.Bk -words .Op Fl 1 | apr1 | crypt .Op Fl in Ar file .Op Fl noverify @@ -2302,7 +2333,8 @@ option. .Op Fl stdin .Op Fl table .Op Ar password -.nr nS 0 +.Ek +.El .Pp The .Nm passwd @@ -2352,8 +2384,9 @@ In the output list, prepend the cleartext password and a TAB character to each password hash. .El .Sh PKCS7 -.nr nS 1 -.Nm "openssl pkcs7" +.Bl -hang -width "openssl pkcs7" +.It Nm openssl pkcs7 +.Bk -words .Op Fl in Ar file .Op Fl inform Cm der | pem .Op Fl noout @@ -2362,7 +2395,8 @@ to each password hash. .Op Fl print .Op Fl print_certs .Op Fl text -.nr nS 0 +.Ek +.El .Pp The .Nm pkcs7 @@ -2395,8 +2429,9 @@ preceded by their subject and issuer names in a one-line format. Print certificate details in full rather than just subject and issuer names. .El .Sh PKCS8 -.nr nS 1 -.Nm "openssl pkcs8" +.Bl -hang -width "openssl pkcs8" +.It Nm openssl pkcs8 +.Bk -words .Op Fl in Ar file .Op Fl inform Cm der | pem .Op Fl nocrypt @@ -2408,7 +2443,8 @@ Print certificate details in full rather than just subject and issuer names. .Op Fl topk8 .Op Fl v1 Ar alg .Op Fl v2 Ar alg -.nr nS 0 +.Ek +.El .Pp The .Nm pkcs8 @@ -2476,8 +2512,9 @@ valid values include des, des3, and rc2. It is recommended that des3 is used. .El .Sh PKCS12 -.nr nS 1 -.Nm "openssl pkcs12" +.Bl -hang -width "openssl pkcs12" +.It Nm openssl pkcs12 +.Bk -words .Oo .Fl aes128 | aes192 | aes256 | camellia128 | .Fl camellia192 | camellia256 | des | des3 | idea @@ -2516,7 +2553,8 @@ It is recommended that des3 is used. .Op Fl passout Ar arg .Op Fl password Ar arg .Op Fl twopass -.nr nS 0 +.Ek +.El .Pp The .Nm pkcs12 @@ -2691,8 +2729,9 @@ is equivalent to .Fl passin . .El .Sh PKEY -.nr nS 1 -.Nm "openssl pkey" +.Bl -hang -width "openssl pkey" +.It Nm openssl pkey +.Bk -words .Op Ar cipher .Op Fl in Ar file .Op Fl inform Cm der | pem @@ -2705,7 +2744,8 @@ is equivalent to .Op Fl pubout .Op Fl text .Op Fl text_pub -.nr nS 0 +.Ek +.El .Pp The .Nm pkey @@ -2777,8 +2817,9 @@ or standard output if not specified. Print the parameters in plain text. .El .Sh PKEYUTL -.nr nS 1 -.Nm "openssl pkeyutl" +.Bl -hang -width "openssl pkeyutl" +.It Nm openssl pkeyutl +.Bk -words .Op Fl asn1parse .Op Fl certin .Op Fl decrypt @@ -2799,7 +2840,8 @@ Print the parameters in plain text. .Op Fl sign .Op Fl verify .Op Fl verifyrecover -.nr nS 0 +.Ek +.El .Pp The .Nm pkeyutl @@ -2971,13 +3013,15 @@ Test if number is prime. .El .Sh RAND -.nr nS 1 -.Nm "openssl rand" +.Bl -hang -width "openssl rand" +.It Nm openssl rand +.Bk -words .Op Fl base64 .Op Fl hex .Op Fl out Ar file .Ar num -.nr nS 0 +.Ek +.El .Pp The .Nm rand @@ -2996,8 +3040,9 @@ The output file to write to, or standard output if not specified. .El .Sh REQ -.nr nS 1 -.Nm "openssl req" +.Bl -hang -width "openssl req" +.It Nm openssl req +.Bk -words .Op Fl asn1-kludge .Op Fl batch .Op Fl config Ar file @@ -3035,7 +3080,8 @@ or standard output if not specified. .Op Fl verbose .Op Fl verify .Op Fl x509 -.nr nS 0 +.Ek +.El .Pp The .Nm req @@ -3435,8 +3481,9 @@ options in the configuration file. Any additional fields will be treated as though they were a .Cm DirectoryString . .Sh RSA -.nr nS 1 -.Nm "openssl rsa" +.Bl -hang -width "openssl rsa" +.It Nm openssl rsa +.Bk -words .Op Fl aes128 | aes192 | aes256 | des | des3 .Op Fl check .Op Fl in Ar file @@ -3454,7 +3501,8 @@ Any additional fields will be treated as though they were a .Op Fl RSAPublicKey_out .Op Fl sgckey .Op Fl text -.nr nS 0 +.Ek +.El .Pp The .Nm rsa @@ -3530,8 +3578,9 @@ and SGC keys. Print the public/private key components in plain text. .El .Sh RSAUTL -.nr nS 1 -.Nm "openssl rsautl" +.Bl -hang -width "openssl rsautl" +.It Nm openssl rsautl +.Bk -words .Op Fl asn1parse .Op Fl certin .Op Fl decrypt @@ -3547,7 +3596,8 @@ Print the public/private key components in plain text. .Op Fl rev .Op Fl sign .Op Fl verify -.nr nS 0 +.Ek +.El .Pp The .Nm rsautl @@ -3602,8 +3652,9 @@ This requires an RSA private key. Verify the input data and output the recovered data. .El .Sh S_CLIENT -.nr nS 1 -.Nm "openssl s_client" +.Bl -hang -width "openssl s_client" +.It Nm openssl s_client +.Bk -words .Op Fl 4 | 6 .Op Fl alpn Ar protocols .Op Fl bugs @@ -3667,7 +3718,8 @@ Verify the input data and output the recovered data. .Op Fl verify_return_error .Op Fl x509_strict .Op Fl xmpphost Ar host -.nr nS 0 +.Ek +.El .Pp The .Nm s_client @@ -3896,8 +3948,9 @@ If this option is not specified then the host specified with will be used. .El .Sh S_SERVER -.nr nS 1 -.Nm "openssl s_server" +.Bl -hang -width "openssl s_server" +.It Nm openssl s_server +.Bk -words .Op Fl accept Ar port .Op Fl alpn Ar protocols .Op Fl bugs @@ -3961,7 +4014,8 @@ will be used. .Op Fl verify_return_error .Op Fl WWW .Op Fl www -.nr nS 0 +.Ek +.El .Pp The .Nm s_server @@ -4199,8 +4253,9 @@ with a certificate is requested but the client does not have to send one. .El .Sh S_TIME -.nr nS 1 -.Nm "openssl s_time" +.Bl -hang -width "openssl s_time" +.It Nm openssl s_time +.Bk -words .Op Fl bugs .Op Fl CAfile Ar file .Op Fl CApath Ar directory @@ -4215,7 +4270,8 @@ a certificate is requested but the client does not have to send one. .Op Fl time Ar seconds .Op Fl verify Ar depth .Op Fl www Ar page -.nr nS 0 +.Ek +.El .Pp The .Nm s_time @@ -4307,8 +4363,9 @@ will only perform the handshake to establish SSL connections but not transfer any payload data. .El .Sh SESS_ID -.nr nS 1 -.Nm "openssl sess_id" +.Bl -hang -width "openssl sess_id" +.It Nm openssl sess_id +.Bk -words .Op Fl cert .Op Fl context Ar ID .Op Fl in Ar file @@ -4317,7 +4374,8 @@ but not transfer any payload data. .Op Fl out Ar file .Op Fl outform Cm der | pem .Op Fl text -.nr nS 0 +.Ek +.El .Pp The .Nm sess_id @@ -4397,8 +4455,9 @@ application. This is, however, strongly discouraged and should only be used for debugging purposes. .Sh SMIME -.nr nS 1 -.Nm "openssl smime" +.Bl -hang -width "openssl smime" +.It Nm openssl smime +.Bk -words .Oo .Fl aes128 | aes192 | aes256 | des | .Fl des3 | rc2-40 | rc2-64 | rc2-128 @@ -4448,7 +4507,8 @@ debugging purposes. .Op Fl verify .Op Fl x509_strict .Op Ar cert.pem ... -.nr nS 0 +.Ek +.El .Pp The .Nm smime @@ -4691,15 +4751,17 @@ An error occurred decrypting or verifying the message. An error occurred writing certificates. .El .Sh SPEED -.nr nS 1 -.Nm "openssl speed" +.Bl -hang -width "openssl speed" +.It Nm openssl speed +.Bk -words .Op Ar algorithm .Op Fl decrypt .Op Fl elapsed .Op Fl evp Ar algorithm .Op Fl mr .Op Fl multi Ar number -.nr nS 0 +.Ek +.El .Pp The .Nm speed @@ -4726,8 +4788,9 @@ Run benchmarks in parallel. .El .Sh SPKAC -.nr nS 1 -.Nm "openssl spkac" +.Bl -hang -width "openssl spkac" +.It Nm openssl spkac +.Bk -words .Op Fl challenge Ar string .Op Fl in Ar file .Op Fl key Ar keyfile @@ -4738,7 +4801,8 @@ benchmarks in parallel. .Op Fl spkac Ar spkacname .Op Fl spksect Ar section .Op Fl verify -.nr nS 0 +.Ek +.El .Pp The .Nm spkac @@ -4785,8 +4849,9 @@ containing the SPKAC. Verify the digital signature on the supplied SPKAC. .El .Sh TS -.nr nS 1 -.Nm "openssl ts" +.Bk -words +.Bl -hang -width "openssl ts" +.It Nm openssl ts .Fl query .Op Fl md4 | md5 | ripemd160 | sha1 .Op Fl cert @@ -4798,10 +4863,7 @@ Verify the digital signature on the supplied SPKAC. .Op Fl out Ar request.tsq .Op Fl policy Ar object_id .Op Fl text -.nr nS 0 -.Pp -.nr nS 1 -.Nm "openssl ts" +.It Nm openssl ts .Fl reply .Op Fl chain Ar certs_file.pem .Op Fl config Ar configfile @@ -4816,10 +4878,7 @@ Verify the digital signature on the supplied SPKAC. .Op Fl text .Op Fl token_in .Op Fl token_out -.nr nS 0 -.Pp -.nr nS 1 -.Nm "openssl ts" +.It Nm openssl ts .Fl verify .Op Fl CAfile Ar trusted_certs.pem .Op Fl CApath Ar trusted_cert_path @@ -4829,7 +4888,8 @@ Verify the digital signature on the supplied SPKAC. .Op Fl queryfile Ar request.tsq .Op Fl token_in .Op Fl untrusted Ar cert_file.pem -.nr nS 0 +.El +.Ek .Pp The .Nm ts @@ -5151,8 +5211,9 @@ only the signing certificate identifier is included. The default is no. .El .Sh VERIFY -.nr nS 1 -.Nm "openssl verify" +.Bl -hang -width "openssl verify" +.It Nm openssl verify +.Bk -words .Op Fl CAfile Ar file .Op Fl CApath Ar directory .Op Fl check_ss_sig @@ -5173,7 +5234,8 @@ The default is no. .Op Fl verbose .Op Fl x509_strict .Op Ar certificates -.nr nS 0 +.Ek +.El .Pp The .Nm verify @@ -5507,8 +5569,9 @@ The current version. .El .Sh X509 -.nr nS 1 -.Nm "openssl x509" +.Bl -hang -width "openssl x509" +.It Nm openssl x509 +.Bk -words .Op Fl C .Op Fl addreject Ar arg .Op Fl addtrust Ar arg @@ -5563,7 +5626,8 @@ version. .Op Fl text .Op Fl trustout .Op Fl x509toreq -.nr nS 0 +.Ek +.El .Pp The .Nm x509 |