From 4aff38467366d1006fbf3439d1314f6e7803ce60 Mon Sep 17 00:00:00 2001 From: "Vladimir D. Seleznev" Date: Mon, 6 Nov 2017 18:50:01 +0300 Subject: [PATCH] ALT: openssl manpage --- libressl/apps/openssl/openssl.1 | 232 +++++++++---------- libressl/man/CONF_modules_load_file.3 | 10 +- libressl/man/EVP_EncryptInit.3 | 4 +- libressl/man/EVP_PKEY_CTX_ctrl.3 | 2 +- libressl/man/OPENSSL_VERSION_NUMBER.3 | 2 +- libressl/man/OPENSSL_config.3 | 4 +- libressl/man/SSL_CIPHER_get_name.3 | 4 +- libressl/man/SSL_CTX_load_verify_locations.3 | 4 +- libressl/man/SSL_CTX_set_cipher_list.3 | 4 +- libressl/man/SSL_CTX_set_options.3 | 2 +- libressl/man/SSL_CTX_set_tmp_dh_callback.3 | 8 +- libressl/man/SSL_get_verify_result.3 | 4 +- libressl/man/SSL_set_verify_result.3 | 4 +- libressl/man/X509_LOOKUP_hash_dir.3 | 2 +- libressl/man/X509_LOOKUP_new.3 | 14 +- libressl/man/X509_STORE_load_locations.3 | 4 +- libressl/man/X509_VERIFY_PARAM_set_flags.3 | 2 +- libressl/man/X509_ocspid_print.3 | 2 +- libressl/man/X509_verify_cert.3 | 2 +- libressl/man/crypto.3 | 2 +- libressl/man/openssl.cnf.5 | 20 +- libressl/man/ssl.3 | 2 +- libressl/man/tls_config_set_protocols.3 | 2 +- libressl/man/tls_conn_version.3 | 2 +- libressl/man/x509v3.cnf.5 | 6 +- 25 files changed, 172 insertions(+), 172 deletions(-) diff --git a/libressl/apps/openssl/openssl.1 b/libressl/apps/openssl/openssl.1 index b28fc09..005a780 100644 --- a/libressl/apps/openssl/openssl.1 +++ b/libressl/apps/openssl/openssl.1 @@ -114,7 +114,7 @@ .Dt OPENSSL 1 .Os .Sh NAME -.Nm openssl +.Nm openssl-LibreSSL .Nd OpenSSL command line tool .Sh SYNOPSIS .Nm @@ -144,7 +144,7 @@ The .Nm program is a command line tool for using the various cryptography functions of -.Nm openssl Ns 's +.Nm openssl-LibreSSL Ns 's crypto library from the shell. .Pp The pseudo-commands @@ -202,8 +202,8 @@ or itself. .Tg asn1parse .Sh ASN1PARSE -.Bl -hang -width "openssl asn1parse" -.It Nm openssl asn1parse +.Bl -hang -width "openssl-LibreSSL asn1parse" +.It Nm openssl-LibreSSL asn1parse .Bk -words .Op Fl i .Op Fl dlimit Ar number @@ -271,7 +271,7 @@ A file containing additional object identifiers If an OID .Pq object identifier is not part of -.Nm openssl Ns 's +.Nm openssl-LibreSSL Ns 's internal table, it will be represented in numerical form .Pq for example 1.2.3.4 . @@ -299,8 +299,8 @@ into a nested structure. .El .Tg ca .Sh CA -.Bl -hang -width "openssl ca" -.It Nm openssl ca +.Bl -hang -width "openssl-LibreSSL ca" +.It Nm openssl-LibreSSL ca .Bk -words .Op Fl batch .Op Fl cert Ar file @@ -789,7 +789,7 @@ For convenience, the value is accepted by both to produce a reasonable output. .Pp If neither option is present, the format used in earlier versions of -.Nm openssl +.Nm openssl-LibreSSL is used. Use of the old format is strongly discouraged because it only displays fields mentioned in the @@ -854,8 +854,8 @@ The same as .El .Tg certhash .Sh CERTHASH -.Bl -hang -width "openssl certhash" -.It Nm openssl certhash +.Bl -hang -width "openssl-LibreSSL certhash" +.It Nm openssl-LibreSSL certhash .Bk -words .Op Fl nv .Ar dir ... @@ -909,7 +909,7 @@ Specify the directories to process. .El .Tg ciphers .Sh CIPHERS -.Nm openssl ciphers +.Nm openssl-LibreSSL ciphers .Op Fl hsVv .Op Fl tls1 .Op Fl tls1_1 @@ -953,8 +953,8 @@ but without cipher suite codes. .El .Tg cms .Sh CMS -.Bl -hang -width "openssl cms" -.It Nm openssl cms +.Bl -hang -width "openssl-LibreSSL cms" +.It Nm openssl-LibreSSL cms .Bk -words .Oo .Fl aes128 | aes192 | aes256 | camellia128 | @@ -1470,8 +1470,8 @@ is specified. .El .Tg crl .Sh CRL -.Bl -hang -width "openssl crl" -.It Nm openssl crl +.Bl -hang -width "openssl-LibreSSL crl" +.It Nm openssl-LibreSSL crl .Bk -words .Op Fl CAfile Ar file .Op Fl CApath Ar dir @@ -1547,8 +1547,8 @@ Verify the signature on the CRL. .El .Tg crl2pkcs7 .Sh CRL2PKCS7 -.Bl -hang -width "openssl crl2pkcs7" -.It Nm openssl crl2pkcs7 +.Bl -hang -width "openssl-LibreSSL crl2pkcs7" +.It Nm openssl-LibreSSL crl2pkcs7 .Bk -words .Op Fl certfile Ar file .Op Fl in Ar file @@ -1593,8 +1593,8 @@ The output format. .El .Tg dgst .Sh DGST -.Bl -hang -width "openssl dgst" -.It Nm openssl dgst +.Bl -hang -width "openssl-LibreSSL dgst" +.It Nm openssl-LibreSSL dgst .Bk -words .Op Fl cdr .Op Fl binary @@ -1635,13 +1635,13 @@ Use the specified message .Ar digest . The default is SHA256. The available digests can be displayed using -.Nm openssl +.Nm openssl-LibreSSL .Cm list-message-digest-commands . The following are equivalent: -.Nm openssl dgst +.Nm openssl-LibreSSL dgst .Fl sha256 and -.Nm openssl +.Nm openssl-LibreSSL .Cm sha256 . .It Fl hex Digest is to be output as a hex dump. @@ -1708,8 +1708,8 @@ If no files are specified then standard input is used. .El .Tg dhparam .Sh DHPARAM -.Bl -hang -width "openssl dhparam" -.It Nm openssl dhparam +.Bl -hang -width "openssl-LibreSSL dhparam" +.It Nm openssl-LibreSSL dhparam .Bk -words .Op Fl 2 | 5 .Op Fl C @@ -1785,8 +1785,8 @@ parameters are generated instead. .El .Tg dsa .Sh DSA -.Bl -hang -width "openssl dsa" -.It Nm openssl dsa +.Bl -hang -width "openssl-LibreSSL dsa" +.It Nm openssl-LibreSSL dsa .Bk -words .Oo .Fl aes128 | aes192 | aes256 | @@ -1874,8 +1874,8 @@ Print the public/private key in plain text. .El .Tg dsaparam .Sh DSAPARAM -.Bl -hang -width "openssl dsaparam" -.It Nm openssl dsaparam +.Bl -hang -width "openssl-LibreSSL dsaparam" +.It Nm openssl-LibreSSL dsaparam .Bk -words .Op Fl C .Op Fl genkey @@ -1927,8 +1927,8 @@ If this option is included, the input file is ignored. .El .Tg ec .Sh EC -.Bl -hang -width "openssl ec" -.It Nm openssl ec +.Bl -hang -width "openssl-LibreSSL ec" +.It Nm openssl-LibreSSL ec .Bk -words .Op Fl conv_form Ar arg .Op Fl des @@ -1953,7 +1953,7 @@ The command processes EC keys. They can be converted between various forms and their components printed out. -.Nm openssl +.Nm openssl-LibreSSL uses the private key format specified in .Dq SEC 1: Elliptic Curve Cryptography .Pq Lk https://www.secg.org/ . @@ -1985,7 +1985,7 @@ at compile time. .It Fl des | des3 Encrypt the private key with DES, triple DES, or any other cipher supported by -.Nm openssl . +.Nm openssl-LibreSSL . A pass phrase is prompted for. If none of these options are specified, the key is written in plain text. This means that using the @@ -2040,8 +2040,8 @@ Print the public/private key in plain text. .El .Tg ecparam .Sh ECPARAM -.Bl -hang -width "openssl ecparam" -.It Nm openssl ecparam +.Bl -hang -width "openssl-LibreSSL ecparam" +.It Nm openssl-LibreSSL ecparam .Bk -words .Op Fl C .Op Fl check @@ -2063,7 +2063,7 @@ Print the public/private key in plain text. The .Nm ecparam command is used to manipulate or generate EC parameter files. -.Nm openssl +.Nm openssl-LibreSSL is not able to generate new groups so .Nm ecparam can only create EC parameters from known (named) curves. @@ -2136,8 +2136,8 @@ Print the EC parameters in plain text. .El .Tg enc .Sh ENC -.Bl -hang -width "openssl enc" -.It Nm openssl enc +.Bl -hang -width "openssl-LibreSSL enc" +.It Nm openssl-LibreSSL enc .Bk -words .Fl ciphername .Op Fl AadePpv @@ -2168,9 +2168,9 @@ or explicitly provided. Base64 encoding or decoding can also be performed either by itself or in addition to the encryption or decryption. The program can be called either as -.Nm openssl Ar ciphername +.Nm openssl-LibreSSL Ar ciphername or -.Nm openssl enc - Ns Ar ciphername . +.Nm openssl-LibreSSL enc - Ns Ar ciphername . .Pp Some of the ciphers do not have large keys and others have security implications if not used correctly. @@ -2300,7 +2300,7 @@ Print extra details about the processing. .El .Tg errstr .Sh ERRSTR -.Nm openssl errstr +.Nm openssl-LibreSSL errstr .Op Fl stats .Ar errno ... .Pp @@ -2331,8 +2331,8 @@ Print debugging statistics about various aspects of the hash table. .El .Tg gendsa .Sh GENDSA -.Bl -hang -width "openssl gendsa" -.It Nm openssl gendsa +.Bl -hang -width "openssl-LibreSSL gendsa" +.It Nm openssl-LibreSSL gendsa .Bk -words .Oo .Fl aes128 | aes192 | aes256 | camellia128 | @@ -2348,7 +2348,7 @@ The .Nm gendsa command generates a DSA private key from a DSA parameter file (typically generated by the -.Nm openssl dsaparam +.Nm openssl-LibreSSL dsaparam command). DSA key generation is little more than random number generation so it is much quicker than, @@ -2378,8 +2378,8 @@ The parameters in this file determine the size of the private key. .El .Tg genpkey .Sh GENPKEY -.Bl -hang -width "openssl genpkey" -.It Nm openssl genpkey +.Bl -hang -width "openssl-LibreSSL genpkey" +.It Nm openssl-LibreSSL genpkey .Bk -words .Op Fl algorithm Ar alg .Op Ar cipher @@ -2483,8 +2483,8 @@ Print the private/public key in plain text. .El .Tg genrsa .Sh GENRSA -.Bl -hang -width "openssl genrsa" -.It Nm openssl genrsa +.Bl -hang -width "openssl-LibreSSL genrsa" +.It Nm openssl-LibreSSL genrsa .Bk -words .Op Fl 3 | f4 .Oo @@ -2544,7 +2544,7 @@ The default is 2048. .El .Tg nseq .Sh NSEQ -.Nm openssl nseq +.Nm openssl-LibreSSL nseq .Op Fl in Ar file .Op Fl out Ar file .Op Fl toseq @@ -2575,8 +2575,8 @@ a Netscape certificate sequence is created from a file of certificates. .El .Tg ocsp .Sh OCSP -.Bl -hang -width "openssl ocsp" -.It Nm openssl ocsp +.Bl -hang -width "openssl-LibreSSL ocsp" +.It Nm openssl-LibreSSL ocsp .Bk -words .Op Fl CA Ar file .Op Fl CAfile Ar file @@ -2896,7 +2896,7 @@ specified by the and .Fl CApath options or they will be looked for in the standard -.Nm openssl +.Nm openssl-LibreSSL certificates directory. .Pp If the initial verify fails, the OCSP verify process halts with an error. @@ -2928,8 +2928,8 @@ with the option. .Tg passwd .Sh PASSWD -.Bl -hang -width "openssl passwd" -.It Nm openssl passwd +.Bl -hang -width "openssl-LibreSSL passwd" +.It Nm openssl-LibreSSL passwd .Bk -words .Op Fl 1 | apr1 | crypt .Op Fl in Ar file @@ -2992,8 +2992,8 @@ to each password hash. .El .Tg pkcs7 .Sh PKCS7 -.Bl -hang -width "openssl pkcs7" -.It Nm openssl pkcs7 +.Bl -hang -width "openssl-LibreSSL pkcs7" +.It Nm openssl-LibreSSL pkcs7 .Bk -words .Op Fl in Ar file .Op Fl inform Cm der | pem @@ -3038,8 +3038,8 @@ Print certificate details in full rather than just subject and issuer names. .El .Tg pkcs8 .Sh PKCS8 -.Bl -hang -width "openssl pkcs8" -.It Nm openssl pkcs8 +.Bl -hang -width "openssl-LibreSSL pkcs8" +.It Nm openssl-LibreSSL pkcs8 .Bk -words .Op Fl in Ar file .Op Fl inform Cm der | pem @@ -3112,7 +3112,7 @@ Use PKCS#5 v2.0 algorithms. Supports algorithms such as 168-bit triple DES or 128-bit RC2, however not many implementations support PKCS#5 v2.0 yet (if using private keys with -.Nm openssl +.Nm openssl-LibreSSL this doesn't matter). .Pp .Ar alg @@ -3122,8 +3122,8 @@ It is recommended that des3 is used. .El .Tg pkcs12 .Sh PKCS12 -.Bl -hang -width "openssl pkcs12" -.It Nm openssl pkcs12 +.Bl -hang -width "openssl-LibreSSL pkcs12" +.It Nm openssl-LibreSSL pkcs12 .Bk -words .Oo .Fl aes128 | aes192 | aes256 | camellia128 | @@ -3340,8 +3340,8 @@ is equivalent to .El .Tg pkey .Sh PKEY -.Bl -hang -width "openssl pkey" -.It Nm openssl pkey +.Bl -hang -width "openssl-LibreSSL pkey" +.It Nm openssl-LibreSSL pkey .Bk -words .Op Fl check .Op Ar cipher @@ -3411,7 +3411,7 @@ even if a private key is being processed. .El .Tg pkeyparam .Sh PKEYPARAM -.Cm openssl pkeyparam +.Cm openssl-LibreSSL pkeyparam .Op Fl check .Op Fl in Ar file .Op Fl noout @@ -3440,8 +3440,8 @@ Print the parameters in plain text. .El .Tg pkeyutl .Sh PKEYUTL -.Bl -hang -width "openssl pkeyutl" -.It Nm openssl pkeyutl +.Bl -hang -width "openssl-LibreSSL pkeyutl" +.It Nm openssl-LibreSSL pkeyutl .Bk -words .Op Fl asn1parse .Op Fl certin @@ -3593,7 +3593,7 @@ Verify the input data and output the recovered data. .El .Tg prime .Sh PRIME -.Cm openssl prime +.Cm openssl-LibreSSL prime .Op Fl bits Ar n .Op Fl checks Ar n .Op Fl generate @@ -3638,8 +3638,8 @@ is prime. .El .Tg rand .Sh RAND -.Bl -hang -width "openssl rand" -.It Nm openssl rand +.Bl -hang -width "openssl-LibreSSL rand" +.It Nm openssl-LibreSSL rand .Bk -words .Op Fl base64 .Op Fl hex @@ -3666,8 +3666,8 @@ or standard output if not specified. .El .Tg req .Sh REQ -.Bl -hang -width "openssl req" -.It Nm openssl req +.Bl -hang -width "openssl-LibreSSL req" +.It Nm openssl-LibreSSL req .Bk -words .Op Fl addext Ar ext .Op Fl batch @@ -3916,7 +3916,7 @@ is the same as .Cm distinguished_name . Typically these may contain the challengePassword or unstructuredName types. They are currently ignored by the -.Nm openssl +.Nm openssl-LibreSSL request signing utilities, but some CAs might want them. .It Cm default_bits The default key size, in bits. @@ -4088,7 +4088,7 @@ can be input by calling it The actual permitted field names are any object identifier short or long names. These are compiled into -.Nm openssl +.Nm openssl-LibreSSL and include the usual values such as .Cm commonName , countryName , localityName , organizationName , .Cm organizationalUnitName , stateOrProvinceName . @@ -4108,8 +4108,8 @@ Any additional fields will be treated as though they were a .Cm DirectoryString . .Tg rsa .Sh RSA -.Bl -hang -width "openssl rsa" -.It Nm openssl rsa +.Bl -hang -width "openssl-LibreSSL rsa" +.It Nm openssl-LibreSSL rsa .Bk -words .Op Fl aes128 | aes192 | aes256 | des | des3 .Op Fl check @@ -4202,8 +4202,8 @@ Print the public/private key components in plain text. .El .Tg rsautl .Sh RSAUTL -.Bl -hang -width "openssl rsautl" -.It Nm openssl rsautl +.Bl -hang -width "openssl-LibreSSL rsautl" +.It Nm openssl-LibreSSL rsautl .Bk -words .Op Fl asn1parse .Op Fl certin @@ -4277,8 +4277,8 @@ Verify the input data and output the recovered data. .El .Tg s_client .Sh S_CLIENT -.Bl -hang -width "openssl s_client" -.It Nm openssl s_client +.Bl -hang -width "openssl-LibreSSL s_client" +.It Nm openssl-LibreSSL s_client .Bk -words .Op Fl 4 | 6 .Op Fl alpn Ar protocols @@ -4585,8 +4585,8 @@ will be used. .El .Tg s_server .Sh S_SERVER -.Bl -hang -width "openssl s_server" -.It Nm openssl s_server +.Bl -hang -width "openssl-LibreSSL s_server" +.It Nm openssl-LibreSSL s_server .Bk -words .Op Fl accept Ar port .Op Fl alpn Ar protocols @@ -4913,8 +4913,8 @@ a certificate is requested but the client does not have to send one. .El .Tg s_time .Sh S_TIME -.Bl -hang -width "openssl s_time" -.It Nm openssl s_time +.Bl -hang -width "openssl-LibreSSL s_time" +.It Nm openssl-LibreSSL s_time .Bk -words .Op Fl bugs .Op Fl CAfile Ar file @@ -5024,8 +5024,8 @@ but not transfer any payload data. .El .Tg sess_id .Sh SESS_ID -.Bl -hang -width "openssl sess_id" -.It Nm openssl sess_id +.Bl -hang -width "openssl-LibreSSL sess_id" +.It Nm openssl-LibreSSL sess_id .Bk -words .Op Fl cert .Op Fl context Ar ID @@ -5117,8 +5117,8 @@ This is, however, strongly discouraged and should only be used for debugging purposes. .Tg smime .Sh SMIME -.Bl -hang -width "openssl smime" -.It Nm openssl smime +.Bl -hang -width "openssl-LibreSSL smime" +.It Nm openssl-LibreSSL smime .Bk -words .Oo .Fl aes128 | aes192 | aes256 | des | @@ -5414,8 +5414,8 @@ An error occurred writing certificates. .El .Tg speed .Sh SPEED -.Bl -hang -width "openssl speed" -.It Nm openssl speed +.Bl -hang -width "openssl-LibreSSL speed" +.It Nm openssl-LibreSSL speed .Bk -words .Op Ar algorithm .Op Fl decrypt @@ -5452,8 +5452,8 @@ benchmarks in parallel. .El .Tg spkac .Sh SPKAC -.Bl -hang -width "openssl spkac" -.It Nm openssl spkac +.Bl -hang -width "openssl-LibreSSL spkac" +.It Nm openssl-LibreSSL spkac .Bk -words .Op Fl challenge Ar string .Op Fl in Ar file @@ -5515,8 +5515,8 @@ Verify the digital signature on the supplied SPKAC. .Tg ts .Sh TS .Bk -words -.Bl -hang -width "openssl ts" -.It Nm openssl ts +.Bl -hang -width "openssl-LibreSSL ts" +.It Nm openssl-LibreSSL ts .Fl query .Op Fl md4 | md5 | ripemd160 | sha1 .Op Fl cert @@ -5528,7 +5528,7 @@ Verify the digital signature on the supplied SPKAC. .Op Fl out Ar request.tsq .Op Fl policy Ar object_id .Op Fl text -.It Nm openssl ts +.It Nm openssl-LibreSSL ts .Fl reply .Op Fl chain Ar certs_file.pem .Op Fl config Ar configfile @@ -5543,7 +5543,7 @@ Verify the digital signature on the supplied SPKAC. .Op Fl text .Op Fl token_in .Op Fl token_out -.It Nm openssl ts +.It Nm openssl-LibreSSL ts .Fl verify .Op Fl CAfile Ar trusted_certs.pem .Op Fl CApath Ar trusted_cert_path @@ -5877,8 +5877,8 @@ The default is no. .El .Tg verify .Sh VERIFY -.Bl -hang -width "openssl verify" -.It Nm openssl verify +.Bl -hang -width "openssl-LibreSSL verify" +.It Nm openssl-LibreSSL verify .Bk -words .Op Fl CAfile Ar file .Op Fl CApath Ar directory @@ -6208,13 +6208,13 @@ Unused. .El .Tg version .Sh VERSION -.Nm openssl version +.Nm openssl-LibreSSL version .Op Fl abdfopv .Pp The .Nm version command is used to print out version information about -.Nm openssl . +.Nm openssl-LibreSSL . .Pp The options are as follows: .Bl -tag -width Ds @@ -6222,7 +6222,7 @@ The options are as follows: All information: this is the same as setting all the other flags. .It Fl b The date the current version of -.Nm openssl +.Nm openssl-LibreSSL was built. .It Fl d .Ev OPENSSLDIR @@ -6235,13 +6235,13 @@ Option information: various options set when the library was built. Platform setting. .It Fl v The current -.Nm openssl +.Nm openssl-LibreSSL version. .El .Tg x509 .Sh X509 -.Bl -hang -width "openssl x509" -.It Nm openssl x509 +.Bl -hang -width "openssl-LibreSSL x509" +.It Nm openssl-LibreSSL x509 .Bk -words .Op Fl C .Op Fl addreject Ar arg @@ -6415,7 +6415,7 @@ Print the hash of the certificate issuer name. .It Fl issuer_hash_old Print the hash of the certificate issuer name using the older algorithm as used by -.Nm openssl +.Nm openssl-LibreSSL versions before 1.0.0. .It Fl modulus Print the value of the modulus of the public key contained in the certificate. @@ -6458,7 +6458,7 @@ usually, non-character string types are displayed as though each content octet represents a single character. .It Cm dump_unknown Dump any field whose OID is not recognised by -.Nm openssl . +.Nm openssl-LibreSSL . .It Cm esc_2253 Escape the .Qq special @@ -6582,13 +6582,13 @@ Print the subject name. .It Fl subject_hash Print the hash of the certificate subject name. This is used in -.Nm openssl +.Nm openssl-LibreSSL to form an index to allow certificates in a directory to be looked up by subject name. .It Fl subject_hash_old Print the hash of the certificate subject name using the older algorithm as used by -.Nm openssl +.Nm openssl-LibreSSL versions before 1.0.0. .It Fl text Print the full certificate in text form. @@ -6972,24 +6972,24 @@ Plain ASCII text. .El .Sh ENVIRONMENT The following environment variables affect the execution of -.Nm openssl : -.Bl -tag -width "/etc/ssl/openssl.cnf" +.Nm openssl-LibreSSL : +.Bl -tag -width "/etc/libressl/openssl.cnf" .It Ev OPENSSL_CONF The location of the master configuration file. .El .Sh FILES -.Bl -tag -width "/etc/ssl/openssl.cnf" -compact -.It Pa /etc/ssl/ +.Bl -tag -width "/etc/libressl/openssl.cnf" -compact +.It Pa /etc/libressl/ Default config directory for -.Nm openssl . -.It Pa /etc/ssl/lib/ +.Nm openssl-LibreSSL . +.It Pa /etc/libressl/lib/ Unused. -.It Pa /etc/ssl/private/ +.It Pa /etc/libressl/private/ Default private key directory. -.It Pa /etc/ssl/openssl.cnf +.It Pa /etc/libressl/openssl.cnf Default configuration file for -.Nm openssl . -.It Pa /etc/ssl/x509v3.cnf +.Nm openssl-LibreSSL . +.It Pa /etc/libressl/x509v3.cnf Default configuration file for .Nm x509 certificates. diff --git a/libressl/man/CONF_modules_load_file.3 b/libressl/man/CONF_modules_load_file.3 index bd419ef..967e083 100644 --- a/libressl/man/CONF_modules_load_file.3 +++ b/libressl/man/CONF_modules_load_file.3 @@ -105,7 +105,7 @@ If is .Dv NULL , the standard OpenSSL configuration file -.Pa /etc/ssl/openssl.cnf +.Pa /etc/libressl/openssl.cnf is used. If .Fa appname @@ -187,12 +187,12 @@ value of the failing module (this will always be zero or negative). .Pp .Fn X509_get_default_cert_area returns a pointer to the constant string -.Qq "/etc/ssl" . +.Qq "/etc/libressl" . .Sh FILES -.Bl -tag -width /etc/ssl/openssl.cnf -compact -.It Pa /etc/ssl +.Bl -tag -width /etc/libressl/openssl.cnf -compact +.It Pa /etc/libressl standard configuration directory -.It Pa /etc/ssl/openssl.cnf +.It Pa /etc/libressl/openssl.cnf standard configuration file .El .Sh EXAMPLES diff --git a/libressl/man/EVP_EncryptInit.3 b/libressl/man/EVP_EncryptInit.3 index b4fbfa3..1315bd9 100644 --- a/libressl/man/EVP_EncryptInit.3 +++ b/libressl/man/EVP_EncryptInit.3 @@ -1182,10 +1182,10 @@ do_crypt(char *outfile) .Ed .Pp The ciphertext from the above example can be decrypted using the -.Xr openssl 1 +.Xr openssl-LibreSSL 1 utility with the command line: .Bd -literal -offset indent -openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F \e +openssl-LibreSSL bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F \e -iv 0102030405060708 -d .Ed .Pp diff --git a/libressl/man/EVP_PKEY_CTX_ctrl.3 b/libressl/man/EVP_PKEY_CTX_ctrl.3 index 7714cb0..4568ad7 100644 --- a/libressl/man/EVP_PKEY_CTX_ctrl.3 +++ b/libressl/man/EVP_PKEY_CTX_ctrl.3 @@ -232,7 +232,7 @@ in string form. This is intended to be used for options specified on the command line or in text files. The commands supported are documented in the -.Xr openssl 1 +.Xr openssl-LibreSSL 1 utility command line pages for the option .Fl pkeyopt which is supported by the diff --git a/libressl/man/OPENSSL_VERSION_NUMBER.3 b/libressl/man/OPENSSL_VERSION_NUMBER.3 index 06ca558..2078c60 100644 --- a/libressl/man/OPENSSL_VERSION_NUMBER.3 +++ b/libressl/man/OPENSSL_VERSION_NUMBER.3 @@ -191,7 +191,7 @@ if available or .Qq OPENSSLDIR: N/A otherwise. For LibreSSL, the default is -.Qq OPENSSLDIR: Qq /etc/ssl . +.Qq OPENSSLDIR: Qq /etc/libressl . .It Dv OPENSSL_ENGINES_DIR The .Dv ENGINESDIR diff --git a/libressl/man/OPENSSL_config.3 b/libressl/man/OPENSSL_config.3 index 2960e23..4f9bcf6 100644 --- a/libressl/man/OPENSSL_config.3 +++ b/libressl/man/OPENSSL_config.3 @@ -133,8 +133,8 @@ Applications should free up configuration at application closedown by calling .Xr CONF_modules_free 3 . .Sh FILES -.Bl -tag -width /etc/ssl/openssl.cnf -compact -.It Pa /etc/ssl/openssl.cnf +.Bl -tag -width /etc/libressl/openssl.cnf -compact +.It Pa /etc/libressl/openssl.cnf standard configuration file .El .Sh SEE ALSO diff --git a/libressl/man/SSL_CIPHER_get_name.3 b/libressl/man/SSL_CIPHER_get_name.3 index 235ff14..8a93101 100644 --- a/libressl/man/SSL_CIPHER_get_name.3 +++ b/libressl/man/SSL_CIPHER_get_name.3 @@ -337,9 +337,9 @@ ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD .Pp A complete list can be retrieved by invoking the following command: .Pp -.Dl $ openssl ciphers -v ALL:COMPLEMENTOFALL +.Dl $ openssl-LibreSSL ciphers -v ALL:COMPLEMENTOFALL .Sh SEE ALSO -.Xr openssl 1 , +.Xr openssl-LibreSSL 1 , .Xr ssl 3 , .Xr SSL_get_ciphers 3 , .Xr SSL_get_current_cipher 3 diff --git a/libressl/man/SSL_CTX_load_verify_locations.3 b/libressl/man/SSL_CTX_load_verify_locations.3 index 373df24..f515c05 100644 --- a/libressl/man/SSL_CTX_load_verify_locations.3 +++ b/libressl/man/SSL_CTX_load_verify_locations.3 @@ -189,7 +189,7 @@ Generate a CA certificate file with descriptive text from the CA certificates #!/bin/sh rm CAfile.pem for i in ca1.pem ca2.pem ca3.pem; do - openssl x509 -in $i -text >> CAfile.pem + openssl-LibreSSL x509 -in $i -text >> CAfile.pem done .Ed .Pp @@ -201,7 +201,7 @@ $ cd /some/where/certs $ rm -f *.[0-9]* *.r[0-9]* $ for c in *.pem; do > [ "$c" = "*.pem" ] && continue -> hash=$(openssl x509 -noout -hash -in "$c") +> hash=$(openssl-LibreSSL x509 -noout -hash -in "$c") > if egrep -q -- '-BEGIN( X509 | TRUSTED | )CERTIFICATE-' "$c"; then > suf=0 > while [ -e $hash.$suf ]; do suf=$(( $suf + 1 )); done diff --git a/libressl/man/SSL_CTX_set_cipher_list.3 b/libressl/man/SSL_CTX_set_cipher_list.3 index 9d24e00..20942cb 100644 --- a/libressl/man/SSL_CTX_set_cipher_list.3 +++ b/libressl/man/SSL_CTX_set_cipher_list.3 @@ -137,7 +137,7 @@ It can only be used as the first word. The .Cm DEFAULT cipher list can be displayed with the -.Xr openssl 1 +.Xr openssl-LibreSSL 1 .Cm ciphers command. .It Cm @SECLEVEL=n @@ -307,7 +307,7 @@ cipher suites are made available, too. .El .Pp The full words returned by the -.Xr openssl 1 +.Xr openssl-LibreSSL 1 .Cm ciphers command can be used to select individual cipher suites. .Pp diff --git a/libressl/man/SSL_CTX_set_options.3 b/libressl/man/SSL_CTX_set_options.3 index 5df0b07..5f92bbc 100644 --- a/libressl/man/SSL_CTX_set_options.3 +++ b/libressl/man/SSL_CTX_set_options.3 @@ -347,7 +347,7 @@ return the current bitmask. .Fn SSL_get_secure_renegotiation_support returns 1 is the peer supports secure renegotiation and 0 if it does not. .Sh SEE ALSO -.Xr openssl 1 , +.Xr openssl-LibreSSL 1 , .Xr ssl 3 , .Xr SSL_clear 3 , .Xr SSL_CTX_ctrl 3 , diff --git a/libressl/man/SSL_CTX_set_tmp_dh_callback.3 b/libressl/man/SSL_CTX_set_tmp_dh_callback.3 index 8be504d..c0fd086 100644 --- a/libressl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/libressl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -129,7 +129,7 @@ The risk in reusing DH parameters is that an attacker may specialize on a very often used DH group. Applications should therefore generate their own DH parameters during the installation process using the -.Xr openssl 1 +.Xr openssl-LibreSSL 1 .Cm dhparam application. This application guarantees that "strong" primes are used. @@ -147,7 +147,7 @@ which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the .Fl C option of the -.Xr openssl 1 +.Xr openssl-LibreSSL 1 .Cm dhparam application. Generation of custom DH parameters during installation should still @@ -186,7 +186,7 @@ Error handling is partly left out. .Pp Command-line parameter generation: .Pp -.Dl openssl dhparam -out dh_param_2048.pem 2048 +.Dl openssl-LibreSSL dhparam -out dh_param_2048.pem 2048 .Pp Code for setting up parameters during server initialization: .Bd -literal @@ -211,7 +211,7 @@ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { } .Ed .Sh SEE ALSO -.Xr openssl 1 , +.Xr openssl-LibreSSL 1 , .Xr ssl 3 , .Xr SSL_CTX_set_cipher_list 3 , .Xr SSL_CTX_set_options 3 , diff --git a/libressl/man/SSL_get_verify_result.3 b/libressl/man/SSL_get_verify_result.3 index 180cf1b..aada79a 100644 --- a/libressl/man/SSL_get_verify_result.3 +++ b/libressl/man/SSL_get_verify_result.3 @@ -79,10 +79,10 @@ The following return values can currently occur: The verification succeeded or no peer certificate was presented. .It Any other value Documented in -.Xr openssl 1 . +.Xr openssl-LibreSSL 1 . .El .Sh SEE ALSO -.Xr openssl 1 , +.Xr openssl-LibreSSL 1 , .Xr ssl 3 , .Xr SSL_CTX_set_verify 3 , .Xr SSL_get0_peername 3 , diff --git a/libressl/man/SSL_set_verify_result.3 b/libressl/man/SSL_set_verify_result.3 index 4b7cc6e..34295e3 100644 --- a/libressl/man/SSL_set_verify_result.3 +++ b/libressl/man/SSL_set_verify_result.3 @@ -78,9 +78,9 @@ reused later, the original value will reappear. The valid codes for .Fa verify_result are documented in -.Xr openssl 1 . +.Xr openssl-LibreSSL 1 . .Sh SEE ALSO -.Xr openssl 1 , +.Xr openssl-LibreSSL 1 , .Xr ssl 3 , .Xr SSL_get_peer_certificate 3 , .Xr SSL_get_verify_result 3 diff --git a/libressl/man/X509_LOOKUP_hash_dir.3 b/libressl/man/X509_LOOKUP_hash_dir.3 index f632135..68d9cc8 100644 --- a/libressl/man/X509_LOOKUP_hash_dir.3 +++ b/libressl/man/X509_LOOKUP_hash_dir.3 @@ -132,7 +132,7 @@ name for CRLs. The hash can also be obtained via the .Fl hash option of the -.Xr openssl 1 +.Xr openssl-LibreSSL 1 .Cm x509 or .Cm crl diff --git a/libressl/man/X509_LOOKUP_new.3 b/libressl/man/X509_LOOKUP_new.3 index f368cbb..8d6d852 100644 --- a/libressl/man/X509_LOOKUP_new.3 +++ b/libressl/man/X509_LOOKUP_new.3 @@ -163,7 +163,7 @@ is the .Fa source argument is ignored and -.Pa /etc/ssl/certs +.Pa /etc/libressl/certs and a type of .Dv X509_FILETYPE_PEM are used instead. @@ -218,7 +218,7 @@ is the .Fa source argument is ignored and -.Pa /etc/ssl/certs.pem +.Pa /etc/libressl/certs.pem and a type of .Dv X509_FILETYPE_PEM are used instead. @@ -389,10 +389,10 @@ always return 0. .Pp .Fn X509_get_default_cert_dir returns a pointer to the constant string -.Qq /etc/ssl/certs , +.Qq /etc/libressl/certs , .Fn X509_get_default_cert_file to -.Qq /etc/ssl/certs.pem , +.Qq /etc/libressl/certs.pem , .Fn X509_get_default_cert_dir_env to .Qq SSL_CERT_DIR , @@ -414,10 +414,10 @@ directly and may pass their values to and .Fn X509_LOOKUP_load_file . .Sh FILES -.Bl -tag -width /etc/ssl/certs.pem -compact -.It Pa /etc/ssl/certs/ +.Bl -tag -width /etc/libressl/certs.pem -compact +.It Pa /etc/libressl/certs/ default directory for storing trusted certificates -.It Pa /etc/ssl/certs.pem +.It Pa /etc/libressl/certs.pem default file for storing trusted certificates .El .Sh ERRORS diff --git a/libressl/man/X509_STORE_load_locations.3 b/libressl/man/X509_STORE_load_locations.3 index f38eeb6..2f4b70b 100644 --- a/libressl/man/X509_STORE_load_locations.3 +++ b/libressl/man/X509_STORE_load_locations.3 @@ -151,10 +151,10 @@ on failure. With LibreSSL, the only reason for failure is lack of memory. .Sh FILES .Bl -tag -width Ds -.It Pa /etc/ssl/cert.pem +.It Pa /etc/libressl/cert.pem default PEM file for .Fn X509_STORE_set_default_paths -.It Pa /etc/ssl/certs/ +.It Pa /etc/libressl/certs/ default directory for .Fn X509_STORE_set_default_paths .El diff --git a/libressl/man/X509_VERIFY_PARAM_set_flags.3 b/libressl/man/X509_VERIFY_PARAM_set_flags.3 index 08961eb..39dc980 100644 --- a/libressl/man/X509_VERIFY_PARAM_set_flags.3 +++ b/libressl/man/X509_VERIFY_PARAM_set_flags.3 @@ -607,7 +607,7 @@ This is especially important when some certificates in the trust store have explicit trust settings; see the trust settings options of the .Cm x509 command in -.Xr openssl 1 . +.Xr openssl-LibreSSL 1 . .Pp The .Dv X509_V_FLAG_NO_ALT_CHAINS diff --git a/libressl/man/X509_ocspid_print.3 b/libressl/man/X509_ocspid_print.3 index b9b6c92..ea1f97e 100644 --- a/libressl/man/X509_ocspid_print.3 +++ b/libressl/man/X509_ocspid_print.3 @@ -42,7 +42,7 @@ returns 1 for success or 0 for failure. This function is used by the .Fl ocspid flag of the -.Xr openssl 1 +.Xr openssl-LibreSSL 1 .Cm x509 command. .Sh SEE ALSO diff --git a/libressl/man/X509_verify_cert.3 b/libressl/man/X509_verify_cert.3 index 9c085d7..9bd3526 100644 --- a/libressl/man/X509_verify_cert.3 +++ b/libressl/man/X509_verify_cert.3 @@ -79,7 +79,7 @@ Additional error information can be obtained by examining using .Xr X509_STORE_CTX_get_error 3 . .Sh SEE ALSO -.Xr openssl 1 , +.Xr openssl-LibreSSL 1 , .Xr X509_STORE_CTX_get_error 3 , .Xr X509_STORE_CTX_new 3 .Sh HISTORY diff --git a/libressl/man/crypto.3 b/libressl/man/crypto.3 index f809347..0a11436 100644 --- a/libressl/man/crypto.3 +++ b/libressl/man/crypto.3 @@ -426,5 +426,5 @@ function reverses the effect of one call to the function rather than freeing the object. .El .Sh SEE ALSO -.Xr openssl 1 , +.Xr openssl-LibreSSL 1 , .Xr ssl 3 diff --git a/libressl/man/openssl.cnf.5 b/libressl/man/openssl.cnf.5 index 48ca66c..f6aeb56 100644 --- a/libressl/man/openssl.cnf.5 +++ b/libressl/man/openssl.cnf.5 @@ -60,11 +60,11 @@ The OpenSSL CONF library can be used to read configuration files; see .Xr CONF_modules_load_file 3 . It is used for the OpenSSL master configuration file -.Pa /etc/ssl/openssl.cnf +.Pa /etc/libressl/openssl.cnf and in a few other places like .Sy SPKAC files and certificate extension files for the -.Xr openssl 1 +.Xr openssl-LibreSSL 1 .Cm x509 utility. OpenSSL applications can also use the CONF library for their own @@ -158,7 +158,7 @@ Applications can automatically configure certain aspects of OpenSSL using the master OpenSSL configuration file, or optionally an alternative configuration file. The -.Xr openssl 1 +.Xr openssl-LibreSSL 1 utility includes this functionality: any sub command uses the master OpenSSL configuration file unless an option is used in the sub command to use an alternative configuration file. @@ -168,7 +168,7 @@ an appropriate line which points to the main configuration section. The default name is .Ic openssl_conf , which is used by the -.Xr openssl 1 +.Xr openssl-LibreSSL 1 utility. Other applications may use an alternative name such as .Sy myapplication_conf . @@ -209,11 +209,11 @@ The value of this variable points to a section containing name value pairs of OIDs: the name is the OID short and long name, and the value is the numerical form of the OID. Although some of the -.Xr openssl 1 +.Xr openssl-LibreSSL 1 utility subcommands already have their own ASN1 OBJECT section functionality, not all do. By using the ASN1 OBJECT configuration module, all the -.Xr openssl 1 +.Xr openssl-LibreSSL 1 utility subcommands can see the new objects as well as any compliant applications. For example: @@ -329,8 +329,8 @@ other_ctrl = EMPTY default_algorithms = ALL .Ed .Sh FILES -.Bl -tag -width /etc/ssl/openssl.cnf -compact -.It Pa /etc/ssl/openssl.cnf +.Bl -tag -width /etc/libressl/openssl.cnf -compact +.It Pa /etc/libressl/openssl.cnf standard configuration file .El .Sh EXAMPLES @@ -410,14 +410,14 @@ configuration if "openssl_conf" is modified to match the appropriate For example if the second sample file above is saved to "example.cnf" then the command line: .Pp -.Dl OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1 +.Dl OPENSSL_CONF=example.cnf openssl-LibreSSL asn1parse -genstr OID:1.2.3.4.1 .Pp will output: .Dl 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 .Pp showing that the OID "newoid1" has been added as "1.2.3.4.1". .Sh SEE ALSO -.Xr openssl 1 , +.Xr openssl-LibreSSL 1 , .Xr CONF_modules_load_file 3 , .Xr OPENSSL_config 3 , .Xr x509v3.cnf 5 diff --git a/libressl/man/ssl.3 b/libressl/man/ssl.3 index 4dd3d23..8811642 100644 --- a/libressl/man/ssl.3 +++ b/libressl/man/ssl.3 @@ -358,7 +358,7 @@ To inspect the state during ongoing communication: .Xr SSL_library_init 3 , .Xr SSL_set_tmp_ecdh 3 .Sh SEE ALSO -.Xr openssl 1 , +.Xr openssl-LibreSSL 1 , .Xr crypto 3 , .Xr tls_init 3 .Sh HISTORY diff --git a/libressl/man/tls_config_set_protocols.3 b/libressl/man/tls_config_set_protocols.3 index 7c62493..423630d 100644 --- a/libressl/man/tls_config_set_protocols.3 +++ b/libressl/man/tls_config_set_protocols.3 @@ -146,7 +146,7 @@ permitted names are: .Pp Alternatively, libssl cipher strings can be specified. See the CIPHERS section of -.Xr openssl 1 +.Xr openssl-LibreSSL 1 for further information. .Pp .Fn tls_config_set_dheparams diff --git a/libressl/man/tls_conn_version.3 b/libressl/man/tls_conn_version.3 index 9ab6932..391879d 100644 --- a/libressl/man/tls_conn_version.3 +++ b/libressl/man/tls_conn_version.3 @@ -145,7 +145,7 @@ The hash string for a certificate in file .Ar mycert.crt can be generated using the commands: .Bd -literal -offset indent -h=$(openssl x509 -outform der -in mycert.crt | sha256) +h=$(openssl-LibreSSL x509 -outform der -in mycert.crt | sha256) printf "SHA256:${h}\\n" .Ed .Pp diff --git a/libressl/man/x509v3.cnf.5 b/libressl/man/x509v3.cnf.5 index 89f52d6..2eeb988 100644 --- a/libressl/man/x509v3.cnf.5 +++ b/libressl/man/x509v3.cnf.5 @@ -677,12 +677,12 @@ For example: .Pp .Dl basicConstraints=critical,DER:00:01:02:03 .Sh FILES -.Bl -tag -width /etc/ssl/x509v3.cnf -compact -.It Pa /etc/ssl/x509v3.cnf +.Bl -tag -width /etc/libressl/x509v3.cnf -compact +.It Pa /etc/libressl/x509v3.cnf standard configuration file .El .Sh SEE ALSO -.Xr openssl 1 , +.Xr openssl-LibreSSL 1 , .Xr ASN1_generate_nconf 3 , .Xr OPENSSL_config 3 , .Xr openssl.cnf 5 -- 2.33.7