Группа :: Безопасность/Сети
Пакет: LibreSSL
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: 0004-ALT-openssl-manpage.patch
Скачать
Скачать
From 4aff38467366d1006fbf3439d1314f6e7803ce60 Mon Sep 17 00:00:00 2001
From: "Vladimir D. Seleznev" <vseleznv@altlinux.org>
Date: Mon, 6 Nov 2017 18:50:01 +0300
Subject: [PATCH] ALT: openssl manpage
---
libressl/apps/openssl/openssl.1 | 232 +++++++++----------
libressl/man/CONF_modules_load_file.3 | 10 +-
libressl/man/EVP_EncryptInit.3 | 4 +-
libressl/man/EVP_PKEY_CTX_ctrl.3 | 2 +-
libressl/man/OPENSSL_VERSION_NUMBER.3 | 2 +-
libressl/man/OPENSSL_config.3 | 4 +-
libressl/man/SSL_CIPHER_get_name.3 | 4 +-
libressl/man/SSL_CTX_load_verify_locations.3 | 4 +-
libressl/man/SSL_CTX_set_cipher_list.3 | 4 +-
libressl/man/SSL_CTX_set_options.3 | 2 +-
libressl/man/SSL_CTX_set_tmp_dh_callback.3 | 8 +-
libressl/man/SSL_get_verify_result.3 | 4 +-
libressl/man/SSL_set_verify_result.3 | 4 +-
libressl/man/X509_LOOKUP_hash_dir.3 | 2 +-
libressl/man/X509_LOOKUP_new.3 | 14 +-
libressl/man/X509_STORE_load_locations.3 | 4 +-
libressl/man/X509_VERIFY_PARAM_set_flags.3 | 2 +-
libressl/man/X509_ocspid_print.3 | 2 +-
libressl/man/X509_verify_cert.3 | 2 +-
libressl/man/crypto.3 | 2 +-
libressl/man/openssl.cnf.5 | 20 +-
libressl/man/ssl.3 | 2 +-
libressl/man/tls_config_set_protocols.3 | 2 +-
libressl/man/tls_conn_version.3 | 2 +-
libressl/man/x509v3.cnf.5 | 6 +-
25 files changed, 172 insertions(+), 172 deletions(-)
diff --git a/libressl/apps/openssl/openssl.1 b/libressl/apps/openssl/openssl.1
index b28fc09..005a780 100644
--- a/libressl/apps/openssl/openssl.1
+++ b/libressl/apps/openssl/openssl.1
@@ -114,7 +114,7 @@
.Dt OPENSSL 1
.Os
.Sh NAME
-.Nm openssl
+.Nm openssl-LibreSSL
.Nd OpenSSL command line tool
.Sh SYNOPSIS
.Nm
@@ -144,7 +144,7 @@ The
.Nm
program is a command line tool for using the various
cryptography functions of
-.Nm openssl Ns 's
+.Nm openssl-LibreSSL Ns 's
crypto library from the shell.
.Pp
The pseudo-commands
@@ -202,8 +202,8 @@ or
itself.
.Tg asn1parse
.Sh ASN1PARSE
-.Bl -hang -width "openssl asn1parse"
-.It Nm openssl asn1parse
+.Bl -hang -width "openssl-LibreSSL asn1parse"
+.It Nm openssl-LibreSSL asn1parse
.Bk -words
.Op Fl i
.Op Fl dlimit Ar number
@@ -271,7 +271,7 @@ A file containing additional object identifiers
If an OID
.Pq object identifier
is not part of
-.Nm openssl Ns 's
+.Nm openssl-LibreSSL Ns 's
internal table, it will be represented in
numerical form
.Pq for example 1.2.3.4 .
@@ -299,8 +299,8 @@ into a nested structure.
.El
.Tg ca
.Sh CA
-.Bl -hang -width "openssl ca"
-.It Nm openssl ca
+.Bl -hang -width "openssl-LibreSSL ca"
+.It Nm openssl-LibreSSL ca
.Bk -words
.Op Fl batch
.Op Fl cert Ar file
@@ -789,7 +789,7 @@ For convenience, the value
is accepted by both to produce a reasonable output.
.Pp
If neither option is present, the format used in earlier versions of
-.Nm openssl
+.Nm openssl-LibreSSL
is used.
Use of the old format is strongly discouraged
because it only displays fields mentioned in the
@@ -854,8 +854,8 @@ The same as
.El
.Tg certhash
.Sh CERTHASH
-.Bl -hang -width "openssl certhash"
-.It Nm openssl certhash
+.Bl -hang -width "openssl-LibreSSL certhash"
+.It Nm openssl-LibreSSL certhash
.Bk -words
.Op Fl nv
.Ar dir ...
@@ -909,7 +909,7 @@ Specify the directories to process.
.El
.Tg ciphers
.Sh CIPHERS
-.Nm openssl ciphers
+.Nm openssl-LibreSSL ciphers
.Op Fl hsVv
.Op Fl tls1
.Op Fl tls1_1
@@ -953,8 +953,8 @@ but without cipher suite codes.
.El
.Tg cms
.Sh CMS
-.Bl -hang -width "openssl cms"
-.It Nm openssl cms
+.Bl -hang -width "openssl-LibreSSL cms"
+.It Nm openssl-LibreSSL cms
.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 | camellia128 |
@@ -1470,8 +1470,8 @@ is specified.
.El
.Tg crl
.Sh CRL
-.Bl -hang -width "openssl crl"
-.It Nm openssl crl
+.Bl -hang -width "openssl-LibreSSL crl"
+.It Nm openssl-LibreSSL crl
.Bk -words
.Op Fl CAfile Ar file
.Op Fl CApath Ar dir
@@ -1547,8 +1547,8 @@ Verify the signature on the CRL.
.El
.Tg crl2pkcs7
.Sh CRL2PKCS7
-.Bl -hang -width "openssl crl2pkcs7"
-.It Nm openssl crl2pkcs7
+.Bl -hang -width "openssl-LibreSSL crl2pkcs7"
+.It Nm openssl-LibreSSL crl2pkcs7
.Bk -words
.Op Fl certfile Ar file
.Op Fl in Ar file
@@ -1593,8 +1593,8 @@ The output format.
.El
.Tg dgst
.Sh DGST
-.Bl -hang -width "openssl dgst"
-.It Nm openssl dgst
+.Bl -hang -width "openssl-LibreSSL dgst"
+.It Nm openssl-LibreSSL dgst
.Bk -words
.Op Fl cdr
.Op Fl binary
@@ -1635,13 +1635,13 @@ Use the specified message
.Ar digest .
The default is SHA256.
The available digests can be displayed using
-.Nm openssl
+.Nm openssl-LibreSSL
.Cm list-message-digest-commands .
The following are equivalent:
-.Nm openssl dgst
+.Nm openssl-LibreSSL dgst
.Fl sha256
and
-.Nm openssl
+.Nm openssl-LibreSSL
.Cm sha256 .
.It Fl hex
Digest is to be output as a hex dump.
@@ -1708,8 +1708,8 @@ If no files are specified then standard input is used.
.El
.Tg dhparam
.Sh DHPARAM
-.Bl -hang -width "openssl dhparam"
-.It Nm openssl dhparam
+.Bl -hang -width "openssl-LibreSSL dhparam"
+.It Nm openssl-LibreSSL dhparam
.Bk -words
.Op Fl 2 | 5
.Op Fl C
@@ -1785,8 +1785,8 @@ parameters are generated instead.
.El
.Tg dsa
.Sh DSA
-.Bl -hang -width "openssl dsa"
-.It Nm openssl dsa
+.Bl -hang -width "openssl-LibreSSL dsa"
+.It Nm openssl-LibreSSL dsa
.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 |
@@ -1874,8 +1874,8 @@ Print the public/private key in plain text.
.El
.Tg dsaparam
.Sh DSAPARAM
-.Bl -hang -width "openssl dsaparam"
-.It Nm openssl dsaparam
+.Bl -hang -width "openssl-LibreSSL dsaparam"
+.It Nm openssl-LibreSSL dsaparam
.Bk -words
.Op Fl C
.Op Fl genkey
@@ -1927,8 +1927,8 @@ If this option is included, the input file is ignored.
.El
.Tg ec
.Sh EC
-.Bl -hang -width "openssl ec"
-.It Nm openssl ec
+.Bl -hang -width "openssl-LibreSSL ec"
+.It Nm openssl-LibreSSL ec
.Bk -words
.Op Fl conv_form Ar arg
.Op Fl des
@@ -1953,7 +1953,7 @@ The
command processes EC keys.
They can be converted between various
forms and their components printed out.
-.Nm openssl
+.Nm openssl-LibreSSL
uses the private key format specified in
.Dq SEC 1: Elliptic Curve Cryptography
.Pq Lk https://www.secg.org/ .
@@ -1985,7 +1985,7 @@ at compile time.
.It Fl des | des3
Encrypt the private key with DES, triple DES, or
any other cipher supported by
-.Nm openssl .
+.Nm openssl-LibreSSL .
A pass phrase is prompted for.
If none of these options are specified, the key is written in plain text.
This means that using the
@@ -2040,8 +2040,8 @@ Print the public/private key in plain text.
.El
.Tg ecparam
.Sh ECPARAM
-.Bl -hang -width "openssl ecparam"
-.It Nm openssl ecparam
+.Bl -hang -width "openssl-LibreSSL ecparam"
+.It Nm openssl-LibreSSL ecparam
.Bk -words
.Op Fl C
.Op Fl check
@@ -2063,7 +2063,7 @@ Print the public/private key in plain text.
The
.Nm ecparam
command is used to manipulate or generate EC parameter files.
-.Nm openssl
+.Nm openssl-LibreSSL
is not able to generate new groups so
.Nm ecparam
can only create EC parameters from known (named) curves.
@@ -2136,8 +2136,8 @@ Print the EC parameters in plain text.
.El
.Tg enc
.Sh ENC
-.Bl -hang -width "openssl enc"
-.It Nm openssl enc
+.Bl -hang -width "openssl-LibreSSL enc"
+.It Nm openssl-LibreSSL enc
.Bk -words
.Fl ciphername
.Op Fl AadePpv
@@ -2168,9 +2168,9 @@ or explicitly provided.
Base64 encoding or decoding can also be performed either by itself
or in addition to the encryption or decryption.
The program can be called either as
-.Nm openssl Ar ciphername
+.Nm openssl-LibreSSL Ar ciphername
or
-.Nm openssl enc - Ns Ar ciphername .
+.Nm openssl-LibreSSL enc - Ns Ar ciphername .
.Pp
Some of the ciphers do not have large keys and others have security
implications if not used correctly.
@@ -2300,7 +2300,7 @@ Print extra details about the processing.
.El
.Tg errstr
.Sh ERRSTR
-.Nm openssl errstr
+.Nm openssl-LibreSSL errstr
.Op Fl stats
.Ar errno ...
.Pp
@@ -2331,8 +2331,8 @@ Print debugging statistics about various aspects of the hash table.
.El
.Tg gendsa
.Sh GENDSA
-.Bl -hang -width "openssl gendsa"
-.It Nm openssl gendsa
+.Bl -hang -width "openssl-LibreSSL gendsa"
+.It Nm openssl-LibreSSL gendsa
.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 | camellia128 |
@@ -2348,7 +2348,7 @@ The
.Nm gendsa
command generates a DSA private key from a DSA parameter file
(typically generated by the
-.Nm openssl dsaparam
+.Nm openssl-LibreSSL dsaparam
command).
DSA key generation is little more than random number generation so it is
much quicker than,
@@ -2378,8 +2378,8 @@ The parameters in this file determine the size of the private key.
.El
.Tg genpkey
.Sh GENPKEY
-.Bl -hang -width "openssl genpkey"
-.It Nm openssl genpkey
+.Bl -hang -width "openssl-LibreSSL genpkey"
+.It Nm openssl-LibreSSL genpkey
.Bk -words
.Op Fl algorithm Ar alg
.Op Ar cipher
@@ -2483,8 +2483,8 @@ Print the private/public key in plain text.
.El
.Tg genrsa
.Sh GENRSA
-.Bl -hang -width "openssl genrsa"
-.It Nm openssl genrsa
+.Bl -hang -width "openssl-LibreSSL genrsa"
+.It Nm openssl-LibreSSL genrsa
.Bk -words
.Op Fl 3 | f4
.Oo
@@ -2544,7 +2544,7 @@ The default is 2048.
.El
.Tg nseq
.Sh NSEQ
-.Nm openssl nseq
+.Nm openssl-LibreSSL nseq
.Op Fl in Ar file
.Op Fl out Ar file
.Op Fl toseq
@@ -2575,8 +2575,8 @@ a Netscape certificate sequence is created from a file of certificates.
.El
.Tg ocsp
.Sh OCSP
-.Bl -hang -width "openssl ocsp"
-.It Nm openssl ocsp
+.Bl -hang -width "openssl-LibreSSL ocsp"
+.It Nm openssl-LibreSSL ocsp
.Bk -words
.Op Fl CA Ar file
.Op Fl CAfile Ar file
@@ -2896,7 +2896,7 @@ specified by the
and
.Fl CApath
options or they will be looked for in the standard
-.Nm openssl
+.Nm openssl-LibreSSL
certificates directory.
.Pp
If the initial verify fails, the OCSP verify process halts with an error.
@@ -2928,8 +2928,8 @@ with the
option.
.Tg passwd
.Sh PASSWD
-.Bl -hang -width "openssl passwd"
-.It Nm openssl passwd
+.Bl -hang -width "openssl-LibreSSL passwd"
+.It Nm openssl-LibreSSL passwd
.Bk -words
.Op Fl 1 | apr1 | crypt
.Op Fl in Ar file
@@ -2992,8 +2992,8 @@ to each password hash.
.El
.Tg pkcs7
.Sh PKCS7
-.Bl -hang -width "openssl pkcs7"
-.It Nm openssl pkcs7
+.Bl -hang -width "openssl-LibreSSL pkcs7"
+.It Nm openssl-LibreSSL pkcs7
.Bk -words
.Op Fl in Ar file
.Op Fl inform Cm der | pem
@@ -3038,8 +3038,8 @@ Print certificate details in full rather than just subject and issuer names.
.El
.Tg pkcs8
.Sh PKCS8
-.Bl -hang -width "openssl pkcs8"
-.It Nm openssl pkcs8
+.Bl -hang -width "openssl-LibreSSL pkcs8"
+.It Nm openssl-LibreSSL pkcs8
.Bk -words
.Op Fl in Ar file
.Op Fl inform Cm der | pem
@@ -3112,7 +3112,7 @@ Use PKCS#5 v2.0 algorithms.
Supports algorithms such as 168-bit triple DES or 128-bit RC2,
however not many implementations support PKCS#5 v2.0 yet
(if using private keys with
-.Nm openssl
+.Nm openssl-LibreSSL
this doesn't matter).
.Pp
.Ar alg
@@ -3122,8 +3122,8 @@ It is recommended that des3 is used.
.El
.Tg pkcs12
.Sh PKCS12
-.Bl -hang -width "openssl pkcs12"
-.It Nm openssl pkcs12
+.Bl -hang -width "openssl-LibreSSL pkcs12"
+.It Nm openssl-LibreSSL pkcs12
.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 | camellia128 |
@@ -3340,8 +3340,8 @@ is equivalent to
.El
.Tg pkey
.Sh PKEY
-.Bl -hang -width "openssl pkey"
-.It Nm openssl pkey
+.Bl -hang -width "openssl-LibreSSL pkey"
+.It Nm openssl-LibreSSL pkey
.Bk -words
.Op Fl check
.Op Ar cipher
@@ -3411,7 +3411,7 @@ even if a private key is being processed.
.El
.Tg pkeyparam
.Sh PKEYPARAM
-.Cm openssl pkeyparam
+.Cm openssl-LibreSSL pkeyparam
.Op Fl check
.Op Fl in Ar file
.Op Fl noout
@@ -3440,8 +3440,8 @@ Print the parameters in plain text.
.El
.Tg pkeyutl
.Sh PKEYUTL
-.Bl -hang -width "openssl pkeyutl"
-.It Nm openssl pkeyutl
+.Bl -hang -width "openssl-LibreSSL pkeyutl"
+.It Nm openssl-LibreSSL pkeyutl
.Bk -words
.Op Fl asn1parse
.Op Fl certin
@@ -3593,7 +3593,7 @@ Verify the input data and output the recovered data.
.El
.Tg prime
.Sh PRIME
-.Cm openssl prime
+.Cm openssl-LibreSSL prime
.Op Fl bits Ar n
.Op Fl checks Ar n
.Op Fl generate
@@ -3638,8 +3638,8 @@ is prime.
.El
.Tg rand
.Sh RAND
-.Bl -hang -width "openssl rand"
-.It Nm openssl rand
+.Bl -hang -width "openssl-LibreSSL rand"
+.It Nm openssl-LibreSSL rand
.Bk -words
.Op Fl base64
.Op Fl hex
@@ -3666,8 +3666,8 @@ or standard output if not specified.
.El
.Tg req
.Sh REQ
-.Bl -hang -width "openssl req"
-.It Nm openssl req
+.Bl -hang -width "openssl-LibreSSL req"
+.It Nm openssl-LibreSSL req
.Bk -words
.Op Fl addext Ar ext
.Op Fl batch
@@ -3916,7 +3916,7 @@ is the same as
.Cm distinguished_name .
Typically these may contain the challengePassword or unstructuredName types.
They are currently ignored by the
-.Nm openssl
+.Nm openssl-LibreSSL
request signing utilities, but some CAs might want them.
.It Cm default_bits
The default key size, in bits.
@@ -4088,7 +4088,7 @@ can be input by calling it
The actual permitted field names are any object identifier short or
long names.
These are compiled into
-.Nm openssl
+.Nm openssl-LibreSSL
and include the usual values such as
.Cm commonName , countryName , localityName , organizationName ,
.Cm organizationalUnitName , stateOrProvinceName .
@@ -4108,8 +4108,8 @@ Any additional fields will be treated as though they were a
.Cm DirectoryString .
.Tg rsa
.Sh RSA
-.Bl -hang -width "openssl rsa"
-.It Nm openssl rsa
+.Bl -hang -width "openssl-LibreSSL rsa"
+.It Nm openssl-LibreSSL rsa
.Bk -words
.Op Fl aes128 | aes192 | aes256 | des | des3
.Op Fl check
@@ -4202,8 +4202,8 @@ Print the public/private key components in plain text.
.El
.Tg rsautl
.Sh RSAUTL
-.Bl -hang -width "openssl rsautl"
-.It Nm openssl rsautl
+.Bl -hang -width "openssl-LibreSSL rsautl"
+.It Nm openssl-LibreSSL rsautl
.Bk -words
.Op Fl asn1parse
.Op Fl certin
@@ -4277,8 +4277,8 @@ Verify the input data and output the recovered data.
.El
.Tg s_client
.Sh S_CLIENT
-.Bl -hang -width "openssl s_client"
-.It Nm openssl s_client
+.Bl -hang -width "openssl-LibreSSL s_client"
+.It Nm openssl-LibreSSL s_client
.Bk -words
.Op Fl 4 | 6
.Op Fl alpn Ar protocols
@@ -4585,8 +4585,8 @@ will be used.
.El
.Tg s_server
.Sh S_SERVER
-.Bl -hang -width "openssl s_server"
-.It Nm openssl s_server
+.Bl -hang -width "openssl-LibreSSL s_server"
+.It Nm openssl-LibreSSL s_server
.Bk -words
.Op Fl accept Ar port
.Op Fl alpn Ar protocols
@@ -4913,8 +4913,8 @@ a certificate is requested but the client does not have to send one.
.El
.Tg s_time
.Sh S_TIME
-.Bl -hang -width "openssl s_time"
-.It Nm openssl s_time
+.Bl -hang -width "openssl-LibreSSL s_time"
+.It Nm openssl-LibreSSL s_time
.Bk -words
.Op Fl bugs
.Op Fl CAfile Ar file
@@ -5024,8 +5024,8 @@ but not transfer any payload data.
.El
.Tg sess_id
.Sh SESS_ID
-.Bl -hang -width "openssl sess_id"
-.It Nm openssl sess_id
+.Bl -hang -width "openssl-LibreSSL sess_id"
+.It Nm openssl-LibreSSL sess_id
.Bk -words
.Op Fl cert
.Op Fl context Ar ID
@@ -5117,8 +5117,8 @@ This is, however, strongly discouraged and should only be used for
debugging purposes.
.Tg smime
.Sh SMIME
-.Bl -hang -width "openssl smime"
-.It Nm openssl smime
+.Bl -hang -width "openssl-LibreSSL smime"
+.It Nm openssl-LibreSSL smime
.Bk -words
.Oo
.Fl aes128 | aes192 | aes256 | des |
@@ -5414,8 +5414,8 @@ An error occurred writing certificates.
.El
.Tg speed
.Sh SPEED
-.Bl -hang -width "openssl speed"
-.It Nm openssl speed
+.Bl -hang -width "openssl-LibreSSL speed"
+.It Nm openssl-LibreSSL speed
.Bk -words
.Op Ar algorithm
.Op Fl decrypt
@@ -5452,8 +5452,8 @@ benchmarks in parallel.
.El
.Tg spkac
.Sh SPKAC
-.Bl -hang -width "openssl spkac"
-.It Nm openssl spkac
+.Bl -hang -width "openssl-LibreSSL spkac"
+.It Nm openssl-LibreSSL spkac
.Bk -words
.Op Fl challenge Ar string
.Op Fl in Ar file
@@ -5515,8 +5515,8 @@ Verify the digital signature on the supplied SPKAC.
.Tg ts
.Sh TS
.Bk -words
-.Bl -hang -width "openssl ts"
-.It Nm openssl ts
+.Bl -hang -width "openssl-LibreSSL ts"
+.It Nm openssl-LibreSSL ts
.Fl query
.Op Fl md4 | md5 | ripemd160 | sha1
.Op Fl cert
@@ -5528,7 +5528,7 @@ Verify the digital signature on the supplied SPKAC.
.Op Fl out Ar request.tsq
.Op Fl policy Ar object_id
.Op Fl text
-.It Nm openssl ts
+.It Nm openssl-LibreSSL ts
.Fl reply
.Op Fl chain Ar certs_file.pem
.Op Fl config Ar configfile
@@ -5543,7 +5543,7 @@ Verify the digital signature on the supplied SPKAC.
.Op Fl text
.Op Fl token_in
.Op Fl token_out
-.It Nm openssl ts
+.It Nm openssl-LibreSSL ts
.Fl verify
.Op Fl CAfile Ar trusted_certs.pem
.Op Fl CApath Ar trusted_cert_path
@@ -5877,8 +5877,8 @@ The default is no.
.El
.Tg verify
.Sh VERIFY
-.Bl -hang -width "openssl verify"
-.It Nm openssl verify
+.Bl -hang -width "openssl-LibreSSL verify"
+.It Nm openssl-LibreSSL verify
.Bk -words
.Op Fl CAfile Ar file
.Op Fl CApath Ar directory
@@ -6208,13 +6208,13 @@ Unused.
.El
.Tg version
.Sh VERSION
-.Nm openssl version
+.Nm openssl-LibreSSL version
.Op Fl abdfopv
.Pp
The
.Nm version
command is used to print out version information about
-.Nm openssl .
+.Nm openssl-LibreSSL .
.Pp
The options are as follows:
.Bl -tag -width Ds
@@ -6222,7 +6222,7 @@ The options are as follows:
All information: this is the same as setting all the other flags.
.It Fl b
The date the current version of
-.Nm openssl
+.Nm openssl-LibreSSL
was built.
.It Fl d
.Ev OPENSSLDIR
@@ -6235,13 +6235,13 @@ Option information: various options set when the library was built.
Platform setting.
.It Fl v
The current
-.Nm openssl
+.Nm openssl-LibreSSL
version.
.El
.Tg x509
.Sh X509
-.Bl -hang -width "openssl x509"
-.It Nm openssl x509
+.Bl -hang -width "openssl-LibreSSL x509"
+.It Nm openssl-LibreSSL x509
.Bk -words
.Op Fl C
.Op Fl addreject Ar arg
@@ -6415,7 +6415,7 @@ Print the hash of the certificate issuer name.
.It Fl issuer_hash_old
Print the hash of the certificate issuer name
using the older algorithm as used by
-.Nm openssl
+.Nm openssl-LibreSSL
versions before 1.0.0.
.It Fl modulus
Print the value of the modulus of the public key contained in the certificate.
@@ -6458,7 +6458,7 @@ usually, non-character string types are displayed
as though each content octet represents a single character.
.It Cm dump_unknown
Dump any field whose OID is not recognised by
-.Nm openssl .
+.Nm openssl-LibreSSL .
.It Cm esc_2253
Escape the
.Qq special
@@ -6582,13 +6582,13 @@ Print the subject name.
.It Fl subject_hash
Print the hash of the certificate subject name.
This is used in
-.Nm openssl
+.Nm openssl-LibreSSL
to form an index to allow certificates in a directory to be looked up
by subject name.
.It Fl subject_hash_old
Print the hash of the certificate subject name
using the older algorithm as used by
-.Nm openssl
+.Nm openssl-LibreSSL
versions before 1.0.0.
.It Fl text
Print the full certificate in text form.
@@ -6972,24 +6972,24 @@ Plain ASCII text.
.El
.Sh ENVIRONMENT
The following environment variables affect the execution of
-.Nm openssl :
-.Bl -tag -width "/etc/ssl/openssl.cnf"
+.Nm openssl-LibreSSL :
+.Bl -tag -width "/etc/libressl/openssl.cnf"
.It Ev OPENSSL_CONF
The location of the master configuration file.
.El
.Sh FILES
-.Bl -tag -width "/etc/ssl/openssl.cnf" -compact
-.It Pa /etc/ssl/
+.Bl -tag -width "/etc/libressl/openssl.cnf" -compact
+.It Pa /etc/libressl/
Default config directory for
-.Nm openssl .
-.It Pa /etc/ssl/lib/
+.Nm openssl-LibreSSL .
+.It Pa /etc/libressl/lib/
Unused.
-.It Pa /etc/ssl/private/
+.It Pa /etc/libressl/private/
Default private key directory.
-.It Pa /etc/ssl/openssl.cnf
+.It Pa /etc/libressl/openssl.cnf
Default configuration file for
-.Nm openssl .
-.It Pa /etc/ssl/x509v3.cnf
+.Nm openssl-LibreSSL .
+.It Pa /etc/libressl/x509v3.cnf
Default configuration file for
.Nm x509
certificates.
diff --git a/libressl/man/CONF_modules_load_file.3 b/libressl/man/CONF_modules_load_file.3
index bd419ef..967e083 100644
--- a/libressl/man/CONF_modules_load_file.3
+++ b/libressl/man/CONF_modules_load_file.3
@@ -105,7 +105,7 @@ If
is
.Dv NULL ,
the standard OpenSSL configuration file
-.Pa /etc/ssl/openssl.cnf
+.Pa /etc/libressl/openssl.cnf
is used.
If
.Fa appname
@@ -187,12 +187,12 @@ value of the failing module (this will always be zero or negative).
.Pp
.Fn X509_get_default_cert_area
returns a pointer to the constant string
-.Qq "/etc/ssl" .
+.Qq "/etc/libressl" .
.Sh FILES
-.Bl -tag -width /etc/ssl/openssl.cnf -compact
-.It Pa /etc/ssl
+.Bl -tag -width /etc/libressl/openssl.cnf -compact
+.It Pa /etc/libressl
standard configuration directory
-.It Pa /etc/ssl/openssl.cnf
+.It Pa /etc/libressl/openssl.cnf
standard configuration file
.El
.Sh EXAMPLES
diff --git a/libressl/man/EVP_EncryptInit.3 b/libressl/man/EVP_EncryptInit.3
index b4fbfa3..1315bd9 100644
--- a/libressl/man/EVP_EncryptInit.3
+++ b/libressl/man/EVP_EncryptInit.3
@@ -1182,10 +1182,10 @@ do_crypt(char *outfile)
.Ed
.Pp
The ciphertext from the above example can be decrypted using the
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
utility with the command line:
.Bd -literal -offset indent
-openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F \e
+openssl-LibreSSL bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F \e
-iv 0102030405060708 -d
.Ed
.Pp
diff --git a/libressl/man/EVP_PKEY_CTX_ctrl.3 b/libressl/man/EVP_PKEY_CTX_ctrl.3
index 7714cb0..4568ad7 100644
--- a/libressl/man/EVP_PKEY_CTX_ctrl.3
+++ b/libressl/man/EVP_PKEY_CTX_ctrl.3
@@ -232,7 +232,7 @@ in string form.
This is intended to be used for options specified on the command line or
in text files.
The commands supported are documented in the
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
utility command line pages for the option
.Fl pkeyopt
which is supported by the
diff --git a/libressl/man/OPENSSL_VERSION_NUMBER.3 b/libressl/man/OPENSSL_VERSION_NUMBER.3
index 06ca558..2078c60 100644
--- a/libressl/man/OPENSSL_VERSION_NUMBER.3
+++ b/libressl/man/OPENSSL_VERSION_NUMBER.3
@@ -191,7 +191,7 @@ if available or
.Qq OPENSSLDIR: N/A
otherwise.
For LibreSSL, the default is
-.Qq OPENSSLDIR: Qq /etc/ssl .
+.Qq OPENSSLDIR: Qq /etc/libressl .
.It Dv OPENSSL_ENGINES_DIR
The
.Dv ENGINESDIR
diff --git a/libressl/man/OPENSSL_config.3 b/libressl/man/OPENSSL_config.3
index 2960e23..4f9bcf6 100644
--- a/libressl/man/OPENSSL_config.3
+++ b/libressl/man/OPENSSL_config.3
@@ -133,8 +133,8 @@ Applications should free up configuration at application closedown by
calling
.Xr CONF_modules_free 3 .
.Sh FILES
-.Bl -tag -width /etc/ssl/openssl.cnf -compact
-.It Pa /etc/ssl/openssl.cnf
+.Bl -tag -width /etc/libressl/openssl.cnf -compact
+.It Pa /etc/libressl/openssl.cnf
standard configuration file
.El
.Sh SEE ALSO
diff --git a/libressl/man/SSL_CIPHER_get_name.3 b/libressl/man/SSL_CIPHER_get_name.3
index 235ff14..8a93101 100644
--- a/libressl/man/SSL_CIPHER_get_name.3
+++ b/libressl/man/SSL_CIPHER_get_name.3
@@ -337,9 +337,9 @@ ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
.Pp
A complete list can be retrieved by invoking the following command:
.Pp
-.Dl $ openssl ciphers -v ALL:COMPLEMENTOFALL
+.Dl $ openssl-LibreSSL ciphers -v ALL:COMPLEMENTOFALL
.Sh SEE ALSO
-.Xr openssl 1 ,
+.Xr openssl-LibreSSL 1 ,
.Xr ssl 3 ,
.Xr SSL_get_ciphers 3 ,
.Xr SSL_get_current_cipher 3
diff --git a/libressl/man/SSL_CTX_load_verify_locations.3 b/libressl/man/SSL_CTX_load_verify_locations.3
index 373df24..f515c05 100644
--- a/libressl/man/SSL_CTX_load_verify_locations.3
+++ b/libressl/man/SSL_CTX_load_verify_locations.3
@@ -189,7 +189,7 @@ Generate a CA certificate file with descriptive text from the CA certificates
#!/bin/sh
rm CAfile.pem
for i in ca1.pem ca2.pem ca3.pem; do
- openssl x509 -in $i -text >> CAfile.pem
+ openssl-LibreSSL x509 -in $i -text >> CAfile.pem
done
.Ed
.Pp
@@ -201,7 +201,7 @@ $ cd /some/where/certs
$ rm -f *.[0-9]* *.r[0-9]*
$ for c in *.pem; do
> [ "$c" = "*.pem" ] && continue
-> hash=$(openssl x509 -noout -hash -in "$c")
+> hash=$(openssl-LibreSSL x509 -noout -hash -in "$c")
> if egrep -q -- '-BEGIN( X509 | TRUSTED | )CERTIFICATE-' "$c"; then
> suf=0
> while [ -e $hash.$suf ]; do suf=$(( $suf + 1 )); done
diff --git a/libressl/man/SSL_CTX_set_cipher_list.3 b/libressl/man/SSL_CTX_set_cipher_list.3
index 9d24e00..20942cb 100644
--- a/libressl/man/SSL_CTX_set_cipher_list.3
+++ b/libressl/man/SSL_CTX_set_cipher_list.3
@@ -137,7 +137,7 @@ It can only be used as the first word.
The
.Cm DEFAULT
cipher list can be displayed with the
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
.Cm ciphers
command.
.It Cm @SECLEVEL=n
@@ -307,7 +307,7 @@ cipher suites are made available, too.
.El
.Pp
The full words returned by the
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
.Cm ciphers
command can be used to select individual cipher suites.
.Pp
diff --git a/libressl/man/SSL_CTX_set_options.3 b/libressl/man/SSL_CTX_set_options.3
index 5df0b07..5f92bbc 100644
--- a/libressl/man/SSL_CTX_set_options.3
+++ b/libressl/man/SSL_CTX_set_options.3
@@ -347,7 +347,7 @@ return the current bitmask.
.Fn SSL_get_secure_renegotiation_support
returns 1 is the peer supports secure renegotiation and 0 if it does not.
.Sh SEE ALSO
-.Xr openssl 1 ,
+.Xr openssl-LibreSSL 1 ,
.Xr ssl 3 ,
.Xr SSL_clear 3 ,
.Xr SSL_CTX_ctrl 3 ,
diff --git a/libressl/man/SSL_CTX_set_tmp_dh_callback.3 b/libressl/man/SSL_CTX_set_tmp_dh_callback.3
index 8be504d..c0fd086 100644
--- a/libressl/man/SSL_CTX_set_tmp_dh_callback.3
+++ b/libressl/man/SSL_CTX_set_tmp_dh_callback.3
@@ -129,7 +129,7 @@ The risk in reusing DH parameters is that an attacker may specialize on a very
often used DH group.
Applications should therefore generate their own DH parameters during the
installation process using the
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
.Cm dhparam
application.
This application guarantees that "strong" primes are used.
@@ -147,7 +147,7 @@ which use safe primes and were generated verifiably pseudo-randomly.
These files can be converted into C code using the
.Fl C
option of the
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
.Cm dhparam
application.
Generation of custom DH parameters during installation should still
@@ -186,7 +186,7 @@ Error handling is partly left out.
.Pp
Command-line parameter generation:
.Pp
-.Dl openssl dhparam -out dh_param_2048.pem 2048
+.Dl openssl-LibreSSL dhparam -out dh_param_2048.pem 2048
.Pp
Code for setting up parameters during server initialization:
.Bd -literal
@@ -211,7 +211,7 @@ if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
}
.Ed
.Sh SEE ALSO
-.Xr openssl 1 ,
+.Xr openssl-LibreSSL 1 ,
.Xr ssl 3 ,
.Xr SSL_CTX_set_cipher_list 3 ,
.Xr SSL_CTX_set_options 3 ,
diff --git a/libressl/man/SSL_get_verify_result.3 b/libressl/man/SSL_get_verify_result.3
index 180cf1b..aada79a 100644
--- a/libressl/man/SSL_get_verify_result.3
+++ b/libressl/man/SSL_get_verify_result.3
@@ -79,10 +79,10 @@ The following return values can currently occur:
The verification succeeded or no peer certificate was presented.
.It Any other value
Documented in
-.Xr openssl 1 .
+.Xr openssl-LibreSSL 1 .
.El
.Sh SEE ALSO
-.Xr openssl 1 ,
+.Xr openssl-LibreSSL 1 ,
.Xr ssl 3 ,
.Xr SSL_CTX_set_verify 3 ,
.Xr SSL_get0_peername 3 ,
diff --git a/libressl/man/SSL_set_verify_result.3 b/libressl/man/SSL_set_verify_result.3
index 4b7cc6e..34295e3 100644
--- a/libressl/man/SSL_set_verify_result.3
+++ b/libressl/man/SSL_set_verify_result.3
@@ -78,9 +78,9 @@ reused later, the original value will reappear.
The valid codes for
.Fa verify_result
are documented in
-.Xr openssl 1 .
+.Xr openssl-LibreSSL 1 .
.Sh SEE ALSO
-.Xr openssl 1 ,
+.Xr openssl-LibreSSL 1 ,
.Xr ssl 3 ,
.Xr SSL_get_peer_certificate 3 ,
.Xr SSL_get_verify_result 3
diff --git a/libressl/man/X509_LOOKUP_hash_dir.3 b/libressl/man/X509_LOOKUP_hash_dir.3
index f632135..68d9cc8 100644
--- a/libressl/man/X509_LOOKUP_hash_dir.3
+++ b/libressl/man/X509_LOOKUP_hash_dir.3
@@ -132,7 +132,7 @@ name for CRLs.
The hash can also be obtained via the
.Fl hash
option of the
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
.Cm x509
or
.Cm crl
diff --git a/libressl/man/X509_LOOKUP_new.3 b/libressl/man/X509_LOOKUP_new.3
index f368cbb..8d6d852 100644
--- a/libressl/man/X509_LOOKUP_new.3
+++ b/libressl/man/X509_LOOKUP_new.3
@@ -163,7 +163,7 @@ is
the
.Fa source
argument is ignored and
-.Pa /etc/ssl/certs
+.Pa /etc/libressl/certs
and a type of
.Dv X509_FILETYPE_PEM
are used instead.
@@ -218,7 +218,7 @@ is
the
.Fa source
argument is ignored and
-.Pa /etc/ssl/certs.pem
+.Pa /etc/libressl/certs.pem
and a type of
.Dv X509_FILETYPE_PEM
are used instead.
@@ -389,10 +389,10 @@ always return 0.
.Pp
.Fn X509_get_default_cert_dir
returns a pointer to the constant string
-.Qq /etc/ssl/certs ,
+.Qq /etc/libressl/certs ,
.Fn X509_get_default_cert_file
to
-.Qq /etc/ssl/certs.pem ,
+.Qq /etc/libressl/certs.pem ,
.Fn X509_get_default_cert_dir_env
to
.Qq SSL_CERT_DIR ,
@@ -414,10 +414,10 @@ directly and may pass their values to
and
.Fn X509_LOOKUP_load_file .
.Sh FILES
-.Bl -tag -width /etc/ssl/certs.pem -compact
-.It Pa /etc/ssl/certs/
+.Bl -tag -width /etc/libressl/certs.pem -compact
+.It Pa /etc/libressl/certs/
default directory for storing trusted certificates
-.It Pa /etc/ssl/certs.pem
+.It Pa /etc/libressl/certs.pem
default file for storing trusted certificates
.El
.Sh ERRORS
diff --git a/libressl/man/X509_STORE_load_locations.3 b/libressl/man/X509_STORE_load_locations.3
index f38eeb6..2f4b70b 100644
--- a/libressl/man/X509_STORE_load_locations.3
+++ b/libressl/man/X509_STORE_load_locations.3
@@ -151,10 +151,10 @@ on failure.
With LibreSSL, the only reason for failure is lack of memory.
.Sh FILES
.Bl -tag -width Ds
-.It Pa /etc/ssl/cert.pem
+.It Pa /etc/libressl/cert.pem
default PEM file for
.Fn X509_STORE_set_default_paths
-.It Pa /etc/ssl/certs/
+.It Pa /etc/libressl/certs/
default directory for
.Fn X509_STORE_set_default_paths
.El
diff --git a/libressl/man/X509_VERIFY_PARAM_set_flags.3 b/libressl/man/X509_VERIFY_PARAM_set_flags.3
index 08961eb..39dc980 100644
--- a/libressl/man/X509_VERIFY_PARAM_set_flags.3
+++ b/libressl/man/X509_VERIFY_PARAM_set_flags.3
@@ -607,7 +607,7 @@ This is especially important when some certificates in the trust store
have explicit trust settings; see the trust settings options of the
.Cm x509
command in
-.Xr openssl 1 .
+.Xr openssl-LibreSSL 1 .
.Pp
The
.Dv X509_V_FLAG_NO_ALT_CHAINS
diff --git a/libressl/man/X509_ocspid_print.3 b/libressl/man/X509_ocspid_print.3
index b9b6c92..ea1f97e 100644
--- a/libressl/man/X509_ocspid_print.3
+++ b/libressl/man/X509_ocspid_print.3
@@ -42,7 +42,7 @@ returns 1 for success or 0 for failure.
This function is used by the
.Fl ocspid
flag of the
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
.Cm x509
command.
.Sh SEE ALSO
diff --git a/libressl/man/X509_verify_cert.3 b/libressl/man/X509_verify_cert.3
index 9c085d7..9bd3526 100644
--- a/libressl/man/X509_verify_cert.3
+++ b/libressl/man/X509_verify_cert.3
@@ -79,7 +79,7 @@ Additional error information can be obtained by examining
using
.Xr X509_STORE_CTX_get_error 3 .
.Sh SEE ALSO
-.Xr openssl 1 ,
+.Xr openssl-LibreSSL 1 ,
.Xr X509_STORE_CTX_get_error 3 ,
.Xr X509_STORE_CTX_new 3
.Sh HISTORY
diff --git a/libressl/man/crypto.3 b/libressl/man/crypto.3
index f809347..0a11436 100644
--- a/libressl/man/crypto.3
+++ b/libressl/man/crypto.3
@@ -426,5 +426,5 @@ function reverses the effect of one call to the
function rather than freeing the object.
.El
.Sh SEE ALSO
-.Xr openssl 1 ,
+.Xr openssl-LibreSSL 1 ,
.Xr ssl 3
diff --git a/libressl/man/openssl.cnf.5 b/libressl/man/openssl.cnf.5
index 48ca66c..f6aeb56 100644
--- a/libressl/man/openssl.cnf.5
+++ b/libressl/man/openssl.cnf.5
@@ -60,11 +60,11 @@
The OpenSSL CONF library can be used to read configuration files; see
.Xr CONF_modules_load_file 3 .
It is used for the OpenSSL master configuration file
-.Pa /etc/ssl/openssl.cnf
+.Pa /etc/libressl/openssl.cnf
and in a few other places like
.Sy SPKAC
files and certificate extension files for the
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
.Cm x509
utility.
OpenSSL applications can also use the CONF library for their own
@@ -158,7 +158,7 @@ Applications can automatically configure certain aspects of OpenSSL
using the master OpenSSL configuration file, or optionally an
alternative configuration file.
The
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
utility includes this functionality: any sub command uses the master
OpenSSL configuration file unless an option is used in the sub command
to use an alternative configuration file.
@@ -168,7 +168,7 @@ an appropriate line which points to the main configuration section.
The default name is
.Ic openssl_conf ,
which is used by the
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
utility.
Other applications may use an alternative name such as
.Sy myapplication_conf .
@@ -209,11 +209,11 @@ The value of this variable points to a section containing name value
pairs of OIDs: the name is the OID short and long name, and the value is the
numerical form of the OID.
Although some of the
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
utility subcommands already have their own ASN1 OBJECT section
functionality, not all do.
By using the ASN1 OBJECT configuration module, all the
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
utility subcommands can see the new objects as well as any compliant
applications.
For example:
@@ -329,8 +329,8 @@ other_ctrl = EMPTY
default_algorithms = ALL
.Ed
.Sh FILES
-.Bl -tag -width /etc/ssl/openssl.cnf -compact
-.It Pa /etc/ssl/openssl.cnf
+.Bl -tag -width /etc/libressl/openssl.cnf -compact
+.It Pa /etc/libressl/openssl.cnf
standard configuration file
.El
.Sh EXAMPLES
@@ -410,14 +410,14 @@ configuration if "openssl_conf" is modified to match the appropriate
For example if the second sample file above is saved to "example.cnf"
then the command line:
.Pp
-.Dl OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1
+.Dl OPENSSL_CONF=example.cnf openssl-LibreSSL asn1parse -genstr OID:1.2.3.4.1
.Pp
will output:
.Dl 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1
.Pp
showing that the OID "newoid1" has been added as "1.2.3.4.1".
.Sh SEE ALSO
-.Xr openssl 1 ,
+.Xr openssl-LibreSSL 1 ,
.Xr CONF_modules_load_file 3 ,
.Xr OPENSSL_config 3 ,
.Xr x509v3.cnf 5
diff --git a/libressl/man/ssl.3 b/libressl/man/ssl.3
index 4dd3d23..8811642 100644
--- a/libressl/man/ssl.3
+++ b/libressl/man/ssl.3
@@ -358,7 +358,7 @@ To inspect the state during ongoing communication:
.Xr SSL_library_init 3 ,
.Xr SSL_set_tmp_ecdh 3
.Sh SEE ALSO
-.Xr openssl 1 ,
+.Xr openssl-LibreSSL 1 ,
.Xr crypto 3 ,
.Xr tls_init 3
.Sh HISTORY
diff --git a/libressl/man/tls_config_set_protocols.3 b/libressl/man/tls_config_set_protocols.3
index 7c62493..423630d 100644
--- a/libressl/man/tls_config_set_protocols.3
+++ b/libressl/man/tls_config_set_protocols.3
@@ -146,7 +146,7 @@ permitted names are:
.Pp
Alternatively, libssl cipher strings can be specified.
See the CIPHERS section of
-.Xr openssl 1
+.Xr openssl-LibreSSL 1
for further information.
.Pp
.Fn tls_config_set_dheparams
diff --git a/libressl/man/tls_conn_version.3 b/libressl/man/tls_conn_version.3
index 9ab6932..391879d 100644
--- a/libressl/man/tls_conn_version.3
+++ b/libressl/man/tls_conn_version.3
@@ -145,7 +145,7 @@ The hash string for a certificate in file
.Ar mycert.crt
can be generated using the commands:
.Bd -literal -offset indent
-h=$(openssl x509 -outform der -in mycert.crt | sha256)
+h=$(openssl-LibreSSL x509 -outform der -in mycert.crt | sha256)
printf "SHA256:${h}\\n"
.Ed
.Pp
diff --git a/libressl/man/x509v3.cnf.5 b/libressl/man/x509v3.cnf.5
index 89f52d6..2eeb988 100644
--- a/libressl/man/x509v3.cnf.5
+++ b/libressl/man/x509v3.cnf.5
@@ -677,12 +677,12 @@ For example:
.Pp
.Dl basicConstraints=critical,DER:00:01:02:03
.Sh FILES
-.Bl -tag -width /etc/ssl/x509v3.cnf -compact
-.It Pa /etc/ssl/x509v3.cnf
+.Bl -tag -width /etc/libressl/x509v3.cnf -compact
+.It Pa /etc/libressl/x509v3.cnf
standard configuration file
.El
.Sh SEE ALSO
-.Xr openssl 1 ,
+.Xr openssl-LibreSSL 1 ,
.Xr ASN1_generate_nconf 3 ,
.Xr OPENSSL_config 3 ,
.Xr openssl.cnf 5
--
2.33.7