diff options
Diffstat (limited to 'deps/openssl/openssl/doc/apps')
| -rw-r--r-- | deps/openssl/openssl/doc/apps/ca.pod | 4 | ||||
| -rw-r--r-- | deps/openssl/openssl/doc/apps/ecparam.pod | 4 | ||||
| -rw-r--r-- | deps/openssl/openssl/doc/apps/s_client.pod | 2 | ||||
| -rw-r--r-- | deps/openssl/openssl/doc/apps/verify.pod | 4 | ||||
| -rw-r--r-- | deps/openssl/openssl/doc/apps/x509.pod | 18 |
5 files changed, 14 insertions, 18 deletions
diff --git a/deps/openssl/openssl/doc/apps/ca.pod b/deps/openssl/openssl/doc/apps/ca.pod index cc26bf48a3..8d94ecb461 100644 --- a/deps/openssl/openssl/doc/apps/ca.pod +++ b/deps/openssl/openssl/doc/apps/ca.pod @@ -424,6 +424,10 @@ versions of OpenSSL. However, to make CA certificate roll-over easier, it's recommended to use the value B<no>, especially if combined with the B<-selfsign> command line option. +Note that it is valid in some circumstances for certificates to be created +without any subject. In the case where there are multiple certificates without +subjects this does not count as a duplicate. + =item B<serial> a text file containing the next serial number to use in hex. Mandatory. diff --git a/deps/openssl/openssl/doc/apps/ecparam.pod b/deps/openssl/openssl/doc/apps/ecparam.pod index ba2f3b9ae2..9482095266 100644 --- a/deps/openssl/openssl/doc/apps/ecparam.pod +++ b/deps/openssl/openssl/doc/apps/ecparam.pod @@ -86,8 +86,8 @@ currently implemented EC parameters names and exit. =item B<-conv_form> This specifies how the points on the elliptic curve are converted -into octet strings. Possible values are: B<compressed> (the default -value), B<uncompressed> and B<hybrid>. For more information regarding +into octet strings. Possible values are: B<compressed>, B<uncompressed> (the +default value) and B<hybrid>. For more information regarding the point conversion forms please read the X9.62 standard. B<Note> Due to patent issues the B<compressed> option is disabled by default for binary curves and can be enabled by defining diff --git a/deps/openssl/openssl/doc/apps/s_client.pod b/deps/openssl/openssl/doc/apps/s_client.pod index d9413a0cf2..d2cad29d21 100644 --- a/deps/openssl/openssl/doc/apps/s_client.pod +++ b/deps/openssl/openssl/doc/apps/s_client.pod @@ -250,7 +250,7 @@ use the server's cipher preferences; only used for SSLV2. send the protocol-specific message(s) to switch to TLS for communication. B<protocol> is a keyword for the intended protocol. Currently, the only -supported keywords are "smtp", "pop3", "imap", and "ftp". +supported keywords are "smtp", "pop3", "imap", "ftp" and "xmpp". =item B<-tlsextdebug> diff --git a/deps/openssl/openssl/doc/apps/verify.pod b/deps/openssl/openssl/doc/apps/verify.pod index 321d5ac7e1..2516718979 100644 --- a/deps/openssl/openssl/doc/apps/verify.pod +++ b/deps/openssl/openssl/doc/apps/verify.pod @@ -15,7 +15,7 @@ B<openssl> B<verify> [B<-ignore_critical>] [B<-attime timestamp>] [B<-check_ss_sig>] -[B<-crlfile file>] +[B<-CRLfile file>] [B<-crl_download>] [B<-crl_check>] [B<-crl_check_all>] @@ -69,7 +69,7 @@ current system time. B<timestamp> is the number of seconds since Verify the signature on the self-signed root CA. This is disabled by default because it doesn't add any security. -=item B<-crlfile file> +=item B<-CRLfile file> File containing one or more CRL's (in PEM format) to load. diff --git a/deps/openssl/openssl/doc/apps/x509.pod b/deps/openssl/openssl/doc/apps/x509.pod index d50625862a..408a5c6b85 100644 --- a/deps/openssl/openssl/doc/apps/x509.pod +++ b/deps/openssl/openssl/doc/apps/x509.pod @@ -225,8 +225,11 @@ non-zero if yes it will expire or zero if not. =item B<-fingerprint> -prints out the digest of the DER encoded version of the whole certificate -(see digest options). +Calculates and outputs the digest of the DER encoded version of the entire +certificate (see digest options). +This is commonly called a "fingerprint". Because of the nature of message +digests, the fingerprint of a certificate is unique to that certificate and +two certificates with the same fingerprint can be considered to be the same. =item B<-C> @@ -674,10 +677,6 @@ supporting UTF8: openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb -Display the certificate MD5 fingerprint: - - openssl x509 -in cert.pem -noout -fingerprint - Display the certificate SHA1 fingerprint: openssl x509 -sha1 -in cert.pem -noout -fingerprint @@ -731,13 +730,6 @@ T61Strings use the ISO8859-1 character set. This is wrong but Netscape and MSIE do this as do many certificates. So although this is incorrect it is more likely to display the majority of certificates correctly. -The B<-fingerprint> option takes the digest of the DER encoded certificate. -This is commonly called a "fingerprint". Because of the nature of message -digests the fingerprint of a certificate is unique to that certificate and -two certificates with the same fingerprint can be considered to be the same. - -The Netscape fingerprint uses MD5 whereas MSIE uses SHA1. - The B<-email> option searches the subject name and the subject alternative name extension. Only unique email addresses will be printed out: it will not print the same address more than once. |