aboutsummaryrefslogtreecommitdiff
path: root/doc/man1
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2019-02-26 18:06:51 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2019-02-26 18:06:51 +0000
commit851f7386fd78b9787f4f6669ad271886a2a003f1 (patch)
tree952920d27fdcd105b7f77b6e5fef3fedae8f74ea /doc/man1
parent8c3f9abd70b3f447a4795c1b00b386b044fb322d (diff)
downloadsrc-851f7386fd78b9787f4f6669ad271886a2a003f1.tar.gz
src-851f7386fd78b9787f4f6669ad271886a2a003f1.zip
Import OpenSSL 1.1.1b.vendor/openssl/1.1.1b
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=344595 svn path=/vendor-crypto/openssl/1.1.1b/; revision=344596; tag=vendor/openssl/1.1.1b
Diffstat (limited to 'doc/man1')
-rw-r--r--doc/man1/ca.pod6
-rw-r--r--doc/man1/ciphers.pod2
-rw-r--r--doc/man1/cms.pod10
-rw-r--r--doc/man1/dgst.pod6
-rw-r--r--doc/man1/ec.pod6
-rw-r--r--doc/man1/enc.pod2
-rw-r--r--doc/man1/genpkey.pod6
-rw-r--r--doc/man1/ocsp.pod2
-rw-r--r--doc/man1/pkcs12.pod5
-rw-r--r--doc/man1/pkcs8.pod2
-rw-r--r--doc/man1/req.pod2
-rw-r--r--doc/man1/s_client.pod30
-rw-r--r--doc/man1/s_server.pod29
-rw-r--r--doc/man1/smime.pod2
-rw-r--r--doc/man1/storeutl.pod2
-rw-r--r--doc/man1/verify.pod2
-rw-r--r--doc/man1/x509.pod4
17 files changed, 72 insertions, 46 deletions
diff --git a/doc/man1/ca.pod b/doc/man1/ca.pod
index e998eabf8358..7385a00941ea 100644
--- a/doc/man1/ca.pod
+++ b/doc/man1/ca.pod
@@ -230,7 +230,7 @@ The section of the configuration file containing certificate extensions
to be added when a certificate is issued (defaults to B<x509_extensions>
unless the B<-extfile> option is used). If no extension section is
present then, a V1 certificate is created. If the extension section
-is present (even if it is empty), then a V3 certificate is created. See the:w
+is present (even if it is empty), then a V3 certificate is created. See the
L<x509v3_config(5)> manual page for details of the
extension section format.
@@ -475,7 +475,7 @@ the B<-selfsign> command line option.
Note that it is valid in some circumstances for certificates to be created
without any subject. In the case where there are multiple certificates without
-subjects this does not count as a duplicate.
+subjects this does not count as a duplicate.
=item B<serial>
@@ -753,7 +753,7 @@ L<config(5)>, L<x509v3_config(5)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod
index 3aea982384ec..faf9e538146a 100644
--- a/doc/man1/ciphers.pod
+++ b/doc/man1/ciphers.pod
@@ -762,7 +762,7 @@ The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
The B<-stdname> is only available if OpenSSL is built with tracing enabled
(B<enable-ssl-trace> argument to Configure) before OpenSSL 1.1.1.
-The B<-convert> was added in OpenSSL 1.1.1.
+The B<-convert> option was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod
index 60ee3b505e1e..72cd9b5d4e9e 100644
--- a/doc/man1/cms.pod
+++ b/doc/man1/cms.pod
@@ -724,14 +724,14 @@ No revocation checking is done on the signer's certificate.
The use of multiple B<-signer> options and the B<-resign> command were first
added in OpenSSL 1.0.0.
-The B<keyopt> option was first added in OpenSSL 1.0.2.
+The B<keyopt> option was added in OpenSSL 1.0.2.
-Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.0.2.
+Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2.
-The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
-to OpenSSL 1.0.2.
+The use of non-RSA keys with B<-encrypt> and B<-decrypt>
+was added in OpenSSL 1.0.2.
-The -no_alt_chains options was first added to OpenSSL 1.0.2b.
+The -no_alt_chains option was added in OpenSSL 1.0.2b.
=head1 COPYRIGHT
diff --git a/doc/man1/dgst.pod b/doc/man1/dgst.pod
index 47e163b17001..66a6697eb10e 100644
--- a/doc/man1/dgst.pod
+++ b/doc/man1/dgst.pod
@@ -230,12 +230,12 @@ prior to verification.
=head1 HISTORY
-The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0
-The FIPS-related options were removed in OpenSSL 1.1.0
+The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
+The FIPS-related options were removed in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/ec.pod b/doc/man1/ec.pod
index 0b836603cab1..4d368e20ae19 100644
--- a/doc/man1/ec.pod
+++ b/doc/man1/ec.pod
@@ -101,10 +101,6 @@ Prints out the public, private key components and parameters.
This option prevents output of the encoded version of the key.
-=item B<-modulus>
-
-This option prints out the value of the public key component of the key.
-
=item B<-pubin>
By default, a private key is read from the input file. With this option a
@@ -197,7 +193,7 @@ L<ecparam(1)>, L<dsa(1)>, L<rsa(1)>
=head1 COPYRIGHT
-Copyright 2003-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2003-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/enc.pod b/doc/man1/enc.pod
index 2136a9497849..a3e0b03b2000 100644
--- a/doc/man1/enc.pod
+++ b/doc/man1/enc.pod
@@ -417,7 +417,7 @@ certain parameters. So if, for example, you want to use RC2 with a
=head1 HISTORY
-The default digest was changed from MD5 to SHA256 in Openssl 1.1.0.
+The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
=head1 COPYRIGHT
diff --git a/doc/man1/genpkey.pod b/doc/man1/genpkey.pod
index fa62973abdd9..202e531c7e07 100644
--- a/doc/man1/genpkey.pod
+++ b/doc/man1/genpkey.pod
@@ -319,9 +319,9 @@ Generate an ED448 private key:
=head1 HISTORY
The ability to use NIST curve names, and to generate an EC key directly,
-were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in
-OpenSSL 1.1.0. The ability to generate X448, ED25519 and ED448 keys was added in
-OpenSSL 1.1.1.
+were added in OpenSSL 1.0.2.
+The ability to generate X25519 keys was added in OpenSSL 1.1.0.
+The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
diff --git a/doc/man1/ocsp.pod b/doc/man1/ocsp.pod
index c9feef8f0e47..736055b1b669 100644
--- a/doc/man1/ocsp.pod
+++ b/doc/man1/ocsp.pod
@@ -486,7 +486,7 @@ to a second file.
=head1 HISTORY
-The -no_alt_chains options was first added to OpenSSL 1.1.0.
+The -no_alt_chains option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
diff --git a/doc/man1/pkcs12.pod b/doc/man1/pkcs12.pod
index 3389e595fed7..6f890c120f3c 100644
--- a/doc/man1/pkcs12.pod
+++ b/doc/man1/pkcs12.pod
@@ -154,7 +154,8 @@ Don't attempt to verify the integrity MAC before reading the file.
Prompt for separate integrity and encryption passwords: most software
always assumes these are the same so this option will render such
-PKCS#12 files unreadable.
+PKCS#12 files unreadable. Cannot be used in combination with the options
+-password, -passin (if importing) or -passout (if exporting).
=back
@@ -381,7 +382,7 @@ L<pkcs8(1)>
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/pkcs8.pod b/doc/man1/pkcs8.pod
index 9c923b87c939..b079885d2fc7 100644
--- a/doc/man1/pkcs8.pod
+++ b/doc/man1/pkcs8.pod
@@ -305,7 +305,7 @@ L<gendsa(1)>
=head1 HISTORY
-The B<-iter> option was added to OpenSSL 1.1.0.
+The B<-iter> option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
diff --git a/doc/man1/req.pod b/doc/man1/req.pod
index c76d63d6fd81..a9b5b1690a5c 100644
--- a/doc/man1/req.pod
+++ b/doc/man1/req.pod
@@ -502,7 +502,7 @@ The actual permitted field names are any object identifier short or
long names. These are compiled into OpenSSL and include the usual
values such as commonName, countryName, localityName, organizationName,
organizationalUnitName, stateOrProvinceName. Additionally emailAddress
-is include as well as name, surname, givenName initials and dnQualifier.
+is included as well as name, surname, givenName, initials, and dnQualifier.
Additional object identifiers can be defined with the B<oid_file> or
B<oid_section> options in the configuration file. Any additional fields
diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod
index fa5cb0a92da1..81d516ace146 100644
--- a/doc/man1/s_client.pod
+++ b/doc/man1/s_client.pod
@@ -100,6 +100,7 @@ B<openssl> B<s_client>
[B<-dtls1>]
[B<-dtls1_2>]
[B<-sctp>]
+[B<-sctp_label_bug>]
[B<-fallback_scsv>]
[B<-async>]
[B<-max_send_frag>]
@@ -190,14 +191,17 @@ Use IPv6 only.
=item B<-servername name>
Set the TLS SNI (Server Name Indication) extension in the ClientHello message to
-the given value. If both this option and the B<-noservername> are not given, the
-TLS SNI extension is still set to the hostname provided to the B<-connect> option,
-or "localhost" if B<-connect> has not been supplied. This is default since OpenSSL
-1.1.1.
+the given value.
+If B<-servername> is not provided, the TLS SNI extension will be populated with
+the name given to B<-connect> if it follows a DNS name format. If B<-connect> is
+not provided either, the SNI is set to "localhost".
+This is the default since OpenSSL 1.1.1.
-Even though SNI name should normally be a DNS name and not an IP address, this
-option will not make the distinction when parsing B<-connect> and will send
-IP address if one passed.
+Even though SNI should normally be a DNS name and not an IP address, if
+B<-servername> is provided then that name will be sent, regardless of whether
+it is a DNS name or not.
+
+This option cannot be used in conjuction with B<-noservername>.
=item B<-noservername>
@@ -489,6 +493,14 @@ Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in
conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only
available where OpenSSL has support for SCTP enabled.
+=item B<-sctp_label_bug>
+
+Use the incorrect behaviour of older OpenSSL implementations when computing
+endpoint-pair shared secrets for DTLS/SCTP. This allows communication with
+older broken implementations but breaks interoperability with correct
+implementations. Must be used in conjunction with B<-sctp>. This option is only
+available where OpenSSL has support for SCTP enabled.
+
=item B<-fallback_scsv>
Send TLS_FALLBACK_SCSV in the ClientHello.
@@ -811,12 +823,12 @@ L<SSL_CTX_set_max_pipelines(3)>
=head1 HISTORY
-The B<-no_alt_chains> option was first added to OpenSSL 1.1.0.
+The B<-no_alt_chains> option was added in OpenSSL 1.1.0.
The B<-name> option was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod
index f4c4eda35313..c4c014fdc18b 100644
--- a/doc/man1/s_server.pod
+++ b/doc/man1/s_server.pod
@@ -98,6 +98,7 @@ B<openssl> B<s_server>
[B<-no_comp>]
[B<-comp>]
[B<-no_ticket>]
+[B<-num_tickets>]
[B<-serverpref>]
[B<-legacy_renegotiation>]
[B<-no_renegotiation>]
@@ -172,6 +173,7 @@ B<openssl> B<s_server>
[B<-dtls1>]
[B<-dtls1_2>]
[B<-sctp>]
+[B<-sctp_label_bug>]
[B<-no_dhe>]
[B<-nextprotoneg val>]
[B<-use_srtp val>]
@@ -558,7 +560,14 @@ OpenSSL 1.1.0.
=item B<-no_ticket>
-Disable RFC4507bis session ticket support.
+Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3
+is negotiated. See B<-num_tickets>.
+
+=item B<-num_tickets>
+
+Control the number of tickets that will be sent to the client after a full
+handshake in TLSv1.3. The default number of tickets is 2. This option does not
+affect the number of tickets sent after a resumption handshake.
=item B<-serverpref>
@@ -677,6 +686,14 @@ Use SCTP for the transport protocol instead of UDP in DTLS. Must be used in
conjunction with B<-dtls>, B<-dtls1> or B<-dtls1_2>. This option is only
available where OpenSSL has support for SCTP enabled.
+=item B<-sctp_label_bug>
+
+Use the incorrect behaviour of older OpenSSL implementations when computing
+endpoint-pair shared secrets for DTLS/SCTP. This allows communication with
+older broken implementations but breaks interoperability with correct
+implementations. Must be used in conjunction with B<-sctp>. This option is only
+available where OpenSSL has support for SCTP enabled.
+
=item B<-no_dhe>
If this option is set then no DH parameters will be loaded effectively
@@ -817,18 +834,18 @@ unknown cipher suites a client says it supports.
L<SSL_CONF_cmd(3)>, L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
L<SSL_CTX_set_max_send_fragment(3)>,
L<SSL_CTX_set_split_send_fragment(3)>,
-L<SSL_CTX_set_max_pipelines(3)>
+L<SSL_CTX_set_max_pipelines(3)>
=head1 HISTORY
-The -no_alt_chains option was first added to OpenSSL 1.1.0.
+The -no_alt_chains option was added in OpenSSL 1.1.0.
-The -allow-no-dhe-kex and -prioritize_chacha options were first added to
-OpenSSL 1.1.1.
+The
+-allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/doc/man1/smime.pod b/doc/man1/smime.pod
index 0acdd08254a5..7f224fdc5e9d 100644
--- a/doc/man1/smime.pod
+++ b/doc/man1/smime.pod
@@ -510,7 +510,7 @@ structures may cause parsing errors.
The use of multiple B<-signer> options and the B<-resign> command were first
added in OpenSSL 1.0.0
-The -no_alt_chains options was first added to OpenSSL 1.1.0.
+The -no_alt_chains option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
diff --git a/doc/man1/storeutl.pod b/doc/man1/storeutl.pod
index 083f0282469e..a8d82bfb612b 100644
--- a/doc/man1/storeutl.pod
+++ b/doc/man1/storeutl.pod
@@ -119,7 +119,7 @@ L<openssl(1)>
=head1 HISTORY
-B<openssl> B<storeutl> was added to OpenSSL 1.1.1.
+The B<openssl> B<storeutl> app was added in OpenSSL 1.1.1.
=head1 COPYRIGHT
diff --git a/doc/man1/verify.pod b/doc/man1/verify.pod
index b67890af3c34..63ba850b915d 100644
--- a/doc/man1/verify.pod
+++ b/doc/man1/verify.pod
@@ -762,7 +762,7 @@ L<x509(1)>
=head1 HISTORY
-The B<-show_chain> option was first added to OpenSSL 1.1.0.
+The B<-show_chain> option was added in OpenSSL 1.1.0.
The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
is silently ignored.
diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 547da5da2368..7878753414da 100644
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -173,7 +173,7 @@ options. See the B<TEXT OPTIONS> section for more information.
=item B<-noout>
-This option prevents output of the encoded version of the request.
+This option prevents output of the encoded version of the certificate.
=item B<-pubkey>
@@ -925,7 +925,7 @@ the old form must have their links rebuilt using B<c_rehash> or similar.
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy