1 files changed, 10 insertions, 7 deletions

diff --git a/secure/lib/libcrypto/man/man3/X509_check_host.3 b/secure/lib/libcrypto/man/man3/X509_check_host.3
index 15dcedbdf41d..230b139c95f3 100644
--- a/secure/lib/libcrypto/man/man3/X509_check_host.3
+++ b/secure/lib/libcrypto/man/man3/X509_check_host.3
@@ -1,5 +1,5 @@
 .\" -*- mode: troff; coding: utf-8 -*-
-.\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45)
+.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -52,10 +52,13 @@
 .    \}
 .\}
 .rr rF
+.\"
+.\" Required to disable full justification in groff 1.23.0.
+.if n .ds AD l
 .\" ========================================================================
 .\"
 .IX Title "X509_CHECK_HOST 3ossl"
-.TH X509_CHECK_HOST 3ossl 2025-09-30 3.5.4 OpenSSL
+.TH X509_CHECK_HOST 3ossl 2026-04-07 3.5.6 OpenSSL
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -86,7 +89,7 @@ other means.
 Name (SAN) or Subject CommonName (CN) matches the specified hostname,
 which must be encoded in the preferred name syntax described
 in section 3.5 of RFC 1034.  By default, wildcards are supported
-and they match  only in the left-most label; but they may match
+and they match  only in the left\-most label; but they may match
 part of that label with an explicit prefix or suffix.  For example,
 by default, the host \fBname\fR "www.example.com" would match a
 certificate with a SAN or CN value of "*.example.com", "w*.example.com"
@@ -97,7 +100,7 @@ domain names must be given in A\-label form.  The \fBnamelen\fR argument
 must be the number of characters in the name string or zero in which
 case the length is calculated with strlen(\fBname\fR).  When \fBname\fR starts
 with a dot (e.g. ".example.com"), it will be matched by a certificate
-valid for any sub-domain of \fBname\fR, (see also
+valid for any sub\-domain of \fBname\fR, (see also
 \&\fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR below).
 .PP
 When the certificate is matched, and \fBpeername\fR is not NULL, a
@@ -124,7 +127,7 @@ explicitly marked addresses in the certificates are considered; IP
 addresses stored in DNS names and Common Names are ignored. There are
 currently no \fBflags\fR that would affect the behavior of this call.
 .PP
-\&\fBX509_check_ip_asc()\fR is similar, except that the NUL-terminated
+\&\fBX509_check_ip_asc()\fR is similar, except that the NUL\-terminated
 string \fBaddress\fR is first converted to the internal representation.
 .PP
 The \fBflags\fR argument is usually 0.  It can be the bitwise OR of the
@@ -172,8 +175,8 @@ to match more than one label in \fBname\fR; this flag only applies
 to \fBX509_check_host\fR.
 .PP
 If set, \fBX509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS\fR restricts \fBname\fR
-values which start with ".", that would otherwise match any sub-domain
-in the peer certificate, to only match direct child sub-domains.
+values which start with ".", that would otherwise match any sub\-domain
+in the peer certificate, to only match direct child sub\-domains.
 Thus, for instance, with this flag set a \fBname\fR of ".example.com"
 would match a peer certificate with a DNS name of "www.example.com",
 but would not match a peer certificate with a DNS name of