[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Sat Apr 25 20:07:41 UTC 2015 

The branch master has been updated
       via  46aa6078675132bce25c1d06878ae0fcc5f7cd55 (commit)
      from  f92beb98de0c8fdbf18f29642264258cc2ff05e7 (commit)


- Log -----------------------------------------------------------------
commit 46aa6078675132bce25c1d06878ae0fcc5f7cd55
Author: Rich Salz <rsalz at openssl.org>
Date:   Sat Apr 25 16:07:28 2015 -0400

    apps-cleanup: the doc fixes
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 doc/apps/ocsp.pod | 9 ++++++++-
 doc/apps/rsa.pod  | 9 +--------
 doc/apps/x509.pod | 8 ++++----
 doc/crypto/ui.pod | 1 +
 4 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index d5565c9..a9b29b0 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -25,7 +25,8 @@ B<openssl> B<ocsp>
 [B<-nonce>]
 [B<-no_nonce>]
 [B<-url URL>]
-[B<-host host:n>]
+[B<-host host:port>]
+[B<-header>]
 [B<-path>]
 [B<-CApath dir>]
 [B<-CAfile file>]
@@ -161,6 +162,12 @@ if the B<host> option is present then the OCSP request is sent to the host
 B<hostname> on port B<port>. B<path> specifies the HTTP path name to use
 or "/" by default.
 
+=item B<-header name=value>
+
+Adds the header B<name> with the specified B<value> to the OCSP request
+that is sent to the responder.
+This may be repeated.
+
 =item B<-timeout seconds>
 
 connection timeout to the OCSP responder in seconds
diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod
index 21cbf8e..734c602 100644
--- a/doc/apps/rsa.pod
+++ b/doc/apps/rsa.pod
@@ -14,7 +14,6 @@ B<openssl> B<rsa>
 [B<-passin arg>]
 [B<-out filename>]
 [B<-passout arg>]
-[B<-sgckey>]
 [B<-aes128>]
 [B<-aes192>]
 [B<-aes256>]
@@ -83,11 +82,6 @@ filename.
 the output file password source. For more information about the format of B<arg>
 see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
 
-=item B<-sgckey>
-
-use the modified NET algorithm used with some versions of Microsoft IIS and SGC
-keys.
-
 =item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
 
 These options encrypt the private key with the specified
@@ -165,8 +159,7 @@ files. To use these with the utility, view the file with a binary editor
 and look for the string "private-key", then trace back to the byte
 sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data
 from this point onwards to another file and use that as the input
-to the B<rsa> utility with the B<-inform NET> option. If you get
-an error after entering the password try the B<-sgckey> option.
+to the B<rsa> utility with the B<-inform NET> option.
 
 =head1 EXAMPLES
 
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index a1326ed..062a919 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -366,8 +366,7 @@ the B<-signkey> or B<-CA> options. If used in conjunction with the B<-CA>
 option the serial number file (as specified by the B<-CAserial> or
 B<-CAcreateserial> options) is not used.
 
-The serial number can be decimal or hex (if preceded by B<0x>). Negative
-serial numbers can also be specified but their use is not recommended.
+The serial number can be decimal or hex (if preceded by B<0x>).
 
 =item B<-CA filename>
 
@@ -402,8 +401,9 @@ The default filename consists of the CA certificate file base name with
 
 with this option the CA serial number file is created if it does not exist:
 it will contain the serial number "02" and the certificate being signed will
-have the 1 as its serial number. Normally if the B<-CA> option is specified
-and the serial number file does not exist it is an error.
+have the 1 as its serial number. If the B<-CA> option is specified
+and the serial number file does not exist a random number is generated;
+this is the recommended practice.
 
 =item B<-extfile filename>
 
diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod
index 04f8e9c..9dbc2da 100644
--- a/doc/crypto/ui.pod
+++ b/doc/crypto/ui.pod
@@ -106,6 +106,7 @@ most problems when porting.
 
 UI_free() removes a UI from memory, along with all other pieces of memory
 that's connected to it, like duplicated input strings, results and others.
+If B<ui> is NULL nothing is done.
 
 UI_add_input_string() and UI_add_verify_string() add a prompt to the UI,
 as well as flags and a result buffer and the desired minimum and maximum

More information about the openssl-commits mailing list