[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
Rich Salz
rsalz at openssl.org
Wed Feb 8 02:12:10 UTC 2017
The branch OpenSSL_1_1_0-stable has been updated
via 31041c40d45c9a2a2f59c5de64feebeff35455d9 (commit)
from ea9b8d847f0c209e3caccb95a05fc20298c1d6eb (commit)
- Log -----------------------------------------------------------------
commit 31041c40d45c9a2a2f59c5de64feebeff35455d9
Author: Rich Salz <rsalz at openssl.org>
Date: Tue Feb 7 11:33:21 2017 -0500
Centralize documentation about config file location
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2569)
(cherry picked from commit e9681f8314c64c6802b11997c471bd763de38c8c)
-----------------------------------------------------------------------
Summary of changes:
doc/apps/CA.pl.pod | 8 +-------
doc/apps/ca.pod | 7 ++-----
doc/apps/openssl.pod | 9 +++++++++
doc/apps/req.pod | 12 +++---------
doc/apps/ts.pod | 24 +++++++++++-------------
5 files changed, 26 insertions(+), 34 deletions(-)
diff --git a/doc/apps/CA.pl.pod b/doc/apps/CA.pl.pod
index 727cce1..a7f3970 100644
--- a/doc/apps/CA.pl.pod
+++ b/doc/apps/CA.pl.pod
@@ -191,18 +191,12 @@ be wrong. In this case the command:
perl -S CA.pl
can be used and the B<OPENSSL_CONF> environment variable changed to point to
-the correct path of the configuration file "openssl.cnf".
+the correct path of the configuration file.
The script is intended as a simple front end for the B<openssl> program for use
by a beginner. Its behaviour isn't always what is wanted. For more control over the
behaviour of the certificate commands call the B<openssl> command directly.
-=head1 ENVIRONMENT VARIABLES
-
-The variable B<OPENSSL_CONF> if defined allows an alternative configuration
-file location to be specified, it should contain the full path to the
-configuration file, not just its directory.
-
=head1 SEE ALSO
L<x509(1)>, L<ca(1)>, L<req(1)>, L<pkcs12(1)>,
diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod
index 5d4cfda..c09db82 100644
--- a/doc/apps/ca.pod
+++ b/doc/apps/ca.pod
@@ -77,6 +77,8 @@ this prints extra details about the operations being performed.
=item B<-config filename>
specifies the configuration file to use.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
=item B<-name section>
@@ -633,11 +635,6 @@ The values below reflect the default values.
./demoCA/certs - certificate output file
./demoCA/.rnd - CA random seed information
-=head1 ENVIRONMENT VARIABLES
-
-B<OPENSSL_CONF> reflects the location of master configuration file it can
-be overridden by the B<-config> command line option.
-
=head1 RESTRICTIONS
The text database index file is a critical part of the process and
diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod
index a7e65ff..da07cd5 100644
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@@ -40,6 +40,15 @@ The B<openssl> program provides a rich variety of commands (I<command> in the
SYNOPSIS above), each of which often has a wealth of options and arguments
(I<command_opts> and I<command_args> in the SYNOPSIS).
+Many commands use an external configuration file for some or all of their
+arguments and have a B<-config> option to specify that file.
+The environment variable B<OPENSSL_CONF> can be used to specify
+the location of the file.
+If the environment variable is not specified, then the file is named
+B<openssl.cnf> in the default certificate storage area, whose value
+depends on the configuration flags specified when the OpenSSL
+was built.
+
The list parameters B<standard-commands>, B<digest-commands>,
and B<cipher-commands> output a list (one entry per line) of the names
of all standard commands, message digest commands, or cipher commands,
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 8ba04ae..83b5704 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -204,9 +204,9 @@ GOST R 34.11-94 (B<-md_gost94>).
=item B<-config filename>
-this allows an alternative configuration file to be specified,
-this overrides the compile time filename or any specified in
-the B<OPENSSL_CONF> environment variable.
+this allows an alternative configuration file to be specified.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
=item B<-subj arg>
@@ -623,12 +623,6 @@ then the B<SET OF> is missing and the encoding is technically invalid (but
it is tolerated). See the description of the command line option B<-asn1-kludge>
for more information.
-=head1 ENVIRONMENT VARIABLES
-
-The variable B<OPENSSL_CONF> if defined allows an alternative configuration
-file location to be specified, it will be overridden by the B<-config> command
-line switch if it is present.
-
=head1 BUGS
OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod
index 02b2ada..d807394 100644
--- a/doc/apps/ts.pod
+++ b/doc/apps/ts.pod
@@ -139,9 +139,9 @@ MS-Windows, B<,> for VMS and B<:> for all other platforms. (Optional)
=item B<-config> configfile
-The configuration file to use, this option overrides the
-B<OPENSSL_CONF> environment variable. Only the OID section
-of the config file is used with the B<-query> command. (Optional)
+The configuration file to use.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
=item B<-data> file_to_hash
@@ -216,9 +216,10 @@ otherwise it is a time stamp token (ContentInfo).
=item B<-config> configfile
-The configuration file to use, this option overrides the
-B<OPENSSL_CONF> environment variable. See B<CONFIGURATION FILE
-OPTIONS> for configurable variables. (Optional)
+The configuration file to use.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
+See B<CONFIGURATION FILE OPTIONS> for configurable variables.
=item B<-section> tsa_section
@@ -386,8 +387,8 @@ verification. See L<verify(1)>.
=head1 CONFIGURATION FILE OPTIONS
-The B<-query> and B<-reply> commands make use of a configuration file
-defined by the B<OPENSSL_CONF> environment variable. See L<config(5)>
+The B<-query> and B<-reply> commands make use of a configuration file.
+See L<config(5)>
for a general description of the syntax of the config file. The
B<-query> command uses only the symbolic OID names section
and it can work without it. However, the B<-reply> command needs the
@@ -505,11 +506,6 @@ included. Default is no. (Optional)
=back
-=head1 ENVIRONMENT VARIABLES
-
-B<OPENSSL_CONF> contains the path of the configuration file and can be
-overridden by the B<-config> command line option.
-
=head1 EXAMPLES
All the examples below presume that B<OPENSSL_CONF> is set to a proper
@@ -608,6 +604,8 @@ You could also look at the 'test' directory for more examples.
=head1 BUGS
+=for comment foreign manuals: procmail(1), perl(1)
+
If you find any bugs or you have suggestions please write to
Zoltan Glozik <zglozik at opentsa.org>. Known issues:
More information about the openssl-commits
mailing list