[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Rich Salz rsalz at openssl.org
Wed Feb 8 02:12:10 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  31041c40d45c9a2a2f59c5de64feebeff35455d9 (commit)
      from  ea9b8d847f0c209e3caccb95a05fc20298c1d6eb (commit)


- Log -----------------------------------------------------------------
commit 31041c40d45c9a2a2f59c5de64feebeff35455d9
Author: Rich Salz <rsalz at openssl.org>
Date:   Tue Feb 7 11:33:21 2017 -0500

    Centralize documentation about config file location
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2569)
    (cherry picked from commit e9681f8314c64c6802b11997c471bd763de38c8c)

-----------------------------------------------------------------------

Summary of changes:
 doc/apps/CA.pl.pod   |  8 +-------
 doc/apps/ca.pod      |  7 ++-----
 doc/apps/openssl.pod |  9 +++++++++
 doc/apps/req.pod     | 12 +++---------
 doc/apps/ts.pod      | 24 +++++++++++-------------
 5 files changed, 26 insertions(+), 34 deletions(-)

diff --git a/doc/apps/CA.pl.pod b/doc/apps/CA.pl.pod
index 727cce1..a7f3970 100644
--- a/doc/apps/CA.pl.pod
+++ b/doc/apps/CA.pl.pod
@@ -191,18 +191,12 @@ be wrong. In this case the command:
  perl -S CA.pl
 
 can be used and the B<OPENSSL_CONF> environment variable changed to point to
-the correct path of the configuration file "openssl.cnf".
+the correct path of the configuration file.
 
 The script is intended as a simple front end for the B<openssl> program for use
 by a beginner. Its behaviour isn't always what is wanted. For more control over the
 behaviour of the certificate commands call the B<openssl> command directly.
 
-=head1 ENVIRONMENT VARIABLES
-
-The variable B<OPENSSL_CONF> if defined allows an alternative configuration
-file location to be specified, it should contain the full path to the
-configuration file, not just its directory.
-
 =head1 SEE ALSO
 
 L<x509(1)>, L<ca(1)>, L<req(1)>, L<pkcs12(1)>,
diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod
index 5d4cfda..c09db82 100644
--- a/doc/apps/ca.pod
+++ b/doc/apps/ca.pod
@@ -77,6 +77,8 @@ this prints extra details about the operations being performed.
 =item B<-config filename>
 
 specifies the configuration file to use.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
 
 =item B<-name section>
 
@@ -633,11 +635,6 @@ The values below reflect the default values.
  ./demoCA/certs                 - certificate output file
  ./demoCA/.rnd                  - CA random seed information
 
-=head1 ENVIRONMENT VARIABLES
-
-B<OPENSSL_CONF> reflects the location of master configuration file it can
-be overridden by the B<-config> command line option.
-
 =head1 RESTRICTIONS
 
 The text database index file is a critical part of the process and
diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod
index a7e65ff..da07cd5 100644
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@@ -40,6 +40,15 @@ The B<openssl> program provides a rich variety of commands (I<command> in the
 SYNOPSIS above), each of which often has a wealth of options and arguments
 (I<command_opts> and I<command_args> in the SYNOPSIS).
 
+Many commands use an external configuration file for some or all of their
+arguments and have a B<-config> option to specify that file.
+The environment variable B<OPENSSL_CONF> can be used to specify
+the location of the file.
+If the environment variable is not specified, then the file is named
+B<openssl.cnf> in the default certificate storage area, whose value
+depends on the configuration flags specified when the OpenSSL
+was built.
+
 The list parameters B<standard-commands>, B<digest-commands>,
 and B<cipher-commands> output a list (one entry per line) of the names
 of all standard commands, message digest commands, or cipher commands,
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
index 8ba04ae..83b5704 100644
--- a/doc/apps/req.pod
+++ b/doc/apps/req.pod
@@ -204,9 +204,9 @@ GOST R 34.11-94 (B<-md_gost94>).
 
 =item B<-config filename>
 
-this allows an alternative configuration file to be specified,
-this overrides the compile time filename or any specified in
-the B<OPENSSL_CONF> environment variable.
+this allows an alternative configuration file to be specified.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
 
 =item B<-subj arg>
 
@@ -623,12 +623,6 @@ then the B<SET OF> is missing and the encoding is technically invalid (but
 it is tolerated). See the description of the command line option B<-asn1-kludge>
 for more information.
 
-=head1 ENVIRONMENT VARIABLES
-
-The variable B<OPENSSL_CONF> if defined allows an alternative configuration
-file location to be specified, it will be overridden by the B<-config> command
-line switch if it is present.
-
 =head1 BUGS
 
 OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod
index 02b2ada..d807394 100644
--- a/doc/apps/ts.pod
+++ b/doc/apps/ts.pod
@@ -139,9 +139,9 @@ MS-Windows, B<,> for VMS and B<:> for all other platforms. (Optional)
 
 =item B<-config> configfile
 
-The configuration file to use, this option overrides the
-B<OPENSSL_CONF> environment variable. Only the OID section
-of the config file is used with the B<-query> command. (Optional)
+The configuration file to use.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
 
 =item B<-data> file_to_hash
 
@@ -216,9 +216,10 @@ otherwise it is a time stamp token (ContentInfo).
 
 =item B<-config> configfile
 
-The configuration file to use, this option overrides the
-B<OPENSSL_CONF> environment variable. See B<CONFIGURATION FILE
-OPTIONS> for configurable variables. (Optional)
+The configuration file to use.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
+See B<CONFIGURATION FILE OPTIONS> for configurable variables.
 
 =item B<-section> tsa_section
 
@@ -386,8 +387,8 @@ verification.  See L<verify(1)>.
 
 =head1 CONFIGURATION FILE OPTIONS
 
-The B<-query> and B<-reply> commands make use of a configuration file
-defined by the B<OPENSSL_CONF> environment variable. See L<config(5)>
+The B<-query> and B<-reply> commands make use of a configuration file.
+See L<config(5)>
 for a general description of the syntax of the config file. The
 B<-query> command uses only the symbolic OID names section
 and it can work without it. However, the B<-reply> command needs the
@@ -505,11 +506,6 @@ included. Default is no. (Optional)
 
 =back
 
-=head1 ENVIRONMENT VARIABLES
-
-B<OPENSSL_CONF> contains the path of the configuration file and can be
-overridden by the B<-config> command line option.
-
 =head1 EXAMPLES
 
 All the examples below presume that B<OPENSSL_CONF> is set to a proper
@@ -608,6 +604,8 @@ You could also look at the 'test' directory for more examples.
 
 =head1 BUGS
 
+=for comment foreign manuals: procmail(1), perl(1)
+
 If you find any bugs or you have suggestions please write to
 Zoltan Glozik <zglozik at opentsa.org>. Known issues:
 


More information about the openssl-commits mailing list