[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Rich Salz rsalz at openssl.org
Sun Jan 7 03:33:42 UTC 2018 

The branch OpenSSL_1_1_0-stable has been updated
       via  794bf5f756ad4748735e9b333c40d2b1bf685c36 (commit)
      from  f20aa0a6e91f25dccfbaeeba9ad8f2f6800d7bc4 (commit)


- Log -----------------------------------------------------------------
commit 794bf5f756ad4748735e9b333c40d2b1bf685c36
Author: Rich Salz <rsalz at openssl.org>
Date:   Sat Jan 6 22:32:59 2018 -0500

    Add fingerprint text, remove MD5
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    (Merged from https://github.com/openssl/openssl/pull/4906)
    (Cherry-picked from commit 9422d45de2b70cabec5f6e6a5c812e0647e6d3ab)

-----------------------------------------------------------------------

Summary of changes:
 doc/apps/x509.pod | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 62520b3..a032639 100644
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -231,8 +231,11 @@ non-zero if yes it will expire or zero if not.
 
 =item B<-fingerprint>
 
-prints out the digest of the DER encoded version of the whole certificate
-(see digest options).
+Calculates and outputs the digest of the DER encoded version of the entire
+certificate (see digest options).
+This is commonly called a "fingerprint". Because of the nature of message
+digests, the fingerprint of a certificate is unique to that certificate and
+two certificates with the same fingerprint can be considered to be the same.
 
 =item B<-C>
 
@@ -687,10 +690,6 @@ supporting UTF8:
 
  openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
 
-Display the certificate MD5 fingerprint:
-
- openssl x509 -in cert.pem -noout -fingerprint
-
 Display the certificate SHA1 fingerprint:
 
  openssl x509 -sha1 -in cert.pem -noout -fingerprint
@@ -744,13 +743,6 @@ T61Strings use the ISO8859-1 character set. This is wrong but Netscape
 and MSIE do this as do many certificates. So although this is incorrect
 it is more likely to display the majority of certificates correctly.
 
-The B<-fingerprint> option takes the digest of the DER encoded certificate.
-This is commonly called a "fingerprint". Because of the nature of message
-digests the fingerprint of a certificate is unique to that certificate and
-two certificates with the same fingerprint can be considered to be the same.
-
-The Netscape fingerprint uses MD5 whereas MSIE uses SHA1.
-
 The B<-email> option searches the subject name and the subject alternative
 name extension. Only unique email addresses will be printed out: it will
 not print the same address more than once.

More information about the openssl-commits mailing list