[openssl-users] minor documentation errors
rsalz at akamai.com
Sat May 9 19:47:53 UTC 2015
> After getting into building and especially configuring my own CA again I'm
> nearly at the end and I've noticed some errors in the documentation I want
> to report.
I like the "again" :)
> 3) On https://www.openssl.org/docs/apps/req.html the option -subj is listed
> twice with a slightly different explanation
That's a bug, we'll fix it. Thanks.
> 1) On https://www.openssl.org/docs/apps/ca.html for the -md option not all
> possible values (sha256, sha384, etc.) are list but just md5, sha1 and mdc2
> 2) On https://www.openssl.org/docs/apps/req.html for the -[digest] option
> not all possible values are listed
> 4) On https://www.openssl.org/docs/apps/req.html for the default_md
> option not all possible values are listed (shouldn't this reference the -[digest]
> 5) On https://www.openssl.org/docs/apps/x509.html not all available
> options are listed in -md2|-md5|-sha1|-mdc2
Getting this correct is incredibly painful, as it depends on the configuration options chosen when building openssl, and right now the manpages are not affected by the config. Our plan for this is to say "any supported digest." That will be updated in a couple of days, and then pushed to the website in hour or so later.
> I also would like to ask if there's a newer version (or subtree) of openssl that
> is cleaned up.
I don't know what you mean by this.
> Currently there are many ways of creating a CSR, signing a
> certificate, etc. I think this is confusing everybody.
The CA script is a wrapper around the various commands, and is reasonable. But we're not planning on removing any of the current mechanisms. Ivan Ristic has a really great, free, OpenSSL cookbook that might be useful: https://www.feistyduck.com/books/openssl-cookbook/
More information about the openssl-users