/[packages]/cauldron/libressl/current/SOURCES/libressl-2.3.1-man1-libressl.diff
ViewVC logotype

Contents of /cauldron/libressl/current/SOURCES/libressl-2.3.1-man1-libressl.diff

Parent Directory Parent Directory | Revision Log Revision Log


Revision 905744 - (show annotations) (download)
Tue Nov 24 13:47:53 2015 UTC (8 years, 4 months ago) by oden
File size: 56334 byte(s)
imported package libressl
1 diff -Naurp libressl-2.3.1/apps/openssl/Makefile.am libressl-2.3.1.oden/apps/openssl/Makefile.am
2 --- libressl-2.3.1/apps/openssl/Makefile.am 2015-11-24 12:08:52.422002611 +0100
3 +++ libressl-2.3.1.oden/apps/openssl/Makefile.am 2015-11-24 12:09:15.822646127 +0100
4 @@ -2,7 +2,7 @@ include $(top_srcdir)/Makefile.am.common
5
6 bin_PROGRAMS = openssl
7
8 -dist_man_MANS = openssl.1
9 +dist_man_MANS = libressl.1
10
11 openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
12 openssl_LDADD += $(top_builddir)/ssl/libssl.la
13 diff -Naurp libressl-2.3.1/apps/openssl/Makefile.in libressl-2.3.1.oden/apps/openssl/Makefile.in
14 --- libressl-2.3.1/apps/openssl/Makefile.in 2015-11-24 12:08:52.422002611 +0100
15 +++ libressl-2.3.1.oden/apps/openssl/Makefile.in 2015-11-24 12:09:39.398294495 +0100
16 @@ -376,7 +376,7 @@ top_builddir = @top_builddir@
17 top_srcdir = @top_srcdir@
18 AM_CFLAGS =
19 AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL
20 -dist_man_MANS = openssl.1
21 +dist_man_MANS = libressl.1
22 openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) \
23 $(top_builddir)/ssl/libssl.la \
24 $(top_builddir)/crypto/libcrypto.la
25 diff -Naurp libressl-2.3.1/apps/openssl/openssl.1 libressl-2.3.1.oden/apps/openssl/openssl.1
26 --- libressl-2.3.1/apps/openssl/openssl.1 2015-10-15 23:12:24.000000000 +0200
27 +++ libressl-2.3.1.oden/apps/openssl/openssl.1 2015-11-24 12:09:15.824646097 +0100
28 @@ -113,11 +113,11 @@
29 .\" OPENSSL
30 .\"
31 .Dd $Mdocdate: September 14 2015 $
32 -.Dt OPENSSL 1
33 +.Dt LibreSSL 1
34 .Os
35 .Sh NAME
36 -.Nm openssl
37 -.Nd OpenSSL command line tool
38 +.Nm libressl
39 +.Nd LibreSSL command line tool
40 .Sh SYNOPSIS
41 .Nm
42 .Cm command
43 @@ -136,7 +136,7 @@
44 .Cm no- Ns Ar XXX
45 .Op Ar arbitrary options
46 .Sh DESCRIPTION
47 -.Nm OpenSSL
48 +.Nm LibreSSL
49 is a cryptography toolkit implementing the Secure Sockets Layer
50 .Pq SSL v3
51 and Transport Layer Security
52 @@ -147,7 +147,7 @@ The
53 .Nm
54 program is a command line tool for using the various
55 cryptography functions of
56 -.Nm OpenSSL Ns Li 's
57 +.Nm LibreSSL Ns Li 's
58 .Em crypto
59 library from the shell.
60 It can be used for
61 @@ -339,7 +339,7 @@ This implements a generic SSL/TLS client
62 connection to a remote server speaking SSL/TLS.
63 It's intended for testing purposes only and provides only rudimentary
64 interface functionality but internally uses mostly all functionality of the
65 -.Nm OpenSSL
66 +.Nm LibreSSL
67 .Em ssl
68 library.
69 .It Cm s_server
70 @@ -347,7 +347,7 @@ This implements a generic SSL/TLS server
71 clients speaking SSL/TLS.
72 It's intended for testing purposes only and provides only rudimentary
73 interface functionality but internally uses mostly all functionality of the
74 -.Nm OpenSSL
75 +.Nm LibreSSL
76 .Em ssl
77 library.
78 It provides both an own command line oriented protocol for testing
79 @@ -368,7 +368,7 @@ Time stamping authority tool (client/ser
80 .It Cm verify
81 X.509 certificate verification.
82 .It Cm version
83 -.Nm OpenSSL
84 +.Nm LibreSSL
85 version information.
86 .It Cm x509
87 X.509 certificate data management.
88 @@ -504,7 +504,7 @@ Read the password from standard input.
89 .\"
90 .Sh ASN1PARSE
91 .nr nS 1
92 -.Nm "openssl asn1parse"
93 +.Nm "libressl asn1parse"
94 .Bk -words
95 .Op Fl i
96 .Op Fl dlimit Ar number
97 @@ -650,7 +650,7 @@ BF0EDF2B4068058C7A947F52548DDF7E15E96B38
98 If an OID
99 .Pq object identifier
100 is not part of
101 -.Nm OpenSSL Ns Li 's
102 +.Nm LibreSSL Ns Li 's
103 internal table it will be represented in
104 numerical form
105 .Pq for example 1.2.3.4 .
106 @@ -673,11 +673,11 @@ Example:
107 .Sh ASN1 EXAMPLES
108 Parse a file:
109 .Pp
110 -.Dl $ openssl asn1parse -in file.pem
111 +.Dl $ libressl asn1parse -in file.pem
112 .Pp
113 Parse a DER file:
114 .Pp
115 -.Dl $ openssl asn1parse -inform DER -in file.der
116 +.Dl $ libressl asn1parse -inform DER -in file.der
117 .Sh ASN1PARSE BUGS
118 There should be options to change the format of output lines.
119 The output of some ASN.1 types is not well handled
120 @@ -687,7 +687,7 @@ The output of some ASN.1 types is not we
121 .\"
122 .Sh CA
123 .nr nS 1
124 -.Nm "openssl ca"
125 +.Nm "libressl ca"
126 .Bk -words
127 .Op Fl batch
128 .Op Fl cert Ar file
129 @@ -1217,23 +1217,23 @@ and the empty index file
130 .Pp
131 Sign a certificate request:
132 .Pp
133 -.Dl $ openssl ca -in req.pem -out newcert.pem
134 +.Dl $ libressl ca -in req.pem -out newcert.pem
135 .Pp
136 Sign a certificate request, using CA extensions:
137 .Pp
138 -.Dl $ openssl ca -in req.pem -extensions v3_ca -out newcert.pem
139 +.Dl $ libressl ca -in req.pem -extensions v3_ca -out newcert.pem
140 .Pp
141 Generate a CRL:
142 .Pp
143 -.Dl $ openssl ca -gencrl -out crl.pem
144 +.Dl $ libressl ca -gencrl -out crl.pem
145 .Pp
146 Sign several requests:
147 .Pp
148 -.Dl $ openssl ca -infiles req1.pem req2.pem req3.pem
149 +.Dl $ libressl ca -infiles req1.pem req2.pem req3.pem
150 .Pp
151 Certify a Netscape SPKAC:
152 .Pp
153 -.Dl $ openssl ca -spkac spkac.txt
154 +.Dl $ libressl ca -spkac spkac.txt
155 .Pp
156 A sample SPKAC file
157 .Pq the SPKAC line has been truncated for clarity :
158 @@ -1286,7 +1286,7 @@ the location of all files can change eit
159 configuration file entries, environment variables, or command line options.
160 The values below reflect the default values.
161 .Bd -literal -offset indent
162 -/etc/ssl/openssl.cnf - master configuration file
163 +/etc/pki/tls/libressl.cnf - master configuration file
164 \&./demoCA - main CA directory
165 \&./demoCA/cacert.pem - CA certificate
166 \&./demoCA/private/cakey.pem - CA private key
167 @@ -1401,7 +1401,7 @@ then even if a certificate is issued wit
168 .\" CIPHERS
169 .\"
170 .Sh CIPHERS
171 -.Nm openssl ciphers
172 +.Nm libressl ciphers
173 .Op Fl hVv
174 .Op Fl tls1
175 .Op Ar cipherlist
176 @@ -1409,7 +1409,7 @@ then even if a certificate is issued wit
177 The
178 .Nm ciphers
179 command converts
180 -.Nm OpenSSL
181 +.Nm LibreSSL
182 cipher lists into ordered SSL cipher preference lists.
183 It can be used as a test tool to determine the appropriate cipherlist.
184 .Pp
185 @@ -1589,34 +1589,34 @@ Cipher suites using SHA1.
186 .El
187 .Sh CIPHERS EXAMPLES
188 Verbose listing of all
189 -.Nm OpenSSL
190 +.Nm LibreSSL
191 ciphers including NULL ciphers:
192 .Pp
193 -.Dl $ openssl ciphers -v 'ALL:eNULL'
194 +.Dl $ libressl ciphers -v 'ALL:eNULL'
195 .Pp
196 Include all ciphers except NULL and anonymous DH then sort by
197 strength:
198 .Pp
199 -.Dl $ openssl ciphers -v 'ALL:!ADH:@STRENGTH'
200 +.Dl $ libressl ciphers -v 'ALL:!ADH:@STRENGTH'
201 .Pp
202 Include only 3DES ciphers and then place RSA ciphers last:
203 .Pp
204 -.Dl $ openssl ciphers -v '3DES:+RSA'
205 +.Dl $ libressl ciphers -v '3DES:+RSA'
206 .Pp
207 Include all RC4 ciphers but leave out those without authentication:
208 .Pp
209 -.Dl $ openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
210 +.Dl $ libressl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
211 .Pp
212 Include all ciphers with RSA authentication but leave out ciphers without
213 encryption:
214 .Pp
215 -.Dl $ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
216 +.Dl $ libressl ciphers -v 'RSA:!COMPLEMENTOFALL'
217 .\"
218 .\" CRL
219 .\"
220 .Sh CRL
221 .nr nS 1
222 -.Nm "openssl crl"
223 +.Nm "libressl crl"
224 .Bk -words
225 .Op Fl CAfile Ar file
226 .Op Fl CApath Ar dir
227 @@ -1696,11 +1696,11 @@ The PEM CRL format uses the header and f
228 .Sh CRL EXAMPLES
229 Convert a CRL file from PEM to DER:
230 .Pp
231 -.Dl $ openssl crl -in crl.pem -outform DER -out crl.der
232 +.Dl $ libressl crl -in crl.pem -outform DER -out crl.der
233 .Pp
234 Output the text form of a DER-encoded certificate:
235 .Pp
236 -.Dl $ openssl crl -in crl.der -inform DER -text -noout
237 +.Dl $ libressl crl -in crl.der -inform DER -text -noout
238 .Sh CRL BUGS
239 Ideally, it should be possible to create a CRL using appropriate options
240 and files too.
241 @@ -1709,7 +1709,7 @@ and files too.
242 .\"
243 .Sh CRL2PKCS7
244 .nr nS 1
245 -.Nm "openssl crl2pkcs7"
246 +.Nm "libressl crl2pkcs7"
247 .Bk -words
248 .Op Fl certfile Ar file
249 .Op Fl in Ar file
250 @@ -1766,12 +1766,12 @@ is a base64-encoded version of the DER f
251 .Sh CRL2PKCS7 EXAMPLES
252 Create a PKCS#7 structure from a certificate and CRL:
253 .Pp
254 -.Dl $ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
255 +.Dl $ libressl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
256 .Pp
257 Create a PKCS#7 structure in DER format with no CRL from several
258 different certificates:
259 .Bd -literal -offset indent
260 -$ openssl crl2pkcs7 -nocrl -certfile newcert.pem \e
261 +$ libressl crl2pkcs7 -nocrl -certfile newcert.pem \e
262 -certfile demoCA/cacert.pem -outform DER -out p7.der
263 .Ed
264 .Sh CRL2PKCS7 NOTES
265 @@ -1791,7 +1791,7 @@ install user certificates and CAs in MSI
266 .\"
267 .Sh DGST
268 .nr nS 1
269 -.Nm "openssl dgst"
270 +.Nm "libressl dgst"
271 .Bk -words
272 .Oo
273 .Fl gost-mac | streebog256 | streebog512 | md_gost94 |
274 @@ -1816,7 +1816,7 @@ install user certificates and CAs in MSI
275 .Ek
276 .nr nS 0
277 .Pp
278 -.Nm openssl
279 +.Nm libressl
280 .Cm gost-mac | streebog256 | streebog512 | md_gost94 |
281 .Cm md4 | md5 | ripemd160 | sha1 |
282 .Cm sha224 | sha256 | sha384 | sha512 | whirlpool
283 @@ -1935,7 +1935,7 @@ below.
284 .\"
285 .Sh DHPARAM
286 .nr nS 1
287 -.Nm "openssl dhparam"
288 +.Nm "libressl dhparam"
289 .Bk -words
290 .Op Fl 2 | 5
291 .Op Fl C
292 @@ -2041,7 +2041,7 @@ and
293 .Nm gendh
294 programs are retained for now, but may have different purposes in future
295 versions of
296 -.Nm OpenSSL .
297 +.Nm LibreSSL .
298 .Sh DHPARAM NOTES
299 PEM format DH parameters use the header and footer lines:
300 .Bd -unfilled -offset indent
301 @@ -2049,7 +2049,7 @@ PEM format DH parameters use the header
302 -----END DH PARAMETERS-----
303 .Ed
304 .Pp
305 -.Nm OpenSSL
306 +.Nm LibreSSL
307 currently only supports the older PKCS#3 DH,
308 not the newer X9.42 DH.
309 .Pp
310 @@ -2072,7 +2072,7 @@ option was added in
311 .\"
312 .Sh DSA
313 .nr nS 1
314 -.Nm "openssl dsa"
315 +.Nm "libressl dsa"
316 .Bk -words
317 .Oo
318 .Fl aes128 | aes192 | aes256 |
319 @@ -2202,29 +2202,29 @@ The PEM public key format uses the heade
320 .Sh DSA EXAMPLES
321 To remove the pass phrase on a DSA private key:
322 .Pp
323 -.Dl $ openssl dsa -in key.pem -out keyout.pem
324 +.Dl $ libressl dsa -in key.pem -out keyout.pem
325 .Pp
326 To encrypt a private key using triple DES:
327 .Pp
328 -.Dl $ openssl dsa -in key.pem -des3 -out keyout.pem
329 +.Dl $ libressl dsa -in key.pem -des3 -out keyout.pem
330 .Pp
331 To convert a private key from PEM to DER format:
332 .Pp
333 -.Dl $ openssl dsa -in key.pem -outform DER -out keyout.der
334 +.Dl $ libressl dsa -in key.pem -outform DER -out keyout.der
335 .Pp
336 To print out the components of a private key to standard output:
337 .Pp
338 -.Dl $ openssl dsa -in key.pem -text -noout
339 +.Dl $ libressl dsa -in key.pem -text -noout
340 .Pp
341 To just output the public part of a private key:
342 .Pp
343 -.Dl $ openssl dsa -in key.pem -pubout -out pubkey.pem
344 +.Dl $ libressl dsa -in key.pem -pubout -out pubkey.pem
345 .\"
346 .\" DSAPARAM
347 .\"
348 .Sh DSAPARAM
349 .nr nS 1
350 -.Nm "openssl dsaparam"
351 +.Nm "libressl dsaparam"
352 .Bk -words
353 .Op Fl C
354 .Op Fl genkey
355 @@ -2308,7 +2308,7 @@ DSA parameters is often used to generate
356 .\"
357 .Sh EC
358 .nr nS 1
359 -.Nm "openssl ec"
360 +.Nm "libressl ec"
361 .Bk -words
362 .Op Fl conv_form Ar arg
363 .Op Fl des
364 @@ -2334,12 +2334,12 @@ command processes EC keys.
365 They can be converted between various
366 forms and their components printed out.
367 Note:
368 -.Nm OpenSSL
369 +.Nm LibreSSL
370 uses the private key format specified in
371 .Dq SEC 1: Elliptic Curve Cryptography
372 .Pq Lk http://www.secg.org/ .
373 To convert an
374 -.Nm OpenSSL
375 +.Nm LibreSSL
376 EC private key into the PKCS#8 private key format use the
377 .Nm pkcs8
378 command.
379 @@ -2367,7 +2367,7 @@ at compile time.
380 .It Fl des | des3
381 These options encrypt the private key with the DES, triple DES, or
382 any other cipher supported by
383 -.Nm OpenSSL
384 +.Nm LibreSSL
385 before outputting it.
386 A pass phrase is prompted for.
387 If none of these options is specified the key is written in plain text.
388 @@ -2422,7 +2422,7 @@ Note: the
389 alternative,
390 as specified in RFC 3279,
391 is currently not implemented in
392 -.Nm OpenSSL .
393 +.Nm LibreSSL .
394 .It Fl passin Ar arg
395 The key password source.
396 For more information about the format of
397 @@ -2462,34 +2462,34 @@ The PEM public key format uses the heade
398 .Sh EC EXAMPLES
399 To encrypt a private key using triple DES:
400 .Bd -literal -offset indent
401 -$ openssl ec -in key.pem -des3 -out keyout.pem
402 +$ libressl ec -in key.pem -des3 -out keyout.pem
403 .Ed
404 .Pp
405 To convert a private key from PEM to DER format:
406 .Bd -literal -offset indent
407 -$ openssl ec -in key.pem -outform DER -out keyout.der
408 +$ libressl ec -in key.pem -outform DER -out keyout.der
409 .Ed
410 .Pp
411 To print out the components of a private key to standard output:
412 .Bd -literal -offset indent
413 -$ openssl ec -in key.pem -text -noout
414 +$ libressl ec -in key.pem -text -noout
415 .Ed
416 .Pp
417 To just output the public part of a private key:
418 .Bd -literal -offset indent
419 -$ openssl ec -in key.pem -pubout -out pubkey.pem
420 +$ libressl ec -in key.pem -pubout -out pubkey.pem
421 .Ed
422 .Pp
423 To change the parameter encoding to
424 .Cm explicit :
425 .Bd -literal -offset indent
426 -$ openssl ec -in key.pem -param_enc explicit -out keyout.pem
427 +$ libressl ec -in key.pem -param_enc explicit -out keyout.pem
428 .Ed
429 .Pp
430 To change the point conversion form to
431 .Cm compressed :
432 .Bd -literal -offset indent
433 -$ openssl ec -in key.pem -conv_form compressed -out keyout.pem
434 +$ libressl ec -in key.pem -conv_form compressed -out keyout.pem
435 .Ed
436 .Sh EC HISTORY
437 The
438 @@ -2504,7 +2504,7 @@ command was first introduced in
439 .\"
440 .Sh ECPARAM
441 .nr nS 1
442 -.Nm "openssl ecparam"
443 +.Nm "libressl ecparam"
444 .Bk -words
445 .Op Fl C
446 .Op Fl check
447 @@ -2602,7 +2602,7 @@ Note: the
448 .Cm implicitlyCA
449 alternative, as specified in RFC 3279,
450 is currently not implemented in
451 -.Nm OpenSSL .
452 +.Nm LibreSSL .
453 .It Fl text
454 Print out the EC parameters in human readable form.
455 .El
456 @@ -2613,41 +2613,41 @@ PEM format EC parameters use the header
457 -----END EC PARAMETERS-----
458 .Ed
459 .Pp
460 -.Nm OpenSSL
461 +.Nm LibreSSL
462 is currently not able to generate new groups and therefore
463 .Nm ecparam
464 can only create EC parameters from known (named) curves.
465 .Sh ECPARAM EXAMPLES
466 To create EC parameters with the group 'prime192v1':
467 .Bd -literal -offset indent
468 -$ openssl ecparam -out ec_param.pem -name prime192v1
469 +$ libressl ecparam -out ec_param.pem -name prime192v1
470 .Ed
471 .Pp
472 To create EC parameters with explicit parameters:
473 .Bd -literal -offset indent
474 -$ openssl ecparam -out ec_param.pem -name prime192v1 \e
475 +$ libressl ecparam -out ec_param.pem -name prime192v1 \e
476 -param_enc explicit
477 .Ed
478 .Pp
479 To validate given EC parameters:
480 .Bd -literal -offset indent
481 -$ openssl ecparam -in ec_param.pem -check
482 +$ libressl ecparam -in ec_param.pem -check
483 .Ed
484 .Pp
485 To create EC parameters and a private key:
486 .Bd -literal -offset indent
487 -$ openssl ecparam -out ec_key.pem -name prime192v1 -genkey
488 +$ libressl ecparam -out ec_key.pem -name prime192v1 -genkey
489 .Ed
490 .Pp
491 To change the point encoding to 'compressed':
492 .Bd -literal -offset indent
493 -$ openssl ecparam -in ec_in.pem -out ec_out.pem \e
494 +$ libressl ecparam -in ec_in.pem -out ec_out.pem \e
495 -conv_form compressed
496 .Ed
497 .Pp
498 To print out the EC parameters to standard output:
499 .Bd -literal -offset indent
500 -$ openssl ecparam -in ec_param.pem -noout -text
501 +$ libressl ecparam -in ec_param.pem -noout -text
502 .Ed
503 .Sh ECPARAM HISTORY
504 The
505 @@ -2662,7 +2662,7 @@ command was first introduced in
506 .\"
507 .Sh ENC
508 .nr nS 1
509 -.Nm "openssl enc"
510 +.Nm "libressl enc"
511 .Bk -words
512 .Fl ciphername
513 .Op Fl AadePp
514 @@ -2837,9 +2837,9 @@ This is the default.
515 .El
516 .Sh ENC NOTES
517 The program can be called either as
518 -.Nm openssl ciphername
519 +.Nm libressl ciphername
520 or
521 -.Nm openssl enc -ciphername .
522 +.Nm libressl enc -ciphername .
523 .Pp
524 A password will be prompted for to derive the
525 .Ar key
526 @@ -2944,29 +2944,29 @@ rc4-40 40-bit RC4
527 .Sh ENC EXAMPLES
528 Just base64 encode a binary file:
529 .Pp
530 -.Dl $ openssl base64 -in file.bin -out file.b64
531 +.Dl $ libressl base64 -in file.bin -out file.b64
532 .Pp
533 Decode the same file:
534 .Pp
535 -.Dl $ openssl base64 -d -in file.b64 -out file.bin
536 +.Dl $ libressl base64 -d -in file.b64 -out file.bin
537 .Pp
538 Encrypt a file using triple DES in CBC mode using a prompted password:
539 .Pp
540 -.Dl $ openssl des3 -salt -in file.txt -out file.des3
541 +.Dl $ libressl des3 -salt -in file.txt -out file.des3
542 .Pp
543 Decrypt a file using a supplied password:
544 .Pp
545 -.Dl "$ openssl des3 -d -in file.des3 -out file.txt -k mypassword"
546 +.Dl "$ libressl des3 -d -in file.des3 -out file.txt -k mypassword"
547 .Pp
548 Encrypt a file then base64 encode it
549 (so it can be sent via mail for example)
550 using Blowfish in CBC mode:
551 .Pp
552 -.Dl $ openssl bf -a -salt -in file.txt -out file.bf
553 +.Dl $ libressl bf -a -salt -in file.txt -out file.bf
554 .Pp
555 Base64 decode a file then decrypt it:
556 .Pp
557 -.Dl "$ openssl bf -d -a -in file.bf -out file.txt"
558 +.Dl "$ libressl bf -d -a -in file.bf -out file.txt"
559 .Sh ENC BUGS
560 The
561 .Fl A
562 @@ -2983,7 +2983,7 @@ or RC4 with an 84-bit key with this prog
563 .\" ERRSTR
564 .\"
565 .Sh ERRSTR
566 -.Nm openssl errstr
567 +.Nm libressl errstr
568 .Op Fl stats
569 .Ar errno ...
570 .Pp
571 @@ -3019,7 +3019,7 @@ The following error code:
572 .Pp
573 \&...can be displayed with:
574 .Pp
575 -.Dl $ openssl errstr 2006D080
576 +.Dl $ libressl errstr 2006D080
577 .Pp
578 \&...to produce the error message:
579 .Pp
580 @@ -3039,7 +3039,7 @@ above.
581 .\"
582 .Sh GENDSA
583 .nr nS 1
584 -.Nm "openssl gendsa"
585 +.Nm "libressl gendsa"
586 .Bk -words
587 .Oo
588 .Fl aes128 | aes192 | aes256 |
589 @@ -3054,7 +3054,7 @@ The
590 .Nm gendsa
591 command generates a DSA private key from a DSA parameter file
592 (which will typically be generated by the
593 -.Nm openssl dsaparam
594 +.Nm libressl dsaparam
595 command).
596 .Pp
597 The options are as follows:
598 @@ -3075,7 +3075,7 @@ If this argument is not specified, stand
599 This option specifies the DSA parameter file to use.
600 The parameters in this file determine the size of the private key.
601 DSA parameters can be generated and examined using the
602 -.Nm openssl dsaparam
603 +.Nm libressl dsaparam
604 command.
605 .El
606 .Sh GENDSA NOTES
607 @@ -3086,7 +3086,7 @@ much quicker than RSA key generation, fo
608 .\"
609 .Sh GENPKEY
610 .nr nS 1
611 -.Nm "openssl genpkey"
612 +.Nm "libressl genpkey"
613 .Bk -words
614 .Op Fl algorithm Ar alg
615 .Op Ar cipher
616 @@ -3177,7 +3177,7 @@ parameters along with the DER or PEM str
617 The options supported by each algorithm
618 and indeed each implementation of an algorithm can vary.
619 The options for the
620 -.Nm OpenSSL
621 +.Nm LibreSSL
622 implementations are detailed below.
623 .Bl -tag -width Ds -offset indent
624 .It rsa_keygen_bits : Ns Ar numbits
625 @@ -3208,48 +3208,48 @@ The EC curve to use.
626 .Sh GENPKEY EXAMPLES
627 Generate an RSA private key using default parameters:
628 .Bd -literal -offset indent
629 -$ openssl genpkey -algorithm RSA -out key.pem
630 +$ libressl genpkey -algorithm RSA -out key.pem
631 .Ed
632 .Pp
633 Encrypt and output a private key using 128-bit AES and the passphrase "hello":
634 .Bd -literal -offset indent
635 -$ openssl genpkey -algorithm RSA -out key.pem \e
636 +$ libressl genpkey -algorithm RSA -out key.pem \e
637 -aes-128-cbc -pass pass:hello
638 .Ed
639 .Pp
640 Generate a 2048-bit RSA key using 3 as the public exponent:
641 .Bd -literal -offset indent
642 -$ openssl genpkey -algorithm RSA -out key.pem \e
643 +$ libressl genpkey -algorithm RSA -out key.pem \e
644 -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
645 .Ed
646 .Pp
647 Generate 1024-bit DSA parameters:
648 .Bd -literal -offset indent
649 -$ openssl genpkey -genparam -algorithm DSA \e
650 +$ libressl genpkey -genparam -algorithm DSA \e
651 -out dsap.pem -pkeyopt dsa_paramgen_bits:1024
652 .Ed
653 .Pp
654 Generate a DSA key from parameters:
655 .Bd -literal -offset indent
656 -$ openssl genpkey -paramfile dsap.pem -out dsakey.pem
657 +$ libressl genpkey -paramfile dsap.pem -out dsakey.pem
658 .Ed
659 .Pp
660 Generate 1024-bit DH parameters:
661 .Bd -literal -offset indent
662 -$ openssl genpkey -genparam -algorithm DH \e
663 +$ libressl genpkey -genparam -algorithm DH \e
664 -out dhp.pem -pkeyopt dh_paramgen_prime_len:1024
665 .Ed
666 .Pp
667 Generate a DH key from parameters:
668 .Bd -literal -offset indent
669 -$ openssl genpkey -paramfile dhp.pem -out dhkey.pem
670 +$ libressl genpkey -paramfile dhp.pem -out dhkey.pem
671 .Ed
672 .\"
673 .\" GENRSA
674 .\"
675 .Sh GENRSA
676 .nr nS 1
677 -.Nm "openssl genrsa"
678 +.Nm "libressl genrsa"
679 .Bk -words
680 .Op Fl 3 | f4
681 .Oo
682 @@ -3324,7 +3324,7 @@ they will be much larger
683 .\" NSEQ
684 .\"
685 .Sh NSEQ
686 -.Nm openssl nseq
687 +.Nm libressl nseq
688 .Op Fl in Ar file
689 .Op Fl out Ar file
690 .Op Fl toseq
691 @@ -3357,12 +3357,12 @@ a Netscape certificate sequence is creat
692 .Sh NSEQ EXAMPLES
693 Output the certificates in a Netscape certificate sequence:
694 .Bd -literal -offset indent
695 -$ openssl nseq -in nseq.pem -out certs.pem
696 +$ libressl nseq -in nseq.pem -out certs.pem
697 .Ed
698 .Pp
699 Create a Netscape certificate sequence:
700 .Bd -literal -offset indent
701 -$ openssl nseq -in certs.pem -toseq -out nseq.pem
702 +$ libressl nseq -in certs.pem -toseq -out nseq.pem
703 .Ed
704 .Sh NSEQ NOTES
705 The PEM-encoded form uses the same headers and footers as a certificate:
706 @@ -3385,7 +3385,7 @@ and allowing multiple certificate files
707 .\"
708 .Sh OCSP
709 .nr nS 1
710 -.Nm "openssl ocsp"
711 +.Nm "libressl ocsp"
712 .Bk -words
713 .Op Fl CA Ar file
714 .Op Fl CAfile Ar file
715 @@ -3739,7 +3739,7 @@ specified by the
716 and
717 .Fl CApath
718 options or they will be looked for in the standard
719 -.Nm OpenSSL
720 +.Nm LibreSSL
721 certificates
722 directory.
723 .Pp
724 @@ -3771,7 +3771,7 @@ which can give details about multiple CA
725 certificate chain, then its root CA can be trusted for OCSP signing.
726 For example:
727 .Bd -literal -offset indent
728 -$ openssl x509 -in ocspCA.pem -addtrust OCSPSigning \e
729 +$ libressl x509 -in ocspCA.pem -addtrust OCSPSigning \e
730 -out trustedCA.pem
731 .Ed
732 .Pp
733 @@ -3809,7 +3809,7 @@ options.
734 .Sh OCSP EXAMPLES
735 Create an OCSP request and write it to a file:
736 .Bd -literal -offset indent
737 -$ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e
738 +$ libressl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e
739 -reqout req.der
740 .Ed
741 .Pp
742 @@ -3817,39 +3817,39 @@ Send a query to an OCSP responder with U
743 .Pa http://ocsp.myhost.com/ ,
744 save the response to a file and print it out in text form:
745 .Bd -literal -offset indent
746 -$ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e
747 +$ libressl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e
748 -url http://ocsp.myhost.com/ -resp_text -respout resp.der
749 .Ed
750 .Pp
751 Read in an OCSP response and print out in text form:
752 .Pp
753 -.Dl $ openssl ocsp -respin resp.der -text
754 +.Dl $ libressl ocsp -respin resp.der -text
755 .Pp
756 OCSP server on port 8888 using a standard
757 .Nm ca
758 configuration, and a separate responder certificate.
759 All requests and responses are printed to a file:
760 .Bd -literal -offset indent
761 -$ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner \e
762 +$ libressl ocsp -index demoCA/index.txt -port 8888 -rsigner \e
763 rcert.pem -CA demoCA/cacert.pem -text -out log.txt
764 .Ed
765 .Pp
766 As above, but exit after processing one request:
767 .Bd -literal -offset indent
768 -$ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner \e
769 +$ libressl ocsp -index demoCA/index.txt -port 8888 -rsigner \e
770 rcert.pem -CA demoCA/cacert.pem -nrequest 1
771 .Ed
772 .Pp
773 Query status information using internally generated request:
774 .Bd -literal -offset indent
775 -$ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e
776 +$ libressl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e
777 demoCA/cacert.pem -issuer demoCA/cacert.pem -serial 1
778 .Ed
779 .Pp
780 Query status information using request read from a file and write
781 the response to a second file:
782 .Bd -literal -offset indent
783 -$ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e
784 +$ libressl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e
785 demoCA/cacert.pem -reqin req.der -respout resp.der
786 .Ed
787 .\"
788 @@ -3857,7 +3857,7 @@ $ openssl ocsp -index demoCA/index.txt -
789 .\"
790 .Sh PASSWD
791 .nr nS 1
792 -.Nm "openssl passwd"
793 +.Nm "libressl passwd"
794 .Op Fl 1 | apr1 | crypt
795 .Op Fl in Ar file
796 .Op Fl noverify
797 @@ -3936,15 +3936,15 @@ In the output list, prepend the cleartex
798 to each password hash.
799 .El
800 .Sh PASSWD EXAMPLES
801 -.Dl $ openssl passwd -crypt -salt xx password
802 +.Dl $ libressl passwd -crypt -salt xx password
803 prints
804 .Qq xxj31ZMTZzkVA .
805 .Pp
806 -.Dl $ openssl passwd -1 -salt xxxxxxxx password
807 +.Dl $ libressl passwd -1 -salt xxxxxxxx password
808 prints
809 .Qq $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. .
810 .Pp
811 -.Dl $ openssl passwd -apr1 -salt xxxxxxxx password
812 +.Dl $ libressl passwd -apr1 -salt xxxxxxxx password
813 prints
814 .Qq $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 .
815 .\"
816 @@ -3952,7 +3952,7 @@ prints
817 .\"
818 .Sh PKCS7
819 .nr nS 1
820 -.Nm "openssl pkcs7"
821 +.Nm "libressl pkcs7"
822 .Bk -words
823 .Op Fl in Ar file
824 .Op Fl inform Ar DER | PEM
825 @@ -4004,11 +4004,11 @@ issuer names.
826 .Sh PKCS7 EXAMPLES
827 Convert a PKCS#7 file from PEM to DER:
828 .Pp
829 -.Dl $ openssl pkcs7 -in file.pem -outform DER -out file.der
830 +.Dl $ libressl pkcs7 -in file.pem -outform DER -out file.der
831 .Pp
832 Output all certificates in a file:
833 .Pp
834 -.Dl $ openssl pkcs7 -in file.pem -print_certs -out certs.pem
835 +.Dl $ libressl pkcs7 -in file.pem -print_certs -out certs.pem
836 .Sh PKCS7 NOTES
837 The PEM PKCS#7 format uses the header and footer lines:
838 .Bd -unfilled -offset indent
839 @@ -4031,7 +4031,7 @@ They cannot currently parse, for example
840 .\"
841 .Sh PKCS8
842 .nr nS 1
843 -.Nm "openssl pkcs8"
844 +.Nm "libressl pkcs8"
845 .Bk -words
846 .Op Fl embed
847 .Op Fl in Ar file
848 @@ -4157,7 +4157,7 @@ option PKCS#5 v2.0 algorithms are used w
849 encryption algorithm such as 168-bit triple DES or 128-bit RC2, however
850 not many implementations support PKCS#5 v2.0 yet.
851 If using private keys with
852 -.Nm OpenSSL
853 +.Nm LibreSSL
854 then this doesn't matter.
855 .Pp
856 The
857 @@ -4227,27 +4227,27 @@ allow strong encryption algorithms like
858 .Sh PKCS8 EXAMPLES
859 Convert a private key from traditional to PKCS#5 v2.0 format using triple DES:
860 .Pp
861 -.Dl "$ openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem"
862 +.Dl "$ libressl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem"
863 .Pp
864 Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
865 .Pq DES :
866 .Pp
867 -.Dl $ openssl pkcs8 -in key.pem -topk8 -out enckey.pem
868 +.Dl $ libressl pkcs8 -in key.pem -topk8 -out enckey.pem
869 .Pp
870 Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
871 .Pq 3DES :
872 .Bd -literal -offset indent
873 -$ openssl pkcs8 -in key.pem -topk8 -out enckey.pem \e
874 +$ libressl pkcs8 -in key.pem -topk8 -out enckey.pem \e
875 -v1 PBE-SHA1-3DES
876 .Ed
877 .Pp
878 Read a DER-unencrypted PKCS#8 format private key:
879 .Pp
880 -.Dl "$ openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem"
881 +.Dl "$ libressl pkcs8 -inform DER -nocrypt -in key.der -out key.pem"
882 .Pp
883 Convert a private key from any PKCS#8 format to traditional format:
884 .Pp
885 -.Dl $ openssl pkcs8 -in pk8.pem -out key.pem
886 +.Dl $ libressl pkcs8 -in pk8.pem -out key.pem
887 .Sh PKCS8 STANDARDS
888 Test vectors from this PKCS#5 v2.0 implementation were posted to the
889 pkcs-tng mailing list using triple DES, DES and RC2 with high iteration counts;
890 @@ -4260,7 +4260,7 @@ The format of PKCS#8 DSA
891 .Pq and other
892 private keys is not well documented:
893 it is hidden away in PKCS#11 v2.01, section 11.9;
894 -.Nm OpenSSL Ns Li 's
895 +.Nm LibreSSL Ns Li 's
896 default DSA PKCS#8 private key format complies with this standard.
897 .Sh PKCS8 BUGS
898 There should be an option that prints out the encryption algorithm
899 @@ -4275,7 +4275,7 @@ compatibility, several of the utilities
900 .\"
901 .Sh PKCS12
902 .nr nS 1
903 -.Nm "openssl pkcs12"
904 +.Nm "libressl pkcs12"
905 .Bk -words
906 .Oo
907 .Fl aes128 | aes192 | aes256 |
908 @@ -4571,29 +4571,29 @@ section above.
909 .Sh PKCS12 EXAMPLES
910 Parse a PKCS#12 file and output it to a file:
911 .Pp
912 -.Dl $ openssl pkcs12 -in file.p12 -out file.pem
913 +.Dl $ libressl pkcs12 -in file.p12 -out file.pem
914 .Pp
915 Output only client certificates to a file:
916 .Pp
917 -.Dl $ openssl pkcs12 -in file.p12 -clcerts -out file.pem
918 +.Dl $ libressl pkcs12 -in file.p12 -clcerts -out file.pem
919 .Pp
920 Don't encrypt the private key:
921 .Pp
922 -.Dl $ openssl pkcs12 -in file.p12 -out file.pem -nodes
923 +.Dl $ libressl pkcs12 -in file.p12 -out file.pem -nodes
924 .Pp
925 Print some info about a PKCS#12 file:
926 .Pp
927 -.Dl $ openssl pkcs12 -in file.p12 -info -noout
928 +.Dl $ libressl pkcs12 -in file.p12 -info -noout
929 .Pp
930 Create a PKCS#12 file:
931 .Bd -literal -offset indent
932 -$ openssl pkcs12 -export -in file.pem -out file.p12 \e
933 +$ libressl pkcs12 -export -in file.pem -out file.p12 \e
934 -name "My Certificate"
935 .Ed
936 .Pp
937 Include some extra certificates:
938 .Bd -literal -offset indent
939 -$ openssl pkcs12 -export -in file.pem -out file.p12 \e
940 +$ libressl pkcs12 -export -in file.pem -out file.p12 \e
941 -name "My Certificate" -certfile othercerts.pem
942 .Ed
943 .Sh PKCS12 BUGS
944 @@ -4631,7 +4631,7 @@ the PKCS#12 file from the keys and certi
945 For example:
946 .Bd -literal -offset indent
947 $ old-openssl -in bad.p12 -out keycerts.pem
948 -$ openssl -in keycerts.pem -export -name "My PKCS#12 file" \e
949 +$ libressl -in keycerts.pem -export -name "My PKCS#12 file" \e
950 -out fixed.p12
951 .Ed
952 .\"
953 @@ -4639,7 +4639,7 @@ $ openssl -in keycerts.pem -export -name
954 .\"
955 .Sh PKEY
956 .nr nS 1
957 -.Nm "openssl pkey"
958 +.Nm "libressl pkey"
959 .Bk -words
960 .Op Ar cipher
961 .Op Fl in Ar file
962 @@ -4723,38 +4723,38 @@ even if a private key is being processed
963 .Sh PKEY EXAMPLES
964 To remove the pass phrase on an RSA private key:
965 .Bd -literal -offset indent
966 -$ openssl pkey -in key.pem -out keyout.pem
967 +$ libressl pkey -in key.pem -out keyout.pem
968 .Ed
969 .Pp
970 To encrypt a private key using triple DES:
971 .Bd -literal -offset indent
972 -$ openssl pkey -in key.pem -des3 -out keyout.pem
973 +$ libressl pkey -in key.pem -des3 -out keyout.pem
974 .Ed
975 .Pp
976 To convert a private key from PEM to DER format:
977 .Bd -literal -offset indent
978 -$ openssl pkey -in key.pem -outform DER -out keyout.der
979 +$ libressl pkey -in key.pem -outform DER -out keyout.der
980 .Ed
981 .Pp
982 To print the components of a private key to standard output:
983 .Bd -literal -offset indent
984 -$ openssl pkey -in key.pem -text -noout
985 +$ libressl pkey -in key.pem -text -noout
986 .Ed
987 .Pp
988 To print the public components of a private key to standard output:
989 .Bd -literal -offset indent
990 -$ openssl pkey -in key.pem -text_pub -noout
991 +$ libressl pkey -in key.pem -text_pub -noout
992 .Ed
993 .Pp
994 To just output the public part of a private key:
995 .Bd -literal -offset indent
996 -$ openssl pkey -in key.pem -pubout -out pubkey.pem
997 +$ libressl pkey -in key.pem -pubout -out pubkey.pem
998 .Ed
999 .\"
1000 .\" PKEYPARAM
1001 .\"
1002 .Sh PKEYPARAM
1003 -.Cm openssl pkeyparam
1004 +.Cm libressl pkeyparam
1005 .Op Fl in Ar file
1006 .Op Fl noout
1007 .Op Fl out Ar file
1008 @@ -4781,7 +4781,7 @@ Prints out the parameters in plain text
1009 .Sh PKEYPARAM EXAMPLES
1010 Print out text version of parameters:
1011 .Bd -literal -offset indent
1012 -$ openssl pkeyparam -in param.pem -text
1013 +$ libressl pkeyparam -in param.pem -text
1014 .Ed
1015 .Sh PKEYPARAM NOTES
1016 There are no
1017 @@ -4795,7 +4795,7 @@ because the key type is determined by th
1018 .\"
1019 .Sh PKEYUTL
1020 .nr nS 1
1021 -.Nm "openssl pkeyutl"
1022 +.Nm "libressl pkeyutl"
1023 .Bk -words
1024 .Op Fl asn1parse
1025 .Op Fl certin
1026 @@ -4887,7 +4887,7 @@ Verify the input data and output the rec
1027 The operations and options supported vary according to the key algorithm
1028 and its implementation.
1029 The
1030 -.Nm OpenSSL
1031 +.Nm LibreSSL
1032 operations and options are indicated below.
1033 .Pp
1034 Unless otherwise mentioned all algorithms support the
1035 @@ -4963,36 +4963,36 @@ Only the SHA1 digest can be used and thi
1036 .Sh PKEYUTL EXAMPLES
1037 Sign some data using a private key:
1038 .Bd -literal -offset indent
1039 -$ openssl pkeyutl -sign -in file -inkey key.pem -out sig
1040 +$ libressl pkeyutl -sign -in file -inkey key.pem -out sig
1041 .Ed
1042 .Pp
1043 Recover the signed data (e.g. if an RSA key is used):
1044 .Bd -literal -offset indent
1045 -$ openssl pkeyutl -verifyrecover -in sig -inkey key.pem
1046 +$ libressl pkeyutl -verifyrecover -in sig -inkey key.pem
1047 .Ed
1048 .Pp
1049 Verify the signature (e.g. a DSA key):
1050 .Bd -literal -offset indent
1051 -$ openssl pkeyutl -verify -in file -sigfile sig \e
1052 +$ libressl pkeyutl -verify -in file -sigfile sig \e
1053 -inkey key.pem
1054 .Ed
1055 .Pp
1056 Sign data using a message digest value (this is currently only valid for RSA):
1057 .Bd -literal -offset indent
1058 -$ openssl pkeyutl -sign -in file -inkey key.pem \e
1059 +$ libressl pkeyutl -sign -in file -inkey key.pem \e
1060 -out sig -pkeyopt digest:sha256
1061 .Ed
1062 .Pp
1063 Derive a shared secret value:
1064 .Bd -literal -offset indent
1065 -$ openssl pkeyutl -derive -inkey key.pem \e
1066 +$ libressl pkeyutl -derive -inkey key.pem \e
1067 -peerkey pubkey.pem -out secret
1068 .Ed
1069 .\"
1070 .\" PRIME
1071 .\"
1072 .Sh PRIME
1073 -.Cm openssl prime
1074 +.Cm libressl prime
1075 .Op Fl bits Ar n
1076 .Op Fl checks Ar n
1077 .Op Fl generate
1078 @@ -5040,7 +5040,7 @@ is prime.
1079 .\"
1080 .Sh RAND
1081 .nr nS 1
1082 -.Nm "openssl rand"
1083 +.Nm "libressl rand"
1084 .Op Fl base64
1085 .Op Fl hex
1086 .Op Fl out Ar file
1087 @@ -5071,7 +5071,7 @@ instead of standard output.
1088 .\"
1089 .Sh REQ
1090 .nr nS 1
1091 -.Nm "openssl req"
1092 +.Nm "libressl req"
1093 .Bk -words
1094 .Op Fl asn1-kludge
1095 .Op Fl batch
1096 @@ -5383,7 +5383,7 @@ or
1097 .Em unstructuredName
1098 types.
1099 They are currently ignored by
1100 -.Nm OpenSSL Ns Li 's
1101 +.Nm LibreSSL Ns Li 's
1102 request signing utilities, but some CAs might want them.
1103 .It Ar default_bits
1104 This specifies the default key size in bits.
1105 @@ -5588,7 +5588,7 @@ can be input by calling it
1106 The actual permitted field names are any object identifier short or
1107 long names.
1108 These are compiled into
1109 -.Nm OpenSSL
1110 +.Nm LibreSSL
1111 and include the usual values such as
1112 .Em commonName , countryName , localityName , organizationName ,
1113 .Em organizationUnitName , stateOrProvinceName .
1114 @@ -5609,21 +5609,21 @@ Any additional fields will be treated as
1115 .Sh REQ EXAMPLES
1116 Examine and verify a certificate request:
1117 .Pp
1118 -.Dl $ openssl req -in req.pem -text -verify -noout
1119 +.Dl $ libressl req -in req.pem -text -verify -noout
1120 .Pp
1121 Create a private key and then generate a certificate request from it:
1122 .Bd -literal -offset indent
1123 -$ openssl genrsa -out key.pem 2048
1124 -$ openssl req -new -key key.pem -out req.pem
1125 +$ libressl genrsa -out key.pem 2048
1126 +$ libressl req -new -key key.pem -out req.pem
1127 .Ed
1128 .Pp
1129 The same but just using req:
1130 .Pp
1131 -.Dl $ openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
1132 +.Dl $ libressl req -newkey rsa:2048 -keyout key.pem -out req.pem
1133 .Pp
1134 Generate a self-signed root certificate:
1135 .Pp
1136 -.Dl "$ openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem"
1137 +.Dl "$ libressl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem"
1138 .Pp
1139 Example of a file pointed to by the
1140 .Ar oid_file
1141 @@ -5734,7 +5734,7 @@ extension.
1142 .Sh REQ DIAGNOSTICS
1143 The following messages are frequently asked about:
1144 .Bd -unfilled -offset indent
1145 -Using configuration from /some/path/openssl.cnf
1146 +Using configuration from /some/path/libressl.cnf
1147 Unable to load config info
1148 .Ed
1149 .Pp
1150 @@ -5778,7 +5778,7 @@ file location to be specified; it will b
1151 .Fl config
1152 command line switch if it is present.
1153 .Sh REQ BUGS
1154 -.Nm OpenSSL Ns Li 's
1155 +.Nm LibreSSL Ns Li 's
1156 handling of T61Strings
1157 .Pq aka TeletexStrings
1158 is broken: it effectively treats them as ISO 8859-1
1159 @@ -5791,7 +5791,7 @@ and you don't want to or can't use
1160 .Pp
1161 As a consequence of the T61String handling, the only correct way to represent
1162 accented characters in
1163 -.Nm OpenSSL
1164 +.Nm LibreSSL
1165 is to use a
1166 .Em BMPString :
1167 unfortunately Netscape currently chokes on these.
1168 @@ -5810,7 +5810,7 @@ should be input by the user.
1169 .\"
1170 .Sh RSA
1171 .nr nS 1
1172 -.Nm "openssl rsa"
1173 +.Nm "libressl rsa"
1174 .Bk -words
1175 .Oo
1176 .Fl aes128 | aes192 | aes256 |
1177 @@ -5970,23 +5970,23 @@ option.
1178 .Sh RSA EXAMPLES
1179 To remove the pass phrase on an RSA private key:
1180 .Pp
1181 -.Dl $ openssl rsa -in key.pem -out keyout.pem
1182 +.Dl $ libressl rsa -in key.pem -out keyout.pem
1183 .Pp
1184 To encrypt a private key using triple DES:
1185 .Pp
1186 -.Dl $ openssl rsa -in key.pem -des3 -out keyout.pem
1187 +.Dl $ libressl rsa -in key.pem -des3 -out keyout.pem
1188 .Pp
1189 To convert a private key from PEM to DER format:
1190 .Pp
1191 -.Dl $ openssl rsa -in key.pem -outform DER -out keyout.der
1192 +.Dl $ libressl rsa -in key.pem -outform DER -out keyout.der
1193 .Pp
1194 To print out the components of a private key to standard output:
1195 .Pp
1196 -.Dl $ openssl rsa -in key.pem -text -noout
1197 +.Dl $ libressl rsa -in key.pem -text -noout
1198 .Pp
1199 To just output the public part of a private key:
1200 .Pp
1201 -.Dl $ openssl rsa -in key.pem -pubout -out pubkey.pem
1202 +.Dl $ libressl rsa -in key.pem -pubout -out pubkey.pem
1203 .Sh RSA BUGS
1204 The command line password arguments don't currently work with
1205 .Em NET
1206 @@ -5999,7 +5999,7 @@ without having to manually edit them.
1207 .\"
1208 .Sh RSAUTL
1209 .nr nS 1
1210 -.Nm "openssl rsautl"
1211 +.Nm "libressl rsautl"
1212 .Bk -words
1213 .Op Fl asn1parse
1214 .Op Fl certin
1215 @@ -6077,15 +6077,15 @@ used to sign or verify small pieces of d
1216 .Sh RSAUTL EXAMPLES
1217 Sign some data using a private key:
1218 .Pp
1219 -.Dl "$ openssl rsautl -sign -in file -inkey key.pem -out sig"
1220 +.Dl "$ libressl rsautl -sign -in file -inkey key.pem -out sig"
1221 .Pp
1222 Recover the signed data:
1223 .Pp
1224 -.Dl $ openssl rsautl -verify -in sig -inkey key.pem
1225 +.Dl $ libressl rsautl -verify -in sig -inkey key.pem
1226 .Pp
1227 Examine the raw signed data:
1228 .Pp
1229 -.Li "\ \&$ openssl rsautl -verify -in file -inkey key.pem -raw -hexdump"
1230 +.Li "\ \&$ libressl rsautl -verify -in file -inkey key.pem -raw -hexdump"
1231 .Bd -unfilled
1232 \& 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
1233 \& 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
1234 @@ -6111,7 +6111,7 @@ running
1235 .Nm asn1parse
1236 as follows yields:
1237 .Pp
1238 -.Li "\ \&$ openssl asn1parse -in pca-cert.pem"
1239 +.Li "\ \&$ libressl asn1parse -in pca-cert.pem"
1240 .Bd -unfilled
1241 \& 0:d=0 hl=4 l= 742 cons: SEQUENCE
1242 \& 4:d=1 hl=4 l= 591 cons: SEQUENCE
1243 @@ -6136,15 +6136,15 @@ as follows yields:
1244 The final BIT STRING contains the actual signature.
1245 It can be extracted with:
1246 .Pp
1247 -.Dl "$ openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614"
1248 +.Dl "$ libressl asn1parse -in pca-cert.pem -out sig -noout -strparse 614"
1249 .Pp
1250 The certificate public key can be extracted with:
1251 .Pp
1252 -.Dl $ openssl x509 -in test/testx509.pem -pubkey -noout \*(Gtpubkey.pem
1253 +.Dl $ libressl x509 -in test/testx509.pem -pubkey -noout \*(Gtpubkey.pem
1254 .Pp
1255 The signature can be analysed with:
1256 .Pp
1257 -.Li "\ \&$ openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin"
1258 +.Li "\ \&$ libressl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin"
1259 .Bd -unfilled
1260 \& 0:d=0 hl=2 l= 32 cons: SEQUENCE
1261 \& 2:d=1 hl=2 l= 12 cons: SEQUENCE
1262 @@ -6160,11 +6160,11 @@ structure.
1263 It can be seen that the digest used was MD5.
1264 The actual part of the certificate that was signed can be extracted with:
1265 .Pp
1266 -.Dl "$ openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4"
1267 +.Dl "$ libressl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4"
1268 .Pp
1269 and its digest computed with:
1270 .Pp
1271 -.Dl $ openssl md5 -c tbs
1272 +.Dl $ libressl md5 -c tbs
1273 .D1 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
1274 .Pp
1275 which it can be seen agrees with the recovered value above.
1276 @@ -6173,7 +6173,7 @@ which it can be seen agrees with the rec
1277 .\"
1278 .Sh S_CLIENT
1279 .nr nS 1
1280 -.Nm "openssl s_client"
1281 +.Nm "libressl s_client"
1282 .Bk -words
1283 .Op Fl 4 | 6
1284 .Op Fl bugs
1285 @@ -6425,7 +6425,7 @@ or if end of file is reached, the connec
1286 can be used to debug SSL servers.
1287 To connect to an SSL HTTP server the command:
1288 .Pp
1289 -.Dl $ openssl s_client -connect servername:443
1290 +.Dl $ libressl s_client -connect servername:443
1291 .Pp
1292 would typically be used
1293 .Pq HTTPS uses port 443 .
1294 @@ -6489,7 +6489,7 @@ We should really report information when
1295 .\"
1296 .Sh S_SERVER
1297 .nr nS 1
1298 -.Nm "openssl s_server"
1299 +.Nm "libressl s_server"
1300 .Bk -words
1301 .Op Fl accept Ar port
1302 .Op Fl bugs
1303 @@ -6738,7 +6738,7 @@ Print out some session cache status info
1304 can be used to debug SSL clients.
1305 To accept connections from a web browser the command:
1306 .Pp
1307 -.Dl $ openssl s_server -accept 443 -www
1308 +.Dl $ libressl s_server -accept 443 -www
1309 .Pp
1310 can be used, for example.
1311 .Pp
1312 @@ -6765,7 +6765,7 @@ is rather hard to read and not a model o
1313 A typical SSL server program would be much simpler.
1314 .Pp
1315 The output of common ciphers is wrong: it just gives the list of ciphers that
1316 -.Nm OpenSSL
1317 +.Nm LibreSSL
1318 recognizes and the client supports.
1319 .Pp
1320 There should be a way for the
1321 @@ -6777,7 +6777,7 @@ unknown cipher suites a client says it s
1322 .\"
1323 .Sh S_TIME
1324 .nr nS 1
1325 -.Nm "openssl s_time"
1326 +.Nm "libressl s_time"
1327 .Bk -words
1328 .Op Fl bugs
1329 .Op Fl CAfile Ar file
1330 @@ -6897,7 +6897,7 @@ but not transfer any payload data.
1331 can be used to measure the performance of an SSL connection.
1332 To connect to an SSL HTTP server and get the default page the command
1333 .Bd -literal -offset indent
1334 -$ openssl s_time -connect servername:443 -www / -CApath yourdir \e
1335 +$ libressl s_time -connect servername:443 -www / -CApath yourdir \e
1336 -CAfile yourfile.pem -cipher commoncipher
1337 .Ed
1338 .Pp
1339 @@ -6954,7 +6954,7 @@ option should really exit if the server
1340 .\"
1341 .Sh SESS_ID
1342 .nr nS 1
1343 -.Nm "openssl sess_id"
1344 +.Nm "libressl sess_id"
1345 .Bk -words
1346 .Op Fl cert
1347 .Op Fl context Ar ID
1348 @@ -7084,7 +7084,7 @@ The cipher and start time should be prin
1349 .\"
1350 .Sh SMIME
1351 .nr nS 1
1352 -.Nm "openssl smime"
1353 +.Nm "libressl smime"
1354 .Bk -words
1355 .Oo
1356 .Fl aes128 | aes192 | aes256 | des |
1357 @@ -7498,26 +7498,26 @@ the signer's certificates.
1358 .Sh SMIME EXAMPLES
1359 Create a cleartext signed message:
1360 .Bd -literal -offset indent
1361 -$ openssl smime -sign -in message.txt -text -out mail.msg \e
1362 +$ libressl smime -sign -in message.txt -text -out mail.msg \e
1363 -signer mycert.pem
1364 .Ed
1365 .Pp
1366 Create an opaque signed message:
1367 .Bd -literal -offset indent
1368 -$ openssl smime -sign -in message.txt -text -out mail.msg \e
1369 +$ libressl smime -sign -in message.txt -text -out mail.msg \e
1370 -nodetach -signer mycert.pem
1371 .Ed
1372 .Pp
1373 Create a signed message, include some additional certificates and
1374 read the private key from another file:
1375 .Bd -literal -offset indent
1376 -$ openssl smime -sign -in in.txt -text -out mail.msg \e
1377 +$ libressl smime -sign -in in.txt -text -out mail.msg \e
1378 -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
1379 .Ed
1380 .Pp
1381 Create a signed message with two signers:
1382 .Bd -literal -offset indent
1383 -openssl smime -sign -in message.txt -text -out mail.msg \e
1384 +libressl smime -sign -in message.txt -text -out mail.msg \e
1385 -signer mycert.pem -signer othercert.pem
1386 .Ed
1387 .Pp
1388 @@ -7527,28 +7527,28 @@ directly to
1389 .Xr sendmail 8 ,
1390 including headers:
1391 .Bd -literal -offset indent
1392 -$ openssl smime -sign -in in.txt -text -signer mycert.pem \e
1393 +$ libressl smime -sign -in in.txt -text -signer mycert.pem \e
1394 -from steve@openssl.org -to someone@somewhere \e
1395 -subject "Signed message" | sendmail someone@somewhere
1396 .Ed
1397 .Pp
1398 Verify a message and extract the signer's certificate if successful:
1399 .Bd -literal -offset indent
1400 -$ openssl smime -verify -in mail.msg -signer user.pem \e
1401 +$ libressl smime -verify -in mail.msg -signer user.pem \e
1402 -out signedtext.txt
1403 .Ed
1404 .Pp
1405 Send encrypted mail using triple DES:
1406 .Bd -literal -offset indent
1407 -$ openssl smime -encrypt -in in.txt -from steve@openssl.org \e
1408 +$ libressl smime -encrypt -in in.txt -from steve@openssl.org \e
1409 -to someone@somewhere -subject "Encrypted message" \e
1410 -des3 -out mail.msg user.pem
1411 .Ed
1412 .Pp
1413 Sign and encrypt mail:
1414 .Bd -literal -offset indent
1415 -$ openssl smime -sign -in ml.txt -signer my.pem -text | \e
1416 - openssl smime -encrypt -out mail.msg \e
1417 +$ libressl smime -sign -in ml.txt -signer my.pem -text | \e
1418 + libressl smime -encrypt -out mail.msg \e
1419 -from steve@openssl.org -to someone@somewhere \e
1420 -subject "Signed and Encrypted message" -des3 user.pem
1421 .Ed
1422 @@ -7562,7 +7562,7 @@ headers.
1423 .Pp
1424 Decrypt mail:
1425 .Bd -literal -offset indent
1426 -$ openssl smime -decrypt -in mail.msg -recip mycert.pem \e
1427 +$ libressl smime -decrypt -in mail.msg -recip mycert.pem \e
1428 -inkey key.pem"
1429 .Ed
1430 .Pp
1431 @@ -7577,25 +7577,25 @@ base64-encoded structure and surrounding
1432 .Pp
1433 and using the command:
1434 .Bd -literal -offset indent
1435 -$ openssl smime -verify -inform PEM -in signature.pem \e
1436 +$ libressl smime -verify -inform PEM -in signature.pem \e
1437 -content content.txt
1438 .Ed
1439 .Pp
1440 Alternatively, you can base64 decode the signature and use:
1441 .Bd -literal -offset indent
1442 -$ openssl smime -verify -inform DER -in signature.der \e
1443 +$ libressl smime -verify -inform DER -in signature.der \e
1444 -content content.txt
1445 .Ed
1446 .Pp
1447 Create an encrypted message using 128-bit AES:
1448 .Bd -literal -offset indent
1449 -openssl smime -encrypt -in plain.txt -aes128 \e
1450 +libressl smime -encrypt -in plain.txt -aes128 \e
1451 -out mail.msg cert.pem
1452 .Ed
1453 .Pp
1454 Add a signer to an existing message:
1455 .Bd -literal -offset indent
1456 -openssl smime -resign -in mail.msg -signer newsign.pem \e
1457 +libressl smime -resign -in mail.msg -signer newsign.pem \e
1458 -out mail2.msg
1459 .Ed
1460 .Sh SMIME BUGS
1461 @@ -7640,7 +7640,7 @@ command were first added in
1462 .\"
1463 .Sh SPEED
1464 .nr nS 1
1465 -.Nm "openssl speed"
1466 +.Nm "libressl speed"
1467 .Bk -words
1468 .Op Cm aes
1469 .Op Cm aes-128-cbc
1470 @@ -7709,7 +7709,7 @@ benchmarks in parallel.
1471 .\"
1472 .Sh TS
1473 .nr nS 1
1474 -.Nm "openssl ts"
1475 +.Nm "libressl ts"
1476 .Bk -words
1477 .Fl query
1478 .Op Fl md4 | md5 | ripemd160 | sha1
1479 @@ -7726,7 +7726,7 @@ benchmarks in parallel.
1480 .nr nS 0
1481 .Pp
1482 .nr nS 1
1483 -.Nm "openssl ts"
1484 +.Nm "libressl ts"
1485 .Bk -words
1486 .Fl reply
1487 .Op Fl chain Ar certs_file.pem
1488 @@ -7746,7 +7746,7 @@ benchmarks in parallel.
1489 .nr nS 0
1490 .Pp
1491 .nr nS 1
1492 -.Nm "openssl ts"
1493 +.Nm "libressl ts"
1494 .Bk -words
1495 .Fl verify
1496 .Op Fl CAfile Ar trusted_certs.pem
1497 @@ -8145,27 +8145,27 @@ All the examples below presume that
1498 .Ev OPENSSL_CONF
1499 is set to a proper configuration file,
1500 e.g. the example configuration file
1501 -.Pa openssl/apps/openssl.cnf
1502 +.Pa openssl/apps/libressl.cnf
1503 will do.
1504 .Pp
1505 To create a time stamp request for design1.txt with SHA-1
1506 without nonce and policy and no certificate is required in the response:
1507 .Bd -literal -offset indent
1508 -$ openssl ts -query -data design1.txt -no_nonce \e
1509 +$ libressl ts -query -data design1.txt -no_nonce \e
1510 -out design1.tsq
1511 .Ed
1512 .Pp
1513 To create a similar time stamp request but specifying the message imprint
1514 explicitly:
1515 .Bd -literal -offset indent
1516 -$ openssl ts -query \e
1517 +$ libressl ts -query \e
1518 -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e
1519 -no_nonce -out design1.tsq
1520 .Ed
1521 .Pp
1522 To print the content of the previous request in human readable format:
1523 .Bd -literal -offset indent
1524 -$ openssl ts -query -in design1.tsq -text
1525 +$ libressl ts -query -in design1.tsq -text
1526 .Ed
1527 .Pp
1528 To create a time stamp request which includes the MD5 digest
1529 @@ -8174,7 +8174,7 @@ specifies a policy ID
1530 (assuming the tsa_policy1 name is defined in the
1531 OID section of the config file):
1532 .Bd -literal -offset indent
1533 -$ openssl ts -query -data design2.txt -md5 \e
1534 +$ libressl ts -query -data design2.txt -md5 \e
1535 -policy tsa_policy1 -cert -out design2.tsq
1536 .Ed
1537 .Pp
1538 @@ -8199,35 +8199,35 @@ tsakey.pem is the private key of the TSA
1539 .Pp
1540 To create a time stamp response for a request:
1541 .Bd -literal -offset indent
1542 -$ openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \e
1543 +$ libressl ts -reply -queryfile design1.tsq -inkey tsakey.pem \e
1544 -signer tsacert.pem -out design1.tsr
1545 .Ed
1546 .Pp
1547 If you want to use the settings in the config file you could just write:
1548 .Bd -literal -offset indent
1549 -$ openssl ts -reply -queryfile design1.tsq -out design1.tsr
1550 +$ libressl ts -reply -queryfile design1.tsq -out design1.tsr
1551 .Ed
1552 .Pp
1553 To print a time stamp reply to stdout in human readable format:
1554 .Bd -literal -offset indent
1555 -$ openssl ts -reply -in design1.tsr -text
1556 +$ libressl ts -reply -in design1.tsr -text
1557 .Ed
1558 .Pp
1559 To create a time stamp token instead of time stamp response:
1560 .Bd -literal -offset indent
1561 -$ openssl ts -reply -queryfile design1.tsq \e
1562 +$ libressl ts -reply -queryfile design1.tsq \e
1563 -out design1_token.der -token_out
1564 .Ed
1565 .Pp
1566 To print a time stamp token to stdout in human readable format:
1567 .Bd -literal -offset indent
1568 -$ openssl ts -reply -in design1_token.der -token_in \e
1569 +$ libressl ts -reply -in design1_token.der -token_in \e
1570 -text -token_out
1571 .Ed
1572 .Pp
1573 To extract the time stamp token from a response:
1574 .Bd -literal -offset indent
1575 -$ openssl ts -reply -in design1.tsr -out design1_token.der \e
1576 +$ libressl ts -reply -in design1.tsr -out design1_token.der \e
1577 -token_out
1578 .Ed
1579 .Pp
1580 @@ -8235,31 +8235,31 @@ To add
1581 .Dq granted
1582 status info to a time stamp token thereby creating a valid response:
1583 .Bd -literal -offset indent
1584 -$ openssl ts -reply -in design1_token.der \e
1585 +$ libressl ts -reply -in design1_token.der \e
1586 -token_in -out design1.tsr
1587 .Ed
1588 .Pp
1589 To verify a time stamp reply against a request:
1590 .Bd -literal -offset indent
1591 -$ openssl ts -verify -queryfile design1.tsq -in design1.tsr \e
1592 +$ libressl ts -verify -queryfile design1.tsq -in design1.tsr \e
1593 -CAfile cacert.pem -untrusted tsacert.pem
1594 .Ed
1595 .Pp
1596 To verify a time stamp reply that includes the certificate chain:
1597 .Bd -literal -offset indent
1598 -$ openssl ts -verify -queryfile design2.tsq -in design2.tsr \e
1599 +$ libressl ts -verify -queryfile design2.tsq -in design2.tsr \e
1600 -CAfile cacert.pem
1601 .Ed
1602 .Pp
1603 To verify a time stamp token against the original data file:
1604 .Bd -literal -offset indent
1605 -$ openssl ts -verify -data design2.txt -in design2.tsr \e
1606 +$ libressl ts -verify -data design2.txt -in design2.tsr \e
1607 -CAfile cacert.pem
1608 .Ed
1609 .Pp
1610 To verify a time stamp token against a message imprint:
1611 .Bd -literal -offset indent
1612 -$ openssl ts -verify \e
1613 +$ libressl ts -verify \e
1614 -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e
1615 -in design2.tsr -CAfile cacert.pem
1616 .Ed
1617 @@ -8274,7 +8274,7 @@ Pure TCP/IP is not supported.
1618 The file containing the last serial number of the TSA is not
1619 locked when being read or written.
1620 This is a problem if more than one instance of
1621 -.Nm OpenSSL
1622 +.Nm LibreSSL
1623 is trying to create a time stamp
1624 response at the same time.
1625 .Pp
1626 @@ -8292,7 +8292,7 @@ OpenTSA project
1627 .\"
1628 .Sh SPKAC
1629 .nr nS 1
1630 -.Nm "openssl spkac"
1631 +.Nm "libressl spkac"
1632 .Bk -words
1633 .Op Fl challenge Ar string
1634 .Op Fl in Ar file
1635 @@ -8366,16 +8366,16 @@ Verifies the digital signature on the su
1636 .Sh SPKAC EXAMPLES
1637 Print out the contents of an SPKAC:
1638 .Pp
1639 -.Dl $ openssl spkac -in spkac.cnf
1640 +.Dl $ libressl spkac -in spkac.cnf
1641 .Pp
1642 Verify the signature of an SPKAC:
1643 .Pp
1644 -.Dl $ openssl spkac -in spkac.cnf -noout -verify
1645 +.Dl $ libressl spkac -in spkac.cnf -noout -verify
1646 .Pp
1647 Create an SPKAC using the challenge string
1648 .Qq hello :
1649 .Pp
1650 -.Dl $ openssl spkac -key key.pem -challenge hello -out spkac.cnf
1651 +.Dl $ libressl spkac -key key.pem -challenge hello -out spkac.cnf
1652 .Pp
1653 Example of an SPKAC,
1654 .Pq long lines split up for clarity :
1655 @@ -8411,7 +8411,7 @@ to be used in a
1656 .\"
1657 .Sh VERIFY
1658 .nr nS 1
1659 -.Nm "openssl verify"
1660 +.Nm "libressl verify"
1661 .Bk -words
1662 .Op Fl CAfile Ar file
1663 .Op Fl CApath Ar directory
1664 @@ -8466,7 +8466,7 @@ option of the
1665 utility).
1666 The
1667 .Nm c_rehash
1668 -script distributed with OpenSSL
1669 +script distributed with LibreSSL
1670 will automatically create symbolic links to a directory of certificates.
1671 .It Fl crl_check
1672 Checks end entity certificate validity by attempting to look up a valid CRL.
1673 @@ -8484,7 +8484,7 @@ Prints out a usage message.
1674 .It Fl ignore_critical
1675 Normally if an unhandled critical extension is present which is not
1676 supported by
1677 -.Nm OpenSSL ,
1678 +.Nm LibreSSL ,
1679 the certificate is rejected (as required by RFC 3280 et al).
1680 If this option is set, critical extensions are ignored.
1681 .It Fl inhibit_any
1682 @@ -8781,13 +8781,13 @@ mishandled them.
1683 .\" VERSION
1684 .\"
1685 .Sh VERSION
1686 -.Nm openssl version
1687 +.Nm libressl version
1688 .Op Fl abdfopv
1689 .Pp
1690 The
1691 .Nm version
1692 command is used to print out version information about
1693 -.Nm OpenSSL .
1694 +.Nm LibreSSL .
1695 .Pp
1696 The options are as follows:
1697 .Bl -tag -width Ds
1698 @@ -8795,7 +8795,7 @@ The options are as follows:
1699 All information: this is the same as setting all the other flags.
1700 .It Fl b
1701 The date the current version of
1702 -.Nm OpenSSL
1703 +.Nm LibreSSL
1704 was built.
1705 .It Fl d
1706 .Ev OPENSSLDIR
1707 @@ -8808,12 +8808,12 @@ Option information: various options set
1708 Platform setting.
1709 .It Fl v
1710 The current
1711 -.Nm OpenSSL
1712 +.Nm LibreSSL
1713 version.
1714 .El
1715 .Sh VERSION NOTES
1716 The output of
1717 -.Nm openssl version -a
1718 +.Nm libressl version -a
1719 would typically be used when sending in a bug report.
1720 .Sh VERSION HISTORY
1721 The
1722 @@ -8826,7 +8826,7 @@ option was added in
1723 .\"
1724 .Sh X509
1725 .nr nS 1
1726 -.Nm "openssl x509"
1727 +.Nm "libressl x509"
1728 .Bk -words
1729 .Op Fl C
1730 .Op Fl addreject Ar arg
1731 @@ -9029,7 +9029,7 @@ Outputs the
1732 .Qq hash
1733 of the certificate subject name.
1734 This is used in
1735 -.Nm OpenSSL
1736 +.Nm LibreSSL
1737 to form an index to allow certificates in a directory to be looked up
1738 by subject name.
1739 .It Fl subject_hash_old
1740 @@ -9072,7 +9072,7 @@ See the description of the
1741 utility for more information on the meaning of trust settings.
1742 .Pp
1743 Future versions of
1744 -.Nm OpenSSL
1745 +.Nm LibreSSL
1746 will recognize trust settings on any certificate: not just root CAs.
1747 .Bl -tag -width "XXXX"
1748 .It Fl addreject Ar arg
1749 @@ -9092,7 +9092,7 @@ and
1750 .Pq S/MIME email
1751 are used.
1752 Other
1753 -.Nm OpenSSL
1754 +.Nm LibreSSL
1755 applications may define additional uses.
1756 .It Fl alias
1757 Outputs the certificate alias, if any.
1758 @@ -9321,7 +9321,7 @@ if this option is not set, non-character
1759 as though each content octet represents a single character.
1760 .It Ar dump_unknown
1761 Dump any field whose OID is not recognised by
1762 -.Nm OpenSSL .
1763 +.Nm LibreSSL .
1764 .It Ar esc_2253
1765 Escape the
1766 .Qq special
1767 @@ -9496,56 +9496,56 @@ Don't print out the version number.
1768 .Sh X509 EXAMPLES
1769 Display the contents of a certificate:
1770 .Pp
1771 -.Dl $ openssl x509 -in cert.pem -noout -text
1772 +.Dl $ libressl x509 -in cert.pem -noout -text
1773 .Pp
1774 Display the certificate serial number:
1775 .Pp
1776 -.Dl $ openssl x509 -in cert.pem -noout -serial
1777 +.Dl $ libressl x509 -in cert.pem -noout -serial
1778 .Pp
1779 Display the certificate subject name:
1780 .Pp
1781 -.Dl $ openssl x509 -in cert.pem -noout -subject
1782 +.Dl $ libressl x509 -in cert.pem -noout -subject
1783 .Pp
1784 Display the certificate subject name in RFC 2253 form:
1785 .Pp
1786 -.Dl $ openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
1787 +.Dl $ libressl x509 -in cert.pem -noout -subject -nameopt RFC2253
1788 .Pp
1789 Display the certificate subject name in oneline form on a terminal
1790 supporting UTF8:
1791 .Bd -literal -offset indent
1792 -$ openssl x509 -in cert.pem -noout -subject \e
1793 +$ libressl x509 -in cert.pem -noout -subject \e
1794 -nameopt oneline,-esc_msb
1795 .Ed
1796 .Pp
1797 Display the certificate MD5 fingerprint:
1798 .Pp
1799 -.Dl $ openssl x509 -in cert.pem -noout -fingerprint
1800 +.Dl $ libressl x509 -in cert.pem -noout -fingerprint
1801 .Pp
1802 Display the certificate SHA1 fingerprint:
1803 .Pp
1804 -.Dl $ openssl x509 -sha1 -in cert.pem -noout -fingerprint
1805 +.Dl $ libressl x509 -sha1 -in cert.pem -noout -fingerprint
1806 .Pp
1807 Convert a certificate from PEM to DER format:
1808 .Pp
1809 -.Dl "$ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER"
1810 +.Dl "$ libressl x509 -in cert.pem -inform PEM -out cert.der -outform DER"
1811 .Pp
1812 Convert a certificate to a certificate request:
1813 .Bd -literal -offset indent
1814 -$ openssl x509 -x509toreq -in cert.pem -out req.pem \e
1815 +$ libressl x509 -x509toreq -in cert.pem -out req.pem \e
1816 -signkey key.pem
1817 .Ed
1818 .Pp
1819 Convert a certificate request into a self-signed certificate using
1820 extensions for a CA:
1821 .Bd -literal -offset indent
1822 -$ openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions \e
1823 +$ libressl x509 -req -in careq.pem -extfile libressl.cnf -extensions \e
1824 v3_ca -signkey key.pem -out cacert.pem
1825 .Ed
1826 .Pp
1827 Sign a certificate request using the CA certificate above and add user
1828 certificate extensions:
1829 .Bd -literal -offset indent
1830 -$ openssl x509 -req -in req.pem -extfile openssl.cnf -extensions \e
1831 +$ libressl x509 -req -in req.pem -extfile libressl.cnf -extensions \e
1832 v3_usr -CA cacert.pem -CAkey key.pem -CAcreateserial
1833 .Ed
1834 .Pp
1835 @@ -9553,7 +9553,7 @@ Set a certificate to be trusted for SSL
1836 client use and set its alias to
1837 .Qq Steve's Class 1 CA :
1838 .Bd -literal -offset indent
1839 -$ openssl x509 -in cert.pem -addtrust clientAuth \e
1840 +$ libressl x509 -in cert.pem -addtrust clientAuth \e
1841 -setalias "Steve's Class 1 CA" -out trust.pem
1842 .Ed
1843 .Sh X509 NOTES
1844 @@ -9802,18 +9802,18 @@ or similar.
1845 .\" FILES
1846 .\"
1847 .Sh FILES
1848 -.Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1849 -.It Pa /etc/ssl/
1850 +.Bl -tag -width "/etc/pki/tls/libressl.cnf" -compact
1851 +.It Pa /etc/pki/tls/
1852 Default config directory for
1853 -.Nm openssl .
1854 -.It Pa /etc/ssl/lib/
1855 +.Nm libressl .
1856 +.It Pa /etc/pki/tls/lib/
1857 Unused.
1858 -.It Pa /etc/ssl/private/
1859 +.It Pa /etc/pki/tls/private/
1860 Default private key directory.
1861 -.It Pa /etc/ssl/openssl.cnf
1862 +.It Pa /etc/pki/tls/libressl.cnf
1863 Default configuration file for
1864 -.Nm openssl .
1865 -.It Pa /etc/ssl/x509v3.cnf
1866 +.Nm libressl .
1867 +.It Pa /etc/pki/tls/x509v3.cnf
1868 Default configuration file for
1869 .Nm x509
1870 certificates.
1871 diff -Naurp libressl-2.3.1/man/OPENSSL_config.3 libressl-2.3.1.oden/man/OPENSSL_config.3
1872 --- libressl-2.3.1/man/OPENSSL_config.3 2015-10-26 11:59:22.000000000 +0100
1873 +++ libressl-2.3.1.oden/man/OPENSSL_config.3 2015-11-24 12:09:15.824646097 +0100
1874 @@ -150,7 +150,7 @@ OPENSSL_config, OPENSSL_no_config \- sim
1875 .Ve
1876 .SH "DESCRIPTION"
1877 .IX Header "DESCRIPTION"
1878 -\&\fIOPENSSL_config()\fR configures OpenSSL using the standard \fBopenssl.cnf\fR
1879 +\&\fIOPENSSL_config()\fR configures OpenSSL using the standard \fBlibressl.cnf\fR
1880 configuration file name using \fBconfig_name\fR. If \fBconfig_name\fR is \s-1NULL\s0 then
1881 the default name \fBopenssl_conf\fR will be used. Any errors are ignored. Further
1882 calls to \fIOPENSSL_config()\fR will have no effect. The configuration file format

  ViewVC Help
Powered by ViewVC 1.1.30