-.\" $OpenBSD: openssl.1,v 1.37 2016/07/21 16:34:08 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.38 2016/07/21 18:33:27 jmc Exp $
.\" ====================================================================
.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
.\"
The input file; the default is standard input.
.It Fl inform Cm der | pem | txt
The input format.
-.Cm der
-.Pq Distinguished Encoding Rules
-is binary format and
-.Cm pem
-.Pq Privacy Enhanced Mail ,
-the default, is base64-encoded.
-.Cm txt
-is plain text.
.It Fl length Ar number
Number of bytes to parse; the default is until end of file.
.It Fl noout
.Op Fl fingerprint
.Op Fl hash
.Op Fl in Ar file
-.Op Fl inform Ar DER | PEM
+.Op Fl inform Cm der | pem
.Op Fl issuer
.Op Fl lastupdate
.Op Fl nextupdate
.Op Fl noout
.Op Fl out Ar file
-.Op Fl outform Ar DER | PEM
+.Op Fl outform Cm der | pem
.Op Fl text
.nr nS 0
.Pp
The
.Nm crl
command processes CRL files in DER or PEM format.
-.Pp
-.Cm DER
-is a DER-encoded CRL structure.
-.Cm PEM ,
-the default,
-is a base64-encoded version of the DER form with header and footer lines.
The PEM CRL format uses the header and footer lines:
.Bd -unfilled -offset indent
-----BEGIN X509 CRL-----
This can be used to look up CRLs in a directory by issuer name.
.It Fl in Ar file
The input file to read from, or standard input if not specified.
-.It Fl inform Cm DER | PEM
+.It Fl inform Cm der | pem
The input format.
.It Fl issuer
Output the issuer name.
Don't output the encoded version of the CRL.
.It Fl out Ar file
The output file to write to, or standard output if not specified.
-.It Fl outform Cm DER | PEM
+.It Fl outform Cm der | pem
The output format.
.It Fl text
Print out the CRL in text form.
must have their links rebuilt using
.Ar c_rehash
or similar.
-.Sh NOTES
-Several commands accept password arguments, typically using
+.Sh COMMON NOTATION
+Several commands share a common syntax,
+as detailed below.
+.Pp
+Password arguments, typically specified using
.Fl passin
and
.Fl passout
-for input and output passwords, respectively.
-These allow the password to be obtained from a variety of sources.
-Both of these options take a single argument whose format is described below.
+for input and output passwords,
+allow passwords to be obtained from a variety of sources.
+Both of these options take a single argument, described below.
If no password argument is given and a password is required,
then the user is prompted to enter one:
this will typically be read from the current terminal with echoing turned off.
-.Bl -tag -width "fd:number"
-.It Ar pass : Ns Ar password
+.Bl -tag -width "pass:password" -offset indent
+.It Cm pass : Ns Ar password
The actual password is
.Ar password .
-Since the password is visible to utilities
-(like
-.Xr ps 1
-under
-.Ux )
+Since the password is visible to utilities,
this form should only be used where security is not important.
-.It Ar env : Ns Ar var
+.It Cm env : Ns Ar var
Obtain the password from the environment variable
.Ar var .
-Since the environment of other processes is visible on certain platforms
-(e.g.\&
-.Xr ps 1
-under certain
-.Ux
-OSes) this option should be used with caution.
-.It Ar file : Ns Ar path
+Since the environment of other processes is visible,
+this option should be used with caution.
+.It Cm file : Ns Ar path
The first line of
.Ar path
is the password.
.Ar path
need not refer to a regular file:
it could, for example, refer to a device or named pipe.
-.It Ar fd : Ns Ar number
+.It Cm fd : Ns Ar number
Read the password from the file descriptor
.Ar number .
-This can be used to send the data via a pipe for example.
-.It Ar stdin
+This can be used to send the data via a pipe, for example.
+.It Cm stdin
Read the password from standard input.
.El
+.Pp
+File formats,
+typically specified using
+.Fl inform
+and
+.Fl outform ,
+indicate the type of file being read from
+or the file format to write.
+The argument is case insensitive.
+.Pp
+.Bl -tag -width Ds -offset indent -compact
+.It Cm der
+Distinguished Encoding Rules (DER)
+is a binary format.
+.It Cm pem
+Privacy Enhanced Mail (PEM)
+is base64-encoded.
+.It Cm txt
+Plain ASCII text.
+.El
.Sh ENVIRONMENT
The following environment variables affect the execution of
.Nm openssl :
-.Bl -tag -width "OPENSSL_CONFXXX"
+.Bl -tag -width "/etc/ssl/openssl.cnf"
.It Ev OPENSSL_CONF
The location of the master configuration file.
.El
projects / openbsd / commitdiff