From 22668944be5b759b9b86eaa6d6784d4aaf4bf35b Mon Sep 17 00:00:00 2001 From: jmc Date: Sat, 23 Jul 2016 19:31:35 +0000 Subject: [PATCH] rework crl2pkcs7; with help from jsing --- usr.bin/openssl/openssl.1 | 75 ++++++++++----------------------------- 1 file changed, 18 insertions(+), 57 deletions(-) diff --git a/usr.bin/openssl/openssl.1 b/usr.bin/openssl/openssl.1 index 047c3a186e7..1d77ad92192 100644 --- a/usr.bin/openssl/openssl.1 +++ b/usr.bin/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.39 2016/07/21 18:40:26 jmc Exp $ +.\" $OpenBSD: openssl.1,v 1.40 2016/07/23 19:31:35 jmc Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -112,7 +112,7 @@ .\" .\" OPENSSL .\" -.Dd $Mdocdate: July 21 2016 $ +.Dd $Mdocdate: July 23 2016 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -1017,20 +1017,15 @@ The output format. .It Fl text Print out the CRL in text form. .El -.\" -.\" CRL2PKCS7 -.\" .Sh CRL2PKCS7 .nr nS 1 .Nm "openssl crl2pkcs7" -.Bk -words .Op Fl certfile Ar file .Op Fl in Ar file -.Op Fl inform Ar DER | PEM +.Op Fl inform Cm der | pem .Op Fl nocrl .Op Fl out Ar file -.Op Fl outform Ar DER | PEM -.Ek +.Op Fl outform Cm der | pem .nr nS 0 .Pp The @@ -1043,62 +1038,28 @@ structure. The options are as follows: .Bl -tag -width Ds .It Fl certfile Ar file -Specifies a +Add the certificates in PEM .Ar file -containing one or more certificates in PEM format. -All certificates in the file will be added to the PKCS#7 structure. -This option can be used more than once to read certificates from multiple -files. +to the PKCS#7 structure. +This option can be used more than once +to read certificates from multiple files. .It Fl in Ar file -This specifies the input -.Ar file -to read a CRL from, or standard input if this option is not specified. -.It Fl inform Ar DER | PEM -This specifies the CRL input format. -.Ar DER -format is a DER-encoded CRL structure. -.Ar PEM -.Pq the default -is a base64-encoded version of the DER form with header and footer lines. +Read the CRL from +.Ar file , +or standard input if not specified. +.It Fl inform Cm der | pem +Specify the CRL input format. .It Fl nocrl Normally, a CRL is included in the output file. With this option, no CRL is included in the output file and a CRL is not read from the input file. .It Fl out Ar file -Specifies the output -.Ar file -to write the PKCS#7 structure to, or standard output by default. -.It Fl outform Ar DER | PEM -This specifies the PKCS#7 structure output format. -.Ar DER -format is a DER-encoded PKCS#7 structure. -.Ar PEM -.Pq the default -is a base64-encoded version of the DER form with header and footer lines. +Write the PKCS#7 structure to +.Ar file , +or standard output if not specified. +.It Fl outform Cm der | pem +Specify the PKCS#7 structure output format. .El -.Sh CRL2PKCS7 EXAMPLES -Create a PKCS#7 structure from a certificate and CRL: -.Pp -.Dl $ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem -.Pp -Create a PKCS#7 structure in DER format with no CRL from several -different certificates: -.Bd -literal -offset indent -$ openssl crl2pkcs7 -nocrl -certfile newcert.pem \e - -certfile demoCA/cacert.pem -outform DER -out p7.der -.Ed -.Sh CRL2PKCS7 NOTES -The output file is a PKCS#7 signed data structure containing no signers and -just certificates and an optional CRL. -.Pp -This utility can be used to send certificates and CAs to Netscape as part of -the certificate enrollment process. -This involves sending the DER-encoded output -as MIME type -.Em application/x-x509-user-cert . -.Pp -The PEM-encoded form with the header and footer lines removed can be used to -install user certificates and CAs in MSIE using the Xenroll control. .\" .\" DGST .\" -- 2.20.1