Doc nits cleanup, round 2

Fix some code examples, trailing whitespace
Fix TBA sections in verify, remove others.
Remove empty sections
Use Mixed Case not ALL CAPS in head2
Enhance doc-nits script.
Remove extra =cut line
Reviewed-by: NRichard Levitte <levitte@openssl.org>

doc/apps/CA.pl.pod

@@ -186,8 +186,6 @@ configuration file, not just its directory.
 L<x509(1)>, L<ca(1)>, L<req(1)>, L<pkcs12(1)>,
 L<config(5)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/asn1parse.pod

@@ -104,7 +104,7 @@ END marker in a PEM file.
 
 =back
 
-=head2 OUTPUT
+=head2 Output
 
 The output will typically contain lines like this:
 
@@ -196,8 +196,6 @@ ASN.1 types is not well handled (if at all).
 
 L<ASN1_generate_nconf(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/ca.pod

@@ -705,8 +705,6 @@ then even if a certificate is issued with CA:TRUE it will not be valid.
 L<req(1)>, L<spkac(1)>, L<x509(1)>, L<CA.pl(1)>,
 L<config(5)>, L<x509v3_config(5)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/ciphers.pod

@@ -394,7 +394,7 @@ relevant specification and their OpenSSL equivalents. It should be noted,
 that several cipher suite names do not include the authentication used,
 e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
 
-=head2 SSL v3.0 cipher suites.
+=head2 SSL v3.0 cipher suites
 
  SSL_RSA_WITH_NULL_MD5                   NULL-MD5
  SSL_RSA_WITH_NULL_SHA                   NULL-SHA
@@ -415,7 +415,7 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
  SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
  SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
 
-=head2 TLS v1.0 cipher suites.
+=head2 TLS v1.0 cipher suites
 
  TLS_RSA_WITH_NULL_MD5                   NULL-MD5
  TLS_RSA_WITH_NULL_SHA                   NULL-SHA
@@ -580,7 +580,7 @@ Note: these ciphers can also be used in SSL v3.
  TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-RSA-CAMELLIA128-SHA256
  TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-RSA-CAMELLIA256-SHA384
 
-=head2 Pre shared keying (PSK) ciphersuites
+=head2 Pre-shared keying (PSK) ciphersuites
 
  PSK_WITH_NULL_SHA                         PSK-NULL-SHA
  DHE_PSK_WITH_NULL_SHA                     DHE-PSK-NULL-SHA
@@ -654,7 +654,7 @@ Note: these ciphers can also be used in SSL v3.
  DHE_PSK_WITH_AES_128_CCM_8                DHE-PSK-AES128-CCM8
  DHE_PSK_WITH_AES_256_CCM_8                DHE-PSK-AES256-CCM8
 
-=head2 ChaCha20-Poly1305 cipher suites from draft-ietf-tls-chacha20-poly1305-04, extending TLS v1.2
+=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2
 
  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256      ECDHE-RSA-CHACHA20-POLY1305
  TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256    ECDHE-ECDSA-CHACHA20-POLY1305
@@ -710,8 +710,6 @@ L<s_client(1)>, L<s_server(1)>, L<ssl(3)>
 
 The B<-V> option for the B<ciphers> command was added in OpenSSL 1.0.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/cms.pod

@@ -722,8 +722,6 @@ to OpenSSL 1.1.0.
 
 The -no_alt_chains options was first added to OpenSSL 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/config.pod

@@ -90,7 +90,7 @@ section containing configuration module specific information. E.g.
 
 The features of each configuration module are described below.
 
-=head2 ASN1 OBJECT CONFIGURATION MODULE
+=head2 ASN1 Object Configuration Module
 
 This module has the name B<oid_section>. The value of this variable points
 to a section containing name value pairs of OIDs: the name is the OID short
@@ -110,7 +110,7 @@ by a comma and the numerical OID form. For example:
 
  shortName = some object long name, 1.2.3.4
 
-=head2 ENGINE CONFIGURATION MODULE
+=head2 Engine Configuration Module
 
 This ENGINE configuration module has the name B<engines>. The value of this
 variable points to a section containing further ENGINE configuration
@@ -189,7 +189,7 @@ For example:
  # Supply all default algorithms
  default_algorithms = ALL
 
-=head2 EVP CONFIGURATION MODULE
+=head2 EVP Configuration Module
 
 This modules has the name B<alg_section> which points to a section containing
 algorithm commands.
@@ -207,7 +207,7 @@ For example:
 
  fips_mode = on
 
-=head2 SSL CONFIGURATION MODULE
+=head2 SSL Configuration Module
 
 This module has the name B<ssl_conf> which points to a section containing
 SSL configurations.
@@ -374,8 +374,6 @@ file.
 
 L<x509(1)>, L<req(1)>, L<ca(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/crl.pod

@@ -130,8 +130,6 @@ and files too.
 
 L<crl2pkcs7(1)>, L<ca(1)>, L<x509(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/crl2pkcs7.pod

@@ -93,8 +93,6 @@ install user certificates and CAs in MSIE using the Xenroll control.
 
 L<pkcs7(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/dgst.pod

@@ -228,8 +228,6 @@ prior to verification.
 The default digest was changed from MD5 to SHA256 in Openssl 1.1.
 The FIPS-related options were removed in OpenSSL 1.1
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/dhparam.pod

@@ -146,8 +146,6 @@ There should be a way to generate and manipulate DH keys.
 
 L<dsaparam(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/dsa.pod

@@ -166,8 +166,6 @@ To just output the public part of a private key:
 L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>,
 L<genrsa(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/dsaparam.pod

@@ -112,8 +112,6 @@ DSA parameters is often used to generate several distinct keys.
 L<gendsa(1)>, L<dsa(1)>, L<genrsa(1)>,
 L<rsa(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/ec.pod

@@ -194,8 +194,6 @@ To change the point conversion form to B<compressed>:
 
 L<ecparam(1)>, L<dsa(1)>, L<rsa(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/ecparam.pod

@@ -173,8 +173,6 @@ To print out the EC parameters to standard output:
 
 L<ec(1)>, L<dsaparam(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/enc.pod

@@ -336,8 +336,6 @@ certain parameters. So if, for example, you want to use RC2 with a
 
 The default digest was changed from MD5 to SHA256 in Openssl 1.1.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/engine.pod

@@ -92,8 +92,6 @@ To list the capabilities of the I<rsax> engine:
   [RSA]
  (dynamic) Dynamic engine loading support
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/errstr.pod

@@ -33,8 +33,6 @@ to produce the error message:
 
 L<err(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/gendsa.pod

@@ -79,8 +79,6 @@ much quicker that RSA key generation for example.
 L<dsaparam(1)>, L<dsa(1)>, L<genrsa(1)>,
 L<rsa(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/genpkey.pod

@@ -258,8 +258,6 @@ Generate EC key directly:
 The ability to use NIST curve names, and to generate an EC key directly,
 were added in OpenSSL 1.0.2.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/genrsa.pod

@@ -103,8 +103,6 @@ be much larger (typically 1024 bits).
 
 L<gendsa(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/nseq.pod

@@ -72,8 +72,6 @@ It is used by Netscape certificate server for example.
 This program needs a few more options: like allowing DER or PEM input and
 output files and allowing multiple certificate files to be used.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/ocsp.pod

@@ -449,8 +449,6 @@ to a second file.
 
 The -no_alt_chains options was first added to OpenSSL 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/openssl.pod

@@ -64,7 +64,7 @@ availability of ciphers in the B<openssl> program.  (B<no->I<XXX> is
 not able to detect pseudo-commands such as B<quit>,
 B<list>, or B<no->I<XXX> itself.)
 
-=head2 STANDARD COMMANDS
+=head2 Standard Commands
 
 =over 10
 
@@ -258,7 +258,7 @@ X.509 Certificate Data Management.
 
 =back
 
-=head2 MESSAGE DIGEST COMMANDS
+=head2 Message Digest Commands
 
 =over 10
 
@@ -304,7 +304,7 @@ SHA-512 Digest
 
 =back
 
-=head2 ENCODING AND CIPHER COMMANDS
+=head2 Encoding and Cipher Commands
 
 =over 10
 
@@ -415,8 +415,6 @@ The B<list->I<XXX>B<-algorithms> pseudo-commands were added in OpenSSL 1.0.0;
 For notes on the availability of other commands, see their individual
 manual pages.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/passwd.pod

@@ -84,8 +84,6 @@ B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXj
 
 B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/pkcs12.pod

@@ -356,8 +356,6 @@ Include some extra certificates:
 
 L<pkcs8(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/pkcs7.pod

@@ -107,8 +107,6 @@ cannot currently parse, for example, the new CMS as described in RFC2630.
 
 L<crl2pkcs7(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/pkcs8.pod

@@ -263,8 +263,6 @@ L<gendsa(1)>
 
 The B<-iter> option was added to OpenSSL 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/pkey.pod

@@ -136,8 +136,6 @@ To just output the public part of a private key:
 L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
 L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/pkeyparam.pod

@@ -70,8 +70,6 @@ PEM format is supported because the key type is determined by the PEM headers.
 L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
 L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/pkeyutl.pod

@@ -274,8 +274,6 @@ L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>
 L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>,
 L<EVP_PKEY_HKDF(3)>, L<EVP_PKEY_TLS1_PRF(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/rand.pod

@@ -57,8 +57,6 @@ Show the output as a hex string.
 
 L<RAND_bytes(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/rehash.pod

@@ -126,8 +126,6 @@ L<openssl(1)>,
 L<crl(1)>.
 L<x509(1)>.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/req.pod

@@ -653,8 +653,6 @@ L<x509(1)>, L<ca(1)>, L<genrsa(1)>,
 L<gendsa(1)>, L<config(5)>,
 L<x509v3_config(5)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/rsa.pod

@@ -204,8 +204,6 @@ without having to manually edit them.
 L<pkcs8(1)>, L<dsa(1)>, L<genrsa(1)>,
 L<gendsa(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/rsautl.pod

@@ -192,8 +192,6 @@ which it can be seen agrees with the recovered value above.
 
 L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/s_client.pod

@@ -549,8 +549,6 @@ L<sess_id(1)>, L<s_server(1)>, L<ciphers(1)>
 
 The -no_alt_chains options was first added to OpenSSL 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/s_server.pod

@@ -559,8 +559,6 @@ L<sess_id(1)>, L<s_client(1)>, L<ciphers(1)>
 
 The -no_alt_chains options was first added to OpenSSL 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/s_time.pod

@@ -182,8 +182,6 @@ fails.
 
 L<s_client(1)>, L<s_server(1)>, L<ciphers(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/sess_id.pod

@@ -149,8 +149,6 @@ The cipher and start time should be printed out in human readable form.
 
 L<ciphers(1)>, L<s_server(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/smime.pod

@@ -500,8 +500,6 @@ added in OpenSSL 1.0.0
 
 The -no_alt_chains options was first added to OpenSSL 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/speed.pod

@@ -77,8 +77,6 @@ the above are tested.
 
 =back
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/spkac.pod

@@ -135,8 +135,6 @@ to be used in a "replay attack".
 
 L<ca(1)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/ts.pod

@@ -634,16 +634,12 @@ test/testtsa).
 
 =back
 
-=cut
-
 =head1 SEE ALSO
 
 L<tsget(1)>, L<openssl(1)>, L<req(1)>,
 L<x509(1)>, L<ca(1)>, L<genrsa(1)>,
 L<config(5)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/tsget.pod

@@ -187,8 +187,6 @@ example:
 L<openssl(1)>, L<ts(1)>, L<curl(1)>,
 B<RFC 3161>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/verify.pod

@@ -540,135 +540,135 @@ B<-issuer_checks> option.
 Not used as of OpenSSL 1.1.0 as a result of the deprecation of the
 B<-issuer_checks> option.
 
-=item B<33 X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: unable to get CRL issuer certificate>
+=item B<X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER>
 
-TBA
+Unable to get CRL issuer certificate.
 
-=item B<34 X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: unhandled critical extension>
+=item B<X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION>
 
-TBA
+Unhandled critical extension.
 
-=item B<35 X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: key usage does not include CRL signing>
+=item B<X509_V_ERR_KEYUSAGE_NO_CRL_SIGN>
 
-TBA
+Key usage does not include CRL signing.
 
-=item B<36 X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: unhandled critical CRL extension>
+=item B<X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION>
 
-TBA
+Unhandled critical CRL extension.
 
-=item B<37 X509_V_ERR_INVALID_NON_CA: invalid non-CA certificate has CA markings>
+=item B<X509_V_ERR_INVALID_NON_CA>
 
-TBA
+Invalid non-CA certificate has CA markings.
 
-=item B<38 X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: proxy path length constraint exceeded>
+=item B<X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED>
 
-TBA
+Proxy path length constraint exceeded.
 
-=item B<39 X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: key usage does not include digital signature>
+=item B<X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE>
 
-TBA
+Key usage does not include digital signature.
 
-=item B<40 X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: proxy certificates not allowed, please set the appropriate flag>
+=item B<X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED>
 
-TBA
+Proxy certificates not allowed, please set the appropriate flag.
 
-=item B<41 X509_V_ERR_INVALID_EXTENSION: invalid or inconsistent certificate extension>
+=item B<X509_V_ERR_INVALID_EXTENSION>
 
-TBA
+Invalid or inconsistent certificate extension.
 
-=item B<42 X509_V_ERR_INVALID_POLICY_EXTENSION: invalid or inconsistent certificate policy extension>
+=item B<X509_V_ERR_INVALID_POLICY_EXTENSION>
 
-TBA
+Invalid or inconsistent certificate policy extension.
 
-=item B<43 X509_V_ERR_NO_EXPLICIT_POLICY: no explicit policy>
+=item B<X509_V_ERR_NO_EXPLICIT_POLICY>
 
-TBA
+No explicit policy.
 
-=item B<44 X509_V_ERR_DIFFERENT_CRL_SCOPE: Different CRL scope>
+=item B<X509_V_ERR_DIFFERENT_CRL_SCOPE>
 
-TBA
+Different CRL scope.
 
-=item B<45 X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: Unsupported extension feature>
+=item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE>
 
-TBA
+Unsupported extension feature.
 
-=item B<46 X509_V_ERR_UNNESTED_RESOURCE: RFC 3779 resource not subset of parent's resources>
+=item B<X509_V_ERR_UNNESTED_RESOURCE>
 
-TBA
+RFC 3779 resource not subset of parent's resources.
 
-=item B<47 X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation>
+=item B<X509_V_ERR_PERMITTED_VIOLATION>
 
-TBA
+Permitted subtree violation.
 
-=item B<48 X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation>
+=item B<X509_V_ERR_EXCLUDED_VIOLATION>
 
-TBA
+Excluded subtree violation.
 
-=item B<49 X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported>
+=item B<X509_V_ERR_SUBTREE_MINMAX>
 
-TBA
+Name constraints minimum and maximum not supported.
 
-=item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
+=item B<X509_V_ERR_APPLICATION_VERIFICATION>
 
-an application specific error. Unused.
+Application verification failure. Unused.
 
-=item B<51 X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: unsupported name constraint type>
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE>
 
-TBA
+Unsupported name constraint type.
 
-=item B<52 X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: unsupported or invalid name constraint syntax>
+=item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX>
 
-TBA
+Unsupported or invalid name constraint syntax.
 
-=item B<53 X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: unsupported or invalid name syntax>
+=item B<X509_V_ERR_UNSUPPORTED_NAME_SYNTAX>
 
-TBA
+Unsupported or invalid name syntax.
 
-=item B<54 X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error>
+=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR>
 
-TBA
+CRL path validation error.
 
-=item B<55 X509_V_ERR_PATH_LOOP: Path Loop>
+=item B<X509_V_ERR_PATH_LOOP>
 
-TBA
+Path loop.
 
-=item B<56 X509_V_ERR_SUITE_B_INVALID_VERSION: Suite B: certificate version invalid>
+=item B<X509_V_ERR_SUITE_B_INVALID_VERSION>
 
-TBA
+Suite B: certificate version invalid.
 
-=item B<57 X509_V_ERR_SUITE_B_INVALID_ALGORITHM: Suite B: invalid public key algorithm>
+=item B<X509_V_ERR_SUITE_B_INVALID_ALGORITHM>
 
-TBA
+Suite B: invalid public key algorithm.
 
-=item B<58 X509_V_ERR_SUITE_B_INVALID_CURVE: Suite B: invalid ECC curve>
+=item B<X509_V_ERR_SUITE_B_INVALID_CURVE>
 
-TBA
+Suite B: invalid ECC curve.
 
-=item B<59 X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM: Suite B: invalid signature algorithm>
+=item B<X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM>
 
-TBA
+Suite B: invalid signature algorithm.
 
-=item B<60 X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED: Suite B: curve not allowed for this LOS>
+=item B<X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED>
 
-TBA
+Suite B: curve not allowed for this LOS.
 
-=item B<61 X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256: Suite B: cannot sign P-384 with P-256>
+=item B<X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256>
 
-TBA
+Suite B: cannot sign P-384 with P-256.
 
-=item B<62 X509_V_ERR_HOSTNAME_MISMATCH: Hostname mismatch>
+=item B<X509_V_ERR_HOSTNAME_MISMATCH>
 
-TBA
+Hostname mismatch.
 
-=item B<63 X509_V_ERR_EMAIL_MISMATCH: Email address mismatch>
+=item B<X509_V_ERR_EMAIL_MISMATCH>
 
-TBA
+Email address mismatch.
 
-=item B<64 X509_V_ERR_IP_ADDRESS_MISMATCH: IP address mismatch>
+=item B<X509_V_ERR_IP_ADDRESS_MISMATCH>
 
-TBA
+IP address mismatch.
 
-=item B<65 X509_V_ERR_DANE_NO_MATCH: No matching DANE TLSA records>
+=item B<X509_V_ERR_DANE_NO_MATCH>
 
 DANE TLSA authentication is enabled, but no TLSA records matched the
 certificate chain.
@@ -702,8 +702,6 @@ The B<-show_chain> option was first added to OpenSSL 1.1.0.
 The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
 is silently ignored.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/version.pod

@@ -68,8 +68,6 @@ ENGINESDIR setting.
 The output of B<openssl version -a> would typically be used when sending
 in a bug report.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/x509.pod

@@ -73,7 +73,7 @@ various sections.
 
 =head1 OPTIONS
 
-=head2 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS
+=head2 Input, Output, and General Purpose Options
 
 =over 4
 
@@ -123,7 +123,7 @@ for all available algorithms.
 
 =back
 
-=head2 DISPLAY OPTIONS
+=head2 Display Options
 
 Note: the B<-alias> and B<-purpose> options are also display options
 but are described in the B<TRUST SETTINGS> section.
@@ -239,7 +239,7 @@ this outputs the certificate in the form of a C source file.
 
 =back
 
-=head2 TRUST SETTINGS
+=head2 Trust Settings
 
 A B<trusted certificate> is an ordinary certificate which has several
 additional pieces of information attached to it such as the permitted
@@ -311,7 +311,7 @@ EXTENSIONS> section.
 
 =back
 
-=head2 SIGNING OPTIONS
+=head2 Signing Options
 
 The B<x509> utility can be used to sign certificates and requests: it
 can thus behave like a "mini CA".
@@ -438,7 +438,7 @@ The format or B<key> can be specified using the B<-keyform> option.
 
 =back
 
-=head2 NAME OPTIONS
+=head2 Name Options
 
 The B<nameopt> command line switch determines how the subject and issuer
 names are displayed. If no B<nameopt> switch is present the default "oneline"
@@ -581,7 +581,7 @@ name.
 
 =back
 
-=head2 TEXT OPTIONS
+=head2 Text Options
 
 As well as customising the name output format, it is also possible to
 customise the actual fields printed using the B<certopt> options when
@@ -893,8 +893,6 @@ of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
 canonical version of the DN using SHA1. This means that any directories using
 the old form must have their links rebuilt using B<c_rehash> or similar.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/apps/x509v3_config.pod

@@ -224,7 +224,7 @@ Example:
  authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
 
 
-=head2 CRL distribution points.
+=head2 CRL distribution points
 
 This is a multi-valued extension whose options can be either in name:value pair
 using the same form as subject alternative name or a single value representing
@@ -529,9 +529,6 @@ will only recognize the last value. This can be worked around by using the form:
 L<req(1)>, L<ca(1)>, L<x509(1)>,
 L<ASN1_generate_nconf(3)>
 
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/ASN1_INTEGER_get_int64.pod

@@ -119,8 +119,6 @@ ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(),
 ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64()
 were added to OpenSSL 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/ASN1_OBJECT_new.pod

@@ -39,8 +39,6 @@ ASN1_OBJECT_free() returns no value.
 
 L<ERR_get_error(3)>, L<d2i_ASN1_OBJECT(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/ASN1_STRING_length.pod

@@ -76,10 +76,6 @@ when calling ASN1_STRING_set().
 
 L<ERR_get_error(3)>
 
-=head1 HISTORY
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/ASN1_STRING_new.pod

@@ -40,12 +40,6 @@ ASN1_STRING_free() does not return a value.
 
 L<ERR_get_error(3)>
 
-=head1 HISTORY
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/ASN1_STRING_print_ex.pod

@@ -89,12 +89,6 @@ equivalent to:
 L<X509_NAME_print_ex(3)>,
 L<ASN1_tag2str(3)>
 
-=head1 HISTORY
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/ASN1_TIME_set.pod

@@ -126,8 +126,6 @@ an error occurred (I/O error or invalid time format).
 ASN1_TIME_diff() returns 1 for success and 0 for failure. It can fail if the
 pass ASN1_TIME structure has invalid syntax for example.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/ASN1_TYPE_get.pod

@@ -88,8 +88,6 @@ NULL on failure.
 ASN1_TYPE_pack_sequence() return an ASN1_TYPE structure if it succeeds or
 NULL on failure.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/ASN1_generate_nconf.pod

@@ -40,7 +40,7 @@ That is zero or more comma separated modifiers followed by a type
 followed by an optional colon and a value. The formats of B<type>,
 B<value> and B<modifier> are explained below.
 
-=head2 SUPPORTED TYPES
+=head2 Supported Types
 
 The supported types are listed below. Unless otherwise specified
 only the B<ASCII> format is permissible.
@@ -119,7 +119,7 @@ will be encoded.
 
 =back
 
-=head2 MODIFIERS
+=head2 Modifiers
 
 Modifiers affect the following structure, they can be used to
 add EXPLICIT or IMPLICIT tagging, add wrappers or to change
@@ -258,8 +258,6 @@ The error codes that can be obtained by L<ERR_get_error(3)>.
 
 L<ERR_get_error(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/ASYNC_WAIT_CTX_new.pod

@@ -123,8 +123,6 @@ ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds,
 ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd were first added to
 OpenSSL 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/ASYNC_start_job.pod

@@ -308,8 +308,6 @@ ASYNC_start_job, ASYNC_pause_job, ASYNC_get_current_job, ASYNC_get_wait_ctx(),
 ASYNC_block_pause(), ASYNC_unblock_pause() and ASYNC_is_capable() were first
 added to OpenSSL 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_ADDR.pod

@@ -113,8 +113,6 @@ information they should return isn't available.
 
 L<BIO_connect(3)>, L<BIO_s_connect(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_ADDRINFO.pod

@@ -81,8 +81,6 @@ information they should return isn't available.
 
 L<BIO_lookup(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_connect.pod

@@ -100,8 +100,6 @@ BIO_get_accept_socket() and BIO_accept() are deprecated since OpenSSL
 
 L<BIO_ADDR(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_ctrl.pod

@@ -123,12 +123,6 @@ particular a return value of 0 can be returned if an operation is not
 supported, if an error occurred, if EOF has not been reached and in
 the case of BIO_seek() on a file BIO for a successful operation.
 
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_f_base64.pod

@@ -77,12 +77,6 @@ data following the base64 encoded block to be misinterpreted.
 There should be some way of specifying a test that the BIO can perform
 to reliably determine EOF (for example a MIME boundary).
 
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_f_buffer.pod

@@ -72,8 +72,6 @@ L<BIO_flush(3)>,
 L<BIO_pop(3)>,
 L<BIO_ctrl(3)>.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_f_cipher.pod

@@ -67,16 +67,6 @@ for failure.
 
 BIO_get_cipher_ctx() currently always returns 1.
 
-=head1 EXAMPLES
-
-TBA
-
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_f_md.pod

@@ -142,12 +142,6 @@ separate BIO_ctrl() call.
 Before OpenSSL 1.0.0., the call to BIO_get_md_ctx() would only work if the
 BIO was initialized first.
 
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_f_null.pod

@@ -27,12 +27,6 @@ As may be apparent a null filter BIO is not particularly useful.
 
 BIO_f_null() returns the null filter BIO method.
 
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_f_ssl.pod

@@ -124,10 +124,6 @@ Applications do not have to call BIO_do_handshake() but may wish
 to do so to separate the handshake process from other I/O
 processing.
 
-=head1 RETURN VALUES
-
-TBA
-
 =head1 EXAMPLE
 
 This SSL/TLS client example, attempts to retrieve a page from an
@@ -140,54 +136,48 @@ unencrypted example in L<BIO_s_connect(3)>.
  SSL_CTX *ctx;
  SSL *ssl;
 
- /* We would seed the PRNG here if the platform didn't
-  * do it automatically
-  */
+ /* XXX Seed the PRNG if needed. */
 
  ctx = SSL_CTX_new(TLS_client_method());
 
- /* We'd normally set some stuff like the verify paths and
-  * mode here because as things stand this will connect to
-  * any server whose certificate is signed by any CA.
-  */
+ /* XXX Set verify paths and mode here. */
 
  sbio = BIO_new_ssl_connect(ctx);
-
  BIO_get_ssl(sbio, &ssl);
-
- if(!ssl) {
-   fprintf(stderr, "Can't locate SSL pointer\n");
-   /* whatever ... */
+ if (ssl == NULL) {
+     fprintf(stderr, "Can't locate SSL pointer\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
  }
 
  /* Don't want any retries */
  SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
 
- /* We might want to do other things with ssl here */
+ /* XXX We might want to do other things with ssl here */
 
  /* An empty host part means the loopback address */
  BIO_set_conn_hostname(sbio, ":https");
 
  out = BIO_new_fp(stdout, BIO_NOCLOSE);
- if(BIO_do_connect(sbio) <= 0) {
-        fprintf(stderr, "Error connecting to server\n");
-        ERR_print_errors_fp(stderr);
-        /* whatever ... */
+ if (BIO_do_connect(sbio) <= 0) {
+     fprintf(stderr, "Error connecting to server\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
  }
-
- if(BIO_do_handshake(sbio) <= 0) {
+ if (BIO_do_handshake(sbio) <= 0) {
         fprintf(stderr, "Error establishing SSL connection\n");
         ERR_print_errors_fp(stderr);
-        /* whatever ... */
+        exit(1);
  }
 
- /* Could examine ssl here to get connection info */
+ /* XXX Could examine ssl here to get connection info */
 
  BIO_puts(sbio, "GET / HTTP/1.0\n\n");
- for(;;) {      
-        len = BIO_read(sbio, tmpbuf, 1024);
-        if(len <= 0) break;
-        BIO_write(out, tmpbuf, len);
+ for ( ; ; ) {
+     len = BIO_read(sbio, tmpbuf, 1024);
+     if(len <= 0)
+         break;
+     BIO_write(out, tmpbuf, len);
  }
  BIO_free_all(sbio);
  BIO_free(out);
@@ -203,102 +193,83 @@ a client and also echoes the request to standard output.
  SSL_CTX *ctx;
  SSL *ssl;
 
- /* Might seed PRNG here */
+ /* XXX Seed the PRNG if needed. */
 
  ctx = SSL_CTX_new(TLS_server_method());
-
- if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)
-        || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
-        || !SSL_CTX_check_private_key(ctx)) {
-
-        fprintf(stderr, "Error setting up SSL_CTX\n");
-        ERR_print_errors_fp(stderr);
-        return 0;
+ if (!SSL_CTX_use_certificate_file(ctx, "server.pem", SSL_FILETYPE_PEM)
+         || !SSL_CTX_use_PrivateKey_file(ctx, "server.pem", SSL_FILETYPE_PEM)
+         || !SSL_CTX_check_private_key(ctx)) {
+     fprintf(stderr, "Error setting up SSL_CTX\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
  }
 
- /* Might do other things here like setting verify locations and
-  * DH and/or RSA temporary key callbacks
-  */
+ /* XXX Other things like set verify locations, EDH temp callbacks. */
 
  /* New SSL BIO setup as server */
- sbio=BIO_new_ssl(ctx,0);
-
+ sbio = BIO_new_ssl(ctx,0);
  BIO_get_ssl(sbio, &ssl);
-
- if(!ssl) {
-   fprintf(stderr, "Can't locate SSL pointer\n");
-   /* whatever ... */
+ if (ssl == NULL) {
+     fprintf(stderr, "Can't locate SSL pointer\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
  }
 
- /* Don't want any retries */
  SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
-
- /* Create the buffering BIO */
-
  bbio = BIO_new(BIO_f_buffer());
-
- /* Add to chain */
  sbio = BIO_push(bbio, sbio);
+ acpt = BIO_new_accept("4433");
 
- acpt=BIO_new_accept("4433");
-
- /* By doing this when a new connection is established
+ /*
+  * By doing this when a new connection is established
   * we automatically have sbio inserted into it. The
   * BIO chain is now 'swallowed' by the accept BIO and
   * will be freed when the accept BIO is freed.
   */
-
- BIO_set_accept_bios(acpt,sbio);
-
+ BIO_set_accept_bios(acpt, sbio);
  out = BIO_new_fp(stdout, BIO_NOCLOSE);
 
  /* Setup accept BIO */
- if(BIO_do_accept(acpt) <= 0) {
-        fprintf(stderr, "Error setting up accept BIO\n");
-        ERR_print_errors_fp(stderr);
-        return 0;
+ if (BIO_do_accept(acpt) <= 0) {
+     fprintf(stderr, "Error setting up accept BIO\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
  }
 
- /* Now wait for incoming connection */
- if(BIO_do_accept(acpt) <= 0) {
-        fprintf(stderr, "Error in connection\n");
-        ERR_print_errors_fp(stderr);
-        return 0;
+ if (BIO_do_accept(acpt) <= 0) {
+     fprintf(stderr, "Error in connection\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
  }
 
- /* We only want one connection so remove and free
-  * accept BIO
-  */
-
+ /* We only want one connection so remove and free accept BIO */
  sbio = BIO_pop(acpt);
-
  BIO_free_all(acpt);
 
- if(BIO_do_handshake(sbio) <= 0) {
-        fprintf(stderr, "Error in SSL handshake\n");
-        ERR_print_errors_fp(stderr);
-        return 0;
+ if (BIO_do_handshake(sbio) <= 0) {
+     fprintf(stderr, "Error in SSL handshake\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
  }
 
  BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
  BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
  BIO_puts(sbio, "--------------------------------------------------\r\n");
 
- for(;;) {
-        len = BIO_gets(sbio, tmpbuf, 1024);
-        if(len <= 0) break;
-        BIO_write(sbio, tmpbuf, len);
-        BIO_write(out, tmpbuf, len);
-        /* Look for blank line signifying end of headers*/
-        if((tmpbuf[0] == '\r') || (tmpbuf[0] == '\n')) break;
+ for ( ; ; ) {
+     len = BIO_gets(sbio, tmpbuf, 1024);
+     if (len <= 0)
+         break;
+     BIO_write(sbio, tmpbuf, len);
+     BIO_write(out, tmpbuf, len);
+     /* Look for blank line signifying end of headers*/
+     if (tmpbuf[0] == '\r' || tmpbuf[0] == '\n')
+         break;
  }
 
  BIO_puts(sbio, "--------------------------------------------------\r\n");
  BIO_puts(sbio, "\r\n");
-
- /* Since there is a buffering BIO present we had better flush it */
  BIO_flush(sbio);
-
  BIO_free_all(sbio);
 
 =head1 BUGS
@@ -310,12 +281,6 @@ explicitly being popped (e.g. a pop higher up the chain). Applications which
 included workarounds for this bug (e.g. freeing BIOs more than once) should
 be modified to handle this fix or they may free up an already freed BIO.
 
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_find_type.pod

@@ -80,12 +80,6 @@ Traverse a chain looking for digest BIOs:
  } while(btmp);
 
 
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_get_data.pod

@@ -53,8 +53,6 @@ L<bio>, L<BIO_meth_new>
 
 The functions described here were added in OpenSSL version 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_get_ex_new_index.pod

@@ -42,8 +42,6 @@ For details, see L<CRYPTO_get_ex_new_index(3)>.
 
 L<CRYPTO_get_ex_new_index(3)>.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_meth_new.pod

@@ -114,8 +114,6 @@ L<bio>, L<BIO_find_type>, L<BIO_ctrl>, L<BIO_read>, L<BIO_new>
 
 The functions described here were added in OpenSSL version 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_new.pod

@@ -66,12 +66,6 @@ Create a memory BIO:
 
  BIO *mem = BIO_new(BIO_s_mem());
 
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_new_CMS.pod

@@ -63,8 +63,6 @@ L<CMS_encrypt(3)>
 
 BIO_new_CMS() was added to OpenSSL 1.0.0
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_parse_hostserv.pod

@@ -61,8 +61,6 @@ and B<hostserv_prio>, as follows:
 
 L<BIO_ADDRINFO(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_push.pod

@@ -77,8 +77,6 @@ L<bio>
 
 The BIO_set_next() function was added in OpenSSL version 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_read.pod

@@ -65,10 +65,6 @@ to the chain.
 
 L<BIO_should_retry(3)>
 
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_s_accept.pod

@@ -161,33 +161,35 @@ down each and finally closes both down.
 
  BIO *abio, *cbio, *cbio2;
 
- abio = BIO_new_accept("4444");
-
  /* First call to BIO_accept() sets up accept BIO */
- if(BIO_do_accept(abio) <= 0) {
-        fprintf(stderr, "Error setting up accept\n");
-        ERR_print_errors_fp(stderr);
-        exit(0);                
+ abio = BIO_new_accept("4444");
+ if (BIO_do_accept(abio) <= 0) {
+     fprintf(stderr, "Error setting up accept\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
  }
 
  /* Wait for incoming connection */
- if(BIO_do_accept(abio) <= 0) {
-        fprintf(stderr, "Error accepting connection\n");
-        ERR_print_errors_fp(stderr);
-        exit(0);                
+ if (BIO_do_accept(abio) <= 0) {
+     fprintf(stderr, "Error accepting connection\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
  }
  fprintf(stderr, "Connection 1 established\n");
+
  /* Retrieve BIO for connection */
  cbio = BIO_pop(abio);
  BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\n");
  fprintf(stderr, "Sent out data on connection 1\n");
+
  /* Wait for another connection */
- if(BIO_do_accept(abio) <= 0) {
-        fprintf(stderr, "Error accepting connection\n");
-        ERR_print_errors_fp(stderr);
-        exit(0);                
+ if (BIO_do_accept(abio) <= 0) {
+     fprintf(stderr, "Error accepting connection\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
  }
  fprintf(stderr, "Connection 2 established\n");
+
  /* Close accept BIO to refuse further connections */
  cbio2 = BIO_pop(abio);
  BIO_free(abio);
@@ -195,16 +197,11 @@ down each and finally closes both down.
  fprintf(stderr, "Sent out data on connection 2\n");
 
  BIO_puts(cbio, "Connection 1: Second connection established\n");
+
  /* Close the two established connections */
  BIO_free(cbio);
  BIO_free(cbio2);
 
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_s_bio.pod

@@ -186,8 +186,6 @@ the peer might be waiting for the data before being able to continue.
 L<SSL_set_bio(3)>, L<ssl(3)>, L<bio(3)>,
 L<BIO_should_retry(3)>, L<BIO_read(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_s_connect.pod

@@ -167,16 +167,17 @@ to retrieve a page and copy the result to standard output.
 
  cbio = BIO_new_connect("localhost:http");
  out = BIO_new_fp(stdout, BIO_NOCLOSE);
- if(BIO_do_connect(cbio) <= 0) {
-        fprintf(stderr, "Error connecting to server\n");
-        ERR_print_errors_fp(stderr);
-        /* whatever ... */
-        }
+ if (BIO_do_connect(cbio) <= 0) {
+     fprintf(stderr, "Error connecting to server\n");
+     ERR_print_errors_fp(stderr);
+     exit(1);
+ }
  BIO_puts(cbio, "GET / HTTP/1.0\n\n");
- for(;;) {      
-        len = BIO_read(cbio, tmpbuf, 1024);
-        if(len <= 0) break;
-        BIO_write(out, tmpbuf, len);
+ for ( ; ; ) {
+     len = BIO_read(cbio, tmpbuf, 1024);
+     if(len <= 0)
+         break;
+     BIO_write(out, tmpbuf, len);
  }
  BIO_free(cbio);
  BIO_free(out);
@@ -186,8 +187,6 @@ to retrieve a page and copy the result to standard output.
 
 L<BIO_ADDR(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_s_fd.pod

@@ -88,8 +88,6 @@ L<BIO_write(3)>, L<BIO_puts(3)>,
 L<BIO_gets(3)>, L<BIO_printf(3)>,
 L<BIO_set_close(3)>, L<BIO_get_close(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_s_file.pod

@@ -147,8 +147,6 @@ L<BIO_write(3)>, L<BIO_puts(3)>,
 L<BIO_gets(3)>, L<BIO_printf(3)>,
 L<BIO_set_close(3)>, L<BIO_get_close(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_s_mem.pod

@@ -111,13 +111,6 @@ Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
  BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
  BIO_free(mem);
 
-
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_s_null.pod

@@ -32,12 +32,6 @@ by adding a null sink BIO to the end of the chain
 
 BIO_s_null() returns the null sink BIO method.
 
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_s_socket.pod

@@ -58,12 +58,6 @@ initialized.
 BIO_new_socket() returns the newly allocated BIO or NULL is an error
 occurred.
 
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_set_callback.pod

@@ -103,12 +103,6 @@ callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, larg,ret) after.
 The BIO_debug_callback() function is a good example, its source is
 in crypto/bio/bio_cb.c
 
-=head1 SEE ALSO
-
-TBA
-
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BIO_should_retry.pod

@@ -123,8 +123,6 @@ L<bio>
 The BIO_get_retry_reason() and BIO_set_retry_reason() functions were added in
 OpenSSL version 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_BLINDING_new.pod

@@ -114,8 +114,6 @@ L<bn(3)>
 BN_BLINDING_thread_id() was first introduced in OpenSSL 1.0.0, and it
 deprecates BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id().
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_CTX_new.pod

@@ -64,8 +64,6 @@ L<BN_CTX_start(3)>
 
 BN_CTX_init() was removed in OpenSSL 1.1.0.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_CTX_start.pod

@@ -45,8 +45,6 @@ can be obtained by L<ERR_get_error(3)>.
 
 L<BN_CTX_new(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_add.pod

@@ -115,8 +115,6 @@ The error codes can be obtained by L<ERR_get_error(3)>.
 L<bn(3)>, L<ERR_get_error(3)>, L<BN_CTX_new(3)>,
 L<BN_add_word(3)>, L<BN_set_bit(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_add_word.pod

@@ -49,8 +49,6 @@ B<(BN_ULONG)-1> if an error occurred.
 
 L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_bn2bin.pod

@@ -100,8 +100,6 @@ L<bn(3)>, L<ERR_get_error(3)>, L<BN_zero(3)>,
 L<ASN1_INTEGER_to_BN(3)>,
 L<BN_num_bytes(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_cmp.pod

@@ -39,8 +39,6 @@ the condition is true, 0 otherwise.
 
 L<bn(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_copy.pod

@@ -57,8 +57,6 @@ by L<ERR_get_error(3)>.
 
 L<bn(3)>, L<ERR_get_error(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_generate_prime.pod

@@ -182,8 +182,6 @@ L<bn(3)>, L<ERR_get_error(3)>, L<rand(3)>
 BN_GENCB_new(), BN_GENCB_free(),
 and BN_GENCB_get_arg() were added in OpenSSL 1.1.0
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_mod_inverse.pod

@@ -29,8 +29,6 @@ NULL on error. The error codes can be obtained by L<ERR_get_error(3)>.
 
 L<bn(3)>, L<ERR_get_error(3)>, L<BN_add(3)>
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_mod_mul_montgomery.pod

@@ -98,8 +98,6 @@ L<BN_CTX_new(3)>
 
 BN_MONT_CTX_init() was removed in OpenSSL 1.1.0
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_mod_mul_reciprocal.pod

@@ -85,8 +85,6 @@ L<BN_CTX_new(3)>
 
 BN_RECP_CTX_init was removed in OpenSSL 1.1.0
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

doc/crypto/BN_new.pod

@@ -45,8 +45,6 @@ L<bn(3)>, L<ERR_get_error(3)>
 
 BN_init() was removed in OpenSSL 1.1.0; use BN_new() instead.
 
-=cut
-
 =head1 COPYRIGHT
 
 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.