Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
19d2bb57
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
19d2bb57
编写于
1月 07, 2000
作者:
U
Ulf Möller
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add some newlines needed for pod2man, and run ispell.
Submitted by: Reviewed by: PR:
上级
35f4850a
变更
13
隐藏空白更改
内联
并排
Showing
13 changed file
with
41 addition
and
39 deletion
+41
-39
doc/man/README
doc/man/README
+1
-1
doc/man/asn1parse.pod
doc/man/asn1parse.pod
+1
-1
doc/man/ca.pod
doc/man/ca.pod
+3
-3
doc/man/config.pod
doc/man/config.pod
+4
-4
doc/man/dgst.pod
doc/man/dgst.pod
+1
-0
doc/man/enc.pod
doc/man/enc.pod
+6
-5
doc/man/nseq.pod
doc/man/nseq.pod
+1
-1
doc/man/pkcs8.pod
doc/man/pkcs8.pod
+1
-1
doc/man/req.pod
doc/man/req.pod
+11
-11
doc/man/smime.pod
doc/man/smime.pod
+3
-3
doc/man/spkac.pod
doc/man/spkac.pod
+2
-2
doc/man/verify.pod
doc/man/verify.pod
+4
-4
doc/man/x509.pod
doc/man/x509.pod
+3
-3
未找到文件。
doc/man/README
浏览文件 @
19d2bb57
This is *very* prelimin
i
ary documentation for some
This is *very* preliminary documentation for some
of the main commands in the openssl utility. The
information reflects the way the commands may work
when OpenSSL 0.9.5 is released. They are subject
...
...
doc/man/asn1parse.pod
浏览文件 @
19d2bb57
...
...
@@ -43,7 +43,7 @@ combined with the B<-strparse> option.
=item B<-noout>
don't ouput the parsed version of the input file.
don't ou
t
put the parsed version of the input file.
=item B<-offset number>
...
...
doc/man/ca.pod
浏览文件 @
19d2bb57
...
...
@@ -94,7 +94,7 @@ the private key to sign requests with.
=item B<-key password>
the password used to encr
r
ypt the private key. Since on some
the password used to encrypt the private key. Since on some
systems the command line arguments are visible (e.g. Unix with
the 'ps' utility) this option should be used with caution.
...
...
@@ -140,7 +140,7 @@ need this option.
Normally the DN order of a certificate is the same as the order of the
fields in the relevant policy section. When this option is set the order
is the same as the request. This is largely for compat
a
bility with the
is the same as the request. This is largely for compat
i
bility with the
older IE enrollment control which would only accept certificates if their
DNs match the order of the request. This is not needed for Xenroll.
...
...
@@ -401,7 +401,7 @@ on the same database can have unpredictable results.
=head1 FILES
Note: the location of all files can change either by compile time options,
configration file entries, environment variables or command line options.
config
u
ration file entries, environment variables or command line options.
The values below reflect the default values.
/usr/local/ssl/lib/openssl.cnf - master configuration file
...
...
doc/man/config.pod
浏览文件 @
19d2bb57
...
...
@@ -3,11 +3,11 @@
=head1 NAME
config - OpenSSL CONF library configu
a
ration files
config - OpenSSL CONF library configuration files
=head1 DESCRIPTION
The OpenSSL CONF library can be used to read confiuration files.
The OpenSSL CONF library can be used to read confi
g
uration files.
It is used for the OpenSSL master configuration file B<openssl.cnf>
and in a few other places like B<SPKAC> files and certificate extension
files for the B<x509> utility.
...
...
@@ -40,7 +40,7 @@ The value string undergoes variable expansion. This can be done by
including the form B<$var> or B<${var}>: this will substitute the value
of the named variable in the current section. It is also possible to
substitute a value from another section using the syntax B<$section::name>
or B<${section::name}>. By using the form B<$ENV::name> environ
e
ment
or B<${section::name}>. By using the form B<$ENV::name> environment
variables can be substituted. It is also possible to assign values to
environment variables by using the name B<ENV::name>, this will work
if the program looks up environment variables using the B<CONF> library
...
...
@@ -53,7 +53,7 @@ the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognised.
=head1 NOTES
If a configuration file attempts to expand a varible that doesn't exist
If a configuration file attempts to expand a vari
a
ble that doesn't exist
then an error is flagged and the file will not load. This can happen
if an attempt is made to expand an environment variable that doesn't
exist. For example the default OpenSSL master configuration file used
...
...
doc/man/dgst.pod
浏览文件 @
19d2bb57
=pod
=head1 NAME
dgst, md5, md2, sha1, sha, mdc2, ripemd160 - message digests
...
...
doc/man/enc.pod
浏览文件 @
19d2bb57
=pod
=head1 NAME
enc - symmetric cipher routines
...
...
@@ -23,7 +24,7 @@ B<openssl enc -ciphername>
=head1 DESCRIPTION
The symmetric cipher commands allow data to be encry
tp
ed or decrypted
The symmetric cipher commands allow data to be encry
pt
ed or decrypted
using various block and stream ciphers using keys based on passwords
or explicitly provided. Base64 encoding or decoding can also be performed
either by itself or in addition to the encryption or decryption.
...
...
@@ -43,14 +44,14 @@ the output filename, standard output by default.
=item B<-salt>
use a salt in the key derivation routines. This option should B<ALWAYS>
be used unless compat
a
bility with previous versions of OpenSSL or SSLeay
be used unless compat
i
bility with previous versions of OpenSSL or SSLeay
is required. This option is only present on OpenSSL versions 0.9.5 or
above.
=item B<-nosalt>
don't use a salt in the key derivation routines. This is the default for
compat
a
bility with previous versions of OpenSSL and SSLeay.
compat
i
bility with previous versions of OpenSSL and SSLeay.
=item B<-e>
...
...
@@ -120,7 +121,7 @@ B<openssl enc -ciphername>.
A password will be prompted for to derive the key and IV if necessary.
The B<-salt> option should B<ALWAYS> be used if the key is being derived
from a password unless you want compat
a
bility with previous versions of
from a password unless you want compat
i
bility with previous versions of
OpenSSL and SSLeay.
Without the B<-salt> option it is possible to perform efficient dictionary
...
...
@@ -149,7 +150,7 @@ Blowfish and RC5 algorithms use a 128 bit key.
bf-cbc Blowfish in CBC mode
bf Alias for bf-cbc
bf-cfb Blowish in CFB mode
bf-cfb Blow
f
ish in CFB mode
bf-ecb Blowfish in ECB mode
bf-ofb Blowfish in OFB mode
...
...
doc/man/nseq.pod
浏览文件 @
19d2bb57
...
...
@@ -59,7 +59,7 @@ The B<PEM> encoded form uses the same headers and footers as a certificate:
A Netscape certificate sequence is a Netscape specific form that can be sent
to browsers as an alternative to the standard PKCS#7 format when several
certificates are sent to the browser: for example during certificate erollment.
certificates are sent to the browser: for example during certificate e
n
rollment.
It is used by Netscape certificate server for example.
=head1 BUGS
...
...
doc/man/pkcs8.pod
浏览文件 @
19d2bb57
...
...
@@ -214,7 +214,7 @@ There should be an option that prints out the encryption algorithm
in use and other details such as the iteration count.
PKCS#8 using triple DES and PKCS#5 v2.0 should be the default private
key format for OpenSSL: for compat
a
bility several of the utilities use
key format for OpenSSL: for compat
i
bility several of the utilities use
the old format at present.
=head1 SEE ALSO
...
...
doc/man/req.pod
浏览文件 @
19d2bb57
...
...
@@ -194,7 +194,7 @@ It should be noted that very few CAs still require the use of this option.
=head1 CONFIGURATION FILE FORMAT
The configuation options are specified in the B<req> section of
The configu
r
ation options are specified in the B<req> section of
the configuration file. As with all configuration files if no
value is specified in the specific section (i.e. B<req>) then
the initial unnamed or B<default> section is searched too.
...
...
@@ -214,13 +214,13 @@ B<envpassout> override the configuration file values.
This specifies the default key size in bits. If not specified then
512 is used. It is used if the B<-new> option is used. It can be
overriden by using the B<-newkey> option.
overrid
d
en by using the B<-newkey> option.
=item B<default_keyfile>
This is the default filename to write a private key to. If not
specified the key is written to standard output. This can be
overriden by the B<-keyout> option.
overrid
d
en by the B<-keyout> option.
=item B<oid_file>
...
...
@@ -245,7 +245,7 @@ placed and read from. It is used for private key generation.
If this is set to B<no> then if a private key is generated it is
B<not> encrypted. This is equivalent to the B<-nodes> command line
option. For compat
a
bility B<encrypt_rsai_key> is an equivalent option.
option. For compat
i
bility B<encrypt_rsai_key> is an equivalent option.
=item B<default_md>
...
...
@@ -284,12 +284,12 @@ is used. It can be overridden by the B<-extensions> command line switch.
this specifies the section containing any request attributes: its format
is the same as B<distinguished_name> described below. Typically these
may contain the challengePassword or unstructuredName types. They are
currently ignored by OpenSSLs request signing utilities but some CAs
currently ignored by OpenSSL
'
s request signing utilities but some CAs
might want them.
=item B<distinguished_name>
This specifies the section containing the distiguished name fields to
This specifies the section containing the disti
n
guished name fields to
prompt for when generating a certificate or certificate request. This
consists of lines of the form:
...
...
@@ -299,7 +299,7 @@ consists of lines of the form:
fieldName_max= 4
"fieldName" is the field name being used, for example commonName (or CN).
The "prompt" string is used to ask the user to enter the relvant
The "prompt" string is used to ask the user to enter the rel
e
vant
details. If the user enters nothing then the default value is used if no
default value is present then the field is omitted. A field can
still be omitted if a default value is present if the user just
...
...
@@ -432,7 +432,7 @@ This is followed some time later by...
The first error message is the clue: it can't find the configuration
file! Certain operations (like examining a certificate request) don't
need a configuration file so its use isn't enforced. Generation of
certficates or requests however does need a configuration file. This
cert
i
ficates or requests however does need a configuration file. This
could be regarded as a bug.
Another puzzling message is this:
...
...
@@ -454,13 +454,13 @@ for more information.
The variable B<OPENSSL_CONF> if defined allows an alternative configuration
file location to be specified, it will be overridden by the B<-config> command
line switch if it is present. For compat
a
bility reasons the B<SSLEAY_CONF>
line switch if it is present. For compat
i
bility reasons the B<SSLEAY_CONF>
environment variable serves the same purpose but its use is discouraged.
=head1 BUGS
OpenSSLs handling of T61Strings (aka TeletexStrings) is broken: it effectively
treats them as ISO-8859-1 (
l
atin 1), Netscape and MSIE have similar behaviour.
OpenSSL
'
s handling of T61Strings (aka TeletexStrings) is broken: it effectively
treats them as ISO-8859-1 (
L
atin 1), Netscape and MSIE have similar behaviour.
This can cause problems if you need characters that aren't available in
PrintableStrings and you don't want to or can't use BMPStrings.
...
...
doc/man/smime.pod
浏览文件 @
19d2bb57
...
...
@@ -115,7 +115,7 @@ do not verify the signers certificate of a signed message.
=item B<-nochain>
do not do chain verification of signers cert
f
ificates: that is don't
do not do chain verification of signers certificates: that is don't
use the certificates in the signed message as untrusted CAs.
=item B<-nosigs>
...
...
@@ -205,7 +205,7 @@ message: see the examples section.
This version of the program only allows one signer per message but it
will verify multiple signers on received messages. Some S/MIME clients
choke if a message contains mutiple signers. It is possible to sign
choke if a message contains mu
l
tiple signers. It is possible to sign
messages "in parallel" by signing an already signed message.
The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
...
...
@@ -239,7 +239,7 @@ an error occurred decrypting or verifying the message.
=item 5
the message was verified correctly but an error occured writing out
the message was verified correctly but an error occur
r
ed writing out
the signers certificates.
=back
...
...
doc/man/spkac.pod
浏览文件 @
19d2bb57
...
...
@@ -74,11 +74,11 @@ verifies the digital signature on the supplied SPKAC.
Print out the contents of an SPKAC:
openssl spkac -in s
kp
ac.cnf
openssl spkac -in s
pk
ac.cnf
Verify the signature of an SPKAC:
openssl spkac -in s
kp
ac.cnf -noout -verify
openssl spkac -in s
pk
ac.cnf -noout -verify
Create an SPKAC using the challenge string "hello":
...
...
doc/man/verify.pod
浏览文件 @
19d2bb57
...
...
@@ -92,7 +92,7 @@ up. The chain is built up by looking up a certificate whose subject name
matches the issuer name of the current certificate. If a certificate is found
whose subject and issuer names are identical it is assumed to be the root CA.
The lookup first looks in the list of untrusted certificates and if no match
is found the remaining lookups are from the trusted certficates. The root CA
is found the remaining lookups are from the trusted cert
i
ficates. The root CA
is always looked up in the trusted certificate list: if the certificate to
verify is a root certificate then an exact match must be found in the trusted
list.
...
...
@@ -105,7 +105,7 @@ CA certificates. The precise extensions required are described in more detail in
the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility.
The third operation is to check the trust settings on the root CA. The root
CA should be trusted for the supplied purpose. For compat
a
bility with previous
CA should be trusted for the supplied purpose. For compat
i
bility with previous
versions of SSLeay and OpenSSL a certificate with no trust settings is considered
to be valid for all purposes.
...
...
@@ -158,7 +158,7 @@ the certificate signature could not be decrypted. This means that the actual sig
could not be determined rather than it not matching the expected value, this is only
meaningful for RSA keys.
=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's
's
signature>
=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
the CRL signature could not be decrypted: this means that the actual signature value
could not be determined rather than it not matching the expected value. Unused.
...
...
@@ -209,7 +209,7 @@ the CRL nextUpdate field contains an invalid time. Unused.
=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
an error occured trying to allocate memory. This should never happen.
an error occur
r
ed trying to allocate memory. This should never happen.
=item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
...
...
doc/man/x509.pod
浏览文件 @
19d2bb57
...
...
@@ -100,7 +100,7 @@ this option has no effect: SHA1 is always used with DSA keys.
=head1 DISPLAY OPTIONS
Note: the B<-alias> and B<-purpose> options are also display options
but are desribed in the B<TRUST OPTIONS> section.
but are des
c
ribed in the B<TRUST OPTIONS> section.
=over 4
...
...
@@ -196,7 +196,7 @@ certificate is automatically output if any trust settings are modified.
=item B<-setalias arg>
sets the alias of the certificate. This will allow the certificate
to be ref
fe
red to using a nickname for example "Steve's Certificate".
to be ref
er
red to using a nickname for example "Steve's Certificate".
=item B<-alias>
...
...
@@ -363,7 +363,7 @@ extensions for a CA:
openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \
-signkey key.pem -out cacert.pem
Sign a certificate request using the CA certifcate above and add user
Sign a certificate request using the CA certif
i
cate above and add user
certificate extensions:
openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录