diff --git a/doc/man/README b/doc/man/README index e10cf0ca2dc204ca1fbe9d88e822dc10958c2470..c63598adc3e8f11dd06dd628663d318b48d782e8 100644 --- a/doc/man/README +++ b/doc/man/README @@ -1,4 +1,4 @@ -This is *very* preliminiary documentation for some +This is *very* preliminary documentation for some of the main commands in the openssl utility. The information reflects the way the commands may work when OpenSSL 0.9.5 is released. They are subject diff --git a/doc/man/asn1parse.pod b/doc/man/asn1parse.pod index ef1c61419b1d32848a28a58a7c31771e3bb8fa29..e76e9813abaf48fca86a1a0850cef0fe5b0cce60 100644 --- a/doc/man/asn1parse.pod +++ b/doc/man/asn1parse.pod @@ -43,7 +43,7 @@ combined with the B<-strparse> option. =item B<-noout> -don't ouput the parsed version of the input file. +don't output the parsed version of the input file. =item B<-offset number> diff --git a/doc/man/ca.pod b/doc/man/ca.pod index 1f2d6f29168e82e5178af9bac7dbb3d35f3763a6..999622b57064b32c0f642556c8c7fe299fcbd210 100644 --- a/doc/man/ca.pod +++ b/doc/man/ca.pod @@ -94,7 +94,7 @@ the private key to sign requests with. =item B<-key password> -the password used to encrrypt the private key. Since on some +the password used to encrypt the private key. Since on some systems the command line arguments are visible (e.g. Unix with the 'ps' utility) this option should be used with caution. @@ -140,7 +140,7 @@ need this option. Normally the DN order of a certificate is the same as the order of the fields in the relevant policy section. When this option is set the order -is the same as the request. This is largely for compatability with the +is the same as the request. This is largely for compatibility with the older IE enrollment control which would only accept certificates if their DNs match the order of the request. This is not needed for Xenroll. @@ -401,7 +401,7 @@ on the same database can have unpredictable results. =head1 FILES Note: the location of all files can change either by compile time options, -configration file entries, environment variables or command line options. +configuration file entries, environment variables or command line options. The values below reflect the default values. /usr/local/ssl/lib/openssl.cnf - master configuration file diff --git a/doc/man/config.pod b/doc/man/config.pod index b8d09593dca7f4bce61dd350abacabf4ecd68fa9..a5974d945aafad410ae101c15d6f8dea0e2ed3ae 100644 --- a/doc/man/config.pod +++ b/doc/man/config.pod @@ -3,11 +3,11 @@ =head1 NAME -config - OpenSSL CONF library configuaration files +config - OpenSSL CONF library configuration files =head1 DESCRIPTION -The OpenSSL CONF library can be used to read confiuration files. +The OpenSSL CONF library can be used to read configuration files. It is used for the OpenSSL master configuration file B and in a few other places like B files and certificate extension files for the B utility. @@ -40,7 +40,7 @@ The value string undergoes variable expansion. This can be done by including the form B<$var> or B<${var}>: this will substitute the value of the named variable in the current section. It is also possible to substitute a value from another section using the syntax B<$section::name> -or B<${section::name}>. By using the form B<$ENV::name> environement +or B<${section::name}>. By using the form B<$ENV::name> environment variables can be substituted. It is also possible to assign values to environment variables by using the name B, this will work if the program looks up environment variables using the B library @@ -53,7 +53,7 @@ the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognised. =head1 NOTES -If a configuration file attempts to expand a varible that doesn't exist +If a configuration file attempts to expand a variable that doesn't exist then an error is flagged and the file will not load. This can happen if an attempt is made to expand an environment variable that doesn't exist. For example the default OpenSSL master configuration file used diff --git a/doc/man/dgst.pod b/doc/man/dgst.pod index fad0a045bb12d6f58816500a2595ae535ad067fa..cbf2cc529aa304eb3422c7530b13973ea0736b9b 100644 --- a/doc/man/dgst.pod +++ b/doc/man/dgst.pod @@ -1,4 +1,5 @@ =pod + =head1 NAME dgst, md5, md2, sha1, sha, mdc2, ripemd160 - message digests diff --git a/doc/man/enc.pod b/doc/man/enc.pod index eceee9fee88b667d58c372f96ce20000e0230c2c..349fca00f8bc4f524afc3cf0156b467296f164de 100644 --- a/doc/man/enc.pod +++ b/doc/man/enc.pod @@ -1,4 +1,5 @@ =pod + =head1 NAME enc - symmetric cipher routines @@ -23,7 +24,7 @@ B =head1 DESCRIPTION -The symmetric cipher commands allow data to be encrytped or decrypted +The symmetric cipher commands allow data to be encrypted or decrypted using various block and stream ciphers using keys based on passwords or explicitly provided. Base64 encoding or decoding can also be performed either by itself or in addition to the encryption or decryption. @@ -43,14 +44,14 @@ the output filename, standard output by default. =item B<-salt> use a salt in the key derivation routines. This option should B -be used unless compatability with previous versions of OpenSSL or SSLeay +be used unless compatibility with previous versions of OpenSSL or SSLeay is required. This option is only present on OpenSSL versions 0.9.5 or above. =item B<-nosalt> don't use a salt in the key derivation routines. This is the default for -compatability with previous versions of OpenSSL and SSLeay. +compatibility with previous versions of OpenSSL and SSLeay. =item B<-e> @@ -120,7 +121,7 @@ B. A password will be prompted for to derive the key and IV if necessary. The B<-salt> option should B be used if the key is being derived -from a password unless you want compatability with previous versions of +from a password unless you want compatibility with previous versions of OpenSSL and SSLeay. Without the B<-salt> option it is possible to perform efficient dictionary @@ -149,7 +150,7 @@ Blowfish and RC5 algorithms use a 128 bit key. bf-cbc Blowfish in CBC mode bf Alias for bf-cbc - bf-cfb Blowish in CFB mode + bf-cfb Blowfish in CFB mode bf-ecb Blowfish in ECB mode bf-ofb Blowfish in OFB mode diff --git a/doc/man/nseq.pod b/doc/man/nseq.pod index a9af25b53db4231208e6af948cdf0d6992bb9d9f..989c3108fb83643c42f42d7a388320b028380c08 100644 --- a/doc/man/nseq.pod +++ b/doc/man/nseq.pod @@ -59,7 +59,7 @@ The B encoded form uses the same headers and footers as a certificate: A Netscape certificate sequence is a Netscape specific form that can be sent to browsers as an alternative to the standard PKCS#7 format when several -certificates are sent to the browser: for example during certificate erollment. +certificates are sent to the browser: for example during certificate enrollment. It is used by Netscape certificate server for example. =head1 BUGS diff --git a/doc/man/pkcs8.pod b/doc/man/pkcs8.pod index 3d5885638804063232e5003c0b074be696a39054..64735358a2732d1051aa83c88e14342e2778bb5f 100644 --- a/doc/man/pkcs8.pod +++ b/doc/man/pkcs8.pod @@ -214,7 +214,7 @@ There should be an option that prints out the encryption algorithm in use and other details such as the iteration count. PKCS#8 using triple DES and PKCS#5 v2.0 should be the default private -key format for OpenSSL: for compatability several of the utilities use +key format for OpenSSL: for compatibility several of the utilities use the old format at present. =head1 SEE ALSO diff --git a/doc/man/req.pod b/doc/man/req.pod index 7dbd5d5f0c1c79d304a4602921ab031e66a691e9..d59a2dc2a2c1c09416ec41043bbf1c86460f42e1 100644 --- a/doc/man/req.pod +++ b/doc/man/req.pod @@ -194,7 +194,7 @@ It should be noted that very few CAs still require the use of this option. =head1 CONFIGURATION FILE FORMAT -The configuation options are specified in the B section of +The configuration options are specified in the B section of the configuration file. As with all configuration files if no value is specified in the specific section (i.e. B) then the initial unnamed or B section is searched too. @@ -214,13 +214,13 @@ B override the configuration file values. This specifies the default key size in bits. If not specified then 512 is used. It is used if the B<-new> option is used. It can be -overriden by using the B<-newkey> option. +overridden by using the B<-newkey> option. =item B This is the default filename to write a private key to. If not specified the key is written to standard output. This can be -overriden by the B<-keyout> option. +overridden by the B<-keyout> option. =item B @@ -245,7 +245,7 @@ placed and read from. It is used for private key generation. If this is set to B then if a private key is generated it is B encrypted. This is equivalent to the B<-nodes> command line -option. For compatability B is an equivalent option. +option. For compatibility B is an equivalent option. =item B @@ -284,12 +284,12 @@ is used. It can be overridden by the B<-extensions> command line switch. this specifies the section containing any request attributes: its format is the same as B described below. Typically these may contain the challengePassword or unstructuredName types. They are -currently ignored by OpenSSLs request signing utilities but some CAs +currently ignored by OpenSSL's request signing utilities but some CAs might want them. =item B -This specifies the section containing the distiguished name fields to +This specifies the section containing the distinguished name fields to prompt for when generating a certificate or certificate request. This consists of lines of the form: @@ -299,7 +299,7 @@ consists of lines of the form: fieldName_max= 4 "fieldName" is the field name being used, for example commonName (or CN). -The "prompt" string is used to ask the user to enter the relvant +The "prompt" string is used to ask the user to enter the relevant details. If the user enters nothing then the default value is used if no default value is present then the field is omitted. A field can still be omitted if a default value is present if the user just @@ -432,7 +432,7 @@ This is followed some time later by... The first error message is the clue: it can't find the configuration file! Certain operations (like examining a certificate request) don't need a configuration file so its use isn't enforced. Generation of -certficates or requests however does need a configuration file. This +certificates or requests however does need a configuration file. This could be regarded as a bug. Another puzzling message is this: @@ -454,13 +454,13 @@ for more information. The variable B if defined allows an alternative configuration file location to be specified, it will be overridden by the B<-config> command -line switch if it is present. For compatability reasons the B +line switch if it is present. For compatibility reasons the B environment variable serves the same purpose but its use is discouraged. =head1 BUGS -OpenSSLs handling of T61Strings (aka TeletexStrings) is broken: it effectively -treats them as ISO-8859-1 (latin 1), Netscape and MSIE have similar behaviour. +OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively +treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour. This can cause problems if you need characters that aren't available in PrintableStrings and you don't want to or can't use BMPStrings. diff --git a/doc/man/smime.pod b/doc/man/smime.pod index b9ebc7628d93a0b424755a9d8e4f48cfa59a2984..d0da9670831a06f3ec2c323a1b9dfbe2949b61e7 100644 --- a/doc/man/smime.pod +++ b/doc/man/smime.pod @@ -115,7 +115,7 @@ do not verify the signers certificate of a signed message. =item B<-nochain> -do not do chain verification of signers certfificates: that is don't +do not do chain verification of signers certificates: that is don't use the certificates in the signed message as untrusted CAs. =item B<-nosigs> @@ -205,7 +205,7 @@ message: see the examples section. This version of the program only allows one signer per message but it will verify multiple signers on received messages. Some S/MIME clients -choke if a message contains mutiple signers. It is possible to sign +choke if a message contains multiple signers. It is possible to sign messages "in parallel" by signing an already signed message. The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME @@ -239,7 +239,7 @@ an error occurred decrypting or verifying the message. =item 5 -the message was verified correctly but an error occured writing out +the message was verified correctly but an error occurred writing out the signers certificates. =back diff --git a/doc/man/spkac.pod b/doc/man/spkac.pod index eb85afe53c57bdbf8c6c897573dac9d384e14aef..75d58e772bbc636471706e025cfcf5227227856b 100644 --- a/doc/man/spkac.pod +++ b/doc/man/spkac.pod @@ -74,11 +74,11 @@ verifies the digital signature on the supplied SPKAC. Print out the contents of an SPKAC: - openssl spkac -in skpac.cnf + openssl spkac -in spkac.cnf Verify the signature of an SPKAC: - openssl spkac -in skpac.cnf -noout -verify + openssl spkac -in spkac.cnf -noout -verify Create an SPKAC using the challenge string "hello": diff --git a/doc/man/verify.pod b/doc/man/verify.pod index cd592460487672f8079f91a9161f9107ee04aeea..2ff261e29a5d6f96c033fa353e19d8390e7fe40f 100644 --- a/doc/man/verify.pod +++ b/doc/man/verify.pod @@ -92,7 +92,7 @@ up. The chain is built up by looking up a certificate whose subject name matches the issuer name of the current certificate. If a certificate is found whose subject and issuer names are identical it is assumed to be the root CA. The lookup first looks in the list of untrusted certificates and if no match -is found the remaining lookups are from the trusted certficates. The root CA +is found the remaining lookups are from the trusted certificates. The root CA is always looked up in the trusted certificate list: if the certificate to verify is a root certificate then an exact match must be found in the trusted list. @@ -105,7 +105,7 @@ CA certificates. The precise extensions required are described in more detail in the B section of the B utility. The third operation is to check the trust settings on the root CA. The root -CA should be trusted for the supplied purpose. For compatability with previous +CA should be trusted for the supplied purpose. For compatibility with previous versions of SSLeay and OpenSSL a certificate with no trust settings is considered to be valid for all purposes. @@ -158,7 +158,7 @@ the certificate signature could not be decrypted. This means that the actual sig could not be determined rather than it not matching the expected value, this is only meaningful for RSA keys. -=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's's signature> +=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature> the CRL signature could not be decrypted: this means that the actual signature value could not be determined rather than it not matching the expected value. Unused. @@ -209,7 +209,7 @@ the CRL nextUpdate field contains an invalid time. Unused. =item B<17 X509_V_ERR_OUT_OF_MEM: out of memory> -an error occured trying to allocate memory. This should never happen. +an error occurred trying to allocate memory. This should never happen. =item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate> diff --git a/doc/man/x509.pod b/doc/man/x509.pod index b1a70734171b465746116b28400cdc27094a0eac..52ac949b18816baf4b4572e032931d79c46712e7 100644 --- a/doc/man/x509.pod +++ b/doc/man/x509.pod @@ -100,7 +100,7 @@ this option has no effect: SHA1 is always used with DSA keys. =head1 DISPLAY OPTIONS Note: the B<-alias> and B<-purpose> options are also display options -but are desribed in the B section. +but are described in the B section. =over 4 @@ -196,7 +196,7 @@ certificate is automatically output if any trust settings are modified. =item B<-setalias arg> sets the alias of the certificate. This will allow the certificate -to be reffered to using a nickname for example "Steve's Certificate". +to be referred to using a nickname for example "Steve's Certificate". =item B<-alias> @@ -363,7 +363,7 @@ extensions for a CA: openssl x509 -req -in careq.pem -config openssl.cnf -extensions v3_ca \ -signkey key.pem -out cacert.pem -Sign a certificate request using the CA certifcate above and add user +Sign a certificate request using the CA certificate above and add user certificate extensions: openssl x509 -req -in req.pem -config openssl.cnf -extensions v3_usr \