Fixes some typos in doc/apps/

Signed-off-by: NRich Salz <rsalz@akamai.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>

doc/apps/c_rehash.pod

@@ -28,7 +28,7 @@ directories to be set up like this in order to find certificates.
 
 If any directories are named on the command line, then those are
 processed in turn. If not, then the B<SSL_CERT_DIR> environment variable
-is consulted; this shold be a colon-separated list of directories,
+is consulted; this should be a colon-separated list of directories,
 like the Unix B<PATH> variable.
 If that is not set then the default directory (installation-specific
 but often B</usr/local/ssl/certs>) is processed.

doc/apps/ca.pod

@@ -245,7 +245,7 @@ configuration file, must be valid UTF8 strings.
 
 =item B<-multivalue-rdn>
 
-This option causes the -subj argument to be interpretedt with full
+This option causes the -subj argument to be interpreted with full
 support for multivalued RDNs. Example:
 
 I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>

doc/apps/ciphers.pod

@@ -303,7 +303,7 @@ ciphersuites using SHA256 or SHA384.
 
 =item B<aGOST> 
 
-cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction
+cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
 (needs an engine supporting GOST algorithms). 
 
 =item B<aGOST01>
@@ -585,7 +585,7 @@ Note: these ciphers can also be used in SSL v3.
  TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    ECDH-RSA-CAMELLIA128-SHA256
  TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    ECDH-RSA-CAMELLIA256-SHA384
 
-=head2 Pre shared keying (PSK) cipheruites
+=head2 Pre shared keying (PSK) ciphersuites
 
  TLS_PSK_WITH_RC4_128_SHA                  PSK-RC4-SHA
  TLS_PSK_WITH_3DES_EDE_CBC_SHA             PSK-3DES-EDE-CBC-SHA
@@ -621,7 +621,7 @@ Include all RC4 ciphers but leave out those without authentication:
 
  openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
 
-Include all chiphers with RSA authentication but leave out ciphers without
+Include all ciphers with RSA authentication but leave out ciphers without
 encryption.
 
  openssl ciphers -v 'RSA:!COMPLEMENTOFALL'

doc/apps/cms.pod

@@ -376,7 +376,7 @@ identifier extension. Supported by B<-sign> and B<-encrypt> options.
 =item B<-receipt_request_all -receipt_request_first>
 
 for B<-sign> option include a signed receipt request. Indicate requests should
-be provided by all receipient or first tier recipients (those mailed directly
+be provided by all recipient or first tier recipients (those mailed directly
 and not from a mailing list). Ignored it B<-receipt_request_from> is included.
 
 =item B<-receipt_request_from emailaddress>
@@ -398,7 +398,7 @@ requests.
 
 specify symmetric key to use. The key must be supplied in hex format and be
 consistent with the algorithm used. Supported by the B<-EncryptedData_encrypt>
-B<-EncrryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used
+B<-EncryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used
 with B<-encrypt> or B<-decrypt> the supplied key is used to wrap or unwrap the
 content encryption key using an AES key in the B<KEKRecipientInfo> type.
 

doc/apps/dgst.pod

@@ -137,7 +137,7 @@ Following options are supported by both by B<HMAC> and B<gost-mac>:
 
 =item B<key:string>
 
-Specifies MAC key as alphnumeric string (use if key contain printable
+Specifies MAC key as alphanumeric string (use if key contain printable
 characters only). String length must conform to any restrictions of
 the MAC algorithm for example exactly 32 chars for gost-mac.
 

doc/apps/enc.pod

@@ -170,7 +170,7 @@ configuration file is read and any ENGINEs loaded.
 Engines which provide entirely new encryption algorithms (such as ccgost
 engine which provides gost89 algorithm) should be configured in the
 configuration file. Engines, specified in the command line using -engine
-options can only be used for hadrware-assisted implementations of
+options can only be used for hardware-assisted implementations of
 ciphers, which are supported by OpenSSL core or other engine, specified
 in the configuration file.
 
@@ -212,7 +212,7 @@ Note that some of these ciphers can be disabled at compile time
 and some are available only if an appropriate engine is configured
 in the configuration file. The output of the B<enc> command run with
 unsupported options (for example B<openssl enc -help>) includes a
-list of ciphers, supported by your versesion of OpenSSL, including
+list of ciphers, supported by your version of OpenSSL, including
 ones provided by configured engines.
 
 The B<enc> program does not support authenticated encryption modes

doc/apps/genpkey.pod

@@ -87,7 +87,7 @@ parameters along with the PEM or DER structure.
 
 =head1 KEY GENERATION OPTIONS
 
-The options supported by each algorith and indeed each implementation of an
+The options supported by each algorithm and indeed each implementation of an
 algorithm can vary. The options for the OpenSSL implementations are detailed
 below.
 
@@ -154,7 +154,7 @@ such as "P-256".
 
 =item B<ec_param_enc:encoding>
 
-the encoding to use for parameters. The "encoding" paramater must be either
+the encoding to use for parameters. The "encoding" parameter must be either
 "named_curve" or "explicit".
 
 =back
@@ -163,7 +163,7 @@ the encoding to use for parameters. The "encoding" paramater must be either
 
 Gost 2001 support is not enabled by default. To enable this algorithm,
 one should load the ccgost engine in the OpenSSL configuration file.
-See README.gost file in the engines/ccgost directiry of the source
+See README.gost file in the engines/ccgost directory of the source
 distribution for more details.
 
 Use of a parameter file for the GOST R 34.10 algorithm is optional.

doc/apps/openssl.pod

@@ -23,12 +23,12 @@ v2/v3) and Transport Layer Security (TLS v1) network protocols and related
 cryptography standards required by them.
 
 The B<openssl> program is a command line tool for using the various
-cryptography functions of OpenSSL's B<crypto> library from the shell. 
-It can be used for 
+cryptography functions of OpenSSL's B<crypto> library from the shell.
+It can be used for
 
  o  Creation and management of private keys, public keys and parameters
  o  Public key cryptographic operations
- o  Creation of X.509 certificates, CSRs and CRLs 
+ o  Creation of X.509 certificates, CSRs and CRLs
  o  Calculation of Message Digests
  o  Encryption and Decryption with Ciphers
  o  SSL/TLS Client and Server Tests
@@ -75,7 +75,7 @@ Parse an ASN.1 sequence.
 
 =item L<B<ca>|ca(1)>
 
-Certificate Authority (CA) Management.  
+Certificate Authority (CA) Management.
 
 =item L<B<ciphers>|ciphers(1)>
 
@@ -104,7 +104,7 @@ Obsoleted by L<B<dhparam>|dhparam(1)>.
 
 =item L<B<dhparam>|dhparam(1)>
 
-Generation and Management of Diffie-Hellman Parameters. Superseded by 
+Generation and Management of Diffie-Hellman Parameters. Superseded by
 L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>
 
 
@@ -114,7 +114,7 @@ DSA Data Management.
 
 =item L<B<dsaparam>|dsaparam(1)>
 
-DSA Parameter Generation and Management. Superseded by 
+DSA Parameter Generation and Management. Superseded by
 L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>
 
 =item L<B<ec>|ec(1)>
@@ -131,7 +131,7 @@ Encoding with Ciphers.
 
 =item L<B<engine>|engine(1)>
 
-Engine (loadble module) information and manipulation.
+Engine (loadable module) information and manipulation.
 
 =item L<B<errstr>|errstr(1)>
 
@@ -144,7 +144,7 @@ Obsoleted by L<B<dhparam>|dhparam(1)>.
 
 =item L<B<gendsa>|gendsa(1)>
 
-Generation of DSA Private Key from Parameters. Superseded by 
+Generation of DSA Private Key from Parameters. Superseded by
 L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)>
 
 =item L<B<genpkey>|genpkey(1)>
@@ -279,11 +279,11 @@ MDC2 Digest
 
 RMD-160 Digest
 
-=item B<sha>            
+=item B<sha>
 
 SHA Digest
 
-=item B<sha1>           
+=item B<sha1>
 
 SHA-1 Digest
 
@@ -408,7 +408,7 @@ L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
 L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
 L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
 L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
-L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>, L<x509v3_config(5)|x509v3_config(5)> 
+L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>, L<x509v3_config(5)|x509v3_config(5)>
 
 =head1 HISTORY
 

doc/apps/req.pod

@@ -153,7 +153,7 @@ the default key size, specified in the configuration file is used.
 
 All other algorithms support the B<-newkey alg:file> form, where file may be
 an algorithm parameter file, created by the B<genpkey -genparam> command
-or and X.509 certificate for a key with approriate algorithm.
+or and X.509 certificate for a key with appropriate algorithm.
 
 B<param:file> generates a key using the parameter file or certificate B<file>,
 the algorithm is determined by the parameters. B<algname:file> use algorithm
@@ -278,7 +278,7 @@ set multiple options. See the L<x509(1)|x509(1)> manual page for details.
 customise the output format used with B<-text>. The B<option> argument can be
 a single option or multiple options separated by commas. 
 
-See discission of the  B<-certopt> parameter in the L<B<x509>|x509(1)>
+See discussion of the  B<-certopt> parameter in the L<B<x509>|x509(1)>
 command.
 
 

doc/apps/s_client.pod

@@ -343,7 +343,7 @@ Protocol names are printable ASCII strings, for example "http/1.1" or
 "spdy/3".
 Empty list of protocols is treated specially and will cause the client to
 advertise support for the TLS extension but disconnect just after
-reciving ServerHello with a list of server supported protocols.
+receiving ServerHello with a list of server supported protocols.
 
 =back
 

doc/apps/ts.pod

@@ -121,7 +121,7 @@ parameter is specified. (Optional)
 It is possible to specify the message imprint explicitly without the data
 file. The imprint must be specified in a hexadecimal format, two characters
 per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or
-1AF601...). The number of bytes must match the message digest algorithm 
+1AF601...). The number of bytes must match the message digest algorithm
 in use. (Optional)
 
 =item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...>
@@ -189,7 +189,7 @@ OPTIONS> for configurable variables. (Optional)
 
 =item B<-section> tsa_section
 
-The name of the config file section conatining the settings for the
+The name of the config file section containing the settings for the
 response generation. If not specified the default TSA section is
 used, see B<CONFIGURATION FILE OPTIONS> for details. (Optional)
 
@@ -283,7 +283,7 @@ data file. The B<-verify> command does not use the configuration file.
 =item B<-data> file_to_hash
 
 The response or token must be verified against file_to_hash. The file
-is hashed with the message digest algorithm specified in the token. 
+is hashed with the message digest algorithm specified in the token.
 The B<-digest> and B<-queryfile> options must not be specified with this one.
 (Optional)
 
@@ -311,16 +311,16 @@ of a time stamp response (TimeStampResp). (Optional)
 
 =item B<-CApath> trusted_cert_path
 
-The name of the directory containing the trused CA certificates of the
+The name of the directory containing the trusted CA certificates of the
 client. See the similar option of L<verify(1)|verify(1)> for additional
 details. Either this option or B<-CAfile> must be specified. (Optional)
 
 
 =item B<-CAfile> trusted_certs.pem
 
-The name of the file containing a set of trusted self-signed CA 
-certificates in PEM format. See the similar option of 
-L<verify(1)|verify(1)> for additional details. Either this option 
+The name of the file containing a set of trusted self-signed CA
+certificates in PEM format. See the similar option of
+L<verify(1)|verify(1)> for additional details. Either this option
 or B<-CApath> must be specified.
 (Optional)
 
@@ -348,7 +348,7 @@ switch always overrides the settings in the config file.
 
 =over 4
 
-=item B<tsa> section, B<default_tsa>	
+=item B<tsa> section, B<default_tsa>
 
 This is the main section and it specifies the name of another section
 that contains all the options for the B<-reply> command. This default
@@ -375,8 +375,8 @@ generation a new file is created with serial number 1. (Mandatory)
 
 =item B<crypto_device>
 
-Specifies the OpenSSL engine that will be set as the default for 
-all available algorithms. The default value is builtin, you can specify 
+Specifies the OpenSSL engine that will be set as the default for
+all available algorithms. The default value is builtin, you can specify
 any other engines supported by OpenSSL (e.g. use chil for the NCipher HSM).
 (Optional)
 
@@ -419,7 +419,7 @@ the components is missing zero is assumed for that field. (Optional)
 
 =item B<clock_precision_digits>
 
-Specifies the maximum number of digits, which represent the fraction of 
+Specifies the maximum number of digits, which represent the fraction of
 seconds, that  need to be included in the time field. The trailing zeroes
 must be removed from the time, so there might actually be fewer digits,
 or no fraction of seconds at all. Supported only on UNIX platforms.
@@ -458,12 +458,12 @@ overridden by the B<-config> command line option.
 =head1 EXAMPLES
 
 All the examples below presume that B<OPENSSL_CONF> is set to a proper
-configuration file, e.g. the example configuration file 
+configuration file, e.g. the example configuration file
 openssl/apps/openssl.cnf will do.
 
 =head2 Time Stamp Request
 
-To create a time stamp request for design1.txt with SHA-1 
+To create a time stamp request for design1.txt with SHA-1
 without nonce and policy and no certificate is required in the response:
 
   openssl ts -query -data design1.txt -no_nonce \
@@ -479,7 +479,7 @@ To print the content of the previous request in human readable format:
 
   openssl ts -query -in design1.tsq -text
 
-To create a time stamp request which includes the MD-5 digest 
+To create a time stamp request which includes the MD-5 digest
 of design2.txt, requests the signer certificate and nonce,
 specifies a policy id (assuming the tsa_policy1 name is defined in the
 OID section of the config file):
@@ -559,8 +559,8 @@ Zoltan Glozik <zglozik@opentsa.org>. Known issues:
 =over 4
 
 =item * No support for time stamps over SMTP, though it is quite easy
-to implement an automatic e-mail based TSA with L<procmail(1)|procmail(1)> 
-and L<perl(1)|perl(1)>. HTTP server support is provided in the form of 
+to implement an automatic e-mail based TSA with L<procmail(1)|procmail(1)>
+and L<perl(1)|perl(1)>. HTTP server support is provided in the form of
 a separate apache module. HTTP client support is provided by
 L<tsget(1)|tsget(1)>. Pure TCP/IP protocol is not supported.
 
@@ -587,8 +587,8 @@ Zoltan Glozik <zglozik@opentsa.org>, OpenTSA project (http://www.opentsa.org)
 
 =head1 SEE ALSO
 
-L<tsget(1)|tsget(1)>, L<openssl(1)|openssl(1)>, L<req(1)|req(1)>, 
-L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, 
+L<tsget(1)|tsget(1)>, L<openssl(1)|openssl(1)>, L<req(1)|req(1)>,
+L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
 L<config(5)|config(5)>
 
 =cut

doc/apps/x509v3_config.pod

@@ -88,7 +88,7 @@ only be used to sign end user certificates and not further CAs.
 Key usage is a multi valued extension consisting of a list of names of the
 permitted key usages.
 
-The supporte names are: digitalSignature, nonRepudiation, keyEncipherment,
+The supported names are: digitalSignature, nonRepudiation, keyEncipherment,
 dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly
 and decipherOnly.
 
@@ -202,7 +202,7 @@ Examples:
 The issuer alternative name option supports all the literal options of
 subject alternative name. It does B<not> support the email:copy option because
 that would not make sense. It does support an additional issuer:copy option
-that will copy all the subject alternative name values from the issuer 
+that will copy all the subject alternative name values from the issuer
 certificate (if possible).
 
 Example:
@@ -358,7 +358,7 @@ Some software (for example some versions of MSIE) may require ia5org.
 =head2 Policy Constraints
 
 This is a multi-valued extension which consisting of the names
-B<requireExplicitPolicy> or B<inhibitPolicyMapping> and a non negative intger
+B<requireExplicitPolicy> or B<inhibitPolicyMapping> and a non negative integer
 value. At least one component must be present.
 
 Example:
@@ -380,7 +380,7 @@ Example:
 The name constraints extension is a multi-valued extension. The name should
 begin with the word B<permitted> or B<excluded> followed by a B<;>. The rest of
 the name and the value follows the syntax of subjectAltName except email:copy
-is not supported and the B<IP> form should consist of an IP addresses and 
+is not supported and the B<IP> form should consist of an IP addresses and
 subnet mask separated by a B</>.
 
 Examples:
@@ -491,7 +491,7 @@ will produce an error but the equivalent form:
  [subject_alt_section]
  subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
 
-is valid. 
+is valid.
 
 Due to the behaviour of the OpenSSL B<conf> library the same field name
 can only occur once in a section. This means that: