diff options
author | simon <simon@FreeBSD.org> | 2010-11-22 18:29:00 +0000 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2010-11-22 18:29:00 +0000 |
commit | baef74520563dff454420fc45cbb65b465668325 (patch) | |
tree | 88ab13e2ea03aedb200603bab91fb927acad16c0 /secure/usr.bin/openssl/man/x509v3_config.1 | |
parent | 7a23485c98b888d229c5e0762dbcfcec293fcef6 (diff) | |
download | FreeBSD-src-baef74520563dff454420fc45cbb65b465668325.zip FreeBSD-src-baef74520563dff454420fc45cbb65b465668325.tar.gz |
Regenerate manual pages for OpenSSL 0.9.8p.
Diffstat (limited to 'secure/usr.bin/openssl/man/x509v3_config.1')
-rw-r--r-- | secure/usr.bin/openssl/man/x509v3_config.1 | 161 |
1 files changed, 60 insertions, 101 deletions
diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1 index 20705e7..ae7e180 100644 --- a/secure/usr.bin/openssl/man/x509v3_config.1 +++ b/secure/usr.bin/openssl/man/x509v3_config.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 1" -.TH X509V3_CONFIG 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH X509V3_CONFIG 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" x509v3_config \- X509 V3 certificate extension configuration format .SH "DESCRIPTION" @@ -171,13 +170,9 @@ The long form allows the values to be placed in a separate section: .PP .Vb 1 \& basicConstraints=critical,@bs_section -.Ve -.PP -.Vb 1 +\& \& [bs_section] -.Ve -.PP -.Vb 2 +\& \& CA=true \& pathlen=1 .Ve @@ -194,7 +189,7 @@ must be used, see the \s-1ARBITRART\s0 \s-1EXTENSIONS\s0 section for more detail .SH "STANDARD EXTENSIONS" .IX Header "STANDARD EXTENSIONS" The following sections describe each supported extension in detail. -.Sh "Basic Constraints." +.SS "Basic Constraints." .IX Subsection "Basic Constraints." This is a multi valued extension which indicates whether a certificate is a \s-1CA\s0 certificate. The first (mandatory) name is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or @@ -205,13 +200,9 @@ For example: .PP .Vb 1 \& basicConstraints=CA:TRUE -.Ve -.PP -.Vb 1 +\& \& basicConstraints=CA:FALSE -.Ve -.PP -.Vb 1 +\& \& basicConstraints=critical,CA:TRUE, pathlen:0 .Ve .PP @@ -223,7 +214,7 @@ with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates. The pathlen parameter indicates the maximum number of CAs that can appear below this one in a chain. So if you have a \s-1CA\s0 with a pathlen of zero it can only be used to sign end user certificates and not further CAs. -.Sh "Key Usage." +.SS "Key Usage." .IX Subsection "Key Usage." Key usage is a multi valued extension consisting of a list of names of the permitted key usages. @@ -236,12 +227,10 @@ Examples: .PP .Vb 1 \& keyUsage=digitalSignature, nonRepudiation -.Ve -.PP -.Vb 1 +\& \& keyUsage=critical, keyCertSign .Ve -.Sh "Extended Key Usage." +.SS "Extended Key Usage." .IX Subsection "Extended Key Usage." This extensions consists of a list of usages indicating purposes for which the certificate public key can be used for, @@ -250,13 +239,13 @@ These can either be object short names of the dotted numerical form of OIDs. While any \s-1OID\s0 can be used only certain values make sense. In particular the following \s-1PKIX\s0, \s-1NS\s0 and \s-1MS\s0 values are meaningful: .PP -.Vb 13 +.Vb 10 \& Value Meaning -\& ----- ------- +\& \-\-\-\-\- \-\-\-\-\-\-\- \& serverAuth SSL/TLS Web Server Authentication. \& clientAuth SSL/TLS Web Client Authentication. \& codeSigning Code signing. -\& emailProtection E-mail Protection (S/MIME). +\& emailProtection E\-mail Protection (S/MIME). \& timeStamping Trusted Timestamping \& msCodeInd Microsoft Individual Code Signing (authenticode) \& msCodeCom Microsoft Commercial Code Signing (authenticode) @@ -272,7 +261,7 @@ Examples: \& extendedKeyUsage=critical,codeSigning,1.2.3.4 \& extendedKeyUsage=nsSGC,msSGC .Ve -.Sh "Subject Key Identifier." +.SS "Subject Key Identifier." .IX Subsection "Subject Key Identifier." This is really a string extension and can take two possible values. Either the word \fBhash\fR which will automatically follow the guidelines in \s-1RFC3280\s0 @@ -284,7 +273,7 @@ Example: .Vb 1 \& subjectKeyIdentifier=hash .Ve -.Sh "Authority Key Identifier." +.SS "Authority Key Identifier." .IX Subsection "Authority Key Identifier." The authority key identifier extension permits two options. keyid and issuer: both can take the optional value \*(L"always\*(R". @@ -302,7 +291,7 @@ Example: .Vb 1 \& authorityKeyIdentifier=keyid,issuer .Ve -.Sh "Subject Alternative Name." +.SS "Subject Alternative Name." .IX Subsection "Subject Alternative Name." The subject alternative name extension allows various literal values to be included in the configuration file. These include \fBemail\fR (an email address) @@ -332,20 +321,16 @@ Examples: \& subjectAltName=IP:13::17 \& subjectAltName=email:my@other.address,RID:1.2.3.4 \& subjectAltName=otherName:1.2.3.4;UTF8:some other identifier -.Ve -.PP -.Vb 1 +\& \& subjectAltName=dirName:dir_sect -.Ve -.PP -.Vb 5 +\& \& [dir_sect] \& C=UK \& O=My Organization \& OU=My Unit \& CN=My Name .Ve -.Sh "Issuer Alternative Name." +.SS "Issuer Alternative Name." .IX Subsection "Issuer Alternative Name." The issuer alternative name option supports all the literal options of subject alternative name. It does \fBnot\fR support the email:copy option because @@ -358,7 +343,7 @@ Example: .Vb 1 \& issuserAltName = issuer:copy .Ve -.Sh "Authority Info Access." +.SS "Authority Info Access." .IX Subsection "Authority Info Access." The authority information access extension gives details about how to access certain information relating to the \s-1CA\s0. Its syntax is accessOID;location @@ -372,7 +357,7 @@ Example: \& authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ \& authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html .Ve -.Sh "\s-1CRL\s0 distribution points." +.SS "\s-1CRL\s0 distribution points." .IX Subsection "CRL distribution points." This is a multi-valued extension that supports all the literal options of subject alternative name. Of the few software packages that currently interpret @@ -390,7 +375,7 @@ Examples: \& crlDistributionPoints=URI:http://myhost.com/myca.crl \& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl .Ve -.Sh "Certificate Policies." +.SS "Certificate Policies." .IX Subsection "Certificate Policies." This is a \fIraw\fR extension. All the fields of this extension can be set by using the appropriate syntax. @@ -432,24 +417,16 @@ Example: .PP .Vb 1 \& certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect -.Ve -.PP -.Vb 1 +\& \& [polsect] -.Ve -.PP -.Vb 4 +\& \& policyIdentifier = 1.3.5.8 \& CPS.1="http://my.host.name/" \& CPS.2="http://my.your.name/" \& userNotice.1=@notice -.Ve -.PP -.Vb 1 +\& \& [notice] -.Ve -.PP -.Vb 3 +\& \& explicitText="Explicit Text Here" \& organization="Organisation Name" \& noticeNumbers=1,2,3,4 @@ -458,7 +435,7 @@ Example: The \fBia5org\fR option changes the type of the \fIorganization\fR field. In \s-1RFC2459\s0 it can only be of type DisplayText. In \s-1RFC3280\s0 IA5Strring is also permissible. Some software (for example some versions of \s-1MSIE\s0) may require ia5org. -.Sh "Policy Constraints" +.SS "Policy Constraints" .IX Subsection "Policy Constraints" This is a multi-valued extension which consisting of the names \&\fBrequireExplicitPolicy\fR or \fBinhibitPolicyMapping\fR and a non negative intger @@ -469,7 +446,7 @@ Example: .Vb 1 \& policyConstraints = requireExplicitPolicy:3 .Ve -.Sh "Inhibit Any Policy" +.SS "Inhibit Any Policy" .IX Subsection "Inhibit Any Policy" This is a string extension whose value must be a non negative integer. .PP @@ -478,7 +455,7 @@ Example: .Vb 1 \& inhibitAnyPolicy = 2 .Ve -.Sh "Name Constraints" +.SS "Name Constraints" .IX Subsection "Name Constraints" The name constraints extension is a multi-valued extension. The name should begin with the word \fBpermitted\fR or \fBexcluded\fR followed by a \fB;\fR. The rest of @@ -490,20 +467,16 @@ Examples: .PP .Vb 1 \& nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 -.Ve -.PP -.Vb 1 +\& \& nameConstraints=permitted;email:.somedomain.com -.Ve -.PP -.Vb 1 +\& \& nameConstraints=excluded;email:.com .Ve .SH "DEPRECATED EXTENSIONS" .IX Header "DEPRECATED EXTENSIONS" The following extensions are non standard, Netscape specific and largely obsolete. Their use in new applications is discouraged. -.Sh "Netscape String extensions." +.SS "Netscape String extensions." .IX Subsection "Netscape String extensions." Netscape Comment (\fBnsComment\fR) is a string extension containing a comment which will be displayed when the certificate is viewed in some browsers. @@ -517,7 +490,7 @@ Example: Other supported extensions in this category are: \fBnsBaseUrl\fR, \&\fBnsRevocationUrl\fR, \fBnsCaRevocationUrl\fR, \fBnsRenewalUrl\fR, \fBnsCaPolicyUrl\fR and \fBnsSslServerName\fR. -.Sh "Netscape Certificate Type" +.SS "Netscape Certificate Type" .IX Subsection "Netscape Certificate Type" This is a multi-valued extensions which consists of a list of flags to be included. It was used to indicate the purposes for which a certificate could @@ -540,17 +513,11 @@ using the same syntax as \fIASN1_generate_nconf()\fR. For example: .PP .Vb 1 \& 1.2.3.4=critical,ASN1:UTF8String:Some random data -.Ve -.PP -.Vb 1 +\& \& 1.2.3.4=ASN1:SEQUENCE:seq_sect -.Ve -.PP -.Vb 1 +\& \& [seq_sect] -.Ve -.PP -.Vb 2 +\& \& field1 = UTF8:field1 \& field2 = UTF8:field2 .Ve @@ -593,27 +560,21 @@ will produce an error but the equivalent form: .PP .Vb 1 \& subjectAltName=@subject_alt_section -.Ve -.PP -.Vb 2 +\& \& [subject_alt_section] \& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar .Ve .PP -is valid. +is valid. .PP Due to the behaviour of the OpenSSL \fBconf\fR library the same field name can only occur once in a section. This means that: .PP .Vb 1 \& subjectAltName=@alt_section -.Ve -.PP -.Vb 1 +\& \& [alt_section] -.Ve -.PP -.Vb 2 +\& \& email=steve@here \& email=steve@there .Ve @@ -622,9 +583,7 @@ will only recognize the last value. This can be worked around by using the form: .PP .Vb 1 \& [alt_section] -.Ve -.PP -.Vb 2 +\& \& email.1=steve@here \& email.2=steve@there .Ve |