Regenerate manual pages for OpenSSL 0.9.8p.

1 files changed, 60 insertions, 101 deletions

diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1
index 20705e7..ae7e180 100644
--- a/secure/usr.bin/openssl/man/x509v3_config.1
+++ b/secure/usr.bin/openssl/man/x509v3_config.1
@@ -1,15 +1,7 @@
-.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
-.de Sh \" Subsection heading
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
 .de Sp \" Vertical space (when we can't use .PP)
 .if t .sp .5v
 .if n .sp
@@ -25,11 +17,11 @@
 ..
 .\" Set up some character translations and predefined strings.  \*(-- will
 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote.  | will give a
-.\" real vertical bar.  \*(C+ will give a nicer C++.  Capital omega is used to
-.\" do unbreakable dashes and therefore won't be available.  \*(C` and \*(C'
-.\" expand to `' in nroff, nothing in troff, for use with C<>.
-.tr \(*W-|\(bv\*(Tr
+.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
+.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
+.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
+.\" nothing in troff, for use with C<>.
+.tr \(*W-
 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
 .ie n \{\
 .    ds -- \(*W-
@@ -48,22 +40,25 @@
 .    ds R" ''
 'br\}
 .\"
+.\" Escape single quotes in literal strings from groff's Unicode transform.
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\"
 .\" If the F register is turned on, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
+.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.if \nF \{\
+.ie \nF \{\
 .    de IX
 .    tm Index:\\$1\t\\n%\t"\\$2"
 ..
 .    nr % 0
 .    rr F
 .\}
-.\"
-.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.hy 0
-.if n .na
+.el \{\
+.    de IX
+..
+.\}
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -129,7 +124,11 @@
 .\" ========================================================================
 .\"
 .IX Title "X509V3_CONFIG 1"
-.TH X509V3_CONFIG 1 "2010-03-24" "0.9.8n" "OpenSSL"
+.TH X509V3_CONFIG 1 "2010-11-16" "0.9.8p" "OpenSSL"
+.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
+.if n .ad l
+.nh
 .SH "NAME"
 x509v3_config \- X509 V3 certificate extension configuration format
 .SH "DESCRIPTION"
@@ -171,13 +170,9 @@ The long form allows the values to be placed in a separate section:
 .PP
 .Vb 1
 \& basicConstraints=critical,@bs_section
-.Ve
-.PP
-.Vb 1
+\&
 \& [bs_section]
-.Ve
-.PP
-.Vb 2
+\&
 \& CA=true
 \& pathlen=1
 .Ve
@@ -194,7 +189,7 @@ must be used, see the \s-1ARBITRART\s0 \s-1EXTENSIONS\s0 section for more detail
 .SH "STANDARD EXTENSIONS"
 .IX Header "STANDARD EXTENSIONS"
 The following sections describe each supported extension in detail.
-.Sh "Basic Constraints."
+.SS "Basic Constraints."
 .IX Subsection "Basic Constraints."
 This is a multi valued extension which indicates whether a certificate is
 a \s-1CA\s0 certificate. The first (mandatory) name is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or
@@ -205,13 +200,9 @@ For example:
 .PP
 .Vb 1
 \& basicConstraints=CA:TRUE
-.Ve
-.PP
-.Vb 1
+\&
 \& basicConstraints=CA:FALSE
-.Ve
-.PP
-.Vb 1
+\&
 \& basicConstraints=critical,CA:TRUE, pathlen:0
 .Ve
 .PP
@@ -223,7 +214,7 @@ with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates.
 The pathlen parameter indicates the maximum number of CAs that can appear
 below this one in a chain. So if you have a \s-1CA\s0 with a pathlen of zero it can
 only be used to sign end user certificates and not further CAs.
-.Sh "Key Usage."
+.SS "Key Usage."
 .IX Subsection "Key Usage."
 Key usage is a multi valued extension consisting of a list of names of the
 permitted key usages.
@@ -236,12 +227,10 @@ Examples:
 .PP
 .Vb 1
 \& keyUsage=digitalSignature, nonRepudiation
-.Ve
-.PP
-.Vb 1
+\&
 \& keyUsage=critical, keyCertSign
 .Ve
-.Sh "Extended Key Usage."
+.SS "Extended Key Usage."
 .IX Subsection "Extended Key Usage."
 This extensions consists of a list of usages indicating purposes for which
 the certificate public key can be used for,
@@ -250,13 +239,13 @@ These can either be object short names of the dotted numerical form of OIDs.
 While any \s-1OID\s0 can be used only certain values make sense. In particular the
 following \s-1PKIX\s0, \s-1NS\s0 and \s-1MS\s0 values are meaningful:
 .PP
-.Vb 13
+.Vb 10
 \& Value                  Meaning
-\& -----                  -------
+\& \-\-\-\-\-                  \-\-\-\-\-\-\-
 \& serverAuth             SSL/TLS Web Server Authentication.
 \& clientAuth             SSL/TLS Web Client Authentication.
 \& codeSigning            Code signing.
-\& emailProtection        E-mail Protection (S/MIME).
+\& emailProtection        E\-mail Protection (S/MIME).
 \& timeStamping           Trusted Timestamping
 \& msCodeInd              Microsoft Individual Code Signing (authenticode)
 \& msCodeCom              Microsoft Commercial Code Signing (authenticode)
@@ -272,7 +261,7 @@ Examples:
 \& extendedKeyUsage=critical,codeSigning,1.2.3.4
 \& extendedKeyUsage=nsSGC,msSGC
 .Ve
-.Sh "Subject Key Identifier."
+.SS "Subject Key Identifier."
 .IX Subsection "Subject Key Identifier."
 This is really a string extension and can take two possible values. Either
 the word \fBhash\fR which will automatically follow the guidelines in \s-1RFC3280\s0
@@ -284,7 +273,7 @@ Example:
 .Vb 1
 \& subjectKeyIdentifier=hash
 .Ve
-.Sh "Authority Key Identifier."
+.SS "Authority Key Identifier."
 .IX Subsection "Authority Key Identifier."
 The authority key identifier extension permits two options. keyid and issuer:
 both can take the optional value \*(L"always\*(R".
@@ -302,7 +291,7 @@ Example:
 .Vb 1
 \& authorityKeyIdentifier=keyid,issuer
 .Ve
-.Sh "Subject Alternative Name."
+.SS "Subject Alternative Name."
 .IX Subsection "Subject Alternative Name."
 The subject alternative name extension allows various literal values to be
 included in the configuration file. These include \fBemail\fR (an email address)
@@ -332,20 +321,16 @@ Examples:
 \& subjectAltName=IP:13::17
 \& subjectAltName=email:my@other.address,RID:1.2.3.4
 \& subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
-.Ve
-.PP
-.Vb 1
+\&
 \& subjectAltName=dirName:dir_sect
-.Ve
-.PP
-.Vb 5
+\&
 \& [dir_sect]
 \& C=UK
 \& O=My Organization
 \& OU=My Unit
 \& CN=My Name
 .Ve
-.Sh "Issuer Alternative Name."
+.SS "Issuer Alternative Name."
 .IX Subsection "Issuer Alternative Name."
 The issuer alternative name option supports all the literal options of
 subject alternative name. It does \fBnot\fR support the email:copy option because
@@ -358,7 +343,7 @@ Example:
 .Vb 1
 \& issuserAltName = issuer:copy
 .Ve
-.Sh "Authority Info Access."
+.SS "Authority Info Access."
 .IX Subsection "Authority Info Access."
 The authority information access extension gives details about how to access
 certain information relating to the \s-1CA\s0. Its syntax is accessOID;location
@@ -372,7 +357,7 @@ Example:
 \& authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
 \& authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
 .Ve
-.Sh "\s-1CRL\s0 distribution points."
+.SS "\s-1CRL\s0 distribution points."
 .IX Subsection "CRL distribution points."
 This is a multi-valued extension that supports all the literal options of
 subject alternative name. Of the few software packages that currently interpret
@@ -390,7 +375,7 @@ Examples:
 \& crlDistributionPoints=URI:http://myhost.com/myca.crl
 \& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
 .Ve
-.Sh "Certificate Policies."
+.SS "Certificate Policies."
 .IX Subsection "Certificate Policies."
 This is a \fIraw\fR extension. All the fields of this extension can be set by
 using the appropriate syntax.
@@ -432,24 +417,16 @@ Example:
 .PP
 .Vb 1
 \& certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
-.Ve
-.PP
-.Vb 1
+\&
 \& [polsect]
-.Ve
-.PP
-.Vb 4
+\&
 \& policyIdentifier = 1.3.5.8
 \& CPS.1="http://my.host.name/"
 \& CPS.2="http://my.your.name/"
 \& userNotice.1=@notice
-.Ve
-.PP
-.Vb 1
+\&
 \& [notice]
-.Ve
-.PP
-.Vb 3
+\&
 \& explicitText="Explicit Text Here"
 \& organization="Organisation Name"
 \& noticeNumbers=1,2,3,4
@@ -458,7 +435,7 @@ Example:
 The \fBia5org\fR option changes the type of the \fIorganization\fR field. In \s-1RFC2459\s0
 it can only be of type DisplayText. In \s-1RFC3280\s0 IA5Strring is also permissible.
 Some software (for example some versions of \s-1MSIE\s0) may require ia5org.
-.Sh "Policy Constraints"
+.SS "Policy Constraints"
 .IX Subsection "Policy Constraints"
 This is a multi-valued extension which consisting of the names
 \&\fBrequireExplicitPolicy\fR or \fBinhibitPolicyMapping\fR and a non negative intger
@@ -469,7 +446,7 @@ Example:
 .Vb 1
 \& policyConstraints = requireExplicitPolicy:3
 .Ve
-.Sh "Inhibit Any Policy"
+.SS "Inhibit Any Policy"
 .IX Subsection "Inhibit Any Policy"
 This is a string extension whose value must be a non negative integer.
 .PP
@@ -478,7 +455,7 @@ Example:
 .Vb 1
 \& inhibitAnyPolicy = 2
 .Ve
-.Sh "Name Constraints"
+.SS "Name Constraints"
 .IX Subsection "Name Constraints"
 The name constraints extension is a multi-valued extension. The name should
 begin with the word \fBpermitted\fR or \fBexcluded\fR followed by a \fB;\fR. The rest of
@@ -490,20 +467,16 @@ Examples:
 .PP
 .Vb 1
 \& nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
-.Ve
-.PP
-.Vb 1
+\&
 \& nameConstraints=permitted;email:.somedomain.com
-.Ve
-.PP
-.Vb 1
+\&
 \& nameConstraints=excluded;email:.com
 .Ve
 .SH "DEPRECATED EXTENSIONS"
 .IX Header "DEPRECATED EXTENSIONS"
 The following extensions are non standard, Netscape specific and largely
 obsolete. Their use in new applications is discouraged.
-.Sh "Netscape String extensions."
+.SS "Netscape String extensions."
 .IX Subsection "Netscape String extensions."
 Netscape Comment (\fBnsComment\fR) is a string extension containing a comment
 which will be displayed when the certificate is viewed in some browsers.
@@ -517,7 +490,7 @@ Example:
 Other supported extensions in this category are: \fBnsBaseUrl\fR,
 \&\fBnsRevocationUrl\fR, \fBnsCaRevocationUrl\fR, \fBnsRenewalUrl\fR, \fBnsCaPolicyUrl\fR
 and \fBnsSslServerName\fR.
-.Sh "Netscape Certificate Type"
+.SS "Netscape Certificate Type"
 .IX Subsection "Netscape Certificate Type"
 This is a multi-valued extensions which consists of a list of flags to be
 included. It was used to indicate the purposes for which a certificate could
@@ -540,17 +513,11 @@ using the same syntax as \fIASN1_generate_nconf()\fR. For example:
 .PP
 .Vb 1
 \& 1.2.3.4=critical,ASN1:UTF8String:Some random data
-.Ve
-.PP
-.Vb 1
+\&
 \& 1.2.3.4=ASN1:SEQUENCE:seq_sect
-.Ve
-.PP
-.Vb 1
+\&
 \& [seq_sect]
-.Ve
-.PP
-.Vb 2
+\&
 \& field1 = UTF8:field1
 \& field2 = UTF8:field2
 .Ve
@@ -593,27 +560,21 @@ will produce an error but the equivalent form:
 .PP
 .Vb 1
 \& subjectAltName=@subject_alt_section
-.Ve
-.PP
-.Vb 2
+\&
 \& [subject_alt_section]
 \& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
 .Ve
 .PP
-is valid. 
+is valid.
 .PP
 Due to the behaviour of the OpenSSL \fBconf\fR library the same field name
 can only occur once in a section. This means that:
 .PP
 .Vb 1
 \& subjectAltName=@alt_section
-.Ve
-.PP
-.Vb 1
+\&
 \& [alt_section]
-.Ve
-.PP
-.Vb 2
+\&
 \& email=steve@here
 \& email=steve@there
 .Ve
@@ -622,9 +583,7 @@ will only recognize the last value. This can be worked around by using the form:
 .PP
 .Vb 1
 \& [alt_section]
-.Ve
-.PP
-.Vb 2
+\&
 \& email.1=steve@here
 \& email.2=steve@there
 .Ve