diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/x509.1')
| -rw-r--r-- | secure/usr.bin/openssl/man/x509.1 | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index 9b22df5..5addff6 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2012-05-10" "0.9.8x" "OpenSSL" +.TH X509 1 "2012-05-10" "1.0.1c" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -149,6 +149,7 @@ x509 \- Certificate display and signing utility [\fB\-issuer\fR] [\fB\-nameopt option\fR] [\fB\-email\fR] +[\fB\-ocsp_uri\fR] [\fB\-startdate\fR] [\fB\-enddate\fR] [\fB\-purpose\fR] @@ -220,7 +221,7 @@ specified then \s-1SHA1\s0 is used. If the key being used to sign with is a \s-1 then this option has no effect: \s-1SHA1\s0 is always used with \s-1DSA\s0 keys. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR +specifying an engine (by its unique \fBid\fR string) will cause \fBx509\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -260,6 +261,14 @@ outputs the \*(L"hash\*(R" of the certificate issuer name. .IP "\fB\-hash\fR" 4 .IX Item "-hash" synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons. +.IP "\fB\-subject_hash_old\fR" 4 +.IX Item "-subject_hash_old" +outputs the \*(L"hash\*(R" of the certificate subject name using the older algorithm +as used by OpenSSL versions before 1.0.0. +.IP "\fB\-issuer_hash_old\fR" 4 +.IX Item "-issuer_hash_old" +outputs the \*(L"hash\*(R" of the certificate issuer name using the older algorithm +as used by OpenSSL versions before 1.0.0. .IP "\fB\-subject\fR" 4 .IX Item "-subject" outputs the subject name. @@ -275,6 +284,9 @@ set multiple options. See the \fB\s-1NAME\s0 \s-1OPTIONS\s0\fR section for more .IP "\fB\-email\fR" 4 .IX Item "-email" outputs the email address(es) if any. +.IP "\fB\-ocsp_uri\fR" 4 +.IX Item "-ocsp_uri" +outputs the \s-1OCSP\s0 responder address(es) if any. .IP "\fB\-startdate\fR" 4 .IX Item "-startdate" prints out the start date of the certificate, that is the notBefore date. @@ -439,7 +451,9 @@ no extensions are added to the certificate. the section to add certificate extensions from. If this option is not specified then the extensions should either be contained in the unnamed (default) section or the default section should contain a variable called -\&\*(L"extensions\*(R" which contains the section to use. +\&\*(L"extensions\*(R" which contains the section to use. See the +\&\fIx509v3_config\fR\|(5) manual page for details of the +extension section format. .SS "\s-1NAME\s0 \s-1OPTIONS\s0" .IX Subsection "NAME OPTIONS" The \fBnameopt\fR command line switch determines how the subject and issuer @@ -844,7 +858,14 @@ OpenSSL 0.9.5 and later. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIreq\fR\|(1), \fIca\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1), \fIverify\fR\|(1) +\&\fIgendsa\fR\|(1), \fIverify\fR\|(1), +\&\fIx509v3_config\fR\|(5) .SH "HISTORY" .IX Header "HISTORY" Before OpenSSL 0.9.8, the default digest for \s-1RSA\s0 keys was \s-1MD5\s0. +.PP +The hash algorithm used in the \fB\-subject_hash\fR and \fB\-issuer_hash\fR options +before OpenSSL 1.0.0 was based on the deprecated \s-1MD5\s0 algorithm and the encoding +of the distinguished name. In OpenSSL 1.0.0 and later it is based on a +canonical version of the \s-1DN\s0 using \s-1SHA1\s0. This means that any directories using +the old form must have their links rebuilt using \fBc_rehash\fR or similar. |
