Update docs

diff --git a/doc/apps/asn1parse.pod b/doc/apps/asn1parse.pod
index e76e9813abaf48fca86a1a0850cef0fe5b0cce60..e3462aabf162e4500e0b7067752537a8fd3c2b21 100644 (file)
--- a/doc/apps/asn1parse.pod
+++ b/doc/apps/asn1parse.pod
@@ -16,6 +16,8 @@ B<openssl> B<asn1parse>
 [B<-i>]
 [B<-oid filename>]
 [B<-strparse offset>]
 [B<-i>]
 [B<-oid filename>]
 [B<-strparse offset>]

+[B<-genstr string>]
+[B<-genconf file>]

 
 =head1 DESCRIPTION
 
 
 =head1 DESCRIPTION
 


@@ -67,6 +69,14 @@ file is described in the NOTES section below.
 parse the contents octets of the ASN.1 object starting at B<offset>. This
 option can be used multiple times to "drill down" into a nested structure.
 
 parse the contents octets of the ASN.1 object starting at B<offset>. This
 option can be used multiple times to "drill down" into a nested structure.
 

+=item B<-genstr string>, B<-genconf file>
+
+generate encoded data based on B<string>, B<file> or both using
+ASN1_generate_nconf() format. If B<file> only is present then the string
+is obtained from the default section using the name B<asn1>. The encoded
+data is passed through the ASN1 parser and printed out as though it came
+from a file, the contents can thus be examined and written to a file
+using the B<out> option. 

 
 =back
 
 
 =back
 


@@ -121,6 +131,38 @@ by white space. The final column is the rest of the line and is the
 
 C<1.2.3.4      shortName       A long name>
 
 
 C<1.2.3.4      shortName       A long name>
 

+=head1 EXAMPLES
+
+Parse a file:
+
+ openssl asn1parse -in file.pem
+
+Parse a DER file:
+
+ openssl asn1parse -inform DER -in file.der
+
+Generate a simple UTF8String:
+
+ openssl asn1parse -genstr 'UTF8:Hello World'
+
+Generate and write out a UTF8String, don't print parsed output:
+
+ openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
+
+Generate using a config file:
+
+ openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
+
+Example config file:
+
+ asn1=SEQUENCE:seq_sect
+
+ [seq_sect]
+
+ field1=BOOL:TRUE
+ field2=EXP:0, UTF8:some random string
+
+

 =head1 BUGS
 
 There should be options to change the format of input lines. The output of some
 =head1 BUGS
 
 There should be options to change the format of input lines. The output of some

diff --git a/doc/openssl.txt b/doc/openssl.txt
index 432a17b66cf80ebe6f01f2f0259971bc529911ab..37730b2cbd2f872c534c424677fb19dc0030ff5e 100644 (file)
--- a/doc/openssl.txt
+++ b/doc/openssl.txt
@@ -154,8 +154,22 @@ for example contain data in multiple sections. The correct syntax to
 use is defined by the extension code itself: check out the certificate
 policies extension for an example.
 
 use is defined by the extension code itself: check out the certificate
 policies extension for an example.
 

-In addition it is also possible to use the word DER to include arbitrary
-data in any extension.
+There are two ways to encode arbitrary extensions.
+
+The first way is to use the word ASN1 followed by the extension content
+using the same syntax as ASN1_generate_nconf(). For example:
+
+1.2.3.4=critical,ASN1:UTF8String:Some random data
+
+1.2.3.4=ASN1:SEQUENCE:seq_sect
+
+[seq_sect]
+
+field1 = UTF8:field1
+field2 = UTF8:field2
+
+It is also possible to use the word DER to include arbitrary data in any
+extension.

 
 1.2.3.4=critical,DER:01:02:03:04
 1.2.3.4=DER:01020304
 
 1.2.3.4=critical,DER:01:02:03:04
 1.2.3.4=DER:01020304


@@ -336,16 +350,21 @@ Subject Alternative Name.
 The subject alternative name extension allows various literal values to be
 included in the configuration file. These include "email" (an email address)
 "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
 The subject alternative name extension allows various literal values to be
 included in the configuration file. These include "email" (an email address)
 "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a

-registered ID: OBJECT IDENTIFIER) and IP (and IP address).
+registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.

 
 Also the email option include a special 'copy' value. This will automatically
 include and email addresses contained in the certificate subject name in
 the extension.
 
 
 Also the email option include a special 'copy' value. This will automatically
 include and email addresses contained in the certificate subject name in
 the extension.
 

+otherName can include arbitrary data associated with an OID: the value
+should be the OID followed by a semicolon and the content in standard
+ASN1_generate_nconf() format.
+

 Examples:
 
 subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
 subjectAltName=email:my@other.address,RID:1.2.3.4
 Examples:
 
 subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
 subjectAltName=email:my@other.address,RID:1.2.3.4

+subjectAltName=otherName:1.2.3.4;UTF8:some other identifier

 
 Issuer Alternative Name.
 
 
 Issuer Alternative Name.