.....
-This example is part of a self signed certificate. Each line starts with the
+This example is part of a self-signed certificate. Each line starts with the
offset in decimal. B<d=XX> specifies the current depth. The depth is increased
within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length
(tag and length octets) of the current type. B<l=XX> gives the length of
=item B<-ss_cert filename>
-a single self signed certificate to be signed by the CA.
+a single self-signed certificate to be signed by the CA.
=item B<-spkac filename>
V2 CRL features like delta CRLs are not currently supported.
Although several requests can be input and handled at once it is only
-possible to include one SPKAC or self signed certificate.
+possible to include one SPKAC or self-signed certificate.
=head1 BUGS
-The use of an in memory text database can cause problems when large
+The use of an in-memory text database can cause problems when large
numbers of certificates are present because, as the name implies
the database has to be kept in memory.
=item B<AECDH>
-Anonymous Elliptic Curve Diffie Hellman cipher suites.
+Anonymous Elliptic Curve Diffie-Hellman cipher suites.
=item B<aDSS>, B<DSS>
=head1 HISTORY
-The default digest was changed from MD5 to SHA256 in Openssl 1.1.
-The FIPS-related options were removed in OpenSSL 1.1
+The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0
+The FIPS-related options were removed in OpenSSL 1.1.0
=head1 COPYRIGHT
=item B<-genparam>
generate a set of parameters instead of a private key. If used this option must
-precede and B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
+precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
=item B<-paramfile filename>
Some public key algorithms generate a private key based on a set of parameters.
They can be supplied using this option. If this option is used the public key
algorithm used is determined by the parameters. If used this option must
-precede and B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
+precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
are mutually exclusive.
=item B<-text>
=head1 NAME
-nseq - create or examine a netscape certificate sequence
+nseq - create or examine a Netscape certificate sequence
=head1 SYNOPSIS
=head1 COMMAND OPTIONS
Details of which options are available depend on the specific command.
-This section desribes some common options with common behavior.
+This section describes some common options with common behavior.
=head2 Common Options
Use key derivation function B<algorithm>. The supported algorithms are
at present B<TLS1-PRF> and B<HKDF>.
-Note: additional paramers and the KDF output length will normally have to be
+Note: additional parameters and the KDF output length will normally have to be
set for this to work. See L<EVP_PKEY_HKDF(3)> and L<EVP_PKEY_TLS1_PRF(3)>
for the supported string parameters of each algorithm.
=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
These options make B<s_server> use DTLS protocols instead of TLS.
-With B<-dtls>, B<s_server> will negotiate any supported DTLS protcol version,
+With B<-dtls>, B<s_server> will negotiate any supported DTLS protocol version,
whilst B<-dtls1> and B<-dtls1_2> will only support DTLSv1.0 and DTLSv1.2
respectively.
The maximum number of encrypt/decrypt pipelines to be used. This will only have
an effect if an engine has been loaded that supports pipelining (e.g. the dasync
-engine) and a suiteable ciphersuite has been negotiated. The default value is 1.
+engine) and a suitable ciphersuite has been negotiated. The default value is 1.
See L<SSL_CTX_set_max_pipelines(3)> for further information.
=item B<-read_buf int>
A B<file> of additional untrusted certificates (intermediate issuer CAs) used
to construct a certificate chain from the subject certificate to a trust-anchor.
The B<file> should contain one or more certificates in PEM format.
-This option can be specified more than once to include untrusted certiificates
+This option can be specified more than once to include untrusted certificates
from multiple B<files>.
=item B<-trusted file>
A B<file> of trusted certificates, which must be self-signed, unless the
B<-partial_chain> option is specified.
-The B<file> contain one or more certificates in PEM format.
+The B<file> contains one or more certificates in PEM format.
With this option, no additional (e.g., default) certificate lists are
consulted.
That is, the only trust-anchors are those listed in B<file>.
The process of 'looking up the issuers certificate' itself involves a number of
steps.
-Ater all certificates whose subject name matches the issuer name of the current
+After all certificates whose subject name matches the issuer name of the current
certificate are subject to further tests.
The relevant authority key identifier components of the current certificate (if
present) must match the subject key identifier (if present) and issuer and
then 1 for the CA that signed the certificate and so on. Finally a text version
of the error number is presented.
-An partial list of the error codes and messages is shown below, this also
+A partial list of the error codes and messages is shown below, this also
includes the name of the error code as defined in the header file x509_vfy.h
Some of the error codes are defined but never returned: these are described
as "unused".
=item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT>
-The passed certificate is self signed and the same certificate cannot be found in the list of
+The passed certificate is self-signed and the same certificate cannot be found in the list of
trusted certificates.
=item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN>
The extended key usage extension must be absent or include the "email
protection" OID. Netscape certificate type must be absent or should have the
-S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
+S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type
then the SSL client bit is tolerated as an alternative but a warning is shown:
this is because some Verisign certificates don't set the S/MIME bit.
projects / openssl.git / commitdiff