Add some examples to the enc man page.

[openssl.git] / doc / man / ca.pod

diff --git a/doc/man/ca.pod b/doc/man/ca.pod
index f1b7882f71df30ec28c79bd630c79fa5f30aa564..fbc4cbac9aca7bccbb2ec44134e029ca41cf439e 100644 (file)
--- a/doc/man/ca.pod
+++ b/doc/man/ca.pod
@@ -130,7 +130,7 @@ for more information.
 
 =item B<-msie_hack>
 
-this is a legacy option for compatability with very old versions of
+this is a legacy option to make B<ca> work with very old versions of
 the IE certificate enrollment control "certenr3". It used UniversalStrings
 for almost everything. Since the old control has various security bugs
 its use is strongly discouraged. The newer control "Xenroll" does not
@@ -138,9 +138,11 @@ need this option.
 
 =item B<-preserveDN>
 
-this option is also for compatability with the older IE enrollment
-control. It only accepts certificates if their DNs match the
-order of the request. This is not needed for Xenroll.
+Normally the DN order of a certificate is the same as the order of the
+fields in the relevant policy section. When this option is set the order 
+is the same as the request. This is largely for compatability with the
+older IE enrollment control which would only accept certificates if their
+DNs match the order of the request. This is not needed for Xenroll.
 
 =item B<-batch>
 
@@ -200,6 +202,20 @@ any) used.
 
 =over 4
 
+=item B<oid_file>
+
+This specifies a file containing additional B<OBJECT IDENTIFIERS>.
+Each line of the file should consist of the numerical form of the
+object identifier followed by white space then the short name followed
+by white space and finally the long name. 
+
+=item B<oid_section>
+
+This specifies a section in the configuration file containing extra
+object identifiers. Each line should consist of the short name of the
+object identifier followed by B<=> and the numerical form. The short
+and long names are the same when this option is used.
+
 =item B<new_certs_dir>
 
 the same as the B<-outdir> command line option. It specifies