apps x509: restrict CAkeyform option to OPT_FMT_PDE

[openssl.git] / doc / man1 / x509.pod

diff --git a/doc/man1/x509.pod b/doc/man1/x509.pod
index 81ce560c94b8d06710c46f08c4ad0ca5d0f58eac..e498aee4ffabc21f97ca0ccc18e2fb269da3f17c 100644 (file)
--- a/doc/man1/x509.pod
+++ b/doc/man1/x509.pod
@@ -9,9 +9,9 @@ x509 - Certificate display and signing utility
 
 B<openssl> B<x509>
 [B<-help>]
-[B<-inform DER|PEM|NET>]
-[B<-outform DER|PEM|NET>]
-[B<-keyform DER|PEM>]
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
+[B<-keyform DER|PEM|ENGINE>]
 [B<-CAform DER|PEM>]
 [B<-CAkeyform DER|PEM>]
 [B<-in filename>]
@@ -61,6 +61,7 @@ B<openssl> B<x509>
 [B<-clrext>]
 [B<-extfile filename>]
 [B<-extensions section>]
+[B<-sigopt nm:v>]
 [B<-rand file...>]
 [B<-writerand file>]
 [B<-engine id>]
@@ -86,16 +87,15 @@ various sections.
 
 Print out a usage message.
 
-=item B<-inform DER|PEM|NET>
+=item B<-inform DER|PEM>
 
 This specifies the input format normally the command will expect an X509
 certificate but this can change if other options such as B<-req> are
 present. The DER format is the DER encoding of the certificate and PEM
 is the base64 encoding of the DER encoding with header and footer lines
-added. The NET option is an obscure Netscape server format that is now
-obsolete. The default format is PEM.
+added. The default format is PEM.
 
-=item B<-outform DER|PEM|NET>
+=item B<-outform DER|PEM>
 
 This specifies the output format, the options have the same meaning and default
 as the B<-inform> option.
@@ -174,7 +174,7 @@ options. See the B<TEXT OPTIONS> section for more information.
 
 =item B<-noout>
 
-This option prevents output of the encoded version of the request.
+This option prevents output of the encoded version of the certificate.
 
 =item B<-pubkey>
 
@@ -367,6 +367,11 @@ If the input is a certificate request then a self signed certificate
 is created using the supplied private key using the subject name in
 the request.
 
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
 =item B<-passin arg>
 
 The key password source. For more information about the format of B<arg>
@@ -379,7 +384,7 @@ certificate is being created from another certificate (for example with
 the B<-signkey> or the B<-CA> options). Normally all extensions are
 retained.
 
-=item B<-keyform PEM|DER>
+=item B<-keyform PEM|DER|ENGINE>
 
 Specifies the format (DER or PEM) of the private key file used in the
 B<-signkey> option.
@@ -429,7 +434,7 @@ the CA certificate file.
 Sets the CA serial number file to use.
 
 When the B<-CA> option is used to sign a certificate it uses a serial
-number specified in a file. This file consist of one line containing
+number specified in a file. This file consists of one line containing
 an even number of hex digits with the serial number to use. After each
 use the serial number is incremented and written out to the file again.
 
@@ -871,8 +876,8 @@ this is because some Verisign certificates don't set the S/MIME bit.
 
 =item B<S/MIME Signing>
 
-In addition to the common S/MIME client tests the digitalSignature bit must
-be set if the keyUsage extension is present.
+In addition to the common S/MIME client tests the digitalSignature bit or
+the nonRepudiation bit must be set if the keyUsage extension is present.
 
 =item B<S/MIME Encryption>
 
@@ -926,7 +931,7 @@ the old form must have their links rebuilt using B<c_rehash> or similar.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy