X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman%2Freq.pod;h=d59a2dc2a2c1c09416ec41043bbf1c86460f42e1;hp=02115305520a5618d48a924fbda15a1b7bc1cb8e;hb=ed84dfab0092996323c206c9bde900e597eb8a00;hpb=20432eae41e35ea28a4d43c0dfc7acfdd9672812 diff --git a/doc/man/req.pod b/doc/man/req.pod index 0211530552..d59a2dc2a2 100644 --- a/doc/man/req.pod +++ b/doc/man/req.pod @@ -146,7 +146,7 @@ will not be encrypted. this specifies the message digest to sign the request with. This overrides the digest algorithm specified in the configuration file. -This option is ignore for DSA requests: they always use SHA1. +This option is ignored for DSA requests: they always use SHA1. =item B<-config filename> @@ -194,7 +194,7 @@ It should be noted that very few CAs still require the use of this option. =head1 CONFIGURATION FILE FORMAT -The configuation options are specified in the B section of +The configuration options are specified in the B section of the configuration file. As with all configuration files if no value is specified in the specific section (i.e. B) then the initial unnamed or B section is searched too. @@ -203,17 +203,24 @@ The options available are described in detail below. =over 4 +=item B + +The passwords for the input private key file (if present) and +the output private key file (if one will be created). The +command line options B, B, B and +B override the configuration file values. + =item B This specifies the default key size in bits. If not specified then 512 is used. It is used if the B<-new> option is used. It can be -overriden by using the B<-newkey> option. +overridden by using the B<-newkey> option. =item B This is the default filename to write a private key to. If not specified the key is written to standard output. This can be -overriden by the B<-keyout> option. +overridden by the B<-keyout> option. =item B @@ -234,11 +241,11 @@ and long names are the same when this option is used. This specifies a filename in which random number seed information is placed and read from. It is used for private key generation. -=item B +=item B If this is set to B then if a private key is generated it is B encrypted. This is equivalent to the B<-nodes> command line -option. +option. For compatibility B is an equivalent option. =item B @@ -246,19 +253,19 @@ This option specifies the digest algorithm to use. Possible values include B. If not present then MD5 is used. This option can be overridden on the command line. -=item B +=item B -This option specifies which string types are permissible in a -B. Most users will not need to change this option. +This option masks out the use of certain string types in certain +fields. Most users will not need to change this option. It can be set to several values B which is also the default option uses PrintableStrings, T61Strings and BMPStrings if the B value is used then only PrintableStrings and BMPStrings will be used. This follows the PKIX recommendation in RFC2459. If the B option is used then only UTF8Strings will be used: this -is the PKIX recommendation in RFC2459 after 2003. Finally the B +is the PKIX recommendation in RFC2459 after 2003. Finally the B option just uses PrintableStrings and T61Strings: certain software has -problems with BMPStrings. +problems with BMPStrings and UTF8Strings: in particular Netscape. =item B @@ -277,12 +284,12 @@ is used. It can be overridden by the B<-extensions> command line switch. this specifies the section containing any request attributes: its format is the same as B described below. Typically these may contain the challengePassword or unstructuredName types. They are -currently ignored by OpenSSLs request signing utilities but some CAs might want -want them. +currently ignored by OpenSSL's request signing utilities but some CAs +might want them. =item B -This specifies the section containing the distiguished name fields to +This specifies the section containing the distinguished name fields to prompt for when generating a certificate or certificate request. This consists of lines of the form: @@ -292,7 +299,7 @@ consists of lines of the form: fieldName_max= 4 "fieldName" is the field name being used, for example commonName (or CN). -The "prompt" string is used to ask the user to enter the relvant +The "prompt" string is used to ask the user to enter the relevant details. If the user enters nothing then the default value is used if no default value is present then the field is omitted. A field can still be omitted if a default value is present if the user just @@ -425,7 +432,7 @@ This is followed some time later by... The first error message is the clue: it can't find the configuration file! Certain operations (like examining a certificate request) don't need a configuration file so its use isn't enforced. Generation of -certficates or requests however does need a configuration file. This +certificates or requests however does need a configuration file. This could be regarded as a bug. Another puzzling message is this: @@ -447,13 +454,13 @@ for more information. The variable B if defined allows an alternative configuration file location to be specified, it will be overridden by the B<-config> command -line switch if it is present. For compatability reasons the B +line switch if it is present. For compatibility reasons the B environment variable serves the same purpose but its use is discouraged. =head1 BUGS -OpenSSLs handling of T61Strings (aka TeletexStrings) is broken: it effectively -treats them as ISO-8859-1 (latin 1), Netscape and MSIE have similar behaviour. +OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively +treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour. This can cause problems if you need characters that aren't available in PrintableStrings and you don't want to or can't use BMPStrings.