{ "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
"set policy variable require-explicit-policy"}, \
{ "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
- "set policy variable inihibit-any-policy"}, \
+ "set policy variable inhibit-any-policy"}, \
{ "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
- "set policy variable inihibit-policy-mapping"}, \
+ "set policy variable inhibit-policy-mapping"}, \
{ "x509_strict", OPT_V_X509_STRICT, '-', \
"disable certificate compatibility work-arounds"}, \
{ "extended_crl", OPT_V_EXTENDED_CRL, '-', \
{ "xcertform", OPT_X_CERTFORM, 'F', \
"format of Extended certificate (PEM or DER) PEM default " }, \
{ "xkeyform", OPT_X_KEYFORM, 'F', \
- "format of Exnteded certificate's key (PEM or DER) PEM default"}
+ "format of Extended certificate's key (PEM or DER) PEM default"}
# define OPT_X_CASES \
OPT_X__FIRST: case OPT_X__LAST: break; \
"Number of requests to accept (default unlimited)"},
{"ndays", OPT_NDAYS, 'p', "Number of days before next update"},
{"rsigner", OPT_RSIGNER, '<',
- "Sesponder certificate to sign responses with"},
+ "Responder certificate to sign responses with"},
{"rkey", OPT_RKEY, '<', "Responder key to sign responses with"},
{"rother", OPT_ROTHER, '<', "Other certificates to include in response"},
{"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"},
{
const char *p, *q;
- /* Find last special charcter sys:[foo.bar]openssl */
+ /* Find last special character sys:[foo.bar]openssl */
for (p = argv0 + strlen(argv0); --p > argv0;)
if (*p == ':' || *p == ']' || *p == '>') {
p++;
start[sizeof start - 1] = '\0';
if (o->name == OPT_MORE_STR) {
- /* Continuation of previous line; padd and print. */
+ /* Continuation of previous line; pad and print. */
start[width] = '\0';
BIO_printf(bio_err, "%s %s\n", start, help);
continue;
}
/*
- * Create a data based on an existing policy. If 'id' is NULL use the oid in
+ * Create a data based on an existing policy. If 'id' is NULL use the OID in
* the policy, otherwise use 'id'. This behaviour covers the two types of
- * data in RFC3280: data with from a CertificatePolcies extension and
+ * data in RFC3280: data with from a CertificatePolicies extension and
* additional data with just the qualifiers of anyPolicy and ID from another
* source.
*/
The maximum number of encrypt/decrypt pipelines to be used. This will only have
an effect if an engine has been loaded that supports pipelining (e.g. the dasync
-engine) and a suiteable ciphersuite has been negotiated. The default value is 1.
+engine) and a suitable ciphersuite has been negotiated. The default value is 1.
See L<SSL_CTX_set_max_pipelines(3)> for further information.
=item B<-read_buf int>
emailProtection E-mail Protection (S/MIME).
timeStamping Trusted Timestamping
OCSPSigning OCSP Signing
- ipsecIKE ipsec Internet Key Exchnage
+ ipsecIKE ipsec Internet Key Exchange
msCodeInd Microsoft Individual Code Signing (authenticode)
msCodeCom Microsoft Commercial Code Signing (authenticode)
msCTLSign Microsoft Trust List Signing
=head1 NOTES
Almost all ASN1 types in OpenSSL are represented as an B<ASN1_STRING>
-structure. Other types such as B<ASN1_OCTET_STRING> are simply typedefed
+structure. Other types such as B<ASN1_OCTET_STRING> are simply typedef'ed
to B<ASN1_STRING> and the functions call the B<ASN1_STRING> equivalents.
B<ASN1_STRING> is also used for some B<CHOICE> types which consist
entirely of primitive string types such as B<DirectoryString> and
EVP_PKEY_free() after use.
d2i_PUBKEY() and i2d_PUBKEY() decode and encode an B<EVP_PKEY> structure
-using B<SubjectPublicKeyInfo> format. They otherise follow the conventions of
+using B<SubjectPublicKeyInfo> format. They otherwise follow the conventions of
other ASN.1 functions such as d2i_X509().
d2i_PUBKEY_bio(), d2i_PUBKEY_fp(), i2d_PUBKEY_bio() and i2d_PUBKEY_fp() are
=item B<X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
-the basicConstraints pathlength parameter has been exceeded.
+the basicConstraints path-length parameter has been exceeded.
=item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
to the verification parameters associated with B<ctx>.
X509_STORE_CTX_get0_untrusted() retrieves an internal pointer to the
-stack of untrusted certifieds associated with B<ctx>.
+stack of untrusted certificates associated with B<ctx>.
X509_STORE_CTX_set0_untrusted() sets the internal point to the stack
-of unstrusted certificates associated with B<ctx> to B<sk>.
+of untrusted certificates associated with B<ctx> to B<sk>.
X509_STORE_CTX_set0_param() sets the internal verification parameter pointer
to B<param>. After this call B<param> should not be used.
X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0
-X509_STORE_set_verify() wsa first added to OpenSSL 1.1.0. It was previously
+X509_STORE_set_verify() was first added to OpenSSL 1.1.0. It was previously
available as a macro X509_STORE_set_verify_func(). This macro still exists but
simply calls this function.
That is the maximum number of intermediate CA certificates that can appear in a
chain.
A maximal depth chain contains 2 more certificates than the limit, since
-neither the end-entity ceritificate nor the trust-anchor count against this
+neither the end-entity certificate nor the trust-anchor count against this
limit.
Thus a B<depth> limit of 0 only allows the end-entity certificate to be signed
directly by the trust-anchor, while with a B<depth> limit of 1 there can be one
Function return 0, if it is not CA certificate, 1 if it is proper X509v3
CA certificate with B<basicConstraints> extension CA:TRUE,
-3, if it is selfsigned X509 v1 certificate, 4, if it is certificate with
+3, if it is self-signed X509 v1 certificate, 4, if it is certificate with
B<keyUsage> extension with bit B<keyCertSign> set, but without
B<basicConstraints>, and 5 if it has outdated Netscape Certificate Type
extension telling that it is CA certificate.
X509_get_issuer_name() and X509_set_issuer_name() are identical to
X509_get_subject_name() and X509_set_subject_name() except the get and
-set the isssuer name of B<x>.
+set the issuer name of B<x>.
Similarly X509_REQ_get_subject_name(), X509_REQ_set_subject_name(),
X509_CRL_get_issuer() and X509_CRL_set_issuer_name() get or set the subject
-or issuer names of certifcate requests of CRLs respectively.
+or issuer names of certificate requests of CRLs respectively.
=head1 RETURN VALUES
X509_get_version() returns the numerical value of the version field of
certificate B<x>. Note: this is defined by standards (X.509 et al) to be one
-less than the certificate version. So a verson 3 certificate will return 2 and
+less than the certificate version. So a version 3 certificate will return 2 and
a version 1 certificate will return 0.
X509_set_version() sets the numerical value of the version field of certificate
X509_verify() verifies the signature of certificate B<x> using public key
B<pkey>. Only the signature is checked: no other checks (such as certificate
-chain validity) are perfored.
+chain validity) are performed.
X509_REQ_sign(), X509_REQ_sign_ctx(), X509_REQ_verify(),
X509_CRL_sign(), X509_CRL_sign_ctx() and X509_CRL_verify() sign and verify