diff options
author | Alok Menghrajani <alok@squareup.com> | 2015-04-13 09:29:52 -0700 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2015-05-03 08:51:43 -0400 |
commit | 4c583c36596cd86feebd983b0313733fe9870500 (patch) | |
tree | 16a2a77a8c3b319b9f3d64bb70a5200135fe0a2e /doc/apps | |
parent | 186bb90705f848806783de512b3df6872552b304 (diff) | |
download | openssl-4c583c36596cd86feebd983b0313733fe9870500.zip openssl-4c583c36596cd86feebd983b0313733fe9870500.tar.gz openssl-4c583c36596cd86feebd983b0313733fe9870500.tar.bz2 |
Fixes some typos in doc/apps/
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Diffstat (limited to 'doc/apps')
-rw-r--r-- | doc/apps/c_rehash.pod | 2 | ||||
-rw-r--r-- | doc/apps/ca.pod | 2 | ||||
-rw-r--r-- | doc/apps/ciphers.pod | 6 | ||||
-rw-r--r-- | doc/apps/cms.pod | 4 | ||||
-rw-r--r-- | doc/apps/dgst.pod | 2 | ||||
-rw-r--r-- | doc/apps/enc.pod | 4 | ||||
-rw-r--r-- | doc/apps/genpkey.pod | 6 | ||||
-rw-r--r-- | doc/apps/openssl.pod | 22 | ||||
-rw-r--r-- | doc/apps/req.pod | 4 | ||||
-rw-r--r-- | doc/apps/s_client.pod | 2 | ||||
-rw-r--r-- | doc/apps/ts.pod | 36 | ||||
-rw-r--r-- | doc/apps/x509v3_config.pod | 10 |
12 files changed, 50 insertions, 50 deletions
diff --git a/doc/apps/c_rehash.pod b/doc/apps/c_rehash.pod index ccce29e..c3d98b6 100644 --- a/doc/apps/c_rehash.pod +++ b/doc/apps/c_rehash.pod @@ -28,7 +28,7 @@ directories to be set up like this in order to find certificates. If any directories are named on the command line, then those are processed in turn. If not, then the B<SSL_CERT_DIR> environment variable -is consulted; this shold be a colon-separated list of directories, +is consulted; this should be a colon-separated list of directories, like the Unix B<PATH> variable. If that is not set then the default directory (installation-specific but often B</usr/local/ssl/certs>) is processed. diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 997fa20..1d18070 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -245,7 +245,7 @@ configuration file, must be valid UTF8 strings. =item B<-multivalue-rdn> -This option causes the -subj argument to be interpretedt with full +This option causes the -subj argument to be interpreted with full support for multivalued RDNs. Example: I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe> diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 6d39c54..84d8260 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -303,7 +303,7 @@ ciphersuites using SHA256 or SHA384. =item B<aGOST> -cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction +cipher suites using GOST R 34.10 (either 2001 or 94) for authentication (needs an engine supporting GOST algorithms). =item B<aGOST01> @@ -585,7 +585,7 @@ Note: these ciphers can also be used in SSL v3. TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-RSA-CAMELLIA128-SHA256 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-RSA-CAMELLIA256-SHA384 -=head2 Pre shared keying (PSK) cipheruites +=head2 Pre shared keying (PSK) ciphersuites TLS_PSK_WITH_RC4_128_SHA PSK-RC4-SHA TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA @@ -621,7 +621,7 @@ Include all RC4 ciphers but leave out those without authentication: openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT' -Include all chiphers with RSA authentication but leave out ciphers without +Include all ciphers with RSA authentication but leave out ciphers without encryption. openssl ciphers -v 'RSA:!COMPLEMENTOFALL' diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index af1240a..9001371 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -376,7 +376,7 @@ identifier extension. Supported by B<-sign> and B<-encrypt> options. =item B<-receipt_request_all -receipt_request_first> for B<-sign> option include a signed receipt request. Indicate requests should -be provided by all receipient or first tier recipients (those mailed directly +be provided by all recipient or first tier recipients (those mailed directly and not from a mailing list). Ignored it B<-receipt_request_from> is included. =item B<-receipt_request_from emailaddress> @@ -398,7 +398,7 @@ requests. specify symmetric key to use. The key must be supplied in hex format and be consistent with the algorithm used. Supported by the B<-EncryptedData_encrypt> -B<-EncrryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used +B<-EncryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used with B<-encrypt> or B<-decrypt> the supplied key is used to wrap or unwrap the content encryption key using an AES key in the B<KEKRecipientInfo> type. diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index 8f974ed..236e1b7 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -137,7 +137,7 @@ Following options are supported by both by B<HMAC> and B<gost-mac>: =item B<key:string> -Specifies MAC key as alphnumeric string (use if key contain printable +Specifies MAC key as alphanumeric string (use if key contain printable characters only). String length must conform to any restrictions of the MAC algorithm for example exactly 32 chars for gost-mac. diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod index 41791ad..8f4ef99 100644 --- a/doc/apps/enc.pod +++ b/doc/apps/enc.pod @@ -170,7 +170,7 @@ configuration file is read and any ENGINEs loaded. Engines which provide entirely new encryption algorithms (such as ccgost engine which provides gost89 algorithm) should be configured in the configuration file. Engines, specified in the command line using -engine -options can only be used for hadrware-assisted implementations of +options can only be used for hardware-assisted implementations of ciphers, which are supported by OpenSSL core or other engine, specified in the configuration file. @@ -212,7 +212,7 @@ Note that some of these ciphers can be disabled at compile time and some are available only if an appropriate engine is configured in the configuration file. The output of the B<enc> command run with unsupported options (for example B<openssl enc -help>) includes a -list of ciphers, supported by your versesion of OpenSSL, including +list of ciphers, supported by your version of OpenSSL, including ones provided by configured engines. The B<enc> program does not support authenticated encryption modes diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod index 74faba5..0bce0b5 100644 --- a/doc/apps/genpkey.pod +++ b/doc/apps/genpkey.pod @@ -87,7 +87,7 @@ parameters along with the PEM or DER structure. =head1 KEY GENERATION OPTIONS -The options supported by each algorith and indeed each implementation of an +The options supported by each algorithm and indeed each implementation of an algorithm can vary. The options for the OpenSSL implementations are detailed below. @@ -154,7 +154,7 @@ such as "P-256". =item B<ec_param_enc:encoding> -the encoding to use for parameters. The "encoding" paramater must be either +the encoding to use for parameters. The "encoding" parameter must be either "named_curve" or "explicit". =back @@ -163,7 +163,7 @@ the encoding to use for parameters. The "encoding" paramater must be either Gost 2001 support is not enabled by default. To enable this algorithm, one should load the ccgost engine in the OpenSSL configuration file. -See README.gost file in the engines/ccgost directiry of the source +See README.gost file in the engines/ccgost directory of the source distribution for more details. Use of a parameter file for the GOST R 34.10 algorithm is optional. diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod index b2e2719..3e651b8 100644 --- a/doc/apps/openssl.pod +++ b/doc/apps/openssl.pod @@ -23,12 +23,12 @@ v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. The B<openssl> program is a command line tool for using the various -cryptography functions of OpenSSL's B<crypto> library from the shell. -It can be used for +cryptography functions of OpenSSL's B<crypto> library from the shell. +It can be used for o Creation and management of private keys, public keys and parameters o Public key cryptographic operations - o Creation of X.509 certificates, CSRs and CRLs + o Creation of X.509 certificates, CSRs and CRLs o Calculation of Message Digests o Encryption and Decryption with Ciphers o SSL/TLS Client and Server Tests @@ -75,7 +75,7 @@ Parse an ASN.1 sequence. =item L<B<ca>|ca(1)> -Certificate Authority (CA) Management. +Certificate Authority (CA) Management. =item L<B<ciphers>|ciphers(1)> @@ -104,7 +104,7 @@ Obsoleted by L<B<dhparam>|dhparam(1)>. =item L<B<dhparam>|dhparam(1)> -Generation and Management of Diffie-Hellman Parameters. Superseded by +Generation and Management of Diffie-Hellman Parameters. Superseded by L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)> @@ -114,7 +114,7 @@ DSA Data Management. =item L<B<dsaparam>|dsaparam(1)> -DSA Parameter Generation and Management. Superseded by +DSA Parameter Generation and Management. Superseded by L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)> =item L<B<ec>|ec(1)> @@ -131,7 +131,7 @@ Encoding with Ciphers. =item L<B<engine>|engine(1)> -Engine (loadble module) information and manipulation. +Engine (loadable module) information and manipulation. =item L<B<errstr>|errstr(1)> @@ -144,7 +144,7 @@ Obsoleted by L<B<dhparam>|dhparam(1)>. =item L<B<gendsa>|gendsa(1)> -Generation of DSA Private Key from Parameters. Superseded by +Generation of DSA Private Key from Parameters. Superseded by L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)> =item L<B<genpkey>|genpkey(1)> @@ -279,11 +279,11 @@ MDC2 Digest RMD-160 Digest -=item B<sha> +=item B<sha> SHA Digest -=item B<sha1> +=item B<sha1> SHA-1 Digest @@ -408,7 +408,7 @@ L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>, -L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>, L<x509v3_config(5)|x509v3_config(5)> +L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>, L<x509v3_config(5)|x509v3_config(5)> =head1 HISTORY diff --git a/doc/apps/req.pod b/doc/apps/req.pod index eb840be..9e8e1ab 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -153,7 +153,7 @@ the default key size, specified in the configuration file is used. All other algorithms support the B<-newkey alg:file> form, where file may be an algorithm parameter file, created by the B<genpkey -genparam> command -or and X.509 certificate for a key with approriate algorithm. +or and X.509 certificate for a key with appropriate algorithm. B<param:file> generates a key using the parameter file or certificate B<file>, the algorithm is determined by the parameters. B<algname:file> use algorithm @@ -278,7 +278,7 @@ set multiple options. See the L<x509(1)|x509(1)> manual page for details. customise the output format used with B<-text>. The B<option> argument can be a single option or multiple options separated by commas. -See discission of the B<-certopt> parameter in the L<B<x509>|x509(1)> +See discussion of the B<-certopt> parameter in the L<B<x509>|x509(1)> command. diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 92f6e4a..6aaef19 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -343,7 +343,7 @@ Protocol names are printable ASCII strings, for example "http/1.1" or "spdy/3". Empty list of protocols is treated specially and will cause the client to advertise support for the TLS extension but disconnect just after -reciving ServerHello with a list of server supported protocols. +receiving ServerHello with a list of server supported protocols. =back diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod index d6aa47d..5aab465 100644 --- a/doc/apps/ts.pod +++ b/doc/apps/ts.pod @@ -121,7 +121,7 @@ parameter is specified. (Optional) It is possible to specify the message imprint explicitly without the data file. The imprint must be specified in a hexadecimal format, two characters per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or -1AF601...). The number of bytes must match the message digest algorithm +1AF601...). The number of bytes must match the message digest algorithm in use. (Optional) =item B<-md2>|B<-md4>|B<-md5>|B<-sha>|B<-sha1>|B<-mdc2>|B<-ripemd160>|B<...> @@ -189,7 +189,7 @@ OPTIONS> for configurable variables. (Optional) =item B<-section> tsa_section -The name of the config file section conatining the settings for the +The name of the config file section containing the settings for the response generation. If not specified the default TSA section is used, see B<CONFIGURATION FILE OPTIONS> for details. (Optional) @@ -283,7 +283,7 @@ data file. The B<-verify> command does not use the configuration file. =item B<-data> file_to_hash The response or token must be verified against file_to_hash. The file -is hashed with the message digest algorithm specified in the token. +is hashed with the message digest algorithm specified in the token. The B<-digest> and B<-queryfile> options must not be specified with this one. (Optional) @@ -311,16 +311,16 @@ of a time stamp response (TimeStampResp). (Optional) =item B<-CApath> trusted_cert_path -The name of the directory containing the trused CA certificates of the +The name of the directory containing the trusted CA certificates of the client. See the similar option of L<verify(1)|verify(1)> for additional details. Either this option or B<-CAfile> must be specified. (Optional) =item B<-CAfile> trusted_certs.pem -The name of the file containing a set of trusted self-signed CA -certificates in PEM format. See the similar option of -L<verify(1)|verify(1)> for additional details. Either this option +The name of the file containing a set of trusted self-signed CA +certificates in PEM format. See the similar option of +L<verify(1)|verify(1)> for additional details. Either this option or B<-CApath> must be specified. (Optional) @@ -348,7 +348,7 @@ switch always overrides the settings in the config file. =over 4 -=item B<tsa> section, B<default_tsa> +=item B<tsa> section, B<default_tsa> This is the main section and it specifies the name of another section that contains all the options for the B<-reply> command. This default @@ -375,8 +375,8 @@ generation a new file is created with serial number 1. (Mandatory) =item B<crypto_device> -Specifies the OpenSSL engine that will be set as the default for -all available algorithms. The default value is builtin, you can specify +Specifies the OpenSSL engine that will be set as the default for +all available algorithms. The default value is builtin, you can specify any other engines supported by OpenSSL (e.g. use chil for the NCipher HSM). (Optional) @@ -419,7 +419,7 @@ the components is missing zero is assumed for that field. (Optional) =item B<clock_precision_digits> -Specifies the maximum number of digits, which represent the fraction of +Specifies the maximum number of digits, which represent the fraction of seconds, that need to be included in the time field. The trailing zeroes must be removed from the time, so there might actually be fewer digits, or no fraction of seconds at all. Supported only on UNIX platforms. @@ -458,12 +458,12 @@ overridden by the B<-config> command line option. =head1 EXAMPLES All the examples below presume that B<OPENSSL_CONF> is set to a proper -configuration file, e.g. the example configuration file +configuration file, e.g. the example configuration file openssl/apps/openssl.cnf will do. =head2 Time Stamp Request -To create a time stamp request for design1.txt with SHA-1 +To create a time stamp request for design1.txt with SHA-1 without nonce and policy and no certificate is required in the response: openssl ts -query -data design1.txt -no_nonce \ @@ -479,7 +479,7 @@ To print the content of the previous request in human readable format: openssl ts -query -in design1.tsq -text -To create a time stamp request which includes the MD-5 digest +To create a time stamp request which includes the MD-5 digest of design2.txt, requests the signer certificate and nonce, specifies a policy id (assuming the tsa_policy1 name is defined in the OID section of the config file): @@ -559,8 +559,8 @@ Zoltan Glozik <zglozik@opentsa.org>. Known issues: =over 4 =item * No support for time stamps over SMTP, though it is quite easy -to implement an automatic e-mail based TSA with L<procmail(1)|procmail(1)> -and L<perl(1)|perl(1)>. HTTP server support is provided in the form of +to implement an automatic e-mail based TSA with L<procmail(1)|procmail(1)> +and L<perl(1)|perl(1)>. HTTP server support is provided in the form of a separate apache module. HTTP client support is provided by L<tsget(1)|tsget(1)>. Pure TCP/IP protocol is not supported. @@ -587,8 +587,8 @@ Zoltan Glozik <zglozik@opentsa.org>, OpenTSA project (http://www.opentsa.org) =head1 SEE ALSO -L<tsget(1)|tsget(1)>, L<openssl(1)|openssl(1)>, L<req(1)|req(1)>, -L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, +L<tsget(1)|tsget(1)>, L<openssl(1)|openssl(1)>, L<req(1)|req(1)>, +L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, L<config(5)|config(5)> =cut diff --git a/doc/apps/x509v3_config.pod b/doc/apps/x509v3_config.pod index c82cea1..26b327c 100644 --- a/doc/apps/x509v3_config.pod +++ b/doc/apps/x509v3_config.pod @@ -88,7 +88,7 @@ only be used to sign end user certificates and not further CAs. Key usage is a multi valued extension consisting of a list of names of the permitted key usages. -The supporte names are: digitalSignature, nonRepudiation, keyEncipherment, +The supported names are: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly and decipherOnly. @@ -202,7 +202,7 @@ Examples: The issuer alternative name option supports all the literal options of subject alternative name. It does B<not> support the email:copy option because that would not make sense. It does support an additional issuer:copy option -that will copy all the subject alternative name values from the issuer +that will copy all the subject alternative name values from the issuer certificate (if possible). Example: @@ -358,7 +358,7 @@ Some software (for example some versions of MSIE) may require ia5org. =head2 Policy Constraints This is a multi-valued extension which consisting of the names -B<requireExplicitPolicy> or B<inhibitPolicyMapping> and a non negative intger +B<requireExplicitPolicy> or B<inhibitPolicyMapping> and a non negative integer value. At least one component must be present. Example: @@ -380,7 +380,7 @@ Example: The name constraints extension is a multi-valued extension. The name should begin with the word B<permitted> or B<excluded> followed by a B<;>. The rest of the name and the value follows the syntax of subjectAltName except email:copy -is not supported and the B<IP> form should consist of an IP addresses and +is not supported and the B<IP> form should consist of an IP addresses and subnet mask separated by a B</>. Examples: @@ -491,7 +491,7 @@ will produce an error but the equivalent form: [subject_alt_section] subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar -is valid. +is valid. Due to the behaviour of the OpenSSL B<conf> library the same field name can only occur once in a section. This means that: |