===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/openssl.1,v
retrieving revision 1.37
retrieving revision 1.38
diff -c -r1.37 -r1.38
*** src/usr.bin/openssl/openssl.1	2016/07/21 16:34:08	1.37
--- src/usr.bin/openssl/openssl.1	2016/07/21 18:33:27	1.38
***************
*** 1,4 ****
! .\" $OpenBSD: openssl.1,v 1.37 2016/07/21 16:34:08 jmc Exp $
  .\" ====================================================================
  .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  .\"
--- 1,4 ----
! .\" $OpenBSD: openssl.1,v 1.38 2016/07/21 18:33:27 jmc Exp $
  .\" ====================================================================
  .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  .\"
***************
*** 263,276 ****
  The input file; the default is standard input.
  .It Fl inform Cm der | pem | txt
  The input format.
- .Cm der
- .Pq Distinguished Encoding Rules
- is binary format and
- .Cm pem
- .Pq Privacy Enhanced Mail ,
- the default, is base64-encoded.
- .Cm txt
- is plain text.
  .It Fl length Ar number
  Number of bytes to parse; the default is until end of file.
  .It Fl noout
--- 263,268 ----
***************
*** 971,995 ****
  .Op Fl fingerprint
  .Op Fl hash
  .Op Fl in Ar file
! .Op Fl inform Ar DER | PEM
  .Op Fl issuer
  .Op Fl lastupdate
  .Op Fl nextupdate
  .Op Fl noout
  .Op Fl out Ar file
! .Op Fl outform Ar DER | PEM
  .Op Fl text
  .nr nS 0
  .Pp
  The
  .Nm crl
  command processes CRL files in DER or PEM format.
- .Pp
- .Cm DER
- is a DER-encoded CRL structure.
- .Cm PEM ,
- the default,
- is a base64-encoded version of the DER form with header and footer lines.
  The PEM CRL format uses the header and footer lines:
  .Bd -unfilled -offset indent
  -----BEGIN X509 CRL-----
--- 963,981 ----
  .Op Fl fingerprint
  .Op Fl hash
  .Op Fl in Ar file
! .Op Fl inform Cm der | pem
  .Op Fl issuer
  .Op Fl lastupdate
  .Op Fl nextupdate
  .Op Fl noout
  .Op Fl out Ar file
! .Op Fl outform Cm der | pem
  .Op Fl text
  .nr nS 0
  .Pp
  The
  .Nm crl
  command processes CRL files in DER or PEM format.
  The PEM CRL format uses the header and footer lines:
  .Bd -unfilled -offset indent
  -----BEGIN X509 CRL-----
***************
*** 1015,1021 ****
  This can be used to look up CRLs in a directory by issuer name.
  .It Fl in Ar file
  The input file to read from, or standard input if not specified.
! .It Fl inform Cm DER | PEM
  The input format.
  .It Fl issuer
  Output the issuer name.
--- 1001,1007 ----
  This can be used to look up CRLs in a directory by issuer name.
  .It Fl in Ar file
  The input file to read from, or standard input if not specified.
! .It Fl inform Cm der | pem
  The input format.
  .It Fl issuer
  Output the issuer name.
***************
*** 1031,1037 ****
  Don't output the encoded version of the CRL.
  .It Fl out Ar file
  The output file to write to, or standard output if not specified.
! .It Fl outform Cm DER | PEM
  The output format.
  .It Fl text
  Print out the CRL in text form.
--- 1017,1023 ----
  Don't output the encoded version of the CRL.
  .It Fl out Ar file
  The output file to write to, or standard output if not specified.
! .It Fl outform Cm der | pem
  The output format.
  .It Fl text
  Print out the CRL in text form.
***************
*** 9010,9046 ****
  must have their links rebuilt using
  .Ar c_rehash
  or similar.
! .Sh NOTES
! Several commands accept password arguments, typically using
  .Fl passin
  and
  .Fl passout
! for input and output passwords, respectively.
! These allow the password to be obtained from a variety of sources.
! Both of these options take a single argument whose format is described below.
  If no password argument is given and a password is required,
  then the user is prompted to enter one:
  this will typically be read from the current terminal with echoing turned off.
! .Bl -tag -width "fd:number"
! .It Ar pass : Ns Ar password
  The actual password is
  .Ar password .
! Since the password is visible to utilities
! (like
! .Xr ps 1
! under
! .Ux )
  this form should only be used where security is not important.
! .It Ar env : Ns Ar var
  Obtain the password from the environment variable
  .Ar var .
! Since the environment of other processes is visible on certain platforms
! (e.g.\&
! .Xr ps 1
! under certain
! .Ux
! OSes) this option should be used with caution.
! .It Ar file : Ns Ar path
  The first line of
  .Ar path
  is the password.
--- 8996,9027 ----
  must have their links rebuilt using
  .Ar c_rehash
  or similar.
! .Sh COMMON NOTATION
! Several commands share a common syntax,
! as detailed below.
! .Pp
! Password arguments, typically specified using
  .Fl passin
  and
  .Fl passout
! for input and output passwords,
! allow passwords to be obtained from a variety of sources.
! Both of these options take a single argument, described below.
  If no password argument is given and a password is required,
  then the user is prompted to enter one:
  this will typically be read from the current terminal with echoing turned off.
! .Bl -tag -width "pass:password" -offset indent
! .It Cm pass : Ns Ar password
  The actual password is
  .Ar password .
! Since the password is visible to utilities,
  this form should only be used where security is not important.
! .It Cm env : Ns Ar var
  Obtain the password from the environment variable
  .Ar var .
! Since the environment of other processes is visible,
! this option should be used with caution.
! .It Cm file : Ns Ar path
  The first line of
  .Ar path
  is the password.
***************
*** 9055,9071 ****
  .Ar path
  need not refer to a regular file:
  it could, for example, refer to a device or named pipe.
! .It Ar fd : Ns Ar number
  Read the password from the file descriptor
  .Ar number .
! This can be used to send the data via a pipe for example.
! .It Ar stdin
  Read the password from standard input.
  .El
  .Sh ENVIRONMENT
  The following environment variables affect the execution of
  .Nm openssl :
! .Bl -tag -width "OPENSSL_CONFXXX"
  .It Ev OPENSSL_CONF
  The location of the master configuration file.
  .El
--- 9036,9072 ----
  .Ar path
  need not refer to a regular file:
  it could, for example, refer to a device or named pipe.
! .It Cm fd : Ns Ar number
  Read the password from the file descriptor
  .Ar number .
! This can be used to send the data via a pipe, for example.
! .It Cm stdin
  Read the password from standard input.
  .El
+ .Pp
+ File formats,
+ typically specified using
+ .Fl inform
+ and
+ .Fl outform ,
+ indicate the type of file being read from
+ or the file format to write.
+ The argument is case insensitive.
+ .Pp
+ .Bl -tag -width Ds -offset indent -compact
+ .It Cm der
+ Distinguished Encoding Rules (DER)
+ is a binary format.
+ .It Cm pem
+ Privacy Enhanced Mail (PEM)
+ is base64-encoded.
+ .It Cm txt
+ Plain ASCII text.
+ .El
  .Sh ENVIRONMENT
  The following environment variables affect the execution of
  .Nm openssl :
! .Bl -tag -width "/etc/ssl/openssl.cnf"
  .It Ev OPENSSL_CONF
  The location of the master configuration file.
  .El