mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-19 19:50:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Refactor -engine documentation

Browse Source 
Common wording courtesy Richard Levitte.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10128)
This commit is contained in:
Rich Salz 2019-10-12 17:45:56 -04:00 committed by Tomas Mraz
parent 9484b67dfb
commit 018aaeb478
30 changed files with 160 additions and 198 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.gitignore vendored
View File

@ -31,28 +31,41 @@ doc/man1/openssl-cms.pod
doc/man1/openssl-crl.pod
doc/man1/openssl-dgst.pod
doc/man1/openssl-dhparam.pod
doc/man1/openssl-dsa.pod
doc/man1/openssl-dsaparam.pod
doc/man1/openssl-ec.pod
doc/man1/openssl-ecparam.pod
doc/man1/openssl-enc.pod
doc/man1/openssl-engine.pod
doc/man1/openssl-gendsa.pod
doc/man1/openssl-genpkey.pod
doc/man1/openssl-genrsa.pod
doc/man1/openssl-info.pod
doc/man1/openssl-list.pod
doc/man1/openssl-ocsp.pod
doc/man1/openssl-passwd.pod
doc/man1/openssl-pkcs12.pod
doc/man1/openssl-pkcs7.pod
doc/man1/openssl-pkcs8.pod
doc/man1/openssl-pkey.pod
doc/man1/openssl-pkeyparam.pod
doc/man1/openssl-pkeyutl.pod
doc/man1/openssl-rand.pod
doc/man1/openssl-req.pod
doc/man1/openssl-rsa.pod
doc/man1/openssl-rsautl.pod
doc/man1/openssl-s_client.pod
doc/man1/openssl-s_server.pod
doc/man1/openssl-s_time.pod
doc/man1/openssl-smime.pod
doc/man1/openssl-speed.pod
doc/man1/openssl-spkac.pod
doc/man1/openssl-srp.pod
doc/man1/openssl-storeutl.pod
doc/man1/openssl-ts.pod
doc/man1/openssl-verify.pod
doc/man1/openssl-x509.pod
doc/man1/openssl.pod
# error code files
/crypto/err/openssl.txt.old

11
doc/man1/openssl-ca.pod.in
View File

@ -48,7 +48,6 @@ B<openssl> B<ca>
[B<-msie_hack>]
[B<-extensions> I<section>]
[B<-extfile> I<section>]
[B<-engine> I<id>]
[B<-subj> I<arg>]
[B<-utf8>]
[B<-sigopt> I<nm>:I<v>]
@ -58,6 +57,7 @@ B<openssl> B<ca>
[B<-sm2-id> I<string>]
[B<-sm2-hex-id> I<hex-string>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[I<certreq>...]
=for openssl ifdef engine sm2-id sm2-hex-id
@ -253,13 +253,6 @@ An additional configuration file to read certificate extensions from
(using the default section unless the B<-extensions> option is also
used).
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause B<ca>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-subj> I<arg>
Supersedes subject name given in the request.
@ -310,6 +303,8 @@ certificate. The argument for this option is string of hexadecimal digits.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 CRL OPTIONS

13
doc/man1/openssl-dgst.pod.in
View File

@ -27,7 +27,7 @@ B<openssl> B<dgst>|I<digest>
[B<-hmac> I<key>]
[B<-fips-fingerprint>]
[B<-engine> I<id>]
[B<-engine_impl>]
{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
[I<file> ...]
@ -168,13 +168,6 @@ option.
Compute HMAC using a specific key for certain OpenSSL-FIPS operations.
=item B<-engine> I<id>
Use engine I<id> for operations (including private key storage).
This engine is not used as source for digest algorithms, unless it is
also specified in the configuration file or B<-engine_impl> is also
specified.
=item B<-engine_impl>
When used with the B<-engine> option, it specifies to also use
@ -182,6 +175,10 @@ engine I<id> for digest operations.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
The engine is not used for digests unless the B<-engine_impl> option is
used or it is configured to do so, see L<config(5)/Engine Configuration Module>.
=item I<file> ...
File or files to digest. If no files are specified then standard input is

9
doc/man1/openssl-dhparam.pod.in
View File

@ -21,7 +21,7 @@ B<openssl dhparam>
[B<-2>]
[B<-3>]
[B<-5>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
[I<numbits>]
@ -102,12 +102,7 @@ This option prints out the DH parameters in human readable form.
This option converts the parameters into C code. The parameters can then
be loaded by calling the get_dhNNNN() function.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause B<dhparam>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
{- $OpenSSL::safe::opt_engine_item -}
{- $OpenSSL::safe::opt_r_item -}

14
doc/man1/openssl-dsa.pod → doc/man1/openssl-dsa.pod.in
View File

@ -1,5 +1,10 @@
=pod
=begin comment
{- join("\n", @autowarntext) -}
=end comment
=head1 NAME
openssl-dsa - DSA key processing
@ -31,7 +36,7 @@ B<openssl> B<dsa>
[B<-modulus>]
[B<-pubin>]
[B<-pubout>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef pvk-string pvk-weak pvk-none engine
@ -113,12 +118,7 @@ By default, a private key is output. With this option a public
key will be output instead. This option is automatically set if the input is
a public key.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause L<openssl-dsa(1)>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
{- $OpenSSL::safe::opt_engine_item -}
=back

10
doc/man1/openssl-dsaparam.pod.in
View File

@ -17,9 +17,9 @@ B<openssl dsaparam>
[B<-text>]
[B<-C>]
[B<-genkey>]
[B<-engine> I<id>]
[B<-verbose>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[I<numbits>]
=head1 DESCRIPTION
@ -75,12 +75,6 @@ be loaded by calling the get_dsaXXX() function.
This option will generate a DSA either using the specified or generated
parameters.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-verbose>
@ -88,6 +82,8 @@ Print extra details about the operations being performed.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=item I<numbits>
This option specifies that a parameter set should be generated of size

14
doc/man1/openssl-ec.pod → doc/man1/openssl-ec.pod.in
View File

@ -1,5 +1,10 @@
=pod
=begin comment
{- join("\n", @autowarntext) -}
=end comment
=head1 NAME
openssl-ec - EC key processing
@ -26,7 +31,7 @@ B<openssl> B<ec>
[B<-param_enc> I<arg>]
[B<-no_public>]
[B<-check>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
@ -131,12 +136,7 @@ This option omits the public key components from the private key output.
This option checks the consistency of an EC private or public key.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
{- $OpenSSL::safe::opt_engine_item -}
=back

9
doc/man1/openssl-ecparam.pod.in
View File

@ -24,7 +24,7 @@ B<openssl ecparam>
[B<-param_enc> I<arg>]
[B<-no_seed>]
[B<-genkey>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
=for openssl ifdef engine
@ -122,12 +122,7 @@ is included in the ECParameters structure (see RFC 3279).
This option will generate an EC private key using the specified parameters.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause B<ecparam>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
{- $OpenSSL::safe::opt_engine_item -}
{- $OpenSSL::safe::opt_r_item -}

8
doc/man1/openssl-enc.pod.in
View File

@ -37,7 +37,7 @@ B<openssl> B<enc>|I<cipher>
[B<-nopad>]
[B<-debug>]
[B<-none>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
=for openssl ifdef z engine
@ -192,6 +192,8 @@ Use NULL cipher (no encryption or decryption of input).
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 NOTES
@ -204,8 +206,8 @@ Use the L<openssl-list(1)> command to get a list of supported ciphers.
Engines which provide entirely new encryption algorithms (such as the ccgost
engine which provides gost89 algorithm) should be configured in the
configuration file. Engines specified on the command line using -engine
options can only be used for hardware-assisted implementations of
configuration file. Engines specified on the command line using B<-engine>
option can only be used for hardware-assisted implementations of
ciphers which are supported by the OpenSSL core or another engine specified
in the configuration file.

15
doc/man1/openssl-gendsa.pod.in
View File

@ -22,9 +22,9 @@ B<openssl> B<gendsa>
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-engine> I<id>]
[B<-verbose>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[I<paramfile>]
=for openssl ifdef engine
@ -53,25 +53,20 @@ These options encrypt the private key with specified
cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified no encryption is used.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-verbose>
Print extra details about the operations being performed.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=item I<paramfile>
The DSA parameter file to use. The parameters in this file determine
the size of the private key. DSA parameters can be generated and
examined using the L<openssl-dsaparam(1)> command.
{- $OpenSSL::safe::opt_r_item -}
=back
=head1 NOTES

17
doc/man1/openssl-genpkey.pod → doc/man1/openssl-genpkey.pod.in
View File

@ -1,5 +1,10 @@
=pod
=begin comment
{- join("\n", @autowarntext) -}
=end comment
=head1 NAME
openssl-genpkey - generate a private key
@ -12,12 +17,12 @@ B<openssl> B<genpkey>
[B<-outform> B<DER>|B<PEM>]
[B<-pass> I<arg>]
[B<-I<cipher>>]
[B<-engine> I<id>]
[B<-paramfile> I<file>]
[B<-algorithm> I<alg>]
[B<-pkeyopt> I<opt>:I<value>]
[B<-genparam>]
[B<-text>]
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
@ -53,14 +58,6 @@ see L<openssl(1)/Pass Phrase Options>.
This option encrypts the private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms. If used this option should precede all other
options.
=item B<-algorithm> I<alg>
Public key algorithm to use such as RSA, DSA or DH. If used this option must
@ -105,6 +102,8 @@ are mutually exclusive.
Print an (unencrypted) text representation of private and public keys and
parameters along with the PEM or DER structure.
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 KEY GENERATION OPTIONS

11
doc/man1/openssl-genrsa.pod.in
View File

@ -24,10 +24,10 @@ B<openssl> B<genrsa>
[B<-des3>]
[B<-idea>]
[B<-f4>|B<-3>]
[B<-engine> I<id>]
[B<-primes> I<num>]
[B<-verbose>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[B<numbits>]
=for openssl ifdef engine
@ -65,13 +65,6 @@ for if it is not supplied via the B<-passout> argument.
The public exponent to use, either 65537 or 3. The default is 65537.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-primes> I<num>
Specify the number of primes to use while generating the RSA key. The I<num>
@ -85,6 +78,8 @@ Print extra details about the operations being performed.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=item B<numbits>
The size of the private key to generate in bits. This must be the last option

3
doc/man1/openssl-pkcs12.pod.in
View File

@ -41,6 +41,7 @@ B<openssl> B<pkcs12>
[B<-CSP> I<name>]
{- $OpenSSL::safe::opt_trust_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
@ -271,6 +272,8 @@ Write I<name> as a Microsoft CSP name.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 NOTES

14
doc/man1/openssl-pkcs7.pod → doc/man1/openssl-pkcs7.pod.in
View File

@ -1,5 +1,10 @@
=pod
=begin comment
{- join("\n", @autowarntext) -}
=end comment
=head1 NAME
openssl-pkcs7 - PKCS#7 utility
@ -15,7 +20,7 @@ B<openssl> B<pkcs7>
[B<-print_certs>]
[B<-text>]
[B<-noout>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
@ -67,12 +72,7 @@ issuer names.
Don't output the encoded version of the PKCS#7 structure (or certificates
is B<-print_certs> is set).
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
{- $OpenSSL::safe::opt_engine_item -}
=back

11
doc/man1/openssl-pkcs8.pod.in
View File

@ -23,12 +23,12 @@ B<openssl> B<pkcs8>
[B<-v2> I<alg>]
[B<-v2prf> I<alg>]
[B<-v1> I<alg>]
[B<-engine> I<id>]
[B<-scrypt>]
[B<-scrypt_N> I<N>]
[B<-scrypt_r> I<r>]
[B<-scrypt_p> I<p>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine scrypt scrypt_N scrypt_r scrypt_p
@ -135,13 +135,6 @@ This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some
older implementations may not support PKCS#5 v2.0 and may require this option.
If not specified PKCS#5 v2.0 form is used.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-scrypt>
Uses the B<scrypt> algorithm for private key encryption using default
@ -155,6 +148,8 @@ Sets the scrypt I<N>, I<r> or I<p> parameters.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 NOTES

16
doc/man1/openssl-pkey.pod → doc/man1/openssl-pkey.pod.in
View File

@ -1,5 +1,10 @@
=pod
=begin comment
{- join("\n", @autowarntext) -}
=end comment
=head1 NAME
openssl-pkey - public or private key processing tool
@ -21,9 +26,9 @@ B<openssl> B<pkey>
[B<-noout>]
[B<-pubin>]
[B<-pubout>]
[B<-engine> I<id>]
[B<-check>]
[B<-pubcheck>]
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
@ -99,13 +104,6 @@ By default a private key is output: with this option a public
key will be output instead. This option is automatically set if
the input is a public key.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-check>
This option checks the consistency of a key pair for both public and private
@ -116,6 +114,8 @@ components.
This option checks the correctness of either a public key or the public component
of a key pair.
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 EXAMPLES

16
doc/man1/openssl-pkeyparam.pod → doc/man1/openssl-pkeyparam.pod.in
View File

@ -1,5 +1,10 @@
=pod
=begin comment
{- join("\n", @autowarntext) -}
=end comment
=head1 NAME
openssl-pkeyparam - public key algorithm parameter processing tool
@ -12,8 +17,8 @@ B<openssl> B<pkeyparam>
[B<-out> I<filename>]
[B<-text>]
[B<-noout>]
[B<-engine> I<id>]
[B<-check>]
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
@ -48,17 +53,12 @@ Prints out the parameters in plain text in addition to the encoded version.
Do not output the encoded version of the parameters.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-check>
This option checks the correctness of parameters.
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 EXAMPLES

9
doc/man1/openssl-pkeyutl.pod.in
View File

@ -34,7 +34,7 @@ B<openssl> B<pkeyutl>
[B<-pkeyopt_passin> I<opt>[:I<passarg>]]
[B<-hexdump>]
[B<-asn1parse>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
[B<-engine_impl>]
{- $OpenSSL::safe::opt_r_synopsis -}
@ -179,12 +179,7 @@ hex dump the output data.
Parse the ASN.1 output data, this is useful when combined with the
B<-verifyrecover> option when an ASN1 structure is signed.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
{- $OpenSSL::safe::opt_engine_item -}
=item B<-engine_impl>

11
doc/man1/openssl-req.pod.in
View File

@ -45,11 +45,11 @@ B<openssl> B<req>
[B<-sigopt> I<nm>:I<v>]
[B<-batch>]
[B<-verbose>]
[B<-engine> I<id>]
[B<-sm2-id> I<string>]
[B<-sm2-hex-id> I<hex-string>]
{- $OpenSSL::safe::opt_name_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine keygen_engine sm2-id sm2-hex-id
@ -301,13 +301,6 @@ Non-interactive mode.
Print extra details about the operations being performed.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-keygen_engine> I<id>
Specifies an engine (by its unique I<id> string) which would be used
@ -327,6 +320,8 @@ argument for this option is string of hexadecimal digits.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 CONFIGURATION FILE FORMAT

14
doc/man1/openssl-rsa.pod → doc/man1/openssl-rsa.pod.in
View File

@ -1,5 +1,10 @@
=pod
=begin comment
{- join("\n", @autowarntext) -}
=end comment
=head1 NAME
openssl-rsa - RSA key processing tool
@ -34,7 +39,7 @@ B<openssl> B<rsa>
[B<-pubout>]
[B<-RSAPublicKey_in>]
[B<-RSAPublicKey_out>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef pvk-strong pvk-weak pvk-none engine
@ -126,12 +131,7 @@ the input is a public key.
Like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
{- $OpenSSL::safe::opt_engine_item -}
=back

11
doc/man1/openssl-s_client.pod.in
View File

@ -112,7 +112,6 @@ B<openssl> B<s_client>
[B<-starttls> I<protocol>]
[B<-xmpphost> I<hostname>]
[B<-name> I<hostname>]
[B<-engine> I<id>]
[B<-tlsextdebug>]
[B<-no_ticket>]
[B<-sess_out> I<filename>]
@ -131,6 +130,7 @@ B<openssl> B<s_client>
{- $OpenSSL::safe::opt_x_synopsis -}
{- $OpenSSL::safe::opt_trust_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[I<host>:I<port>]
=for openssl ifdef engine ssl_client_engine ct noct ctlogfile
@ -628,13 +628,6 @@ Output SSL session to I<filename>.
Load SSL session from I<filename>. The client will attempt to resume a
connection from this session.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-serverinfo> I<types>
A list of comma-separated TLS Extension Types (numbers between 0 and
@ -707,6 +700,8 @@ I<localhost> on port I<4433>.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 CONNECTED COMMANDS

11
doc/man1/openssl-s_server.pod.in
View File

@ -166,7 +166,6 @@ B<openssl> B<s_server>
[B<-nextprotoneg> I<val>]
[B<-use_srtp> I<val>]
[B<-alpn> I<val>]
[B<-engine> I<val>]
[B<-keylogfile> I<outfile>]
[B<-max_early_data> I<int>]
[B<-early_data>]
@ -177,6 +176,7 @@ B<openssl> B<s_server>
{- $OpenSSL::safe::opt_x_synopsis -}
{- $OpenSSL::safe::opt_trust_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef unix 4 6 unlink no_dhe nextprotoneg use_srtp engine
@ -676,13 +676,6 @@ Protocol names are printable ASCII strings, for example "http/1.1" or
"spdy/3".
The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used.
=item B<-engine> I<val>
Specifying an engine (by its unique id string in I<val>) will cause
this command to attempt to obtain a functional reference to the
specified engine, thus initialising it if needed. The engine will then be
set as the default for all available algorithms.
=item B<-keylogfile> I<outfile>
Appends TLS secrets to the specified keylog file such that external programs
@ -722,6 +715,8 @@ by the client in binary mode.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 CONNECTED COMMANDS

11
doc/man1/openssl-speed.pod.in
View File

@ -9,7 +9,6 @@ openssl-speed - test library performance
B<openssl speed>
[B<-help>]
[B<-engine> I<id>]
[B<-elapsed>]
[B<-evp> I<algo>]
[B<-hmac> I<algo>]
@ -19,6 +18,7 @@ B<openssl speed>
[B<-seconds> I<num>]
[B<-bytes> I<num>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[I<algorithm> ...]
=for openssl ifdef cmac multi async_jobs engine
@ -38,13 +38,6 @@ the B<rand> algorithm name.
Print out a usage message.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-elapsed>
When calculating operations- or bytes-per-second, use wall-clock time
@ -86,6 +79,8 @@ Run benchmarks on I<num>-byte buffers. Affects ciphers, digests and the CSPRNG.
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
=item I<algorithm> ...
If any I<algorithm> is given, then those algorithms are tested, otherwise a

14
doc/man1/openssl-spkac.pod → doc/man1/openssl-spkac.pod.in
View File

@ -1,5 +1,10 @@
=pod
=begin comment
{- join("\n", @autowarntext) -}
=end comment
=head1 NAME
openssl-spkac - SPKAC printing and generating utility
@ -19,7 +24,7 @@ B<openssl> B<spkac>
[B<-spksect> I<section>]
[B<-noout>]
[B<-verify>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
@ -92,12 +97,7 @@ being created).
Verifies the digital signature on the supplied SPKAC.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
{- $OpenSSL::safe::opt_engine_item -}
=back

16
doc/man1/openssl-storeutl.pod → doc/man1/openssl-storeutl.pod.in
View File

@ -1,5 +1,10 @@
=pod
=begin comment
{- join("\n", @autowarntext) -}
=end comment
=head1 NAME
openssl-storeutl - STORE utility
@ -12,7 +17,6 @@ B<openssl> B<storeutl>
[B<-noout>]
[B<-passin> I<arg>]
[B<-text> I<arg>]
[B<-engine> I<id>]
[B<-r>]
[B<-certs>]
[B<-keys>]
@ -23,6 +27,7 @@ B<openssl> B<storeutl>
[B<-alias> I<arg>]
[B<-fingerprint> I<arg>]
[B<-I<digest>>]
{- $OpenSSL::safe::opt_engine_synopsis -}
I<uri> ...
=head1 DESCRIPTION
@ -57,13 +62,6 @@ see L<openssl(1)/Pass Phrase Options>.
Prints out the objects in text form, similarly to the B<-text> output from
L<openssl-x509(1)>, L<openssl-pkey(1)>, etc.
=item B<-engine> I<id>
specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed.
The engine will then be set as the default for all available algorithms.
=item B<-r>
Fetch objects recursively when possible.
@ -110,6 +108,8 @@ Search for an object having the given fingerprint.
The digest that was used to compute the fingerprint given with B<-fingerprint>.
{- $OpenSSL::safe::opt_engine_item -}
=back
=head1 SEE ALSO

9
doc/man1/openssl-ts.pod.in
View File

@ -37,7 +37,7 @@ B<-reply>
[B<-out> I<response.tsr>]
[B<-token_out>]
[B<-text>]
[B<-engine> I<id>]
{- $OpenSSL::safe::opt_engine_synopsis -}
B<openssl> B<ts>
B<-verify>
@ -303,12 +303,7 @@ response (TimeStampResp). (Optional)
If this option is specified the output is human-readable text format
instead of DER. (Optional)
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms. Default is built-in. (Optional)
{- $OpenSSL::safe::opt_engine_item -}
=back

16
doc/man1/openssl-verify.pod.in
View File

@ -16,7 +16,6 @@ B<openssl> B<verify>
[B<-crl_download>]
[B<-crl_check>]
[B<-crl_check_all>]
[B<-engine> I<id>]
[B<-explicit_policy>]
[B<-extended_crl>]
[B<-ignore_critical>]
@ -49,6 +48,7 @@ B<openssl> B<verify>
[B<-sm2-hex-id> I<hex-string>]
{- $OpenSSL::safe::opt_name_synopsis -}
{- $OpenSSL::safe::opt_trust_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
[B<-->]
[I<certificate> ...]
@ -101,15 +101,6 @@ If a valid CRL cannot be found an error occurs.
Checks the validity of B<all> certificates in the chain by attempting
to look up valid CRLs.
=item B<-engine> I<id>
Specifying an engine I<id> will cause this command to attempt to load the
specified engine.
The engine will then be set as the default for all its supported algorithms.
If you want to load certificates or CRLs that require engine support via any of
the B<-trusted>, B<-untrusted> or B<-CRLfile> options, the B<-engine> option
must be specified before those options.
=item B<-explicit_policy>
Set policy variable require-explicit-policy (see RFC5280).
@ -303,6 +294,11 @@ certificate. The argument for this option is string of hexadecimal digits.
{- $OpenSSL::safe::opt_trust_item -}
{- $OpenSSL::safe::opt_engine_item -}
To load certificates or CRLs that require engine support, specify the
B<-engine> option before any of the
B<-trusted>, B<-untrusted> or B<-CRLfile> options.
=item B<-->
Indicates the last option. All arguments following this are assumed to be

11
doc/man1/openssl-x509.pod.in
View File

@ -63,10 +63,10 @@ B<openssl> B<x509>
[B<-extfile> I<filename>]
[B<-extensions> I<section>]
[B<-sigopt> I<nm>:I<v>]
[B<-engine> I<id>]
[B<-preserve_dates>]
{- $OpenSSL::safe::opt_name_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine subject_hash_old issuer_hash_old
@ -117,13 +117,6 @@ Any digest supported by the L<openssl-dgst(1)> command can be used.
If not specified then SHA1 is used with B<-fingerprint> or
the default digest for the signing algorithm is used, typically SHA256.
=item B<-engine> I<id>
Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-preserve_dates>
When signing a certificate, preserve the "notBefore" and "notAfter" dates
@ -132,6 +125,8 @@ Cannot be used with the B<-days> option.
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_item -}
=back
=head2 Display Options

13
doc/man1/openssl.pod
View File

@ -933,6 +933,19 @@ name.
=back
=head2 Engine Options
=over 4
=item B<-engine> I<id>
Use the engine identified by I<id> and use all the methods it
implements (algorithms, key storage, etc.), unless specified otherwise in
the command-specific documentation or it is configured to do so, as described
in L<config(5)/Engine Configuration Module>.
=back
=head1 ENVIRONMENT
The OpenSSL library can be take some configuration parameters from the

8
doc/perlvars.pm
View File

@ -85,6 +85,14 @@ $OpenSSL::safe::opt_r_item = ""
. "\n"
. "See L<openssl(1)/Random State Options> for details.";
# Engine option
$OpenSSL::safe::opt_engine_synopsis = ""
. "[B<-engine> I<id>]";
$OpenSSL::safe::opt_engine_item = ""
. "=item B<-engine> I<id>\n"
. "\n"
. "See L<openssl(1)/Engine Options>.";
# Trusted certs options
$OpenSSL::safe::opt_trust_synopsis = ""
. "[B<-CAfile> I<file>]\n"