openssl · levitte · Oct 1, 2019 · Oct 1, 2019 · Oct 1, 2019 · Oct 1, 2019
diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod
@@ -25,14 +25,14 @@ B<-newca>
 
 B<CA.pl> B<-pkcs12> [B<-extra-pkcs12> I<extra-params>] [I<certname>]
 
-B<CA.pl> B<-verify> [B<-extra-verify> I<extra-params>] I<certfile>...
+B<CA.pl> B<-verify> [B<-extra-verify> I<extra-params>] I<certfile> ...
 
 B<CA.pl> B<-revoke> [B<-extra-ca> I<extra-params>] I<certfile> [I<reason>]
 
 =head1 DESCRIPTION
 
 The B<CA.pl> script is a perl script that supplies the relevant command line
-arguments to the B<openssl> command for some common certificate operations.
+arguments to the L<openssl(1)> command for some common certificate operations.
 It is intended to simplify the process of certificate creation and management
 by the use of some simple options.
 
@@ -47,88 +47,86 @@ Prints a usage message.
 =item B<-newcert>
 
 Creates a new self signed certificate. The private key is written to the file
-"newkey.pem" and the request written to the file "newreq.pem".
-This argument invokes B<openssl req> command.
+F<newkey.pem> and the request written to the file F<newreq.pem>.
+Invokes L<openssl-req(1)>.
 
 =item B<-newreq>
 
 Creates a new certificate request. The private key is written to the file
-"newkey.pem" and the request written to the file "newreq.pem".
-Executes B<openssl req> command below the hood.
+F<newkey.pem> and the request written to the file F<newreq.pem>.
+Executes L<openssl-req(1)> under the hood.
 
 =item B<-newreq-nodes>
 
 Is like B<-newreq> except that the private key will not be encrypted.
-Uses B<openssl req> command.
+Uses L<openssl-req(1)>.
 
 =item B<-newca>
 
 Creates a new CA hierarchy for use with the B<ca> program (or the B<-signcert>
 and B<-xsign> options). The user is prompted to enter the filename of the CA
 certificates (which should also contain the private key) or by hitting ENTER
 details of the CA will be prompted for. The relevant files and directories
-are created in a directory called "demoCA" in the current directory.
-B<openssl req> and B<openssl ca> commands are get invoked.
+are created in a directory called F<demoCA> in the current directory.
+Uses L<openssl-req(1)> and L<openssl-ca(1)>.
 
 =item B<-pkcs12>
 
 Create a PKCS#12 file containing the user certificate, private key and CA
 certificate. It expects the user certificate and private key to be in the
-file "newcert.pem" and the CA certificate to be in the file demoCA/cacert.pem,
-it creates a file "newcert.p12". This command can thus be called after the
+file F<newcert.pem> and the CA certificate to be in the file F<demoCA/cacert.pem>,
+it creates a file F<newcert.p12>. This command can thus be called after the
 B<-sign> option. The PKCS#12 file can be imported directly into a browser.
 If there is an additional argument on the command line it will be used as the
 "friendly name" for the certificate (which is typically displayed in the browser
 list box), otherwise the name "My Certificate" is used.
-Delegates work to B<openssl pkcs12> command.
+Delegates work to L<openssl-pkcs12(1)>.
 
 =item B<-sign>, B<-signcert>, B<-xsign>
 
-Calls the B<ca> program to sign a certificate request. It expects the request
-to be in the file "newreq.pem". The new certificate is written to the file
-"newcert.pem" except in the case of the B<-xsign> option when it is written
-to standard output. Leverages B<openssl ca> command.
+Calls the L<openssl-ca(1)> command to sign a certificate request. It expects the
+request to be in the file F<newreq.pem>. The new certificate is written to the
+file F<newcert.pem> except in the case of the B<-xsign> option when it is
+written to standard output.
 
 =item B<-signCA>
 
 This option is the same as the B<-signreq> option except it uses the
 configuration file section B<v3_ca> and so makes the signed request a
 valid CA certificate. This is useful when creating intermediate CA from
-a root CA.  Extra params are passed on to B<openssl ca> command.
+a root CA.  Extra params are passed to L<openssl-ca(1)>.
 
 =item B<-signcert>
 
 This option is the same as B<-sign> except it expects a self signed certificate
-to be present in the file "newreq.pem".
-Extra params are passed on to B<openssl x509> and B<openssl ca> commands.
+to be present in the file F<newreq.pem>.
+Extra params are passed to L<openssl-x509(1)> and L<openssl-ca(1)>.
 
 =item B<-crl>
 
-Generate a CRL. Executes B<openssl ca> command.
+Generate a CRL. Executes L<openssl-ca(1)>.
 
 =item B<-revoke> I<certfile> [I<reason>]
 
 Revoke the certificate contained in the specified B<certfile>. An optional
 reason may be specified, and must be one of: B<unspecified>,
 B<keyCompromise>, B<CACompromise>, B<affiliationChanged>, B<superseded>,
 B<cessationOfOperation>, B<certificateHold>, or B<removeFromCRL>.
-Leverages B<openssl ca> command.
+Leverages L<openssl-ca(1)>.
 
 =item B<-verify>
 
-Verifies certificates against the CA certificate for "demoCA". If no
+Verifies certificates against the CA certificate for F<demoCA>. If no
 certificates are specified on the command line it tries to verify the file
-"newcert.pem".  Invokes B<openssl verify> command.
+F<newcert.pem>.  Invokes L<openssl-verify(1)>.
 
-=item B<-extra-req> | B<-extra-ca> | B<-extra-pkcs12> | B<-extra-x509> | B<-extra-verify> <extra-params>
+=item B<-extra-req> | B<-extra-ca> | B<-extra-pkcs12> | B<-extra-x509> | B<-extra-verify> I<extra-params>
 
-The purpose of these parameters is to allow optional parameters to be supplied
-to B<openssl> that this command executes. The B<-extra-cmd> are specific to the
-option being used and the B<openssl> command getting invoked. For example
-when this command invokes B<openssl req> extra parameters can be passed on
-with the B<-extra-req> parameter. The
-B<openssl> commands being invoked per option are documented below.
-Users should consult B<openssl> command documentation for more information.
+For each option B<extra-I<cmd>>, pass I<extra-params> to the L<openssl(1)>
+sub-command with the same name as I<cmd>, if that sub-command is invoked.
+For example, if L<openssl-req(1)> is invoked, the I<extra-params> given with
+B<-extra-req> will be passed to it.
+Users should consult L<openssl(1)> command documentation for more information.
 
 =back
 
@@ -149,7 +147,7 @@ the request and finally create a PKCS#12 file containing it.
 =head1 DSA CERTIFICATES
 
 Although the B<CA.pl> creates RSA CAs and requests it is still possible to
-use it with DSA certificates and requests using the L<req(1)> command
+use it with DSA certificates and requests using the L<openssl-req(1)> command
 directly. The following example shows the steps that would typically be taken.
 
 Create some DSA parameters:
@@ -164,7 +162,8 @@ Create the CA directories and files:
 
  CA.pl -newca
 
-enter cacert.pem when prompted for the CA filename.
+enter a filename (for example, F<cacert.pem>) when prompted for the CA file
+name.
 
 Create a DSA certificate request and private key (a different set of parameters
 can optionally be created first):
@@ -193,9 +192,10 @@ be wrong. In this case the command:
 can be used and the B<OPENSSL_CONF> environment variable changed to point to
 the correct path of the configuration file.
 
-The script is intended as a simple front end for the B<openssl> program for use
-by a beginner. Its behaviour isn't always what is wanted. For more control over the
-behaviour of the certificate commands call the B<openssl> command directly.
+The script is intended as a simple front end for the L<openssl(1)> program for
+use by a beginner. Its behaviour isn't always what is wanted. For more control
+over the behaviour of the certificate commands call the L<openssl(1)> command
+directly.
 
 =head1 SEE ALSO
 

diff --git a/doc/man1/openssl-asn1parse.pod b/doc/man1/openssl-asn1parse.pod
@@ -26,8 +26,8 @@ B<openssl> B<asn1parse>
 
 =head1 DESCRIPTION
 
-The B<asn1parse> command is a diagnostic utility that can parse ASN.1
-structures. It can also be used to extract data from ASN.1 formatted data.
+This command is a diagnostic utility that can parse ASN.1 structures.
+It can also be used to extract data from ASN.1 formatted data.
 
 =head1 OPTIONS
 
@@ -39,7 +39,7 @@ Print out a usage message.
 
 =item B<-inform> B<DER>|B<PEM>
 
-The input format. I<DER> is binary format and I<PEM> (the default) is base64
+The input format. B<DER> is binary format and B<PEM> (the default) is base64
 encoded.
 
 =item B<-in> I<filename>
@@ -88,12 +88,12 @@ option can be used multiple times to "drill down" into a nested structure.
 
 =item B<-genstr> I<string>, B<-genconf> I<file>
 
-Generate encoded data based on B<string>, B<file> or both using
-L<ASN1_generate_nconf(3)> format. If B<file> only is
+Generate encoded data based on I<string>, I<file> or both using
+L<ASN1_generate_nconf(3)> format. If I<file> only is
 present then the string is obtained from the default section using the name
 B<asn1>. The encoded data is passed through the ASN1 parser and printed out as
 though it came from a file, the contents can thus be examined and written to a
-file using the B<out> option.
+file using the B<-out> option.
 
 =item B<-strictpem>
 
@@ -105,8 +105,9 @@ END marker in a PEM file.
 
 =item B<-item> I<name>
 
-Attempt to decode and print the data as B<ASN1_ITEM name>. This can be used to
-print out the fields of any supported ASN.1 structure if the type is known.
+Attempt to decode and print the data as an B<ASN1_ITEM> I<name>. This can be
+used to print out the fields of any supported ASN.1 structure if the type is
+known.
 
 =back
 
@@ -132,9 +133,9 @@ The output will typically contain lines like this:
 .....
 
 This example is part of a self-signed certificate. Each line starts with the
-offset in decimal. B<d=XX> specifies the current depth. The depth is increased
-within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length
-(tag and length octets) of the current type. B<l=XX> gives the length of
+offset in decimal. C<d=XX> specifies the current depth. The depth is increased
+within the scope of any SET or SEQUENCE. C<hl=XX> gives the header length
+(tag and length octets) of the current type. C<l=XX> gives the length of
 the contents octets.
 
 The B<-i> option can be used to make the output more readable.
@@ -157,10 +158,13 @@ allows additional OIDs to be included. Each line consists of three columns,
 the first column is the OID in numerical format and should be followed by white
 space. The second column is the "short name" which is a single word followed
 by white space. The final column is the rest of the line and is the
-"long name". B<asn1parse> displays the long name. Example:
+"long name". Example:
 
 C<1.2.3.4       shortName       A long name>
 
+For any OID with an associated short and long name, this command will display
+the long name.
+
 =head1 EXAMPLES
 
 Parse a file: