diff options
author | Rich Salz <rsalz@akamai.com> | 2019-09-25 15:20:11 -0400 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2019-10-01 08:36:58 +0200 |
commit | e8769719c9bbe53d7af088111b7625671660d4db (patch) | |
tree | 222b64baed23d8f70f19928e58486851e5b7fc95 /doc/man1/openssl-ts.pod | |
parent | 4dcb150ea30f9bbfa7946e6b39c30a86aca5ed02 (diff) | |
download | openssl-e8769719c9bbe53d7af088111b7625671660d4db.tar.gz |
Consistent formatting of flags with args
For documentation of all commands with "-flag arg" format them
consistently: "B<-flag> I<arg>", except when arg is literal
(for example "B<-inform> B<PEM>|B<DER>")
Update find-doc-nits to complain if badly formatted strings are found.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10022)
Diffstat (limited to 'doc/man1/openssl-ts.pod')
-rw-r--r-- | doc/man1/openssl-ts.pod | 180 |
1 files changed, 90 insertions, 90 deletions
diff --git a/doc/man1/openssl-ts.pod b/doc/man1/openssl-ts.pod index 1544cc94e2..6247cc786d 100644 --- a/doc/man1/openssl-ts.pod +++ b/doc/man1/openssl-ts.pod @@ -8,79 +8,79 @@ openssl-ts - Time Stamping Authority tool (client/server) B<openssl> B<ts> B<-query> -[B<-rand file...>] -[B<-writerand file>] -[B<-config> configfile] -[B<-data> file_to_hash] -[B<-digest> digest_bytes] -[B<-I<digest>>] -[B<-tspolicy> object_id] +[B<-rand> I<file...>] +[B<-writerand> I<file>] +[B<-config> I<configfile>] +[B<-data> I<file_to_hash>] +[B<-digest> I<digest_bytes>] +[B<->I<digest>] +[B<-tspolicy> I<object_id>] [B<-no_nonce>] [B<-cert>] -[B<-in> request.tsq] -[B<-out> request.tsq] +[B<-in> I<request.tsq>] +[B<-out> I<request.tsq>] [B<-text>] B<openssl> B<ts> B<-reply> -[B<-config> configfile] -[B<-section> tsa_section] -[B<-queryfile> request.tsq] -[B<-passin> password_src] -[B<-signer> tsa_cert.pem] -[B<-inkey> file_or_id] -[B<-I<digest>>] -[B<-chain> certs_file.pem] -[B<-tspolicy> object_id] -[B<-in> response.tsr] +[B<-config> I<configfile>] +[B<-section> I<tsa_section>] +[B<-queryfile> I<request.tsq>] +[B<-passin> I<password_src>] +[B<-signer> I<tsa_cert.pem>] +[B<-inkey> I<file_or_id>] +[B<->I<digest>] +[B<-chain> I<certs_file.pem>] +[B<-tspolicy> I<object_id>] +[B<-in> I<response.tsr>] [B<-token_in>] -[B<-out> response.tsr] +[B<-out> I<response.tsr>] [B<-token_out>] [B<-text>] -[B<-engine> id] +[B<-engine> I<id>] B<openssl> B<ts> B<-verify> -[B<-data> file_to_hash] -[B<-digest> digest_bytes] -[B<-queryfile> request.tsq] -[B<-in> response.tsr] +[B<-data> I<file_to_hash>] +[B<-digest> I<digest_bytes>] +[B<-queryfile> I<request.tsq>] +[B<-in> I<response.tsr>] [B<-token_in>] -[B<-CApath> trusted_cert_path] -[B<-CAfile> trusted_certs.pem] -[B<-untrusted> cert_file.pem] +[B<-CApath> I<trusted_cert_path>] +[B<-CAfile> I<trusted_certs.pem>] +[B<-untrusted> I<cert_file.pem>] [I<verify options>] I<verify options:> -[-attime timestamp] -[-check_ss_sig] -[-crl_check] -[-crl_check_all] -[-explicit_policy] -[-extended_crl] -[-ignore_critical] -[-inhibit_any] -[-inhibit_map] -[-issuer_checks] -[-no_alt_chains] -[-no_check_time] -[-partial_chain] -[-policy arg] -[-policy_check] -[-policy_print] -[-purpose purpose] -[-suiteB_128] -[-suiteB_128_only] -[-suiteB_192] -[-trusted_first] -[-use_deltas] -[-auth_level num] -[-verify_depth num] -[-verify_email email] -[-verify_hostname hostname] -[-verify_ip ip] -[-verify_name name] -[-x509_strict] +[B<-attime> I<timestamp>] +[B<-check_ss_sig>] +[B<-crl_check>] +[B<-crl_check_all>] +[B<-explicit_policy>] +[B<-extended_crl>] +[B<-ignore_critical>] +[B<-inhibit_any>] +[B<-inhibit_map>] +[B<-issuer_checks>] +[B<-no_alt_chains>] +[B<-no_check_time>] +[B<-partial_chain>] +[B<-policy> I<arg>] +[B<-policy_check>] +[B<-policy_print>] +[B<-purpose> I<purpose>] +[B<-suiteB_128>] +[B<-suiteB_128_only>] +[B<-suiteB_192>] +[B<-trusted_first>] +[B<-use_deltas>] +[B<-auth_level> I<num>] +[B<-verify_depth> I<num>] +[B<-verify_email> I<email>] +[B<-verify_hostname> I<hostname>] +[B<-verify_ip> I<ip>] +[B<-verify_name> I<name>] +[B<-x509_strict>] =head1 DESCRIPTION @@ -132,7 +132,7 @@ request with the following options: =over 4 -=item B<-rand file...> +=item B<-rand> I<file...> A file or files containing random data used to seed the random number generator. @@ -140,24 +140,24 @@ Multiple files can be specified separated by an OS-dependent character. The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for all others. -=item [B<-writerand file>] +=item B<-writerand> I<file> Writes random data to the specified I<file> upon exit. This can be used with a subsequent B<-rand> flag. -=item B<-config> configfile +=item B<-config> I<configfile> The configuration file to use. Optional; for a description of the default value, see L<openssl(1)/COMMAND SUMMARY>. -=item B<-data> file_to_hash +=item B<-data> I<file_to_hash> The data file for which the time stamp request needs to be created. stdin is the default if neither the B<-data> nor the B<-digest> parameter is specified. (Optional) -=item B<-digest> digest_bytes +=item B<-digest> I<digest_bytes> It is possible to specify the message imprint explicitly without the data file. The imprint must be specified in a hexadecimal format, two characters @@ -165,13 +165,13 @@ per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or 1AF601...). The number of bytes must match the message digest algorithm in use. (Optional) -=item B<-I<digest>> +=item B<->I<digest> The message digest to apply to the data file. Any digest supported by the OpenSSL B<dgst> command can be used. The default is SHA-256. (Optional) -=item B<-tspolicy> object_id +=item B<-tspolicy> I<object_id> The policy that the client expects the TSA to use for creating the time stamp token. Either the dotted OID notation or OID names defined @@ -190,14 +190,14 @@ protect against replay-attacks. (Optional) The TSA is expected to include its signing certificate in the response. (Optional) -=item B<-in> request.tsq +=item B<-in> I<request.tsq> This option specifies a previously created time stamp request in DER format that will be printed into the output file. Useful when you need to examine the content of a request in human-readable format. (Optional) -=item B<-out> request.tsq +=item B<-out> I<request.tsq> Name of the output file to which the request will be written. Default is stdout. (Optional) @@ -221,29 +221,29 @@ otherwise it is a time stamp token (ContentInfo). =over 4 -=item B<-config> configfile +=item B<-config> I<configfile> The configuration file to use. Optional; for a description of the default value, see L<openssl(1)/COMMAND SUMMARY>. -See B<CONFIGURATION FILE OPTIONS> for configurable variables. +See L</CONFIGURATION FILE OPTIONS> for configurable variables. -=item B<-section> tsa_section +=item B<-section> I<tsa_section> The name of the config file section containing the settings for the response generation. If not specified the default TSA section is -used, see B<CONFIGURATION FILE OPTIONS> for details. (Optional) +used, see L</CONFIGURATION FILE OPTIONS> for details. (Optional) -=item B<-queryfile> request.tsq +=item B<-queryfile> I<request.tsq> The name of the file containing a DER encoded time stamp request. (Optional) -=item B<-passin> password_src +=item B<-passin> I<password_src> Specifies the password source for the private key of the TSA. See -B<PASS PHRASE ARGUMENTS> in L<openssl(1)>. (Optional) +description in L<openssl(1)>. (Optional) -=item B<-signer> tsa_cert.pem +=item B<-signer> I<tsa_cert.pem> The signer certificate of the TSA in PEM format. The TSA signing certificate must have exactly one extended key usage assigned to it: @@ -251,19 +251,19 @@ timeStamping. The extended key usage must also be critical, otherwise the certificate is going to be refused. Overrides the B<signer_cert> variable of the config file. (Optional) -=item B<-inkey> file_or_id +=item B<-inkey> I<file_or_id> The signer private key of the TSA in PEM format. Overrides the B<signer_key> config file option. (Optional) If no engine is used, the argument is taken as a file; if an engine is specified, the argument is given to the engine as a key identifier. -=item B<-I<digest>> +=item B<->I<digest> Signing digest to use. Overrides the B<signer_digest> config file option. (Mandatory unless specified in the config file) -=item B<-chain> certs_file.pem +=item B<-chain> I<certs_file.pem> The collection of certificates in PEM format that will all be included in the response in addition to the signer certificate if @@ -272,14 +272,14 @@ contain the certificate chain for the signer certificate from its issuer upwards. The B<-reply> command does not build a certificate chain automatically. (Optional) -=item B<-tspolicy> object_id +=item B<-tspolicy> I<object_id> The default policy to use for the response unless the client explicitly requires a particular TSA policy. The OID can be specified either in dotted notation or with its name. Overrides the B<default_policy> config file option. (Optional) -=item B<-in> response.tsr +=item B<-in> I<response.tsr> Specifies a previously created time stamp response or time stamp token (if B<-token_in> is also specified) in DER format that will be written @@ -295,7 +295,7 @@ This flag can be used together with the B<-in> option and indicates that the input is a DER encoded time stamp token (ContentInfo) instead of a time stamp response (TimeStampResp). (Optional) -=item B<-out> response.tsr +=item B<-out> I<response.tsr> The response is written to this file. The format and content of the file depends on other options (see B<-text>, B<-token_out>). The default is @@ -311,7 +311,7 @@ response (TimeStampResp). (Optional) If this option is specified the output is human-readable text format instead of DER. (Optional) -=item B<-engine> id +=item B<-engine> I<id> Specifying an engine (by its unique B<id> string) will cause B<ts> to attempt to obtain a functional reference to the specified engine, @@ -328,26 +328,26 @@ data file. The B<-verify> command does not use the configuration file. =over 4 -=item B<-data> file_to_hash +=item B<-data> I<file_to_hash> The response or token must be verified against file_to_hash. The file is hashed with the message digest algorithm specified in the token. The B<-digest> and B<-queryfile> options must not be specified with this one. (Optional) -=item B<-digest> digest_bytes +=item B<-digest> I<digest_bytes> The response or token must be verified against the message digest specified with this option. The number of bytes must match the message digest algorithm specified in the token. The B<-data> and B<-queryfile> options must not be specified with this one. (Optional) -=item B<-queryfile> request.tsq +=item B<-queryfile> I<request.tsq> The original time stamp request in DER format. The B<-data> and B<-digest> options must not be specified with this one. (Optional) -=item B<-in> response.tsr +=item B<-in> I<response.tsr> The time stamp response that needs to be verified in DER format. (Mandatory) @@ -357,14 +357,14 @@ This flag can be used together with the B<-in> option and indicates that the input is a DER encoded time stamp token (ContentInfo) instead of a time stamp response (TimeStampResp). (Optional) -=item B<-CApath> trusted_cert_path +=item B<-CApath> I<trusted_cert_path> The name of the directory containing the trusted CA certificates of the client. See the similar option of L<verify(1)> for additional details. Either this option or B<-CAfile> must be specified. (Optional) -=item B<-CAfile> trusted_certs.pem +=item B<-CAfile> I<trusted_certs.pem> The name of the file containing a set of trusted self-signed CA certificates in PEM format. See the similar option of @@ -372,7 +372,7 @@ L<verify(1)> for additional details. Either this option or B<-CApath> must be specified. (Optional) -=item B<-untrusted> cert_file.pem +=item B<-untrusted> I<cert_file.pem> Set of additional untrusted certificates in PEM format which may be needed when building the certificate chain for the TSA's signing @@ -382,7 +382,7 @@ all intermediate CA certificates unless the response includes them. =item I<verify options> -The options B<-attime timestamp>, B<-check_ss_sig>, B<-crl_check>, +The options B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>, B<-policy_check>, @@ -459,7 +459,7 @@ command line option. (Optional) =item B<signer_digest> Signing digest to use. The same as the -B<-I<digest>> command line option. (Mandatory unless specified on the command +B<->I<digest> command line option. (Mandatory unless specified on the command line) =item B<default_policy> |