Consistent formatting of flags with args

For documentation of all commands with "-flag arg" format them
consistently: "B<-flag> I<arg>", except when arg is literal
(for example "B<-inform> B<PEM>|B<DER>")
Update find-doc-nits to complain if badly formatted strings are found.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10022)

1 files changed, 90 insertions, 90 deletions

diff --git a/doc/man1/openssl-ts.pod b/doc/man1/openssl-ts.pod
index 1544cc94e2..6247cc786d 100644
--- a/doc/man1/openssl-ts.pod
+++ b/doc/man1/openssl-ts.pod
@@ -8,79 +8,79 @@ openssl-ts - Time Stamping Authority tool (client/server)
 
 B<openssl> B<ts>
 B<-query>
-[B<-rand file...>]
-[B<-writerand file>]
-[B<-config> configfile]
-[B<-data> file_to_hash]
-[B<-digest> digest_bytes]
-[B<-I<digest>>]
-[B<-tspolicy> object_id]
+[B<-rand> I<file...>]
+[B<-writerand> I<file>]
+[B<-config> I<configfile>]
+[B<-data> I<file_to_hash>]
+[B<-digest> I<digest_bytes>]
+[B<->I<digest>]
+[B<-tspolicy> I<object_id>]
 [B<-no_nonce>]
 [B<-cert>]
-[B<-in> request.tsq]
-[B<-out> request.tsq]
+[B<-in> I<request.tsq>]
+[B<-out> I<request.tsq>]
 [B<-text>]
 
 B<openssl> B<ts>
 B<-reply>
-[B<-config> configfile]
-[B<-section> tsa_section]
-[B<-queryfile> request.tsq]
-[B<-passin> password_src]
-[B<-signer> tsa_cert.pem]
-[B<-inkey> file_or_id]
-[B<-I<digest>>]
-[B<-chain> certs_file.pem]
-[B<-tspolicy> object_id]
-[B<-in> response.tsr]
+[B<-config> I<configfile>]
+[B<-section> I<tsa_section>]
+[B<-queryfile> I<request.tsq>]
+[B<-passin> I<password_src>]
+[B<-signer> I<tsa_cert.pem>]
+[B<-inkey> I<file_or_id>]
+[B<->I<digest>]
+[B<-chain> I<certs_file.pem>]
+[B<-tspolicy> I<object_id>]
+[B<-in> I<response.tsr>]
 [B<-token_in>]
-[B<-out> response.tsr]
+[B<-out> I<response.tsr>]
 [B<-token_out>]
 [B<-text>]
-[B<-engine> id]
+[B<-engine> I<id>]
 
 B<openssl> B<ts>
 B<-verify>
-[B<-data> file_to_hash]
-[B<-digest> digest_bytes]
-[B<-queryfile> request.tsq]
-[B<-in> response.tsr]
+[B<-data> I<file_to_hash>]
+[B<-digest> I<digest_bytes>]
+[B<-queryfile> I<request.tsq>]
+[B<-in> I<response.tsr>]
 [B<-token_in>]
-[B<-CApath> trusted_cert_path]
-[B<-CAfile> trusted_certs.pem]
-[B<-untrusted> cert_file.pem]
+[B<-CApath> I<trusted_cert_path>]
+[B<-CAfile> I<trusted_certs.pem>]
+[B<-untrusted> I<cert_file.pem>]
 [I<verify options>]
 
 I<verify options:>
-[-attime timestamp]
-[-check_ss_sig]
-[-crl_check]
-[-crl_check_all]
-[-explicit_policy]
-[-extended_crl]
-[-ignore_critical]
-[-inhibit_any]
-[-inhibit_map]
-[-issuer_checks]
-[-no_alt_chains]
-[-no_check_time]
-[-partial_chain]
-[-policy arg]
-[-policy_check]
-[-policy_print]
-[-purpose purpose]
-[-suiteB_128]
-[-suiteB_128_only]
-[-suiteB_192]
-[-trusted_first]
-[-use_deltas]
-[-auth_level num]
-[-verify_depth num]
-[-verify_email email]
-[-verify_hostname hostname]
-[-verify_ip ip]
-[-verify_name name]
-[-x509_strict]
+[B<-attime> I<timestamp>]
+[B<-check_ss_sig>]
+[B<-crl_check>]
+[B<-crl_check_all>]
+[B<-explicit_policy>]
+[B<-extended_crl>]
+[B<-ignore_critical>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-issuer_checks>]
+[B<-no_alt_chains>]
+[B<-no_check_time>]
+[B<-partial_chain>]
+[B<-policy> I<arg>]
+[B<-policy_check>]
+[B<-policy_print>]
+[B<-purpose> I<purpose>]
+[B<-suiteB_128>]
+[B<-suiteB_128_only>]
+[B<-suiteB_192>]
+[B<-trusted_first>]
+[B<-use_deltas>]
+[B<-auth_level> I<num>]
+[B<-verify_depth> I<num>]
+[B<-verify_email> I<email>]
+[B<-verify_hostname> I<hostname>]
+[B<-verify_ip> I<ip>]
+[B<-verify_name> I<name>]
+[B<-x509_strict>]
 
 =head1 DESCRIPTION
 
@@ -132,7 +132,7 @@ request with the following options:
 
 =over 4
 
-=item B<-rand file...>
+=item B<-rand> I<file...>
 
 A file or files containing random data used to seed the random number
 generator.
@@ -140,24 +140,24 @@ Multiple files can be specified separated by an OS-dependent character.
 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
-=item [B<-writerand file>]
+=item B<-writerand> I<file>
 
 Writes random data to the specified I<file> upon exit.
 This can be used with a subsequent B<-rand> flag.
 
-=item B<-config> configfile
+=item B<-config> I<configfile>
 
 The configuration file to use.
 Optional; for a description of the default value,
 see L<openssl(1)/COMMAND SUMMARY>.
 
-=item B<-data> file_to_hash
+=item B<-data> I<file_to_hash>
 
 The data file for which the time stamp request needs to be
 created. stdin is the default if neither the B<-data> nor the B<-digest>
 parameter is specified. (Optional)
 
-=item B<-digest> digest_bytes
+=item B<-digest> I<digest_bytes>
 
 It is possible to specify the message imprint explicitly without the data
 file. The imprint must be specified in a hexadecimal format, two characters
@@ -165,13 +165,13 @@ per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or
 1AF601...). The number of bytes must match the message digest algorithm
 in use. (Optional)
 
-=item B<-I<digest>>
+=item B<->I<digest>
 
 The message digest to apply to the data file.
 Any digest supported by the OpenSSL B<dgst> command can be used.
 The default is SHA-256. (Optional)
 
-=item B<-tspolicy> object_id
+=item B<-tspolicy> I<object_id>
 
 The policy that the client expects the TSA to use for creating the
 time stamp token. Either the dotted OID notation or OID names defined
@@ -190,14 +190,14 @@ protect against replay-attacks. (Optional)
 The TSA is expected to include its signing certificate in the
 response. (Optional)
 
-=item B<-in> request.tsq
+=item B<-in> I<request.tsq>
 
 This option specifies a previously created time stamp request in DER
 format that will be printed into the output file. Useful when you need
 to examine the content of a request in human-readable
 format. (Optional)
 
-=item B<-out> request.tsq
+=item B<-out> I<request.tsq>
 
 Name of the output file to which the request will be written. Default
 is stdout. (Optional)
@@ -221,29 +221,29 @@ otherwise it is a time stamp token (ContentInfo).
 
 =over 4
 
-=item B<-config> configfile
+=item B<-config> I<configfile>
 
 The configuration file to use.
 Optional; for a description of the default value,
 see L<openssl(1)/COMMAND SUMMARY>.
-See B<CONFIGURATION FILE OPTIONS> for configurable variables.
+See L</CONFIGURATION FILE OPTIONS> for configurable variables.
 
-=item B<-section> tsa_section
+=item B<-section> I<tsa_section>
 
 The name of the config file section containing the settings for the
 response generation. If not specified the default TSA section is
-used, see B<CONFIGURATION FILE OPTIONS> for details. (Optional)
+used, see L</CONFIGURATION FILE OPTIONS> for details. (Optional)
 
-=item B<-queryfile> request.tsq
+=item B<-queryfile> I<request.tsq>
 
 The name of the file containing a DER encoded time stamp request. (Optional)
 
-=item B<-passin> password_src
+=item B<-passin> I<password_src>
 
 Specifies the password source for the private key of the TSA. See
-B<PASS PHRASE ARGUMENTS> in L<openssl(1)>. (Optional)
+description in L<openssl(1)>. (Optional)
 
-=item B<-signer> tsa_cert.pem
+=item B<-signer> I<tsa_cert.pem>
 
 The signer certificate of the TSA in PEM format. The TSA signing
 certificate must have exactly one extended key usage assigned to it:
@@ -251,19 +251,19 @@ timeStamping. The extended key usage must also be critical, otherwise
 the certificate is going to be refused. Overrides the B<signer_cert>
 variable of the config file. (Optional)
 
-=item B<-inkey> file_or_id
+=item B<-inkey> I<file_or_id>
 
 The signer private key of the TSA in PEM format. Overrides the
 B<signer_key> config file option. (Optional)
 If no engine is used, the argument is taken as a file; if an engine is
 specified, the argument is given to the engine as a key identifier.
 
-=item B<-I<digest>>
+=item B<->I<digest>
 
 Signing digest to use. Overrides the B<signer_digest> config file
 option. (Mandatory unless specified in the config file)
 
-=item B<-chain> certs_file.pem
+=item B<-chain> I<certs_file.pem>
 
 The collection of certificates in PEM format that will all
 be included in the response in addition to the signer certificate if
@@ -272,14 +272,14 @@ contain the certificate chain for the signer certificate from its
 issuer upwards. The B<-reply> command does not build a certificate
 chain automatically. (Optional)
 
-=item B<-tspolicy> object_id
+=item B<-tspolicy> I<object_id>
 
 The default policy to use for the response unless the client
 explicitly requires a particular TSA policy. The OID can be specified
 either in dotted notation or with its name. Overrides the
 B<default_policy> config file option. (Optional)
 
-=item B<-in> response.tsr
+=item B<-in> I<response.tsr>
 
 Specifies a previously created time stamp response or time stamp token
 (if B<-token_in> is also specified) in DER format that will be written
@@ -295,7 +295,7 @@ This flag can be used together with the B<-in> option and indicates
 that the input is a DER encoded time stamp token (ContentInfo) instead
 of a time stamp response (TimeStampResp). (Optional)
 
-=item B<-out> response.tsr
+=item B<-out> I<response.tsr>
 
 The response is written to this file. The format and content of the
 file depends on other options (see B<-text>, B<-token_out>). The default is
@@ -311,7 +311,7 @@ response (TimeStampResp). (Optional)
 If this option is specified the output is human-readable text format
 instead of DER. (Optional)
 
-=item B<-engine> id
+=item B<-engine> I<id>
 
 Specifying an engine (by its unique B<id> string) will cause B<ts>
 to attempt to obtain a functional reference to the specified engine,
@@ -328,26 +328,26 @@ data file. The B<-verify> command does not use the configuration file.
 
 =over 4
 
-=item B<-data> file_to_hash
+=item B<-data> I<file_to_hash>
 
 The response or token must be verified against file_to_hash. The file
 is hashed with the message digest algorithm specified in the token.
 The B<-digest> and B<-queryfile> options must not be specified with this one.
 (Optional)
 
-=item B<-digest> digest_bytes
+=item B<-digest> I<digest_bytes>
 
 The response or token must be verified against the message digest specified
 with this option. The number of bytes must match the message digest algorithm
 specified in the token. The B<-data> and B<-queryfile> options must not be
 specified with this one. (Optional)
 
-=item B<-queryfile> request.tsq
+=item B<-queryfile> I<request.tsq>
 
 The original time stamp request in DER format. The B<-data> and B<-digest>
 options must not be specified with this one. (Optional)
 
-=item B<-in> response.tsr
+=item B<-in> I<response.tsr>
 
 The time stamp response that needs to be verified in DER format. (Mandatory)
 
@@ -357,14 +357,14 @@ This flag can be used together with the B<-in> option and indicates
 that the input is a DER encoded time stamp token (ContentInfo) instead
 of a time stamp response (TimeStampResp). (Optional)
 
-=item B<-CApath> trusted_cert_path
+=item B<-CApath> I<trusted_cert_path>
 
 The name of the directory containing the trusted CA certificates of the
 client. See the similar option of L<verify(1)> for additional
 details. Either this option or B<-CAfile> must be specified. (Optional)
 
 
-=item B<-CAfile> trusted_certs.pem
+=item B<-CAfile> I<trusted_certs.pem>
 
 The name of the file containing a set of trusted self-signed CA
 certificates in PEM format. See the similar option of
@@ -372,7 +372,7 @@ L<verify(1)> for additional details. Either this option
 or B<-CApath> must be specified.
 (Optional)
 
-=item B<-untrusted> cert_file.pem
+=item B<-untrusted> I<cert_file.pem>
 
 Set of additional untrusted certificates in PEM format which may be
 needed when building the certificate chain for the TSA's signing
@@ -382,7 +382,7 @@ all intermediate CA certificates unless the response includes them.
 
 =item I<verify options>
 
-The options B<-attime timestamp>, B<-check_ss_sig>, B<-crl_check>,
+The options B<-attime>, B<-check_ss_sig>, B<-crl_check>,
 B<-crl_check_all>, B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>,
 B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, B<-no_alt_chains>,
 B<-no_check_time>, B<-partial_chain>, B<-policy>, B<-policy_check>,
@@ -459,7 +459,7 @@ command line option. (Optional)
 =item B<signer_digest>
 
 Signing digest to use. The same as the
-B<-I<digest>> command line option. (Mandatory unless specified on the command
+B<->I<digest> command line option. (Mandatory unless specified on the command
 line)
 
 =item B<default_policy>