Update docs.

5 files changed, 38 insertions, 10 deletions

diff --git a/doc/apps/crl.pod b/doc/apps/crl.pod
index 0dbb013119..a40c873b95 100644
--- a/doc/apps/crl.pod
+++ b/doc/apps/crl.pod
@@ -88,6 +88,13 @@ to each certificate.
 
 =back
 
+=head1 NOTES
+
+The PEM CRL format uses the header and footer lines:
+
+ -----BEGIN X509 CRL-----
+ -----END X509 CRL-----
+
 =head1 EXAMPLES
 
 Convert a CRL file from PEM to DER:
diff --git a/doc/apps/dsa.pod b/doc/apps/dsa.pod
index e6a587b729..8196df1ef0 100644
--- a/doc/apps/dsa.pod
+++ b/doc/apps/dsa.pod
@@ -88,7 +88,7 @@ read the output file password from the environment variable B<var>.
 These options encrypt the private key with the DES, triple DES, or the 
 IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
 If none of these options is specified the key is written in plain text. This
-means that using the B<rsa> utility to read in an encrypted key with no
+means that using the B<dsa> utility to read in an encrypted key with no
 encryption option can be used to remove the pass phrase from a key, or by
 setting the encryption options it can be use to add or change the pass phrase.
 These options can only be used with PEM format output files.
@@ -107,8 +107,8 @@ this option prints out the value of the public key component of the key.
 
 =item B<-pubin>
 
-by default a private key is input file with this option a public key is input
-instead.
+by default a private key is read from the input file: with this option a
+public key is read instead.
 
 =item B<-pubout>
 
@@ -125,6 +125,11 @@ The PEM private key format uses the header and footer lines:
  -----BEGIN DSA PRIVATE KEY-----
  -----END DSA PRIVATE KEY-----
 
+The PEM public key format uses the header and footer lines:
+
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+
 =head1 EXAMPLES
 
 To remove the pass phrase on a DSA private key:
diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
index 3d2ed36c10..6a17b910b6 100644
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -261,6 +261,17 @@ Although there are a large number of options most of them are very rarely
 used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used
 for PKCS#12 file creation B<-export> and B<-name> are also used.
 
+If none of the B<-clcerts>, B<-cacerts> or B<-nocerts> options are present
+then all certificates will be output in the order they appear in the input
+PKCS#12 files. There is no guarantee that the first certificate present is
+the one corresponding to the private key. Certain software which requires
+a private key and certificate and assumes the first certificate in the
+file is the one corresponding to the private key: this may not always
+be the case. Using the B<-clcerts> option will solve this problem by only
+outputing the certificate corresponding to the private key. If the CA
+certificates are required then they can be output to a separate file using
+the B<-nokeys -cacerts> options to just output CA certificates.
+
 The B<-keypbe> and B<-certpbe> algorithms allow the precise encryption
 algorithms for private keys and certificates to be specified. Normally
 the defaults are fine but occasionally software can't handle triple DES
diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod
index 359eb6f898..df2635613f 100644
--- a/doc/apps/pkcs8.pod
+++ b/doc/apps/pkcs8.pod
@@ -225,8 +225,8 @@ implementation is reasonably accurate at least as far as these
 algorithms are concerned.
 
 The format of PKCS#8 DSA (and other) private keys is not well documented:
-it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's DSA private
-key format complies with this standard.
+it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA
+PKCS#8 private key format complies with this standard.
 
 =head1 BUGS
 
diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod
index b0503ba183..b381cc5bcc 100644
--- a/doc/apps/rsa.pod
+++ b/doc/apps/rsa.pod
@@ -113,14 +113,14 @@ this option checks the consistency of an RSA private key.
 
 =item B<-pubin>
 
-by default a private key is input file with this option a public key is input
-instead.
+by default a private key is read from the input file: with this
+option a public key is read instead.
 
 =item B<-pubout>
 
-by default a private key is output with this option a public
-key will be output instead. This option is automatically set if the input is
-a public key.
+by default a private key is output: with this option a public
+key will be output instead. This option is automatically set if
+the input is a public key.
 
 =back
 
@@ -131,6 +131,11 @@ The PEM private key format uses the header and footer lines:
  -----BEGIN RSA PRIVATE KEY-----
  -----END RSA PRIVATE KEY-----
 
+The PEM public key format uses the header and footer lines:
+
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+
 =head1 EXAMPLES
 
 To remove the pass phrase on an RSA private key: