|
|
cfec1a |
diff -up openssl-1.0.2a/apps/ca.c.dgst openssl-1.0.2a/apps/ca.c
|
|
|
cfec1a |
--- openssl-1.0.2a/apps/ca.c.dgst 2015-03-19 14:30:36.000000000 +0100
|
|
|
cfec1a |
+++ openssl-1.0.2a/apps/ca.c 2015-04-21 17:01:38.841551616 +0200
|
|
|
cfec1a |
@@ -157,7 +157,7 @@ static const char *ca_usage[] = {
|
|
|
cfec1a |
" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
|
|
|
cfec1a |
" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
|
|
|
cfec1a |
" -days arg - number of days to certify the certificate for\n",
|
|
|
cfec1a |
- " -md arg - md to use, one of md2, md5, sha or sha1\n",
|
|
|
cfec1a |
+ " -md arg - md to use, see openssl dgst -h for list\n",
|
|
|
cfec1a |
" -policy arg - The CA 'policy' to support\n",
|
|
|
cfec1a |
" -keyfile arg - private key file\n",
|
|
|
cfec1a |
" -keyform arg - private key file format (PEM or ENGINE)\n",
|
|
|
cfec1a |
diff -up openssl-1.0.2a/apps/enc.c.dgst openssl-1.0.2a/apps/enc.c
|
|
|
cfec1a |
--- openssl-1.0.2a/apps/enc.c.dgst 2015-03-19 14:19:00.000000000 +0100
|
|
|
cfec1a |
+++ openssl-1.0.2a/apps/enc.c 2015-04-21 17:01:38.841551616 +0200
|
|
|
cfec1a |
@@ -294,7 +294,7 @@ int MAIN(int argc, char **argv)
|
|
|
cfec1a |
"%-14s the next argument is the md to use to create a key\n",
|
|
|
cfec1a |
"-md");
|
|
|
cfec1a |
BIO_printf(bio_err,
|
|
|
cfec1a |
- "%-14s from a passphrase. One of md2, md5, sha or sha1\n",
|
|
|
cfec1a |
+ "%-14s from a passphrase. See openssl dgst -h for list.\n",
|
|
|
cfec1a |
"");
|
|
|
cfec1a |
BIO_printf(bio_err, "%-14s salt in hex is the next argument\n",
|
|
|
cfec1a |
"-S");
|
|
|
cfec1a |
diff -up openssl-1.0.2a/apps/req.c.dgst openssl-1.0.2a/apps/req.c
|
|
|
cfec1a |
--- openssl-1.0.2a/apps/req.c.dgst 2015-03-19 14:19:00.000000000 +0100
|
|
|
cfec1a |
+++ openssl-1.0.2a/apps/req.c 2015-04-21 17:01:38.842551640 +0200
|
|
|
cfec1a |
@@ -414,7 +414,7 @@ int MAIN(int argc, char **argv)
|
|
|
cfec1a |
" -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
|
|
|
cfec1a |
#endif
|
|
|
cfec1a |
BIO_printf(bio_err,
|
|
|
cfec1a |
- " -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
|
|
|
cfec1a |
+ " -[digest] Digest to sign with (see openssl dgst -h for list)\n");
|
|
|
cfec1a |
BIO_printf(bio_err, " -config file request template file.\n");
|
|
|
cfec1a |
BIO_printf(bio_err,
|
|
|
cfec1a |
" -subj arg set or modify request subject\n");
|
|
|
cfec1a |
diff -up openssl-1.0.2a/apps/ts.c.dgst openssl-1.0.2a/apps/ts.c
|
|
|
cfec1a |
--- openssl-1.0.2a/apps/ts.c.dgst 2015-03-19 14:19:00.000000000 +0100
|
|
|
cfec1a |
+++ openssl-1.0.2a/apps/ts.c 2015-04-21 17:01:38.842551640 +0200
|
|
|
cfec1a |
@@ -337,7 +337,7 @@ int MAIN(int argc, char **argv)
|
|
|
cfec1a |
BIO_printf(bio_err, "usage:\n"
|
|
|
cfec1a |
"ts -query [-rand file%cfile%c...] [-config configfile] "
|
|
|
cfec1a |
"[-data file_to_hash] [-digest digest_bytes]"
|
|
|
cfec1a |
- "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] "
|
|
|
cfec1a |
+ "[-<hashalg>] "
|
|
|
cfec1a |
"[-policy object_id] [-no_nonce] [-cert] "
|
|
|
cfec1a |
"[-in request.tsq] [-out request.tsq] [-text]\n",
|
|
|
cfec1a |
LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
|
|
|
cfec1a |
diff -up openssl-1.0.2a/apps/x509.c.dgst openssl-1.0.2a/apps/x509.c
|
|
|
cfec1a |
--- openssl-1.0.2a/apps/x509.c.dgst 2015-03-19 14:30:36.000000000 +0100
|
|
|
cfec1a |
+++ openssl-1.0.2a/apps/x509.c 2015-04-21 17:01:38.842551640 +0200
|
|
|
cfec1a |
@@ -141,7 +141,7 @@ static const char *x509_usage[] = {
|
|
|
cfec1a |
" -set_serial - serial number to use\n",
|
|
|
cfec1a |
" -text - print the certificate in text form\n",
|
|
|
cfec1a |
" -C - print out C code forms\n",
|
|
|
cfec1a |
- " -md2/-md5/-sha1/-mdc2 - digest to use\n",
|
|
|
cfec1a |
+ " -<dgst> - digest to use, see openssl dgst -h output for list\n",
|
|
|
cfec1a |
" -extfile - configuration file with X509V3 extensions to add\n",
|
|
|
cfec1a |
" -extensions - section from config file with X509V3 extensions to add\n",
|
|
|
cfec1a |
" -clrext - delete extensions before signing and input certificate\n",
|
|
|
cfec1a |
diff -up openssl-1.0.2a/doc/apps/ca.pod.dgst openssl-1.0.2a/doc/apps/ca.pod
|
|
|
cfec1a |
--- openssl-1.0.2a/doc/apps/ca.pod.dgst 2015-01-20 13:33:36.000000000 +0100
|
|
|
cfec1a |
+++ openssl-1.0.2a/doc/apps/ca.pod 2015-04-21 17:01:38.842551640 +0200
|
|
|
cfec1a |
@@ -168,7 +168,8 @@ the number of days to certify the certif
|
|
|
cfec1a |
=item B<-md alg>
|
|
|
cfec1a |
|
|
|
cfec1a |
the message digest to use. Possible values include md5, sha1 and mdc2.
|
|
|
cfec1a |
-This option also applies to CRLs.
|
|
|
cfec1a |
+For full list of digests see openssl dgst -h output. This option also
|
|
|
cfec1a |
+applies to CRLs.
|
|
|
cfec1a |
|
|
|
cfec1a |
=item B<-policy arg>
|
|
|
cfec1a |
|
|
|
cfec1a |
diff -up openssl-1.0.2a/doc/apps/ocsp.pod.dgst openssl-1.0.2a/doc/apps/ocsp.pod
|
|
|
cfec1a |
--- openssl-1.0.2a/doc/apps/ocsp.pod.dgst 2015-03-19 14:19:00.000000000 +0100
|
|
|
cfec1a |
+++ openssl-1.0.2a/doc/apps/ocsp.pod 2015-04-21 17:01:38.842551640 +0200
|
|
|
cfec1a |
@@ -219,7 +219,8 @@ check is not performed.
|
|
|
cfec1a |
=item B<-md5|-sha1|-sha256|-ripemod160|...>
|
|
|
cfec1a |
|
|
|
cfec1a |
this option sets digest algorithm to use for certificate identification
|
|
|
cfec1a |
-in the OCSP request. By default SHA-1 is used.
|
|
|
cfec1a |
+in the OCSP request. By default SHA-1 is used. See openssl dgst -h output for
|
|
|
cfec1a |
+the list of available algorithms.
|
|
|
cfec1a |
|
|
|
cfec1a |
=back
|
|
|
cfec1a |
|
|
|
cfec1a |
diff -up openssl-1.0.2a/doc/apps/req.pod.dgst openssl-1.0.2a/doc/apps/req.pod
|
|
|
cfec1a |
--- openssl-1.0.2a/doc/apps/req.pod.dgst 2015-03-19 14:30:36.000000000 +0100
|
|
|
cfec1a |
+++ openssl-1.0.2a/doc/apps/req.pod 2015-04-21 17:01:38.843551664 +0200
|
|
|
cfec1a |
@@ -201,7 +201,8 @@ will not be encrypted.
|
|
|
cfec1a |
|
|
|
cfec1a |
this specifies the message digest to sign the request with (such as
|
|
|
cfec1a |
B<-md5>, B<-sha1>). This overrides the digest algorithm specified in
|
|
|
cfec1a |
-the configuration file.
|
|
|
cfec1a |
+the configuration file. For full list of possible digests see openssl
|
|
|
cfec1a |
+dgst -h output.
|
|
|
cfec1a |
|
|
|
cfec1a |
Some public key algorithms may override this choice. For instance, DSA
|
|
|
cfec1a |
signatures always use SHA1, GOST R 34.10 signatures always use
|
|
|
cfec1a |
diff -up openssl-1.0.2a/doc/apps/x509.pod.dgst openssl-1.0.2a/doc/apps/x509.pod
|
|
|
cfec1a |
--- openssl-1.0.2a/doc/apps/x509.pod.dgst 2015-03-19 14:30:36.000000000 +0100
|
|
|
cfec1a |
+++ openssl-1.0.2a/doc/apps/x509.pod 2015-04-21 17:01:38.843551664 +0200
|
|
|
cfec1a |
@@ -107,6 +107,7 @@ the digest to use. This affects any sign
|
|
|
cfec1a |
digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
|
|
|
cfec1a |
specified then SHA1 is used. If the key being used to sign with is a DSA key
|
|
|
cfec1a |
then this option has no effect: SHA1 is always used with DSA keys.
|
|
|
cfec1a |
+For full list of digests see openssl dgst -h output.
|
|
|
cfec1a |
|
|
|
cfec1a |
=item B<-engine id>
|
|
|
cfec1a |
|