deploy openssl/openssl@6d0caa1 to 3.0

3.0/man1/openssl-cms/index.html

@@ -41,4 +41,4 @@
        -recip cert.pem -keyopt rsa_padding_mode:oaep
 </code></pre></div><p>Use SHA256 KDF with an ECDH certificate:</p><div class=highlight><pre><span></span><code>openssl cms -encrypt -in plain.txt -out mail.msg \
        -recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
-</code></pre></div><p>Print CMS signed binary data in human-readable form:</p><p>openssl cms -in signed.cms -binary -inform DER -cmsout -print</p><h2 id=bugs>BUGS<a class=headerlink href=#bugs title="Permanent link">&para;</a></h2><p>The MIME parser isn&#39;t very clever: it seems to handle most messages that I&#39;ve thrown at it but it may choke on others.</p><p>The code currently will only write out the signer&#39;s certificate to a file: if the signer has a separate encryption certificate this must be manually extracted. There should be some heuristic that determines the correct encryption certificate.</p><p>Ideally a database should be maintained of a certificates for each email address.</p><p>The code doesn&#39;t currently take note of the permitted symmetric encryption algorithms as supplied in the SMIMECapabilities signed attribute. this means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those.</p><p>No revocation checking is done on the signer&#39;s certificate.</p><h2 id=see-also>SEE ALSO<a class=headerlink href=#see-also title="Permanent link">&para;</a></h2><p><a href=../../man7/ossl_store-file/ >ossl_store-file(7)</a></p><h2 id=history>HISTORY<a class=headerlink href=#history title="Permanent link">&para;</a></h2><p>The use of multiple <strong>-signer</strong> options and the <strong>-resign</strong> command were first added in OpenSSL 1.0.0.</p><p>The <strong>-keyopt</strong> option was added in OpenSSL 1.0.2.</p><p>Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2.</p><p>The use of non-RSA keys with <strong>-encrypt</strong> and <strong>-decrypt</strong> was added in OpenSSL 1.0.2.</p><p>The -no_alt_chains option was added in OpenSSL 1.0.2b.</p><p>The <strong>-nameopt</strong> option was added in OpenSSL 3.0.0.</p><p>The <strong>-engine</strong> option was deprecated in OpenSSL 3.0.</p><h2 id=copyright>COPYRIGHT<a class=headerlink href=#copyright title="Permanent link">&para;</a></h2><p>Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.</p><p>Licensed under the Apache License 2.0 (the &quot;License&quot;). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href=https://www.openssl.org/source/license.html>https://www.openssl.org/source/license.html</a>.</p></article></div><script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script></div></main><footer class=md-footer><div class="md-footer-meta md-typeset"><div class="md-footer-meta__inner md-grid"><div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a></div></div></div></footer></div><div class=md-dialog data-md-component=dialog><div class="md-dialog__inner md-typeset"></div></div><script id=__config type=application/json>{"base": "../..", "features": ["navigation.indexes", "navigation.instant", "navigation.path", "navigation.prune", "navigation.tabs", "navigation.tabs.sticky", "navigation.tracking", "search.suggest", "toc.follow"], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"default": "master", "provider": "mike"}}</script><script src=../../assets/javascripts/bundle.ad660dcc.min.js></script></body></html>
+</code></pre></div><p>Print CMS signed binary data in human-readable form:</p><p>openssl cms -in signed.cms -binary -inform DER -cmsout -print</p><h2 id=bugs>BUGS<a class=headerlink href=#bugs title="Permanent link">&para;</a></h2><p>The MIME parser isn&#39;t very clever: it seems to handle most messages that I&#39;ve thrown at it but it may choke on others.</p><p>The code currently will only write out the signer&#39;s certificate to a file: if the signer has a separate encryption certificate this must be manually extracted. There should be some heuristic that determines the correct encryption certificate.</p><p>Ideally a database should be maintained of a certificates for each email address.</p><p>The code doesn&#39;t currently take note of the permitted symmetric encryption algorithms as supplied in the SMIMECapabilities signed attribute. this means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those.</p><p>No revocation checking is done on the signer&#39;s certificate.</p><h2 id=see-also>SEE ALSO<a class=headerlink href=#see-also title="Permanent link">&para;</a></h2><p><a href=../../man7/ossl_store-file/ >ossl_store-file(7)</a></p><h2 id=history>HISTORY<a class=headerlink href=#history title="Permanent link">&para;</a></h2><p>The use of multiple <strong>-signer</strong> options and the <strong>-resign</strong> command were first added in OpenSSL 1.0.0.</p><p>The <strong>-keyopt</strong> option was added in OpenSSL 1.0.2.</p><p>Support for RSA-OAEP and RSA-PSS was added in OpenSSL 1.0.2.</p><p>The use of non-RSA keys with <strong>-encrypt</strong> and <strong>-decrypt</strong> was added in OpenSSL 1.0.2.</p><p>The -no_alt_chains option was added in OpenSSL 1.0.2b.</p><p>The <strong>-nameopt</strong> option was added in OpenSSL 3.0.0.</p><p>The <strong>-engine</strong> option was deprecated in OpenSSL 3.0.</p><h2 id=copyright>COPYRIGHT<a class=headerlink href=#copyright title="Permanent link">&para;</a></h2><p>Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.</p><p>Licensed under the Apache License 2.0 (the &quot;License&quot;). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href=https://www.openssl.org/source/license.html>https://www.openssl.org/source/license.html</a>.</p></article></div><script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script></div></main><footer class=md-footer><div class="md-footer-meta md-typeset"><div class="md-footer-meta__inner md-grid"><div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a></div></div></div></footer></div><div class=md-dialog data-md-component=dialog><div class="md-dialog__inner md-typeset"></div></div><script id=__config type=application/json>{"base": "../..", "features": ["navigation.indexes", "navigation.instant", "navigation.path", "navigation.prune", "navigation.tabs", "navigation.tabs.sticky", "navigation.tracking", "search.suggest", "toc.follow"], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"default": "master", "provider": "mike"}}</script><script src=../../assets/javascripts/bundle.ad660dcc.min.js></script></body></html>

3.0/man1/openssl-req/index.html

@@ -93,4 +93,4 @@
 </code></pre></div><p>The first error message is the clue: it can&#39;t find the configuration file! Certain operations (like examining a certificate request) don&#39;t need a configuration file so its use isn&#39;t enforced. Generation of certificates or requests however does need a configuration file. This could be regarded as a bug.</p><p>Another puzzling message is this:</p><div class=highlight><pre><span></span><code>    Attributes:
         a0:00
 </code></pre></div><p>this is displayed when no attributes are present and the request includes the correct empty <strong>SET OF</strong> structure (the DER encoding of which is 0xa0 0x00). If you just see:</p><div class=highlight><pre><span></span><code>    Attributes:
-</code></pre></div><p>then the <strong>SET OF</strong> is missing and the encoding is technically invalid (but it is tolerated). See the description of the command line option <strong>-asn1-kludge</strong> for more information.</p><h2 id=bugs>BUGS<a class=headerlink href=#bugs title="Permanent link">&para;</a></h2><p>OpenSSL&#39;s handling of T61Strings (aka TeletexStrings) is broken: it effectively treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour. This can cause problems if you need characters that aren&#39;t available in PrintableStrings and you don&#39;t want to or can&#39;t use BMPStrings.</p><p>As a consequence of the T61String handling the only correct way to represent accented characters in OpenSSL is to use a BMPString: unfortunately Netscape currently chokes on these. If you have to use accented characters with Netscape and MSIE then you currently need to use the invalid T61String form.</p><p>The current prompting is not very friendly. It doesn&#39;t allow you to confirm what you&#39;ve just entered. Other things like extensions in certificate requests are statically defined in the configuration file. Some of these: like an email address in subjectAltName should be input by the user.</p><h2 id=see-also>SEE ALSO<a class=headerlink href=#see-also title="Permanent link">&para;</a></h2><p><a href=../openssl/ >openssl(1)</a>, <a href=../openssl-x509/ >openssl-x509(1)</a>, <a href=../openssl-ca/ >openssl-ca(1)</a>, <a href=../openssl-genrsa/ >openssl-genrsa(1)</a>, <a href=../openssl-gendsa/ >openssl-gendsa(1)</a>, <a href=../../man5/config/ >config(5)</a>, <a href=../../man5/x509v3_config/ >x509v3_config(5)</a></p><h2 id=history>HISTORY<a class=headerlink href=#history title="Permanent link">&para;</a></h2><p>The <strong>-section</strong> option was added in OpenSSL 3.0.0.</p><p>The <strong>-multivalue-rdn</strong> option has become obsolete in OpenSSL 3.0.0 and has no effect.</p><p>The <strong>-engine</strong> option was deprecated in OpenSSL 3.0. The &lt;-nodes&gt; option was deprecated in OpenSSL 3.0, too; use <strong>-noenc</strong> instead.</p><h2 id=copyright>COPYRIGHT<a class=headerlink href=#copyright title="Permanent link">&para;</a></h2><p>Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.</p><p>Licensed under the Apache License 2.0 (the &quot;License&quot;). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href=https://www.openssl.org/source/license.html>https://www.openssl.org/source/license.html</a>.</p></article></div><script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script></div></main><footer class=md-footer><div class="md-footer-meta md-typeset"><div class="md-footer-meta__inner md-grid"><div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a></div></div></div></footer></div><div class=md-dialog data-md-component=dialog><div class="md-dialog__inner md-typeset"></div></div><script id=__config type=application/json>{"base": "../..", "features": ["navigation.indexes", "navigation.instant", "navigation.path", "navigation.prune", "navigation.tabs", "navigation.tabs.sticky", "navigation.tracking", "search.suggest", "toc.follow"], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"default": "master", "provider": "mike"}}</script><script src=../../assets/javascripts/bundle.ad660dcc.min.js></script></body></html>
+</code></pre></div><p>then the <strong>SET OF</strong> is missing and the encoding is technically invalid (but it is tolerated). See the description of the command line option <strong>-asn1-kludge</strong> for more information.</p><h2 id=bugs>BUGS<a class=headerlink href=#bugs title="Permanent link">&para;</a></h2><p>OpenSSL&#39;s handling of T61Strings (aka TeletexStrings) is broken: it effectively treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour. This can cause problems if you need characters that aren&#39;t available in PrintableStrings and you don&#39;t want to or can&#39;t use BMPStrings.</p><p>As a consequence of the T61String handling the only correct way to represent accented characters in OpenSSL is to use a BMPString: unfortunately Netscape currently chokes on these. If you have to use accented characters with Netscape and MSIE then you currently need to use the invalid T61String form.</p><p>The current prompting is not very friendly. It doesn&#39;t allow you to confirm what you&#39;ve just entered. Other things like extensions in certificate requests are statically defined in the configuration file. Some of these: like an email address in subjectAltName should be input by the user.</p><h2 id=see-also>SEE ALSO<a class=headerlink href=#see-also title="Permanent link">&para;</a></h2><p><a href=../openssl/ >openssl(1)</a>, <a href=../openssl-x509/ >openssl-x509(1)</a>, <a href=../openssl-ca/ >openssl-ca(1)</a>, <a href=../openssl-genrsa/ >openssl-genrsa(1)</a>, <a href=../openssl-gendsa/ >openssl-gendsa(1)</a>, <a href=../../man5/config/ >config(5)</a>, <a href=../../man5/x509v3_config/ >x509v3_config(5)</a></p><h2 id=history>HISTORY<a class=headerlink href=#history title="Permanent link">&para;</a></h2><p>The <strong>-section</strong> option was added in OpenSSL 3.0.0.</p><p>The <strong>-multivalue-rdn</strong> option has become obsolete in OpenSSL 3.0.0 and has no effect.</p><p>The <strong>-engine</strong> option was deprecated in OpenSSL 3.0. The &lt;-nodes&gt; option was deprecated in OpenSSL 3.0, too; use <strong>-noenc</strong> instead.</p><h2 id=copyright>COPYRIGHT<a class=headerlink href=#copyright title="Permanent link">&para;</a></h2><p>Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.</p><p>Licensed under the Apache License 2.0 (the &quot;License&quot;). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href=https://www.openssl.org/source/license.html>https://www.openssl.org/source/license.html</a>.</p></article></div><script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script></div></main><footer class=md-footer><div class="md-footer-meta md-typeset"><div class="md-footer-meta__inner md-grid"><div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a></div></div></div></footer></div><div class=md-dialog data-md-component=dialog><div class="md-dialog__inner md-typeset"></div></div><script id=__config type=application/json>{"base": "../..", "features": ["navigation.indexes", "navigation.instant", "navigation.path", "navigation.prune", "navigation.tabs", "navigation.tabs.sticky", "navigation.tracking", "search.suggest", "toc.follow"], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"default": "master", "provider": "mike"}}</script><script src=../../assets/javascripts/bundle.ad660dcc.min.js></script></body></html>