root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Removed duplicates in some man pages 

Fixes openssl/openssl#11748

find-doc-nits: Check for duplicate options

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27088)
This commit is contained in:
Chase Killorin 2025-03-05 14:44:58 -05:00 committed by Tomas Mraz
parent 3edb1f09c6
commit 2c8103e468
11 changed files with 36 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/man1/CA.pl.pod
View File

@ -6,6 +6,8 @@ CA.pl - friendlier interface for OpenSSL certificate programs
=head1 SYNOPSIS =head1 SYNOPSIS
=for openssl duplicate options
B<CA.pl> B<CA.pl>
B<-?> | B<-?> |
B<-h> | B<-h> |

1
doc/man1/openssl-ciphers.pod.in
View File

@ -17,7 +17,6 @@ B<openssl> B<ciphers>
[B<-tls1_1>] [B<-tls1_1>]
[B<-tls1_2>] [B<-tls1_2>]
[B<-tls1_3>] [B<-tls1_3>]
[B<-s>]
[B<-psk>] [B<-psk>]
[B<-srp>] [B<-srp>]
[B<-stdname>] [B<-stdname>]

2
doc/man1/openssl-cms.pod.in
View File

@ -7,6 +7,8 @@ openssl-cms - CMS command
=head1 SYNOPSIS =head1 SYNOPSIS
=for openssl duplicate options
B<openssl> B<cms> B<openssl> B<cms>
[B<-help>] [B<-help>]

4
doc/man1/openssl-pkcs12.pod.in
View File

@ -7,6 +7,8 @@ openssl-pkcs12 - PKCS#12 file command
=head1 SYNOPSIS =head1 SYNOPSIS
=for openssl duplicate options
B<openssl> B<pkcs12> B<openssl> B<pkcs12>
[B<-help>] [B<-help>]
[B<-passin> I<arg>] [B<-passin> I<arg>]
@ -174,7 +176,7 @@ see the L</PKCS#12 output (export) options> section.
=item B<-out> I<filename> =item B<-out> I<filename>
The filename to write certificates and private keys to, standard output by The filename to write certificates and private keys to, standard output by
default. They are all written in PEM format. default. They are all written in PEM format.
=item B<-info> =item B<-info>

1
doc/man1/openssl-rehash.pod.in
View File

@ -10,6 +10,7 @@ openssl-rehash, c_rehash - Create symbolic links to files named by the hash
values values
=head1 SYNOPSIS =head1 SYNOPSIS
=for openssl duplicate options
B<openssl> B<openssl>
B<rehash> B<rehash>

83
doc/man1/openssl-s_client.pod.in
View File

@ -59,7 +59,6 @@ B<openssl> B<s_client>
[B<-msg>] [B<-msg>]
[B<-timeout>] [B<-timeout>]
[B<-mtu> I<size>] [B<-mtu> I<size>]
[B<-no_etm>]
[B<-no_ems>] [B<-no_ems>]
[B<-keymatexport> I<label>] [B<-keymatexport> I<label>]
[B<-keymatexportlen> I<len>] [B<-keymatexportlen> I<len>]
@ -84,29 +83,14 @@ B<openssl> B<s_client>
[B<-max_pipelines>] [B<-max_pipelines>]
[B<-read_buf>] [B<-read_buf>]
[B<-ignore_unexpected_eof>] [B<-ignore_unexpected_eof>]
[B<-bugs>]
[B<-no_tx_cert_comp>] [B<-no_tx_cert_comp>]
[B<-no_rx_cert_comp>] [B<-no_rx_cert_comp>]
[B<-comp>]
[B<-no_comp>]
[B<-brief>] [B<-brief>]
[B<-legacy_server_connect>]
[B<-no_legacy_server_connect>]
[B<-allow_no_dhe_kex>]
[B<-prefer_no_dhe_kex>]
[B<-sigalgs> I<sigalglist>]
[B<-curves> I<curvelist>]
[B<-cipher> I<cipherlist>]
[B<-ciphersuites> I<val>]
[B<-serverpref>]
[B<-starttls> I<protocol>] [B<-starttls> I<protocol>]
[B<-name> I<hostname>]
[B<-xmpphost> I<hostname>] [B<-xmpphost> I<hostname>]
[B<-name> I<hostname>] [B<-name> I<hostname>]
[B<-tlsextdebug>] [B<-tlsextdebug>]
[B<-no_ticket>]
[B<-sess_out> I<filename>] [B<-sess_out> I<filename>]
[B<-serverinfo> I<types>]
[B<-sess_in> I<filename>] [B<-sess_in> I<filename>]
[B<-serverinfo> I<types>] [B<-serverinfo> I<types>]
[B<-status>] [B<-status>]
@ -485,10 +469,6 @@ Enable send/receive timeout on DTLS connections.
Set MTU of the link layer to the specified size. Set MTU of the link layer to the specified size.
=item B<-no_etm>
Disable Encrypt-then-MAC negotiation.
=item B<-no_ems> =item B<-no_ems>
Disable Extended master secret negotiation. Disable Extended master secret negotiation.
@ -623,11 +603,6 @@ option is enabled the peer does not need to send the close_notify alert and a
closed connection will be treated as if the close_notify alert was received. closed connection will be treated as if the close_notify alert was received.
For more information on shutting down a connection, see L<SSL_shutdown(3)>. For more information on shutting down a connection, see L<SSL_shutdown(3)>.
=item B<-bugs>
There are several known bugs in SSL and TLS implementations. Adding this
option enables various workarounds.
=item B<-no_tx_cert_comp> =item B<-no_tx_cert_comp>
Disables support for sending TLSv1.3 compressed certificates. Disables support for sending TLSv1.3 compressed certificates.
@ -636,65 +611,11 @@ Disables support for sending TLSv1.3 compressed certificates.
Disables support for receiving TLSv1.3 compressed certificate. Disables support for receiving TLSv1.3 compressed certificate.
=item B<-comp>
Enables support for SSL/TLS compression.
This option was introduced in OpenSSL 1.1.0.
TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0. TLS compression can only be used in security level 1 or
lower. From OpenSSL 3.2.0 and above the default security level is 2, so this
option will have no effect without also changing the security level. Use the
B<-cipher> option to change the security level. See L<openssl-ciphers(1)> for
more information.
=item B<-no_comp>
Disables support for SSL/TLS compression.
TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0.
=item B<-brief> =item B<-brief>
Only provide a brief summary of connection parameters instead of the Only provide a brief summary of connection parameters instead of the
normal verbose output. normal verbose output.
=item B<-sigalgs> I<sigalglist>
Specifies the list of signature algorithms that are sent by the client.
The server selects one entry in the list based on its preferences.
For example strings, see L<SSL_CTX_set1_sigalgs(3)>
=item B<-curves> I<curvelist>
Specifies the list of supported curves to be sent by the client. The curve is
ultimately selected by the server.
The list of available groups includes various built-in named EC curves, as well
as X25519 and X448, FFDHE groups, and any additional groups implemented in the
default or 3rd-party providers.
The commands below list the available groups for TLS 1.2 and TLS 1.3,
respectively:
$ openssl list -tls1_2 -tls-groups
$ openssl list -tls1_3 -tls-groups
=item B<-cipher> I<cipherlist>
This allows the TLSv1.2 and below cipher list sent by the client to be modified.
This list will be combined with any TLSv1.3 ciphersuites that have been
configured. Although the server determines which ciphersuite is used it should
take the first supported cipher in the list sent by the client. See
L<openssl-ciphers(1)> for more information.
=item B<-ciphersuites> I<val>
This allows the TLSv1.3 ciphersuites sent by the client to be modified. This
list will be combined with any TLSv1.2 and below ciphersuites that have been
configured. Although the server determines which cipher suite is used it should
take the first supported cipher in the list sent by the client. See
L<openssl-ciphers(1)> for more information. The format for this list is a simple
colon (":") separated list of TLSv1.3 ciphersuite names.
=item B<-starttls> I<protocol> =item B<-starttls> I<protocol>
Send the protocol-specific message(s) to switch to TLS for communication. Send the protocol-specific message(s) to switch to TLS for communication.
@ -729,10 +650,6 @@ this option is not specified, then "mail.example.com" will be used.
Print out a hex dump of any TLS extensions received from the server. Print out a hex dump of any TLS extensions received from the server.
=item B<-no_ticket>
Disable RFC4507bis session ticket support.
=item B<-sess_out> I<filename> =item B<-sess_out> I<filename>
Output SSL session to I<filename>. Output SSL session to I<filename>.

98
doc/man1/openssl-s_server.pod.in
View File

@ -7,6 +7,8 @@ openssl-s_server - SSL/TLS server program
=head1 SYNOPSIS =head1 SYNOPSIS
=for openssl duplicate options
B<openssl> B<s_server> B<openssl> B<s_server>
[B<-help>] [B<-help>]
[B<-port> I<+int>] [B<-port> I<+int>]
@ -70,7 +72,6 @@ B<openssl> B<s_server>
[B<-verify_quiet>] [B<-verify_quiet>]
[B<-ign_eof>] [B<-ign_eof>]
[B<-no_ign_eof>] [B<-no_ign_eof>]
[B<-no_etm>]
[B<-no_ems>] [B<-no_ems>]
[B<-status>] [B<-status>]
[B<-status_verbose>] [B<-status_verbose>]
@ -91,30 +92,9 @@ B<openssl> B<s_server>
[B<-max_pipelines> I<+int>] [B<-max_pipelines> I<+int>]
[B<-naccept> I<+int>] [B<-naccept> I<+int>]
[B<-read_buf> I<+int>] [B<-read_buf> I<+int>]
[B<-bugs>]
[B<-no_tx_cert_comp>] [B<-no_tx_cert_comp>]
[B<-no_rx_cert_comp>] [B<-no_rx_cert_comp>]
[B<-no_comp>]
[B<-comp>]
[B<-no_ticket>]
[B<-serverpref>]
[B<-legacy_renegotiation>]
[B<-no_renegotiation>]
[B<-no_resumption_on_reneg>]
[B<-allow_no_dhe_kex>]
[B<-prefer_no_dhe_kex>]
[B<-prioritize_chacha>]
[B<-strict>]
[B<-sigalgs> I<val>]
[B<-client_sigalgs> I<val>]
[B<-groups> I<val>]
[B<-curves> I<val>]
[B<-named_curve> I<val>]
[B<-cipher> I<val>]
[B<-ciphersuites> I<val>]
[B<-dhparam> I<infile>] [B<-dhparam> I<infile>]
[B<-record_padding> I<val>]
[B<-debug_broken_protocol>]
[B<-nbio>] [B<-nbio>]
[B<-psk_identity> I<val>] [B<-psk_identity> I<val>]
[B<-psk_hint> I<val>] [B<-psk_hint> I<val>]
@ -501,10 +481,6 @@ Ignore input EOF (default: when B<-quiet>).
Do not ignore input EOF. Do not ignore input EOF.
=item B<-no_etm>
Disable Encrypt-then-MAC negotiation.
=item B<-no_ems> =item B<-no_ems>
Disable Extended master secret negotiation. Disable Extended master secret negotiation.
@ -613,11 +589,6 @@ effect if the buffer size is larger than the size that would otherwise be used
and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for and pipelining is in use (see L<SSL_CTX_set_default_read_buffer_len(3)> for
further information). further information).
=item B<-bugs>
There are several known bugs in SSL and TLS implementations. Adding this
option enables various workarounds.
=item B<-no_tx_cert_comp> =item B<-no_tx_cert_comp>
Disables support for sending TLSv1.3 compressed certificates. Disables support for sending TLSv1.3 compressed certificates.
@ -632,77 +603,12 @@ Disable negotiation of TLS compression.
TLS compression is not recommended and is off by default as of TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0. OpenSSL 1.1.0.
=item B<-comp>
Enables support for SSL/TLS compression.
This option was introduced in OpenSSL 1.1.0.
TLS compression is not recommended and is off by default as of
OpenSSL 1.1.0. TLS compression can only be used in security level 1 or
lower. From OpenSSL 3.2.0 and above the default security level is 2, so this
option will have no effect without also changing the security level. Use the
B<-cipher> option to change the security level. See L<openssl-ciphers(1)> for
more information.
=item B<-no_ticket>
Disable RFC4507bis session ticket support. This option has no effect if TLSv1.3
is negotiated. See B<-num_tickets>.
=item B<-num_tickets> =item B<-num_tickets>
Control the number of tickets that will be sent to the client after a full Control the number of tickets that will be sent to the client after a full
handshake in TLSv1.3. The default number of tickets is 2. This option does not handshake in TLSv1.3. The default number of tickets is 2. This option does not
affect the number of tickets sent after a resumption handshake. affect the number of tickets sent after a resumption handshake.
=item B<-serverpref>
Use the server's cipher preferences, rather than the client's preferences.
=item B<-prioritize_chacha>
Prioritize ChaCha ciphers when preferred by clients. Requires B<-serverpref>.
=item B<-no_resumption_on_reneg>
Set the B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> option.
=item B<-client_sigalgs> I<val>
Signature algorithms to support for client certificate authentication
(colon-separated list).
=item B<-named_curve> I<val>
Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
The list of available groups includes various built-in named EC curves, as well
as X25519 and X448, FFDHE groups, and any additional groups implemented in the
default or 3rd-party providers.
The commands below list the available groups for TLS 1.2 and TLS 1.3,
respectively.
$ openssl list -tls1_2 -tls-groups
$ openssl list -tls1_3 -tls-groups
=item B<-cipher> I<val>
This allows the list of TLSv1.2 and below ciphersuites used by the server to be
modified. This list is combined with any TLSv1.3 ciphersuites that have been
configured. When the client sends a list of supported ciphers the first client
cipher also included in the server list is used. Because the client specifies
the preference order, the order of the server cipherlist is irrelevant. See
L<openssl-ciphers(1)> for more information.
=item B<-ciphersuites> I<val>
This allows the list of TLSv1.3 ciphersuites used by the server to be modified.
This list is combined with any TLSv1.2 and below ciphersuites that have been
configured. When the client sends a list of supported ciphers the first client
cipher also included in the server list is used. Because the client specifies
the preference order, the order of the server cipherlist is irrelevant. See
L<openssl-ciphers(1)> command for more information. The format for this list is
a simple colon (":") separated list of TLSv1.3 ciphersuite names.
=item B<-dhparam> I<infile> =item B<-dhparam> I<infile>
The DH parameter file to use. The ephemeral DH cipher suites generate keys The DH parameter file to use. The ephemeral DH cipher suites generate keys

2
doc/man1/openssl-smime.pod.in
View File

@ -130,7 +130,7 @@ See L<openssl-format-options(1)> for details.
The key format; unspecified by default. The key format; unspecified by default.
See L<openssl-format-options(1)> for details. See L<openssl-format-options(1)> for details.
=item B<-stream>, B<-indef>, B<-noindef> =item B<-stream>, B<-indef>
The B<-stream> and B<-indef> options are equivalent and enable streaming I/O The B<-stream> and B<-indef> options are equivalent and enable streaming I/O
for encoding operations. This permits single pass processing of data without for encoding operations. This permits single pass processing of data without

2
doc/man1/openssl-ts.pod.in
View File

@ -7,6 +7,8 @@ openssl-ts - Time Stamping Authority command
=head1 SYNOPSIS =head1 SYNOPSIS
=for openssl duplicate options
B<openssl> B<ts> B<openssl> B<ts>
B<-help> B<-help>

2
doc/man1/openssl.pod
View File

@ -6,6 +6,8 @@ openssl - OpenSSL command line program
=head1 SYNOPSIS =head1 SYNOPSIS
=for openssl duplicate options
B<openssl> B<openssl>
I<command> I<command>
[ I<options> ... ] [ I<options> ... ]

26
util/find-doc-nits
View File

@ -276,7 +276,9 @@ sub files {
# Print error message, set $status. # Print error message, set $status.
sub err { sub err {
print join(" ", @_), "\n"; my $t = join(" ", @_);
$t =~ s/\n//g;
print $t, "\n";
$status = 1 $status = 1
} }
@ -560,8 +562,10 @@ sub option_check {
my $id = shift; my $id = shift;
my $filename = shift; my $filename = shift;
my $contents = shift; my $contents = shift;
my $nodups = 1;
my $synopsis = ($contents =~ /=head1\s+SYNOPSIS(.*?)=head1/s, $1); my $synopsis = ($contents =~ /=head1\s+SYNOPSIS(.*?)=head1/s, $1);
$nodups = 0 if $synopsis =~ /=for\s+openssl\s+duplicate\s+options/s;
# Some pages have more than one OPTIONS section, let's make sure # Some pages have more than one OPTIONS section, let's make sure
# to get them all # to get them all
@ -577,19 +581,26 @@ sub option_check {
} }
my @synopsis; my @synopsis;
my %listed;
while ( $synopsis =~ /$markup_re/msg ) { while ( $synopsis =~ /$markup_re/msg ) {
my $found = $&; my $found = $&;
push @synopsis, $found if $found =~ /^B<-/; push @synopsis, $found if $found =~ /^B<-/;
print STDERR "$id:DEBUG[option_check] SYNOPSIS: found $found\n" print STDERR "$id:DEBUG[option_check] SYNOPSIS: found $found\n"
if $debug; if $debug;
my $option_uw = normalise_option($id, $filename, $found); my $option_uw = normalise_option($id, $filename, $found);
err($id, "Malformed option [2] in SYNOPSIS: $found") if ( defined $option_uw ) {
if defined $option_uw && $option_uw eq ''; err($id, "Malformed option [2] in SYNOPSIS: $found")
if $option_uw eq '';
err($id, "Duplicate option in SYNOPSIS $option_uw\n")
if $nodups && defined $listed{$option_uw};
$listed{$option_uw} = 1;
}
} }
# In OPTIONS, we look for =item paragraphs. # In OPTIONS, we look for =item paragraphs.
# (?=^\s*$) detects an empty line. # (?=^\s*$) detects an empty line.
my @options; my @options;
my %described;
while ( $options =~ /=item\s+(.*?)(?=^\s*$)/msg ) { while ( $options =~ /=item\s+(.*?)(?=^\s*$)/msg ) {
my $item = $&; my $item = $&;
@ -601,8 +612,13 @@ sub option_check {
if ($1 // '') ne '' && $found =~ /^B<\s*-/; if ($1 // '') ne '' && $found =~ /^B<\s*-/;
my $option_uw = normalise_option($id, $filename, $found); my $option_uw = normalise_option($id, $filename, $found);
err($id, "Malformed option in OPTIONS: $found") if ( defined $option_uw ) {
if defined $option_uw && $option_uw eq ''; err($id, "Malformed option in OPTIONS: $found")
if $option_uw eq '';
err($id, "Duplicate option in OPTIONS $option_uw\n")
if $nodups && defined $described{$option_uw};
$described{$option_uw} = 1;
}
if ($found =~ /^B<-/) { if ($found =~ /^B<-/) {
push @options, $found; push @options, $found;
err($id, "OPTIONS entry $found missing from SYNOPSIS") err($id, "OPTIONS entry $found missing from SYNOPSIS")