rename NOTES to COMMON SYNTAX (explains itself better); rework the

passphrase section a little; move the DER|PEM stuff in there to help
avoid text repetition, and prefer the lowercase (less keys to press);
adjust ENVIRONMENT to format a little more nicely;

1 files changed, 44 insertions, 43 deletions

diff --git a/usr.bin/openssl/openssl.1 b/usr.bin/openssl/openssl.1
index 52949f6bd2b..d93a19b91d1 100644
--- a/usr.bin/openssl/openssl.1
+++ b/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.37 2016/07/21 16:34:08 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.38 2016/07/21 18:33:27 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -263,14 +263,6 @@ of the structures.
 The input file; the default is standard input.
 .It Fl inform Cm der | pem | txt
 The input format.
-.Cm der
-.Pq Distinguished Encoding Rules
-is binary format and
-.Cm pem
-.Pq Privacy Enhanced Mail ,
-the default, is base64-encoded.
-.Cm txt
-is plain text.
 .It Fl length Ar number
 Number of bytes to parse; the default is until end of file.
 .It Fl noout
@@ -971,25 +963,19 @@ Cipher suites using SHA1.
 .Op Fl fingerprint
 .Op Fl hash
 .Op Fl in Ar file
-.Op Fl inform Ar DER | PEM
+.Op Fl inform Cm der | pem
 .Op Fl issuer
 .Op Fl lastupdate
 .Op Fl nextupdate
 .Op Fl noout
 .Op Fl out Ar file
-.Op Fl outform Ar DER | PEM
+.Op Fl outform Cm der | pem
 .Op Fl text
 .nr nS 0
 .Pp
 The
 .Nm crl
 command processes CRL files in DER or PEM format.
-.Pp
-.Cm DER
-is a DER-encoded CRL structure.
-.Cm PEM ,
-the default,
-is a base64-encoded version of the DER form with header and footer lines.
 The PEM CRL format uses the header and footer lines:
 .Bd -unfilled -offset indent
 -----BEGIN X509 CRL-----
@@ -1015,7 +1001,7 @@ Output a hash of the issuer name.
 This can be used to look up CRLs in a directory by issuer name.
 .It Fl in Ar file
 The input file to read from, or standard input if not specified.
-.It Fl inform Cm DER | PEM
+.It Fl inform Cm der | pem
 The input format.
 .It Fl issuer
 Output the issuer name.
@@ -1031,7 +1017,7 @@ field.
 Don't output the encoded version of the CRL.
 .It Fl out Ar file
 The output file to write to, or standard output if not specified.
-.It Fl outform Cm DER | PEM
+.It Fl outform Cm der | pem
 The output format.
 .It Fl text
 Print out the CRL in text form.
@@ -9010,37 +8996,32 @@ This means that any directories using the old form
 must have their links rebuilt using
 .Ar c_rehash
 or similar.
-.Sh NOTES
-Several commands accept password arguments, typically using
+.Sh COMMON NOTATION
+Several commands share a common syntax,
+as detailed below.
+.Pp
+Password arguments, typically specified using
 .Fl passin
 and
 .Fl passout
-for input and output passwords, respectively.
-These allow the password to be obtained from a variety of sources.
-Both of these options take a single argument whose format is described below.
+for input and output passwords,
+allow passwords to be obtained from a variety of sources.
+Both of these options take a single argument, described below.
 If no password argument is given and a password is required,
 then the user is prompted to enter one:
 this will typically be read from the current terminal with echoing turned off.
-.Bl -tag -width "fd:number"
-.It Ar pass : Ns Ar password
+.Bl -tag -width "pass:password" -offset indent
+.It Cm pass : Ns Ar password
 The actual password is
 .Ar password .
-Since the password is visible to utilities
-(like
-.Xr ps 1
-under
-.Ux )
+Since the password is visible to utilities,
 this form should only be used where security is not important.
-.It Ar env : Ns Ar var
+.It Cm env : Ns Ar var
 Obtain the password from the environment variable
 .Ar var .
-Since the environment of other processes is visible on certain platforms
-(e.g.\&
-.Xr ps 1
-under certain
-.Ux
-OSes) this option should be used with caution.
-.It Ar file : Ns Ar path
+Since the environment of other processes is visible,
+this option should be used with caution.
+.It Cm file : Ns Ar path
 The first line of
 .Ar path
 is the password.
@@ -9055,17 +9036,37 @@ for the output password.
 .Ar path
 need not refer to a regular file:
 it could, for example, refer to a device or named pipe.
-.It Ar fd : Ns Ar number
+.It Cm fd : Ns Ar number
 Read the password from the file descriptor
 .Ar number .
-This can be used to send the data via a pipe for example.
-.It Ar stdin
+This can be used to send the data via a pipe, for example.
+.It Cm stdin
 Read the password from standard input.
 .El
+.Pp
+File formats,
+typically specified using
+.Fl inform
+and
+.Fl outform ,
+indicate the type of file being read from
+or the file format to write.
+The argument is case insensitive.
+.Pp
+.Bl -tag -width Ds -offset indent -compact
+.It Cm der
+Distinguished Encoding Rules (DER)
+is a binary format.
+.It Cm pem
+Privacy Enhanced Mail (PEM)
+is base64-encoded.
+.It Cm txt
+Plain ASCII text.
+.El
 .Sh ENVIRONMENT
 The following environment variables affect the execution of
 .Nm openssl :
-.Bl -tag -width "OPENSSL_CONFXXX"
+.Bl -tag -width "/etc/ssl/openssl.cnf"
 .It Ev OPENSSL_CONF
 The location of the master configuration file.
 .El