Remove unused/never installed libssl tools and docs and references to them

Sure deraadt

4 files changed, 2 insertions, 376 deletions

diff --git a/lib/libssl/src/doc/apps/CA.pl.pod b/lib/libssl/src/doc/apps/CA.pl.pod
deleted file mode 100644
index d326101cde7..00000000000
--- a/lib/libssl/src/doc/apps/CA.pl.pod
+++ /dev/null
@@ -1,179 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-CA.pl - friendlier interface for OpenSSL certificate programs
-
-=head1 SYNOPSIS
-
-B<CA.pl>
-[B<-?>]
-[B<-h>]
-[B<-help>]
-[B<-newcert>]
-[B<-newreq>]
-[B<-newreq-nodes>]
-[B<-newca>]
-[B<-xsign>]
-[B<-sign>]
-[B<-signreq>]
-[B<-signcert>]
-[B<-verify>]
-[B<files>]
-
-=head1 DESCRIPTION
-
-The B<CA.pl> script is a perl script that supplies the relevant command line
-arguments to the B<openssl> command for some common certificate operations.
-It is intended to simplify the process of certificate creation and management
-by the use of some simple options.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<?>, B<-h>, B<-help>
-
-prints a usage message.
-
-=item B<-newcert>
-
-creates a new self signed certificate. The private key is written to the file
-"newkey.pem" and the request written to the file "newreq.pem".
-
-=item B<-newreq>
-
-creates a new certificate request. The private key is written to the file
-"newkey.pem" and the request written to the file "newreq.pem".
-
-=item B<-newreq-nodes>
-
-is like B<-newreq> except that the private key will not be encrypted.
-
-=item B<-newca>
-
-creates a new CA hierarchy for use with the B<ca> program (or the B<-signcert>
-and B<-xsign> options). The user is prompted to enter the filename of the CA
-certificates (which should also contain the private key) or by hitting ENTER
-details of the CA will be prompted for. The relevant files and directories
-are created in a directory called "demoCA" in the current directory.
-
-=item B<-pkcs12>
-
-create a PKCS#12 file containing the user certificate, private key and CA
-certificate. It expects the user certificate and private key to be in the
-file "newcert.pem" and the CA certificate to be in the file demoCA/cacert.pem,
-it creates a file "newcert.p12". This command can thus be called after the
-B<-sign> option. The PKCS#12 file can be imported directly into a browser.
-If there is an additional argument on the command line it will be used as the
-"friendly name" for the certificate (which is typically displayed in the browser
-list box), otherwise the name "My Certificate" is used.
-
-=item B<-sign>, B<-signreq>, B<-xsign>
-
-calls the B<ca> program to sign a certificate request. It expects the request
-to be in the file "newreq.pem". The new certificate is written to the file
-"newcert.pem" except in the case of the B<-xsign> option when it is written
-to standard output.
-
-
-=item B<-signCA>
-
-this option is the same as the B<-signreq> option except it uses the configuration
-file section B<v3_ca> and so makes the signed request a valid CA certificate. This
-is useful when creating intermediate CA from a root CA.
-
-=item B<-signcert>
-
-this option is the same as B<-sign> except it expects a self signed certificate
-to be present in the file "newreq.pem".
-
-=item B<-verify>
-
-verifies certificates against the CA certificate for "demoCA". If no certificates
-are specified on the command line it tries to verify the file "newcert.pem". 
-
-=item B<files>
-
-one or more optional certificate file names for use with the B<-verify> command.
-
-=back
-
-=head1 EXAMPLES
-
-Create a CA hierarchy:
-
- CA.pl -newca
-
-Complete certificate creation example: create a CA, create a request, sign
-the request and finally create a PKCS#12 file containing it.
-
- CA.pl -newca
- CA.pl -newreq
- CA.pl -signreq
- CA.pl -pkcs12 "My Test Certificate"
-
-=head1 DSA CERTIFICATES
-
-Although the B<CA.pl> creates RSA CAs and requests it is still possible to
-use it with DSA certificates and requests using the L<req(1)|req(1)> command
-directly. The following example shows the steps that would typically be taken.
-
-Create some DSA parameters:
-
- openssl dsaparam -out dsap.pem 1024
-
-Create a DSA CA certificate and private key:
-
- openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem
-
-Create the CA directories and files:
-
- CA.pl -newca
-
-enter cacert.pem when prompted for the CA file name.
-
-Create a DSA certificate request and private key (a different set of parameters
-can optionally be created first):
-
- openssl req -out newreq.pem -newkey dsa:dsap.pem 
-
-Sign the request:
-
- CA.pl -signreq
-
-=head1 NOTES
-
-Most of the filenames mentioned can be modified by editing the B<CA.pl> script.
-
-If the demoCA directory already exists then the B<-newca> command will not
-overwrite it and will do nothing. This can happen if a previous call using
-the B<-newca> option terminated abnormally. To get the correct behaviour
-delete the demoCA directory if it already exists.
-
-Under some environments it may not be possible to run the B<CA.pl> script
-directly (for example Win32) and the default configuration file location may
-be wrong. In this case the command:
-
- perl -S CA.pl
-
-can be used and the B<OPENSSL_CONF> environment variable changed to point to 
-the correct path of the configuration file "openssl.cnf".
-
-The script is intended as a simple front end for the B<openssl> program for use
-by a beginner. Its behaviour isn't always what is wanted. For more control over the
-behaviour of the certificate commands call the B<openssl> command directly.
-
-=head1 ENVIRONMENT VARIABLES
-
-The variable B<OPENSSL_CONF> if defined allows an alternative configuration
-file location to be specified, it should contain the full path to the
-configuration file, not just its directory.
-
-=head1 SEE ALSO
-
-L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<req(1)|req(1)>, L<pkcs12(1)|pkcs12(1)>,
-L<config(5)|config(5)>
-
-=cut
diff --git a/lib/libssl/src/doc/apps/tsget.pod b/lib/libssl/src/doc/apps/tsget.pod
deleted file mode 100644
index 56db985c4bb..00000000000
--- a/lib/libssl/src/doc/apps/tsget.pod
+++ /dev/null
@@ -1,194 +0,0 @@
-=pod
-
-=head1 NAME
-
-tsget - Time Stamping HTTP/HTTPS client
-
-=head1 SYNOPSIS
-
-B<tsget>
-B<-h> server_url
-[B<-e> extension]
-[B<-o> output]
-[B<-v>]
-[B<-d>]
-[B<-k> private_key.pem]
-[B<-p> key_password]
-[B<-c> client_cert.pem]
-[B<-C> CA_certs.pem]
-[B<-P> CA_path]
-[B<-r> file:file...]
-[B<-g> EGD_socket]
-[request]...
-
-=head1 DESCRIPTION
-
-The B<tsget> command can be used for sending a time stamp request, as
-specified in B<RFC 3161>, to a time stamp server over HTTP or HTTPS and storing
-the time stamp response in a file. This tool cannot be used for creating the
-requests and verifying responses, you can use the OpenSSL B<ts(1)> command to
-do that. B<tsget> can send several requests to the server without closing
-the TCP connection if more than one requests are specified on the command
-line.
-
-The tool sends the following HTTP request for each time stamp request:
-
-	POST url HTTP/1.1
-	User-Agent: OpenTSA tsget.pl/<version>
-	Host: <host>:<port>
-	Pragma: no-cache
-	Content-Type: application/timestamp-query
-	Accept: application/timestamp-reply
-	Content-Length: length of body
-
-	...binary request specified by the user...
-
-B<tsget> expects a response of type application/timestamp-reply, which is
-written to a file without any interpretation.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-h> server_url
-
-The URL of the HTTP/HTTPS server listening for time stamp requests.
-
-=item B<-e> extension
-
-If the B<-o> option is not given this argument specifies the extension of the
-output files. The base name of the output file will be the same as those of
-the input files. Default extension is '.tsr'. (Optional)
-
-=item B<-o> output
-
-This option can be specified only when just one request is sent to the
-server. The time stamp response will be written to the given output file. '-'
-means standard output. In case of multiple time stamp requests or the absence
-of this argument the names of the output files will be derived from the names
-of the input files and the default or specified extension argument. (Optional)
-
-=item B<-v>
-
-The name of the currently processed request is printed on standard
-error. (Optional)
-
-=item B<-d>
-
-Switches on verbose mode for the underlying B<curl> library. You can see
-detailed debug messages for the connection. (Optional)
-
-=item B<-k> private_key.pem
-
-(HTTPS) In case of certificate-based client authentication over HTTPS
-<private_key.pem> must contain the private key of the user. The private key
-file can optionally be protected by a passphrase. The B<-c> option must also
-be specified. (Optional)
-
-=item B<-p> key_password
-
-(HTTPS) Specifies the passphrase for the private key specified by the B<-k>
-argument. If this option is omitted and the key is passphrase protected B<tsget>
-will ask for it. (Optional)
-
-=item B<-c> client_cert.pem
-
-(HTTPS) In case of certificate-based client authentication over HTTPS
-<client_cert.pem> must contain the X.509 certificate of the user.  The B<-k>
-option must also be specified. If this option is not specified no
-certificate-based client authentication will take place. (Optional)
-
-=item B<-C> CA_certs.pem
-
-(HTTPS) The trusted CA certificate store. The certificate chain of the peer's
-certificate must include one of the CA certificates specified in this file.
-Either option B<-C> or option B<-P> must be given in case of HTTPS. (Optional)
-
-=item B<-P> CA_path
-
-(HTTPS) The path containing the trusted CA certificates to verify the peer's
-certificate. The directory must be prepared with the B<c_rehash>
-OpenSSL utility. Either option B<-C> or option B<-P> must be given in case of
-HTTPS. (Optional)
-
-=item B<-rand> file:file...
-
-The files containing random data for seeding the random number
-generator. Multiple files can be specified, the separator is B<;> for
-MS-Windows, B<,> for VMS and B<:> for all other platforms. (Optional)
-
-=item B<-g> EGD_socket
-
-The name of an EGD socket to get random data from. (Optional)
-
-=item [request]...
-
-List of files containing B<RFC 3161> DER-encoded time stamp requests. If no
-requests are specified only one request will be sent to the server and it will be
-read from the standard input. (Optional)
-
-=back
-
-=head1 ENVIRONMENT VARIABLES
-
-The B<TSGET> environment variable can optionally contain default
-arguments. The content of this variable is added to the list of command line
-arguments.
-
-=head1 EXAMPLES
-
-The examples below presume that B<file1.tsq> and B<file2.tsq> contain valid
-time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests
-and at port 8443 for HTTPS requests, the TSA service is available at the /tsa
-absolute path.
-
-Get a time stamp response for file1.tsq over HTTP, output is written to 
-file1.tsr:
-
-  tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
-
-Get a time stamp response for file1.tsq and file2.tsq over HTTP showing
-progress, output is written to file1.reply and file2.reply respectively:
-
-  tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
-	file1.tsq file2.tsq
-
-Create a time stamp request, write it to file3.tsq, send it to the server and
-write the response to file3.tsr:
-
-  openssl ts -query -data file3.txt -cert | tee file3.tsq \
-	| tsget -h http://tsa.opentsa.org:8080/tsa \
-	-o file3.tsr
-
-Get a time stamp response for file1.tsq over HTTPS without client
-authentication:
-
-  tsget -h https://tsa.opentsa.org:8443/tsa \
-	-C cacerts.pem file1.tsq
-
-Get a time stamp response for file1.tsq over HTTPS with certificate-based
-client authentication (it will ask for the passphrase if client_key.pem is
-protected):
-
-  tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
-	-k client_key.pem -c client_cert.pem file1.tsq
-
-You can shorten the previous command line if you make use of the B<TSGET>
-environment variable. The following commands do the same as the previous
-example:
-
-  TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
-	-k client_key.pem -c client_cert.pem'
-  export TSGET
-  tsget file1.tsq
-
-=head1 AUTHOR
-
-Zoltan Glozik <zglozik@opentsa.org>, OpenTSA project (http://www.opentsa.org)
-
-=head1 SEE ALSO
-
-L<openssl(1)|openssl(1)>, L<ts(1)|ts(1)>, L<curl(1)|curl(1)>, 
-B<RFC 3161>
-
-=cut
diff --git a/lib/libssl/src/doc/apps/verify.pod b/lib/libssl/src/doc/apps/verify.pod
index da683004bd2..f1d5384b9a5 100644
--- a/lib/libssl/src/doc/apps/verify.pod
+++ b/lib/libssl/src/doc/apps/verify.pod
@@ -43,8 +43,7 @@ The B<verify> command verifies certificate chains.
 A directory of trusted certificates. The certificates should have names
 of the form: hash.0 or have symbolic links to them of this
 form ("hash" is the hashed certificate subject name: see the B<-hash> option
-of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
-create symbolic links to a directory of certificates.
+of the B<x509> utility).
 
 =item B<-CAfile file>
 
diff --git a/lib/libssl/src/doc/apps/x509.pod b/lib/libssl/src/doc/apps/x509.pod
index d2d9eb812af..314018f0862 100644
--- a/lib/libssl/src/doc/apps/x509.pod
+++ b/lib/libssl/src/doc/apps/x509.pod
@@ -856,6 +856,6 @@ The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options
 before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
 of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
 canonical version of the DN using SHA1. This means that any directories using
-the old form must have their links rebuilt using B<c_rehash> or similar. 
+the old form must have their links rebuilt.
 
 =cut