From: Pauli Date: Thu, 25 Jun 2020 01:27:51 +0000 (+1000) Subject: apps: document the deprecation of the -engine option X-Git-Tag: openssl-3.0.0-alpha5~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0f221d9c68b005332e21e70e7e841d021dc20498;p=thirdparty%2Fopenssl.git apps: document the deprecation of the -engine option Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/12226) --- diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in index 519f5f4eed2..5f7dc2d16fc 100644 --- a/doc/man1/openssl-ca.pod.in +++ b/doc/man1/openssl-ca.pod.in @@ -794,6 +794,8 @@ The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 SEE ALSO L, diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index b148afb2dca..6ed11f442f1 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -71,7 +71,7 @@ B B [B<-keyform> I] [B<-certsform> I] [B<-otherpass> I] -[B<-engine> I] +{- $OpenSSL::safe::opt_engine_synopsis -} {- $OpenSSL::safe::opt_provider_synopsis -} [B<-tls_used>] @@ -698,6 +698,7 @@ If not given here, the password will be prompted for if needed. For more information about the format of B see the B section in L. +{- output_off() if $disabled{"deprecated-3.0"}; "" -} =item B<-engine> I @@ -714,6 +715,7 @@ the engine. as supported, e.g., by libp11: C<-key engine:pkcs11:object=my-private-key;type=private;pin-value=1234> +{- output_on() if $disabled{"deprecated-3.0"}; "" -} {- $OpenSSL::safe::opt_provider_item -} =back diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in index b4c57d37fff..6ee411d550a 100644 --- a/doc/man1/openssl-cms.pod.in +++ b/doc/man1/openssl-cms.pod.in @@ -781,6 +781,8 @@ and have no effect. The B<-nameopt> option was added in OpenSSL 3.0.0. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-dgst.pod.in b/doc/man1/openssl-dgst.pod.in index 22c07a5a7f2..6a5bb28a69b 100644 --- a/doc/man1/openssl-dgst.pod.in +++ b/doc/man1/openssl-dgst.pod.in @@ -30,7 +30,9 @@ B B|I [B<-macopt> I:I] [B<-fips-fingerprint>] {- $OpenSSL::safe::opt_engine_synopsis -} -[B<-engine_impl> I] +{- output_off() if $disabled{"deprecated-3.0"}; "" +-}[B<-engine_impl> I]{- + output_on() if $disabled{"deprecated-3.0"}; "" -} {- $OpenSSL::safe::opt_r_synopsis -} {- $OpenSSL::safe::opt_provider_synopsis -} [I ...] @@ -178,6 +180,7 @@ Compute HMAC using a specific key for certain OpenSSL-FIPS operations. {- $OpenSSL::safe::opt_r_item -} {- $OpenSSL::safe::opt_engine_item -} +{- output_off() if $disabled{"deprecated-3.0"}; "" -} The engine is not used for digests unless the B<-engine_impl> option is used or it is configured to do so, see L. @@ -186,6 +189,7 @@ used or it is configured to do so, see L. When used with the B<-engine> option, it specifies to also use engine I for digest operations. +{- output_on() if $disabled{"deprecated-3.0"}; "" -} {- $OpenSSL::safe::opt_provider_item -} =item I ... @@ -251,6 +255,8 @@ The FIPS-related options were removed in OpenSSL 1.1.0. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> and B<-engine_impl> options were deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-dhparam.pod.in b/doc/man1/openssl-dhparam.pod.in index 91883fb8409..d6fcb59751f 100644 --- a/doc/man1/openssl-dhparam.pod.in +++ b/doc/man1/openssl-dhparam.pod.in @@ -135,7 +135,7 @@ L =head1 HISTORY -The B<-dsaparam> option was deprecated in OpenSSL 3.0. +The B<-dsaparam> and B<-engine> options were deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in index 2db04078217..9ab1b3818ac 100644 --- a/doc/man1/openssl-dsa.pod.in +++ b/doc/man1/openssl-dsa.pod.in @@ -159,6 +159,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-dsaparam.pod.in b/doc/man1/openssl-dsaparam.pod.in index 27bd6517e19..0e6e6cb6de2 100644 --- a/doc/man1/openssl-dsaparam.pod.in +++ b/doc/man1/openssl-dsaparam.pod.in @@ -104,6 +104,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in index c1e92ef51ea..9a12f40f806 100644 --- a/doc/man1/openssl-ec.pod.in +++ b/doc/man1/openssl-ec.pod.in @@ -186,6 +186,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-ecparam.pod.in b/doc/man1/openssl-ecparam.pod.in index ff4d97ea5da..9c9b098270b 100644 --- a/doc/man1/openssl-ecparam.pod.in +++ b/doc/man1/openssl-ecparam.pod.in @@ -168,6 +168,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in index dcbeb8877b1..954b17e7781 100644 --- a/doc/man1/openssl-enc.pod.in +++ b/doc/man1/openssl-enc.pod.in @@ -426,7 +426,7 @@ The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. The B<-list> option was added in OpenSSL 1.1.1e. -The B<-ciphers> option was deprecated in OpenSSL 3.0. +The B<-ciphers> and B<-engine> options were deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man1/openssl-gendsa.pod.in b/doc/man1/openssl-gendsa.pod.in index aca9bb51657..cba85f41fa6 100644 --- a/doc/man1/openssl-gendsa.pod.in +++ b/doc/man1/openssl-gendsa.pod.in @@ -92,6 +92,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-genpkey.pod.in b/doc/man1/openssl-genpkey.pod.in index d38c1422b2d..4334d0c3c11 100644 --- a/doc/man1/openssl-genpkey.pod.in +++ b/doc/man1/openssl-genpkey.pod.in @@ -359,6 +359,8 @@ were added in OpenSSL 1.0.2. The ability to generate X25519 keys was added in OpenSSL 1.1.0. The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in index 4cceb2ba0df..527e96a0841 100644 --- a/doc/man1/openssl-list.pod.in +++ b/doc/man1/openssl-list.pod.in @@ -21,10 +21,9 @@ B [B<-cipher-algorithms>] [B<-public-key-algorithms>] [B<-public-key-methods>] - -{- output_off() if $disabled{"deprecated-3.0"}; "" --}[B<-engines>]{- - output_on() if $disabled{"deprecated-3.0"}; "" -} +{- output_off() if $disabled{"deprecated-3.0"}; "" -} +[B<-engines>] +{- output_on() if $disabled{"deprecated-3.0"}; "" -} [B<-disabled>] [B<-objects>] [B<-options> I] @@ -95,15 +94,15 @@ a block of multiple lines, all but the first are indented. =item B<-public-key-methods> Display a list of public key method OIDs. -{- if (!$disabled{"deprecated-3.0"}) { - "\n" - . "=item B<-engines>\n" - . "\n" - . "This option is deprecated.\n" - . "\n" - . "Display a list of loaded engines.\n" - } --} +{- output_off() if $disabled{"deprecated-3.0"}; "" -} + +=item B<-engines> + +This option is deprecated. + +Display a list of loaded engines. + +{- output_on() if $disabled{"deprecated-3.0"}; "" -} =item B<-disabled> Display a list of disabled features, those that were compiled out diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in index 7d0629b3761..8c819c56f86 100644 --- a/doc/man1/openssl-pkcs12.pod.in +++ b/doc/man1/openssl-pkcs12.pod.in @@ -365,6 +365,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-pkcs7.pod.in b/doc/man1/openssl-pkcs7.pod.in index 6a05dd4149c..fb6b9b4ebc1 100644 --- a/doc/man1/openssl-pkcs7.pod.in +++ b/doc/man1/openssl-pkcs7.pod.in @@ -97,6 +97,10 @@ Output all certificates in a file: L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-pkcs8.pod.in b/doc/man1/openssl-pkcs8.pod.in index 719e3d91689..6955b441be8 100644 --- a/doc/man1/openssl-pkcs8.pod.in +++ b/doc/man1/openssl-pkcs8.pod.in @@ -273,6 +273,8 @@ L The B<-iter> option was added in OpenSSL 1.1.0. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-pkey.pod.in b/doc/man1/openssl-pkey.pod.in index de1bef954cb..1fe94c8efc7 100644 --- a/doc/man1/openssl-pkey.pod.in +++ b/doc/man1/openssl-pkey.pod.in @@ -197,6 +197,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-pkeyparam.pod.in b/doc/man1/openssl-pkeyparam.pod.in index c5f949cfd1b..3e7f60a6b76 100644 --- a/doc/man1/openssl-pkeyparam.pod.in +++ b/doc/man1/openssl-pkeyparam.pod.in @@ -85,6 +85,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 2bcbb54c579..378cfccad62 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -409,6 +409,8 @@ L, All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-rand.pod.in b/doc/man1/openssl-rand.pod.in index 7299f5c6532..67696ee4139 100644 --- a/doc/man1/openssl-rand.pod.in +++ b/doc/man1/openssl-rand.pod.in @@ -65,6 +65,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-req.pod.in b/doc/man1/openssl-req.pod.in index 25295d02fcc..07354453be0 100644 --- a/doc/man1/openssl-req.pod.in +++ b/doc/man1/openssl-req.pod.in @@ -695,6 +695,8 @@ The B<-section> option was added in OpenSSL 3.0.0. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in index b2477b2b2cd..4f9c41d6688 100644 --- a/doc/man1/openssl-rsa.pod.in +++ b/doc/man1/openssl-rsa.pod.in @@ -187,6 +187,10 @@ L, L, L +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in index 5383fe21160..477e4a1ece5 100644 --- a/doc/man1/openssl-rsautl.pod.in +++ b/doc/man1/openssl-rsautl.pod.in @@ -241,6 +241,8 @@ This command was deprecated in OpenSSL 3.0. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index e8f73cdb99d..78f4cc679c5 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -910,6 +910,8 @@ The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 07cde67cdef..47515af42a6 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -840,6 +840,8 @@ have become obsolete in OpenSSL 3.0.0 and have no effect. The B<-certform> and B<-dcertform> options have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-smime.pod.in b/doc/man1/openssl-smime.pod.in index 4dce01a46e8..b15be731c02 100644 --- a/doc/man1/openssl-smime.pod.in +++ b/doc/man1/openssl-smime.pod.in @@ -483,6 +483,8 @@ The -no_alt_chains option was added in OpenSSL 1.1.0. All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-speed.pod.in b/doc/man1/openssl-speed.pod.in index b3e2a80769c..cbcc776f14d 100644 --- a/doc/man1/openssl-speed.pod.in +++ b/doc/man1/openssl-speed.pod.in @@ -113,6 +113,10 @@ pre-compiled grand selection is tested. =back +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-spkac.pod.in b/doc/man1/openssl-spkac.pod.in index ca7d097d852..7a95dd6ff3f 100644 --- a/doc/man1/openssl-spkac.pod.in +++ b/doc/man1/openssl-spkac.pod.in @@ -154,6 +154,8 @@ L All B<-keyform> values except B have become obsolete in OpenSSL 3.0.0 and have no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-srp.pod.in b/doc/man1/openssl-srp.pod.in index 5f4a36c60ab..e2b04fe91e5 100644 --- a/doc/man1/openssl-srp.pod.in +++ b/doc/man1/openssl-srp.pod.in @@ -81,6 +81,10 @@ see L. =back +=head1 HISTORY + +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-storeutl.pod.in b/doc/man1/openssl-storeutl.pod.in index 70e9ca6566b..2c92f825a09 100644 --- a/doc/man1/openssl-storeutl.pod.in +++ b/doc/man1/openssl-storeutl.pod.in @@ -123,6 +123,8 @@ L This command was added in OpenSSL 1.1.1. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-ts.pod.in b/doc/man1/openssl-ts.pod.in index e7bc607a1f4..7a1ed418cec 100644 --- a/doc/man1/openssl-ts.pod.in +++ b/doc/man1/openssl-ts.pod.in @@ -626,6 +626,8 @@ seeding mechanism. The new seeding mechanism makes it unnecessary to define a RANDFILE for saving and restoring randomness. This option is retained mainly for compatibility reasons. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 SEE ALSO L, diff --git a/doc/man1/openssl-verify.pod.in b/doc/man1/openssl-verify.pod.in index bccaa2642f2..ff4d88f577c 100644 --- a/doc/man1/openssl-verify.pod.in +++ b/doc/man1/openssl-verify.pod.in @@ -153,6 +153,8 @@ L The B<-show_chain> option was added in OpenSSL 1.1.0. +The B<-engine option> was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index 918c91b34b6..33e24ac6e94 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -835,6 +835,8 @@ have become obsolete in OpenSSL 3.0.0 and have no effect. The B<-CAform> option has become obsolete in OpenSSL 3.0.0 and has no effect. +The B<-engine> option was deprecated in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/perlvars.pm b/doc/perlvars.pm index 6d77ce77cb1..98c348859f9 100644 --- a/doc/perlvars.pm +++ b/doc/perlvars.pm @@ -8,6 +8,8 @@ # Set some Perl variables for use by util/dofile.pl when processing # POD files (mainly man1). +use configdata; + # Verify options $OpenSSL::safe::opt_v_synopsis = "" . "[B<-allow_proxy_certs>]\n" @@ -100,12 +102,17 @@ $OpenSSL::safe::opt_provider_item = "" . "See L."; # Engine option -$OpenSSL::safe::opt_engine_synopsis = "" -. "[B<-engine> I]"; -$OpenSSL::safe::opt_engine_item = "" -. "=item B<-engine> I\n" -. "\n" -. "See L."; +$OpenSSL::safe::opt_engine_synopsis = ""; +$OpenSSL::safe::opt_engine_item = ""; +if (!$disabled{"deprecated-3.0"}) { + $OpenSSL::safe::opt_engine_synopsis = "" + . "[B<-engine> I]"; + $OpenSSL::safe::opt_engine_item = "" + . "=item B<-engine> I\n" + . "\n" + . "See L.\n" + . "This option is deprecated."; +} # Trusted certs options $OpenSSL::safe::opt_trust_synopsis = ""