doc: fix -signcert grouping in CA.pl documentation

The -signcert option was incorrectly grouped with -sign and -xsign at
line 109, which implied they were equivalent. However, -signcert is
different: it expects a self-signed certificate (not a certificate
request) in newreq.pem, and converts it to a request before signing.

This is correctly documented in its own separate section at line 123,
which states "-signcert is the same as -sign except it expects a self
signed certificate".

Remove -signcert from the -sign/-xsign grouping to eliminate the
contradiction.

Resolves: https://github.com/openssl/openssl/issues/29165
Fixes: 022696cab014 "Allow CA.pl script user to pass extra arguments to openssl command"
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Tue Mar 31 01:10:50 2026
(Merged from https://github.com/openssl/openssl/pull/29794)

(cherry picked from commit 44e453d0f9c765e14c4d1f5dcde9a616fc7d05df)

diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod
index 184382ee8335833c77b22ecbf8031162c7d94831..3d7c6442499341ab4061764a0385de2507baaf11 100644 (file)
--- a/doc/man1/CA.pl.pod
+++ b/doc/man1/CA.pl.pod
@@ -106,7 +106,7 @@ If there is an additional argument on the command line it will be used as the
 list box), otherwise the name "My Certificate" is used.
 Delegates work to L<openssl-pkcs12(1)>.
 
-=item B<-sign>, B<-signcert>, B<-xsign>
+=item B<-sign>, B<-xsign>
 
 Calls the L<openssl-ca(1)> command to sign a certificate request. It expects the
 request to be in the file F<newreq.pem>. The new certificate is written to the