From: Pali Rohár <pali@kernel.org>
Date: Sun, 12 Jul 2020 22:52:26 +0000 (+0200)
Subject: Document pkcs12 alg NONE
X-Git-Tag: openssl-3.0.0-alpha9~150
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dee8eded24fb814e6f1be64b3e8505a3b008a2f9;p=thirdparty%2Fopenssl.git

Document pkcs12 alg NONE

To generate unencrypted PKCS#12 file it is needed to use options: -keypbe NONE -certpbe NONE

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12426)
---

diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in
index c006396260a..adcdc7c1a44 100644
--- a/doc/man1/openssl-pkcs12.pod.in
+++ b/doc/man1/openssl-pkcs12.pod.in
@@ -275,6 +275,8 @@ can be used (see L</NOTES> section for more information). If a cipher name
 is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only
 use PKCS#12 algorithms.
 
+Special value C<NONE> disables encryption of the private key and certificate.
+
 =item B<-keyex>|B<-keysig>
 
 Specifies that the private key is to be used for key exchange or just signing.