perl -S CA.pl
can be used and the B<OPENSSL_CONF> environment variable changed to point to
-the correct path of the configuration file "openssl.cnf".
+the correct path of the configuration file.
The script is intended as a simple front end for the B<openssl> program for use
by a beginner. Its behaviour isn't always what is wanted. For more control over the
behaviour of the certificate commands call the B<openssl> command directly.
-=head1 ENVIRONMENT VARIABLES
-
-The variable B<OPENSSL_CONF> if defined allows an alternative configuration
-file location to be specified, it should contain the full path to the
-configuration file, not just its directory.
-
=head1 SEE ALSO
L<x509(1)>, L<ca(1)>, L<req(1)>, L<pkcs12(1)>,
=item B<-config filename>
specifies the configuration file to use.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
=item B<-name section>
./demoCA/certs - certificate output file
./demoCA/.rnd - CA random seed information
-=head1 ENVIRONMENT VARIABLES
-
-B<OPENSSL_CONF> reflects the location of master configuration file it can
-be overridden by the B<-config> command line option.
-
=head1 RESTRICTIONS
The text database index file is a critical part of the process and
SYNOPSIS above), each of which often has a wealth of options and arguments
(I<command_opts> and I<command_args> in the SYNOPSIS).
+Many commands use an external configuration file for some or all of their
+arguments and have a B<-config> option to specify that file.
+The environment variable B<OPENSSL_CONF> can be used to specify
+the location of the file.
+If the environment variable is not specified, then the file is named
+B<openssl.cnf> in the default certificate storage area, whose value
+depends on the configuration flags specified when the OpenSSL
+was built.
+
The list parameters B<standard-commands>, B<digest-commands>,
and B<cipher-commands> output a list (one entry per line) of the names
of all standard commands, message digest commands, or cipher commands,
=item B<-config filename>
-this allows an alternative configuration file to be specified,
-this overrides the compile time filename or any specified in
-the B<OPENSSL_CONF> environment variable.
+this allows an alternative configuration file to be specified.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
=item B<-subj arg>
it is tolerated). See the description of the command line option B<-asn1-kludge>
for more information.
-=head1 ENVIRONMENT VARIABLES
-
-The variable B<OPENSSL_CONF> if defined allows an alternative configuration
-file location to be specified, it will be overridden by the B<-config> command
-line switch if it is present.
-
=head1 BUGS
OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
=item B<-config> configfile
-The configuration file to use, this option overrides the
-B<OPENSSL_CONF> environment variable. Only the OID section
-of the config file is used with the B<-query> command. (Optional)
+The configuration file to use.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
=item B<-data> file_to_hash
=item B<-config> configfile
-The configuration file to use, this option overrides the
-B<OPENSSL_CONF> environment variable. See B<CONFIGURATION FILE
-OPTIONS> for configurable variables. (Optional)
+The configuration file to use.
+Optional; for a description of the default value,
+see L<openssl(1)/COMMAND SUMMARY>.
+See B<CONFIGURATION FILE OPTIONS> for configurable variables.
=item B<-section> tsa_section
=head1 CONFIGURATION FILE OPTIONS
-The B<-query> and B<-reply> commands make use of a configuration file
-defined by the B<OPENSSL_CONF> environment variable. See L<config(5)>
+The B<-query> and B<-reply> commands make use of a configuration file.
+See L<config(5)>
for a general description of the syntax of the config file. The
B<-query> command uses only the symbolic OID names section
and it can work without it. However, the B<-reply> command needs the
=back
-=head1 ENVIRONMENT VARIABLES
-
-B<OPENSSL_CONF> contains the path of the configuration file and can be
-overridden by the B<-config> command line option.
-
=head1 EXAMPLES
All the examples below presume that B<OPENSSL_CONF> is set to a proper