Hello, Outside of X509_* functions, filenames, openssl(1) commands, etc. there are places where the spelling of 'X.509' could be made consistent when talking about the standard.
Regards, Raf Index: plus29.html =================================================================== RCS file: /cvs/www/plus29.html,v retrieving revision 1.87 diff -u -p -r1.87 plus29.html --- plus29.html 19 Sep 2021 19:22:16 -0000 1.87 +++ plus29.html 6 Oct 2021 22:46:22 -0000 @@ -199,7 +199,7 @@ For changes in other releases, click bel <li>Avoid losing RTC after suspend/resume on some laptops. <li>Repair an integer conversion bug in <a href="https://man.openbsd.org/pms.4";>pms(4)</a> which fixes the mouse resolution setting in X. <li>Fix non-TCP protocol mappings in <a href="https://man.openbsd.org/ipnat.4";>ipnat(4)</a>. -<li>In <a href="https://man.openbsd.org/isakmpd.8";>isakmpd(8)</a>, encode X509 expirations into KeyNote credientials/policies. +<li>In <a href="https://man.openbsd.org/isakmpd.8";>isakmpd(8)</a>, encode X.509 expirations into KeyNote credientials/policies. <li>In <a href="https://man.openbsd.org/pppoe.8";>pppoe(8)</a>, try every BPF device, not just even-numbered ones. <li>Support -C flag in <a href="https://man.openbsd.org/nm.1";>nm(1)</a>. <li>Update ISC <a href="https://man.openbsd.org/cron.8";>cron(8)</a> to 4.0b1, maintaining our local changes, including signal handling fixes. Index: plus30.html =================================================================== RCS file: /cvs/www/plus30.html,v retrieving revision 1.65 diff -u -p -r1.65 plus30.html --- plus30.html 19 Sep 2021 19:22:16 -0000 1.65 +++ plus30.html 6 Oct 2021 22:46:22 -0000 @@ -455,7 +455,7 @@ For changes in other releases, click bel <li>New <a href="https://man.openbsd.org/md5.1";>md5(1)</a> implementation with a BSD copyright and other improvements; includes regression test. <li>Improve <a href="https://man.openbsd.org/swapctl.8";>swapctl(8)</a>. <li>Don't allow packets that need <a href="https://man.openbsd.org/ipsec.4";>IPsec(4)</a> processing to be bridge-broadcast. -<li>Expand handling of X509 and KeyNote certificates in <a href="https://man.openbsd.org/isakmpd.8";>isakmpd(8)</a>. +<li>Expand handling of X.509 and KeyNote certificates in <a href="https://man.openbsd.org/isakmpd.8";>isakmpd(8)</a>. <li>Fix some <a href="https://man.openbsd.org/tcp.4";>tcp(4)</a> behaviour with connections in the CLOSING state. <li>Some <a href="https://man.openbsd.org/ld.so.1";>ld.so(1)</a> renovations. <li>Repair <a href="https://man.openbsd.org/kqueue.2";>kqueue(2)</a> related panic. Index: plus55.html =================================================================== RCS file: /cvs/www/plus55.html,v retrieving revision 1.32 diff -u -p -r1.32 plus55.html --- plus55.html 19 Sep 2021 19:22:17 -0000 1.32 +++ plus55.html 6 Oct 2021 22:46:22 -0000 @@ -712,7 +712,7 @@ For changes in other releases, click bel <li><a href="https://man.openbsd.org/iked.8";>iked(8)</a> now drops duplicate requests, to avoid corrupt child-SA tables. <li>Made <a href="https://man.openbsd.org/iked.8";>iked(8)</a> discard & free duplicate IKESAs; made sure new SAs are not created that cannot be inserted in the SA tree. <li>Include hexdump in <a href="https://man.openbsd.org/iked.8";>iked(8)</a> debug output only for -vvv. -<li>Support raw pubkey authentication w/o x509 certificates in <a href="https://man.openbsd.org/iked.8";>iked(8)</a>. +<li>Support raw pubkey authentication w/o X.509 certificates in <a href="https://man.openbsd.org/iked.8";>iked(8)</a>. <li>When <a href="https://man.openbsd.org/wpi.4";>wpi(4)</a> has a fatal firmware error, reset the chip, reload the firmware and bring the interface up again. <li>Limit the number of envelopes to recall in the <a href="https://man.openbsd.org/smtpd.8";>smtpd(8)</a> hoststat cache. <li>Removed some double frees in <a href="https://man.openbsd.org/fuse.4";>fuse(4)</a>. @@ -808,7 +808,7 @@ For changes in other releases, click bel <li>Made <a href="https://man.openbsd.org/athn.4";>athn(4)</a> tick calculation work as intended. Should fix excessive timeouts and "Michael mic" errors. <li>Cope with the EAGAIN API change for <a href="https://man.openbsd.org/msgbuf_write.3";>msgbuf_write(3)</a> in various daemons. <li>Improvements for <a href="https://man.openbsd.org/sppp.4";>sppp(4)</a> address assignment and related issues in IPv6CP; deal with IFID collisions instead of ignoring them; use <a href="https://man.openbsd.org/arc4random.3";>arc4random(3)</a> during IFID generation; assign destination address to /128 point-to-point links. -<li>Fixed <a href="https://man.openbsd.org/isakmpd.8";>isakmpd(8)</a> parameter types for x509 routines. +<li>Fixed <a href="https://man.openbsd.org/isakmpd.8";>isakmpd(8)</a> parameter types for X.509 routines. <li>Be more specific in <a href="https://man.openbsd.org/ksh.1";>ksh(1)</a> ulimit error messages. <li>Fixed ^C handling in miniroot. <!-- 2013/11/14 --> @@ -892,7 +892,7 @@ For changes in other releases, click bel <li>Enabled TX checksum offload in <a href="https://man.openbsd.org/jme.4";>jme(4)</a>. <li>Removed unnecessary spinlock that slowed down <a href="https://man.openbsd.org/pthread_getspecific.3";>pthread_getspecific(3)</a>. <li>Use curve25519 for default <a href="https://man.openbsd.org/sshd.8";>sshd(8)</a> key exchange (curve25519-sha...@libssh.org). -<li>Let <a href="https://man.openbsd.org/ssh.1";>ssh(1)</a> support pkcs#11 tokens that only provide x509 certificates instead of raw pubkeys (fixes bz#1908). +<li>Let <a href="https://man.openbsd.org/ssh.1";>ssh(1)</a> support pkcs#11 tokens that only provide X.509 certificates instead of raw pubkeys (fixes bz#1908). <li>Replaced rc4 with ChaCha20 in <a href="https://man.openbsd.org/crypto.9";>crypto(9)</a>. <li>Made sure <a href="https://man.openbsd.org/login_yubikey.8";>login_yubikey(8)</a> does not log passwords, even if they are wrong. <li>Bring back spnego support into <a href="https://man.openbsd.org/kerberos.8";>kerberos(8)</a> gssapi as it used to be before the update to 1.5.2. Index: plus56.html =================================================================== RCS file: /cvs/www/plus56.html,v retrieving revision 1.32 diff -u -p -r1.32 plus56.html --- plus56.html 19 Sep 2021 19:22:17 -0000 1.32 +++ plus56.html 6 Oct 2021 22:46:22 -0000 @@ -373,7 +373,7 @@ For changes in other releases, click bel <li>Fixed version number processing in <a href="https://man.openbsd.org/ssl.8";>ssl(8)</a> cms_sd_set_version() (PR #3249). <li>Removed <a href="https://man.openbsd.org/rdist.1";>rdist(1)</a>. <li>Avoid panic on alpha when using network card with a small number of tx descriptors per packet, a lot of memory, and a heavily fragmented packets. -<li>When looking for the issuer of a <a href="https://man.openbsd.org/ssl.8";>ssl(8)</a> x509 certificate, only return an expired certificate if no valid certificates have been found (PR #3359). +<li>When looking for the issuer of a <a href="https://man.openbsd.org/ssl.8";>ssl(8)</a> X.509 certificate, only return an expired certificate if no valid certificates have been found (PR #3359). <li>In <a href="https://man.openbsd.org/ssl.8";>ssl(8)</a> ssl3_get_client_key_exchange() parsing a GOST session key, invoke the regular ASN.1 parser (PR #3335). <li>Removed RFC4620 Node Information Query support from the kernel. <li>Made <a href="https://man.openbsd.org/ssl.8";>ssl(8)</a> CMS_decrypt_set1_pkey() return an error if no recipient type matches, instead of returning a random key (PR #3348). @@ -836,7 +836,7 @@ For changes in other releases, click bel <li>Fixed segfault in <a href="https://man.openbsd.org/makewhatis.8";>makewhatis(8)</a> -Q if the next .SH after .SH NAME does not have any arguments. <li>Backed out the previous ICMP simplifying diff from <a href="https://man.openbsd.org/dhcpd.8";>dhcpd(8)</a>, which caused livelocks. <li>Try postponed requests first, so <a href="https://man.openbsd.org/iked.8";>iked(8)</a> does in-order processing. -<li>Made <a href="https://man.openbsd.org/iked.8";>iked(8)</a> authentication work with X509 certificates not containing a subject-altname. +<li>Made <a href="https://man.openbsd.org/iked.8";>iked(8)</a> authentication work with X.509 certificates not containing a subject-altname. <li>Removed the undocumented and ineffective <a href="https://man.openbsd.org/ln.1";>ln(1)</a> -F option. <li>Removed <a href="https://man.openbsd.org/sysctl.8";>sysctl(8)</a> {nd6_,}useloopback options. <!-- 2014/05/06 --> Index: plus59.html =================================================================== RCS file: /cvs/www/plus59.html,v retrieving revision 1.35 diff -u -p -r1.35 plus59.html --- plus59.html 19 Sep 2021 19:22:17 -0000 1.35 +++ plus59.html 6 Oct 2021 22:46:23 -0000 @@ -1431,7 +1431,7 @@ For changes in other releases, click bel </ul> <li>Fix EAP (user-based auth) with IKEv2 in El Capitan. <li>In <a href="https://man.openbsd.org/OpenBSD-current/man8/pfctl.8";>pfctl(8)</a>, make the "-s all" option show queues. -<li>In libssl, conform with RFC 5280 for times allowed in a X509 certificate. +<li>In libssl, conform with RFC 5280 for times allowed in a X.509 certificate. <li>In <a href="https://man.openbsd.org/OpenBSD-current/man8/snmpd.8";>snmpd(8)</a>, mitigate the risk of user-injected file descriptor leakage from the optional world-writable restricted control socket. <!-- 2015-10-01 --> <li>Add ktracing of argv and envp to <a href="https://man.openbsd.org/OpenBSD-current/man2/execve.2";>execve(2)</a>, with envp not traced by default. Index: plus65.html =================================================================== RCS file: /cvs/www/plus65.html,v retrieving revision 1.16 diff -u -p -r1.16 plus65.html --- plus65.html 19 Sep 2021 19:22:17 -0000 1.16 +++ plus65.html 6 Oct 2021 22:46:23 -0000 @@ -465,7 +465,7 @@ For changes in other releases, click bel <li>Set pkcs11.so to initialize pkcs11 interaction to allow it to ask for the smartcard's PIN during <a href="https://man.openbsd.org/ssh-keygen";>ssh-keygen(1)</a> with -D. <li>Adjusted <a href="https://man.openbsd.org/pfctl";>pfctl(8)</a> parser to insist anchor names must not be empty. <li>Further simplifed trust anchor handling in <a href="https://man.openbsd.org/unwind";>unwind(8)</a>, allowing removal of wpath and cpath pledges from the parent process. -<li>Set logging of x509 peers' certificate subject names during tls client authentication in <a href="https://man.openbsd.org/httpd";>httpd(8)</a>. +<li>Set logging of X.509 peers' certificate subject names during tls client authentication in <a href="https://man.openbsd.org/httpd";>httpd(8)</a>. <li>Added Allwinner V3s support. <li>Adjusted <a href="https://man.openbsd.org/scp";>scp(1)</a> to accept shell-style brace alternations (e.g. "{foo,bar}") when verifying that filenames sent by the server match client requests. <li>Changed <a href="https://man.openbsd.org/ssh";>ssh(1)</a> to log when a connection is dropped for attempting to run a command when ForceCommand=internal-sftp is in effect. Index: plus69.html =================================================================== RCS file: /cvs/www/plus69.html,v retrieving revision 1.6 diff -u -p -r1.6 plus69.html --- plus69.html 19 Sep 2021 19:22:17 -0000 1.6 +++ plus69.html 6 Oct 2021 22:46:23 -0000 @@ -106,7 +106,7 @@ For changes in other releases, click bel <li>Fixed a problem where <a href="https://man.openbsd.org/athn.4";>athn(4)</a> devices would use a different channel than the one selected by net80211. <li>Implemented version 2 of <a href="https://man.openbsd.org/virtio.4";>virtio(4)</a> at fdt, as used by Parallels on the Apple M1, allowing use of OpenBSD as VM. <li>Fixed incorrect parsing of <a href="https://man.openbsd.org/bgpd.8";>bgpd(8)</a> config files due to endianess. -<li>Switched back to the legacy x509 verifier for release. +<li>Switched back to the legacy X.509 verifier for release. <li>Fixed <a href="https://man.openbsd.org/bgpctl.8";>bgpctl(8)</a> show mrt for UPDATE messages. <!-- 2021/04/14 --> <li>Fixed <a href="https://man.openbsd.org/tcpdump.8";>tcpdump(8)</a> parsing of <a href="https://man.openbsd.org/wg.4";>wg(4)</a> packets on powerpc64. Index: plus70.html =================================================================== RCS file: /cvs/www/plus70.html,v retrieving revision 1.3 diff -u -p -r1.3 plus70.html --- plus70.html 26 Sep 2021 18:47:05 -0000 1.3 +++ plus70.html 6 Oct 2021 22:46:23 -0000 @@ -131,7 +131,7 @@ For changes in other releases, click bel <li>Made <a href="https://man.openbsd.org/scp.1";>scp(1)</a> SFTP mode (including error logging) more scp-like. <li>Prevented a crash on strict alignment architectures of <a href="https://man.openbsd.org/tcpdump.8";>tcpdump(8)</a> WireGuard printer. <!-- 2021/09/15 --> -<li>Set the <a href="https://man.openbsd.org/rpki-client.8";>rpki-client(8)</a> x509 validation depth limit to 12 or double the current depth. +<li>Set the <a href="https://man.openbsd.org/rpki-client.8";>rpki-client(8)</a> X.509 validation depth limit to 12 or double the current depth. <li>Simplified <a href="https://man.openbsd.org/dhcpleasectl.8";>dhcpleasectl(8)</a> and added syntax to match <a href="https://man.openbsd.org/dhclient.8";>dhclient(8)</a> (interface), allowing one to be aliased to the other. <li>Allowed CanonicalPermittedCNAMEs=none in <a href="https://man.openbsd.org/ssh_config.5";>ssh_config(5)</a>. <!-- 2021/09/14 --> Index: 57.html =================================================================== RCS file: /cvs/www/57.html,v retrieving revision 1.113 diff -u -p -r1.113 57.html --- 57.html 13 Jun 2019 05:51:38 -0000 1.113 +++ 57.html 6 Oct 2021 22:46:23 -0000 @@ -573,7 +573,7 @@ to 5.7. If a connection terminates, syslogd tries to reconnect. When the message buffer in memory gets full, the number of dropped messages is counted and logged. - <li>With TLS, the x509 certificate of the syslog server is verified. + <li>With TLS, the X.509 certificate of the syslog server is verified. <li>The maximum message size has been increased according to newer RFC. </ul> <p> Index: 64.html =================================================================== RCS file: /cvs/www/64.html,v retrieving revision 1.110 diff -u -p -r1.110 64.html --- 64.html 15 Mar 2021 10:18:42 -0000 1.110 +++ 64.html 6 Oct 2021 22:46:23 -0000 @@ -545,7 +545,7 @@ to 6.4. <ul> <li>API and Documentation Enhancements <ul> - <li>X509 verification is now more strict so + <li>X.509 verification is now more strict so <a href="https://man.openbsd.org/X509_VERIFY_PARAM_set_flags.3";>X509_VERIFY_PARAM</a> host, ip or email failure will cause future <a href="https://man.openbsd.org/X509_verify_cert.3";>X509_verify_cert(3)</a> Index: 67.html =================================================================== RCS file: /cvs/www/67.html,v retrieving revision 1.81 diff -u -p -r1.81 67.html --- 67.html 16 Jul 2020 17:29:39 -0000 1.81 +++ 67.html 6 Oct 2021 22:46:23 -0000 @@ -892,7 +892,7 @@ and <a href="https://www.openbsd.org/arm <li>Added a -p command line option to <a href="https://man.openbsd.org/iked";>iked(8)</a> allow configuration of a non-standard UDP encapsulation port. - <li>Added support for multiple x509 extensions and multiple + <li>Added support for multiple X.509 extensions and multiple subjectAltName fields in certificates used with <a href="https://man.openbsd.org/iked";>iked(8)</a>. <li>Added support for certificates with uppercase subjectAltNames Index: 68.html =================================================================== RCS file: /cvs/www/68.html,v retrieving revision 1.88 diff -u -p -r1.88 68.html --- 68.html 6 Apr 2021 07:07:42 -0000 1.88 +++ 68.html 6 Oct 2021 22:46:23 -0000 @@ -472,9 +472,9 @@ to 6.8. OpenSSL 1.1 TLSv1.3 API is not yet available and will be provided in an upcoming release. - <li>New X509 certificate chain validator that correctly handles + <li>New X.509 certificate chain validator that correctly handles multiple paths through intermediate certificates. Loosely based on - Go's X509 validator. + Go's X.509 validator. <li>New name constraints verification implementation which passes the <a href="https://nameconstraints.bettertls.com/";>BetterTLS</a> Index: 70.html =================================================================== RCS file: /cvs/www/70.html,v retrieving revision 1.78 diff -u -p -r1.78 70.html --- 70.html 6 Oct 2021 14:20:04 -0000 1.78 +++ 70.html 6 Oct 2021 22:46:23 -0000 @@ -567,7 +567,7 @@ to 7.0. roa-sets. <li>In RRDP, limited the number of deltas to 300 per repo. If more deltas exist, downloading a full snapshot is faster. - <li>Limited the validation depth of X509 certificate chains to 12, double + <li>Limited the validation depth of X.509 certificate chains to 12, double the current depth seen in RPKI. </ul> @@ -690,7 +690,7 @@ to 7.0. <li>New Features <ul> <li>Added support for OpenSSL 1.1.1 TLSv1.3 APIs.</li> - <li>Enabled the new x509 validator to allow verification of modern certificate chains. + <li>Enabled the new X.509 validator to allow verification of modern certificate chains. </ul> <li>Portable Improvements @@ -753,12 +753,12 @@ to 7.0. <ul> <li>Added additional state machine test coverage.</li> <li>Improved integration test support with ruby/openssl tests.</li> - <li>Error codes and callback support in new x509 validator made compatible with p5-Net_SSLeay tests.</li> + <li>Error codes and callback support in new X.509 validator made compatible with p5-Net_SSLeay tests.</li> </ul> <li>Internal Improvements <ul> - <li>Numerous fixes and improvements to the new X509 validator to ensure compatible error codes + <li>Numerous fixes and improvements to the new X.509 validator to ensure compatible error codes and callback support compatible with the legacy OpenSSL validator. </ul>
