1 files changed, 27 insertions, 12 deletions

diff --git a/upstream/archlinux/man1/openssl-req.1ssl b/upstream/archlinux/man1/openssl-req.1ssl
index fc1f88ba..85c99653 100644
--- a/upstream/archlinux/man1/openssl-req.1ssl
+++ b/upstream/archlinux/man1/openssl-req.1ssl
@@ -55,7 +55,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL-REQ 1ssl"
-.TH OPENSSL-REQ 1ssl 2024-01-30 3.2.1 OpenSSL
+.TH OPENSSL-REQ 1ssl 2024-04-28 3.3.0 OpenSSL
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -183,7 +183,9 @@ This option prevents output of the encoded version of the certificate request.
 Prints out the value of the modulus of the public key contained in the request.
 .IP \fB\-verify\fR 4
 .IX Item "-verify"
-Verifies the self-signature on the request.
+Verifies the self-signature on the request. If the verification fails,
+the program will immediately exit, i.e. further option processing
+(e.g. \fB\-text\fR) is skipped.
 .IP \fB\-new\fR 4
 .IX Item "-new"
 This option generates a new certificate request. It will prompt
@@ -497,16 +499,27 @@ any digest that has been set.
 .IP \fBstring_mask\fR 4
 .IX Item "string_mask"
 This option masks out the use of certain string types in certain
-fields. Most users will not need to change this option.
+fields. Most users will not need to change this option. It can be set to
+several values:
+.RS 4
+.IP "\fButf8only\fR \- only UTF8Strings are used (this is the default value)" 4
+.IX Item "utf8only - only UTF8Strings are used (this is the default value)"
+.PD 0
+.IP "\fBpkix\fR \- any string type except T61Strings" 4
+.IX Item "pkix - any string type except T61Strings"
+.IP "\fBnombstr\fR \- any string type except BMPStrings and UTF8Strings" 4
+.IX Item "nombstr - any string type except BMPStrings and UTF8Strings"
+.IP "\fBdefault\fR \- any kind of string type" 4
+.IX Item "default - any kind of string type"
+.RE
+.RS 4
+.PD
 .Sp
-It can be set to several values \fBdefault\fR which is also the default
-option uses PrintableStrings, T61Strings and BMPStrings if the
-\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will
-be used. This follows the PKIX recommendation in RFC2459. If the
-\&\fButf8only\fR option is used then only UTF8Strings will be used: this
-is the PKIX recommendation in RFC2459 after 2003. Finally the \fBnombstr\fR
-option just uses PrintableStrings and T61Strings: certain software has
-problems with BMPStrings and UTF8Strings: in particular Netscape.
+Note that \fButf8only\fR is the PKIX recommendation in RFC2459 after 2003, and the
+default \fBstring_mask\fR; \fBdefault\fR is not the default option. The \fBnombstr\fR
+value is a workaround for some software that has problems with variable-sized
+BMPStrings and UTF8Strings.
+.RE
 .IP \fBreq_extensions\fR 4
 .IX Item "req_extensions"
 This specifies the configuration file section containing a list of
@@ -809,9 +822,11 @@ The \fB\-reqexts\fR option has been made an alias of \fB\-extensions\fR in OpenS
 Since OpenSSL 3.2,
 generated certificates bear X.509 version 3 unless \fB\-x509v1\fR is given,
 and key identifier extensions are included by default.
+.PP
+Since OpenSSL 3.3, the \fB\-verify\fR option will exit with 1 on failure.
 .SH COPYRIGHT
 .IX Header "COPYRIGHT"
-Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy