1 files changed, 19 insertions, 7 deletions

diff --git a/upstream/debian-unstable/man1/openssl-ca.1ssl b/upstream/debian-unstable/man1/openssl-ca.1ssl
index 9449d362..20cc42c3 100644
--- a/upstream/debian-unstable/man1/openssl-ca.1ssl
+++ b/upstream/debian-unstable/man1/openssl-ca.1ssl
@@ -55,7 +55,7 @@
 .\" ========================================================================
 .\"
 .IX Title "OPENSSL-CA 1SSL"
-.TH OPENSSL-CA 1SSL 2024-02-03 3.1.5 OpenSSL
+.TH OPENSSL-CA 1SSL 2024-04-04 3.2.2-dev OpenSSL
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -67,6 +67,7 @@ openssl\-ca \- sample minimal CA application
 \&\fBopenssl\fR \fBca\fR
 [\fB\-help\fR]
 [\fB\-verbose\fR]
+[\fB\-quiet\fR]
 [\fB\-config\fR \fIfilename\fR]
 [\fB\-name\fR \fIsection\fR]
 [\fB\-section\fR \fIsection\fR]
@@ -130,6 +131,11 @@ openssl\-ca \- sample minimal CA application
 .IX Header "DESCRIPTION"
 This command emulates a CA application.
 See the \fBWARNINGS\fR especially when considering to use it productively.
+.PP
+It generates certificates bearing X.509 version 3.
+Unless specified otherwise,
+key identifier extensions are included as described in \fBx509v3_config\fR\|(5).
+.PP
 It can be used to sign certificate requests (CSRs) in a variety of forms
 and generate certificate revocation lists (CRLs).
 It also maintains a text database of issued certificates and their status.
@@ -150,6 +156,10 @@ Print out a usage message.
 .IP \fB\-verbose\fR 4
 .IX Item "-verbose"
 This prints extra details about the operations being performed.
+.IP \fB\-quiet\fR 4
+.IX Item "-quiet"
+This prints fewer details about the operations being performed, which may
+be handy during batch scripts or pipelines.
 .IP "\fB\-config\fR \fIfilename\fR" 4
 .IX Item "-config filename"
 Specifies the configuration file to use.
@@ -165,8 +175,8 @@ An input filename containing a single certificate request (CSR) to be
 signed by the CA.
 .IP "\fB\-inform\fR \fBDER\fR|\fBPEM\fR" 4
 .IX Item "-inform DER|PEM"
-The format of the data in certificate request input files;
-unspecified by default.
+The format to use when loading certificate request (CSR) input files;
+by default PEM is tried first.
 See \fBopenssl\-format\-options\fR\|(1) for details.
 .IP "\fB\-ss_cert\fR \fIfilename\fR" 4
 .IX Item "-ss_cert filename"
@@ -305,8 +315,7 @@ and all certificates will be certified automatically.
 The section of the configuration file containing certificate extensions
 to be added when a certificate is issued (defaults to \fBx509_extensions\fR
 unless the \fB\-extfile\fR option is used).
-If no X.509 extensions are specified then a V1 certificate is created,
-else a V3 certificate is created.
+.Sp
 See the \fBx509v3_config\fR\|(5) manual page for details of the
 extension section format.
 .IP "\fB\-extfile\fR \fIfile\fR" 4
@@ -769,7 +778,7 @@ properly secure the private key(s) used for signing certificates.
 It is advisable to keep them in a secure HW storage such as a smart card or HSM
 and access them via a suitable engine or crypto provider.
 .PP
-This command command is effectively a single user command: no locking
+This command is effectively a single user command: no locking
 is done on the various files and attempts to run more than one \fBopenssl ca\fR
 command on the same database can have unpredictable results.
 .PP
@@ -816,6 +825,9 @@ The \fB\-multivalue\-rdn\fR option has become obsolete in OpenSSL 3.0.0 and
 has no effect.
 .PP
 The \fB\-engine\fR option was deprecated in OpenSSL 3.0.
+.PP
+Since OpenSSL 3.2, generated certificates bear X.509 version 3,
+and key identifier extensions are included by default.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
 \&\fBopenssl\fR\|(1),
@@ -827,7 +839,7 @@ The \fB\-engine\fR option was deprecated in OpenSSL 3.0.
 \&\fBx509v3_config\fR\|(5)
 .SH COPYRIGHT
 .IX Header "COPYRIGHT"
-Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved.
 .PP
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy