From c64ca1e1c64c0fb6c57c391f35356d36d486bba4 Mon Sep 17 00:00:00 2001
From: Giorgos Keramidas <keramida@FreeBSD.org>
Date: Thu, 6 Jan 2005 05:58:16 +0000
Subject: [PATCH] Various syntax and wording corrections to the OpenSSL
 section. Also added a <ulink> to the homepage of VeriSign.

---
 .../books/handbook/security/chapter.sgml      | 23 +++++++++----------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.sgml b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
index ac789178dd..cbf1111406 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.sgml
@@ -2989,8 +2989,7 @@ jdoe@example.org</screen>
     <para>The version of <application>OpenSSL</application> included
       in &os; supports Secure Sockets Layer v2/v3 (SSLv2/SSLv3),
       Transport Layer Security v1 (TLSv1) network security protocols
-      and can be used as a general cryptographic library for use
-      with applications.</para>
+      and can be used as a general cryptographic library.</para>
 
     <note>
       <para>While <application>OpenSSL</application> supports the
@@ -3001,14 +3000,14 @@ jdoe@example.org</screen>
 	<filename>make.conf</filename>.</para>
     </note>
 
-    <para>Perhaps one of the most common uses of
-      <application>OpenSSL</application> provide certificates for
+    <para>One of the most common uses of
+      <application>OpenSSL</application> is to provide certificates for
       use with software applications.  These certificates ensure
-      that the credentials of the company or individual is valid
-      and are not fraudulent.  If the certificate in question has
-      not been verified by one of the several Certificate Authorities,
+      that the credentials of the company or individual are valid
+      and not fraudulent.  If the certificate in question has
+      not been verified by one of the several <quote>Certificate Authorities</quote>,
       or <acronym>CA</acronym>s, a warning is usually produced.  A
-      Certificate Authority is a company, such as VeriSign, who will
+      Certificate Authority is a company, such as <ulink url="www.verisign.com">VeriSign</ulink>, which will
       sign certificates in order to validate credentials of individuals
       or companies.  This process has a cost associated with it and
       is definitely not a requirement for using certificates; however,
@@ -3055,15 +3054,15 @@ An optional company name []:<userinput><replaceable>Another Name</replaceable></
 	<quote>Common Name</quote> prompt shows a domain name.
 	This prompt requires a server name to be entered for
 	verification purposes; placing anything	but a domain name
-	would yield a useless certificate.  Other options for
+	would yield a useless certificate.  Other options, for
 	instance expire time, alternate encryption algorithms, etc.
 	are available.  A complete list may be obtained by viewing
 	the &man.openssl.1; manual page.</para>
 
-      <para>A file, <filename>cert.pem</filename> should now exist in
+      <para>A <filename>cert.pem</filename> file should now exist in
 	the directory which the aforementioned command was issued.  This
-	is the certificate which may be sent to any one of the many
-	<acronym>CA</acronym>s for signing.</para>
+	is the certificate which may be sent to any
+	<acronym>CA</acronym> for signing.</para>
 
       <para>In cases where a signature from a <acronym>CA</acronym> is
 	not required, a self signed certificate can be created.  First,