Commit 44e453d0f9 for openssl.org

commit 44e453d0f9c765e14c4d1f5dcde9a616fc7d05df
Author: kovan <xaum.io@gmail.com>
Date:   Tue Jan 27 12:11:08 2026 +0100

    doc: fix -signcert grouping in CA.pl documentation

    The -signcert option was incorrectly grouped with -sign and -xsign at
    line 109, which implied they were equivalent. However, -signcert is
    different: it expects a self-signed certificate (not a certificate
    request) in newreq.pem, and converts it to a request before signing.

    This is correctly documented in its own separate section at line 123,
    which states "-signcert is the same as -sign except it expects a self
    signed certificate".

    Remove -signcert from the -sign/-xsign grouping to eliminate the
    contradiction.

    Resolves: https://github.com/openssl/openssl/issues/29165
    Fixes: 022696cab014 "Allow CA.pl script user to pass extra arguments to openssl command"
    Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
    MergeDate: Tue Mar 31 01:10:50 2026
    (Merged from https://github.com/openssl/openssl/pull/29794)

diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod
index 184382ee83..3d7c644249 100644
--- a/doc/man1/CA.pl.pod
+++ b/doc/man1/CA.pl.pod
@@ -106,7 +106,7 @@ If there is an additional argument on the command line it will be used as the
 list box), otherwise the name "My Certificate" is used.
 Delegates work to L<openssl-pkcs12(1)>.

-=item B<-sign>, B<-signcert>, B<-xsign>
+=item B<-sign>, B<-xsign>

 Calls the L<openssl-ca(1)> command to sign a certificate request. It expects the
 request to be in the file F<newreq.pem>. The new certificate is written to the