apps-cleanup: the doc fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>

doc/apps/ocsp.pod

@@ -25,7 +25,8 @@ B<openssl> B<ocsp>
 [B<-nonce>]
 [B<-no_nonce>]
 [B<-url URL>]
-[B<-host host:n>]
+[B<-host host:port>]
+[B<-header>]
 [B<-path>]
 [B<-CApath dir>]
 [B<-CAfile file>]
@@ -161,6 +162,12 @@ if the B<host> option is present then the OCSP request is sent to the host
 B<hostname> on port B<port>. B<path> specifies the HTTP path name to use
 or "/" by default.
 
+=item B<-header name=value>
+
+Adds the header B<name> with the specified B<value> to the OCSP request
+that is sent to the responder.
+This may be repeated.
+
 =item B<-timeout seconds>
 
 connection timeout to the OCSP responder in seconds

doc/apps/rsa.pod

@@ -14,7 +14,6 @@ B<openssl> B<rsa>
 [B<-passin arg>]
 [B<-out filename>]
 [B<-passout arg>]
-[B<-sgckey>]
 [B<-aes128>]
 [B<-aes192>]
 [B<-aes256>]
@@ -83,11 +82,6 @@ filename.
 the output file password source. For more information about the format of B<arg>
 see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
 
-=item B<-sgckey>
-
-use the modified NET algorithm used with some versions of Microsoft IIS and SGC
-keys.
-
 =item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>
 
 These options encrypt the private key with the specified
@@ -165,8 +159,7 @@ files. To use these with the utility, view the file with a binary editor
 and look for the string "private-key", then trace back to the byte
 sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data
 from this point onwards to another file and use that as the input
-to the B<rsa> utility with the B<-inform NET> option. If you get
-an error after entering the password try the B<-sgckey> option.
+to the B<rsa> utility with the B<-inform NET> option.
 
 =head1 EXAMPLES
 

doc/apps/x509.pod

@@ -366,8 +366,7 @@ the B<-signkey> or B<-CA> options. If used in conjunction with the B<-CA>
 option the serial number file (as specified by the B<-CAserial> or
 B<-CAcreateserial> options) is not used.
 
-The serial number can be decimal or hex (if preceded by B<0x>). Negative
-serial numbers can also be specified but their use is not recommended.
+The serial number can be decimal or hex (if preceded by B<0x>).
 
 =item B<-CA filename>
 
@@ -402,8 +401,9 @@ The default filename consists of the CA certificate file base name with
 
 with this option the CA serial number file is created if it does not exist:
 it will contain the serial number "02" and the certificate being signed will
-have the 1 as its serial number. Normally if the B<-CA> option is specified
-and the serial number file does not exist it is an error.
+have the 1 as its serial number. If the B<-CA> option is specified
+and the serial number file does not exist a random number is generated;
+this is the recommended practice.
 
 =item B<-extfile filename>
 

doc/crypto/ui.pod

@@ -106,6 +106,7 @@ most problems when porting.
 
 UI_free() removes a UI from memory, along with all other pieces of memory
 that's connected to it, like duplicated input strings, results and others.
+If B<ui> is NULL nothing is done.
 
 UI_add_input_string() and UI_add_verify_string() add a prompt to the UI,
 as well as flags and a result buffer and the desired minimum and maximum