Remove (in)ability to sign certificates with -A and -g

This broke quite a while ago due to changes in openssl(1) and it's
kind of a bad way to do things anyway. Just remove it.

This fixes -g, which was entirely broken.

1 files changed, 2 insertions, 44 deletions

diff --git a/pounce.1 b/pounce.1
index e4919d2..ce54479 100644
--- a/pounce.1
+++ b/pounce.1
@@ -1,4 +1,4 @@
-.Dd July 16, 2023
+.Dd November  5, 2024
 .Dt POUNCE 1
 .Os
 .
@@ -45,7 +45,6 @@
 .Op Ar config ...
 .
 .Nm
-.Op Fl A Ar ca
 .Fl g Ar cert
 .
 .Nm
@@ -403,11 +402,6 @@ Generate a TLS client certificate using
 .Xr openssl 1
 and write it to
 .Ar path .
-The certificate is signed
-by the certificate authority if
-.Fl A
-is set,
-otherwise it is self-signed.
 .
 .It Fl o
 Print the server certificate chain
@@ -529,7 +523,7 @@ not to the server.
 .Ss Generating Client Certificates
 .Bl -enum
 .It
-Generate self-signed client certificates and private keys:
+Generate client certificates and private keys:
 .Bd -literal -offset indent
 $ pounce -g client1.pem
 $ pounce -g client2.pem
@@ -553,42 +547,6 @@ local-ca = auth.pem
 .Ed
 .El
 .
-.Pp
-Alternatively,
-client certificates can be signed
-by a generated certificate authority:
-.
-.Bl -enum
-.It
-Generate a self-signed certificate authority:
-.Bd -literal -offset indent
-$ pounce -g auth.pem
-.Ed
-.It
-Generate and sign client certificates
-using the CA:
-.Bd -literal -offset indent
-$ pounce -A auth.pem -g client1.pem
-$ pounce -A auth.pem -g client2.pem
-.Ed
-.It
-Since only the public key is needed
-for certificate verification,
-extract it from the CA:
-.Bd -literal -offset indent
-$ openssl x509 -in auth.pem -out ~/.config/pounce/auth.crt
-.Ed
-.It
-Configure
-.Nm
-to verify client certificates
-against the CA:
-.Bd -literal -offset indent
-local-ca = auth.crt
-# or: $ pounce -A auth.crt
-.Ed
-.El
-.
 .Ss Configuring CertFP
 .Bl -enum
 .It