Fix some typos in pod files

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1189)

doc/apps/asn1parse.pod

@@ -125,7 +125,7 @@ The output will typically contain lines like this:
 
 .....
 
-This example is part of a self signed certificate. Each line starts with the
+This example is part of a self-signed certificate. Each line starts with the
 offset in decimal. B<d=XX> specifies the current depth. The depth is increased
 within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length
 (tag and length octets) of the current type. B<l=XX> gives the length of

doc/apps/ca.pod

@@ -89,7 +89,7 @@ signed by the CA.
 
 =item B<-ss_cert filename>
 
-a single self signed certificate to be signed by the CA.
+a single self-signed certificate to be signed by the CA.
 
 =item B<-spkac filename>
 
@@ -643,11 +643,11 @@ CRL: however there is no option to do this.
 V2 CRL features like delta CRLs are not currently supported.
 
 Although several requests can be input and handled at once it is only
-possible to include one SPKAC or self signed certificate.
+possible to include one SPKAC or self-signed certificate.
 
 =head1 BUGS
 
-The use of an in memory text database can cause problems when large
+The use of an in-memory text database can cause problems when large
 numbers of certificates are present because, as the name implies
 the database has to be kept in memory.
 

doc/apps/ciphers.pod

@@ -246,7 +246,7 @@ Cipher suites using authenticated ephemeral ECDH key agreement.
 
 =item B<AECDH>
 
-Anonymous Elliptic Curve Diffie Hellman cipher suites.
+Anonymous Elliptic Curve Diffie-Hellman cipher suites.
 
 =item B<aDSS>, B<DSS>
 

doc/apps/dgst.pod

@@ -225,8 +225,8 @@ prior to verification.
 
 =head1 HISTORY
 
-The default digest was changed from MD5 to SHA256 in Openssl 1.1.
-The FIPS-related options were removed in OpenSSL 1.1
+The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0
+The FIPS-related options were removed in OpenSSL 1.1.0
 
 =head1 COPYRIGHT
 

doc/apps/genpkey.pod

@@ -73,14 +73,14 @@ implementation. See B<KEY GENERATION OPTIONS> below for more details.
 =item B<-genparam>
 
 generate a set of parameters instead of a private key. If used this option must
-precede and B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
+precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
 
 =item B<-paramfile filename>
 
 Some public key algorithms generate a private key based on a set of parameters.
 They can be supplied using this option. If this option is used the public key
 algorithm used is determined by the parameters. If used this option must
-precede and B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
+precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
 are mutually exclusive.
 
 =item B<-text>

doc/apps/nseq.pod

@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-nseq - create or examine a netscape certificate sequence
+nseq - create or examine a Netscape certificate sequence
 
 =head1 SYNOPSIS
 

doc/apps/openssl.pod

@@ -353,7 +353,7 @@ RC5 Cipher
 =head1 COMMAND OPTIONS
 
 Details of which options are available depend on the specific command.
-This section desribes some common options with common behavior.
+This section describes some common options with common behavior.
 
 =head2 Common Options
 

doc/apps/pkeyutl.pod

@@ -125,7 +125,7 @@ derive a shared secret using the peer key.
 
 Use key derivation function B<algorithm>.  The supported algorithms are
 at present B<TLS1-PRF> and B<HKDF>.
-Note: additional paramers and the KDF output length will normally have to be
+Note: additional parameters and the KDF output length will normally have to be
 set for this to work.  See L<EVP_PKEY_HKDF(3)> and L<EVP_PKEY_TLS1_PRF(3)>
 for the supported string parameters of each algorithm.
 

doc/apps/s_server.pod

@@ -305,7 +305,7 @@ from the client.
 =item B<-dtls>, B<-dtls1>, B<-dtls1_2>
 
 These options make B<s_server> use DTLS protocols instead of TLS.
-With B<-dtls>, B<s_server> will negotiate any supported DTLS protcol version,
+With B<-dtls>, B<s_server> will negotiate any supported DTLS protocol version,
 whilst B<-dtls1> and B<-dtls1_2> will only support DTLSv1.0 and DTLSv1.2
 respectively.
 
@@ -339,7 +339,7 @@ L<SSL_CTX_set_split_send_fragment(3)> for further information.
 
 The maximum number of encrypt/decrypt pipelines to be used. This will only have
 an effect if an engine has been loaded that supports pipelining (e.g. the dasync
-engine) and a suiteable ciphersuite has been negotiated. The default value is 1.
+engine) and a suitable ciphersuite has been negotiated. The default value is 1.
 See L<SSL_CTX_set_max_pipelines(3)> for further information.
 
 =item B<-read_buf int>

doc/apps/verify.pod

@@ -210,14 +210,14 @@ effect.
 A B<file> of additional untrusted certificates (intermediate issuer CAs) used
 to construct a certificate chain from the subject certificate to a trust-anchor.
 The B<file> should contain one or more certificates in PEM format.
-This option can be specified more than once to include untrusted certiificates
+This option can be specified more than once to include untrusted certificates
 from multiple B<files>.
 
 =item B<-trusted file>
 
 A B<file> of trusted certificates, which must be self-signed, unless the
 B<-partial_chain> option is specified.
-The B<file> contain one or more certificates in PEM format.
+The B<file> contains one or more certificates in PEM format.
 With this option, no additional (e.g., default) certificate lists are
 consulted.
 That is, the only trust-anchors are those listed in B<file>.
@@ -340,7 +340,7 @@ CA.
 
 The process of 'looking up the issuers certificate' itself involves a number of
 steps.
-Ater all certificates whose subject name matches the issuer name of the current
+After all certificates whose subject name matches the issuer name of the current
 certificate are subject to further tests.
 The relevant authority key identifier components of the current certificate (if
 present) must match the subject key identifier (if present) and issuer and
@@ -388,7 +388,7 @@ problem was detected starting with zero for the certificate being verified itsel
 then 1 for the CA that signed the certificate and so on. Finally a text version
 of the error number is presented.
 
-An partial list of the error codes and messages is shown below, this also
+A partial list of the error codes and messages is shown below, this also
 includes the name of the error code as defined in the header file x509_vfy.h
 Some of the error codes are defined but never returned: these are described
 as "unused".
@@ -473,7 +473,7 @@ An error occurred trying to allocate memory. This should never happen.
 
 =item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT>
 
-The passed certificate is self signed and the same certificate cannot be found in the list of
+The passed certificate is self-signed and the same certificate cannot be found in the list of
 trusted certificates.
 
 =item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN>

doc/apps/x509.pod

@@ -834,7 +834,7 @@ Otherwise it is the same as a normal SSL server.
 
 The extended key usage extension must be absent or include the "email
 protection" OID. Netscape certificate type must be absent or should have the
-S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
+S/MIME bit set. If the S/MIME bit is not set in Netscape certificate type
 then the SSL client bit is tolerated as an alternative but a warning is shown:
 this is because some Verisign certificates don't set the S/MIME bit.