ispell (and minor modifications)
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
index 0e0b7fc..4eef57e 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -66,7 +66,7 @@
 	    $RET=$?;
 	    print "Request (and private key) is in newreq.pem\n";
 	} elsif (/^-newca$/) {
-		# if explictly asked for or it doesn't exist then setup the
+		# if explicitly asked for or it doesn't exist then setup the
 		# directory structure that Eric likes to manage things 
 	    $NEW="1";
 	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {
diff --git a/apps/CA.sh b/apps/CA.sh
index 728f5bf..d9f3069 100644
--- a/apps/CA.sh
+++ b/apps/CA.sh
@@ -60,7 +60,7 @@
     echo "Request (and private key) is in newreq.pem"
     ;;
 -newca)     
-    # if explictly asked for or it doesn't exist then setup the directory
+    # if explicitly asked for or it doesn't exist then setup the directory
     # structure that Eric likes to manage things 
     NEW="1"
     if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
diff --git a/apps/app_rand.c b/apps/app_rand.c
index 6384dd0..b94c853 100644
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@@ -180,7 +180,7 @@
 	if (!seeded)
 		/* If we did not manage to read the seed file,
 		 * we should not write a low-entropy seed file back --
-		 * it would supress a crucial warning the next time
+		 * it would suppress a crucial warning the next time
 		 * we want to use it. */
 		return 0;
 
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index e4a9d18..ac1e20d 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -74,7 +74,7 @@
  * -i		- indent the details by depth
  * -offset	- where in the file to start
  * -length	- how many bytes to use
- * -oid file	- extra oid decription file
+ * -oid file	- extra oid description file
  */
 
 #undef PROG
@@ -172,7 +172,7 @@
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
-		BIO_printf(bio_err," -length arg   lenth of section in file\n");
+		BIO_printf(bio_err," -length arg   length of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
 		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
 		BIO_printf(bio_err," -strparse offset\n");
diff --git a/apps/ca.c b/apps/ca.c
index 55a7ff7..8696b41 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -517,7 +517,7 @@
 		}
 
 	/*****************************************************************/
-	/* we definitly need an public key, so lets get it */
+	/* we definitely need an public key, so lets get it */
 
 	if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
 		section,ENV_PRIVATE_KEY)) == NULL))
@@ -592,7 +592,7 @@
 		if (access(outdir,R_OK|W_OK|X_OK) != 0)
 #endif
 			{
-			BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir);
+			BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
 			perror(outdir);
 			goto err;
 			}
@@ -676,7 +676,7 @@
 		TXT_DB_write(out,db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
 			db->data->num);
-		BIO_printf(bio_err,"generating indexs\n");
+		BIO_printf(bio_err,"generating index\n");
 		}
 	
 	if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash,
@@ -1008,14 +1008,14 @@
 			out=NULL;
 			if (rename(serialfile,buf[2]) < 0)
 				{
-				BIO_printf(bio_err,"unabel to rename %s to %s\n",
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
 					serialfile,buf[2]);
 				perror("reason");
 				goto err;
 				}
 			if (rename(buf[0],serialfile) < 0)
 				{
-				BIO_printf(bio_err,"unabel to rename %s to %s\n",
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
 					buf[0],serialfile);
 				perror("reason");
 				rename(buf[2],serialfile);
@@ -1032,14 +1032,14 @@
 
 			if (rename(dbfile,buf[2]) < 0)
 				{
-				BIO_printf(bio_err,"unabel to rename %s to %s\n",
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
 					dbfile,buf[2]);
 				perror("reason");
 				goto err;
 				}
 			if (rename(buf[1],dbfile) < 0)
 				{
-				BIO_printf(bio_err,"unabel to rename %s to %s\n",
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
 					buf[1],dbfile);
 				perror("reason");
 				rename(buf[2],dbfile);
@@ -1686,7 +1686,7 @@
 		}
 
 	if (verbose)
-		BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n");
+		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
 
 	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
 	row[DB_serial]=BN_bn2hex(serial);
@@ -1743,7 +1743,7 @@
 		goto err;
 		}
 
-	/* We are now totaly happy, lets make and sign the certificate */
+	/* We are now totally happy, lets make and sign the certificate */
 	if (verbose)
 		BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
 
@@ -1790,7 +1790,7 @@
 		ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
 
 		/* Free the current entries if any, there should not
-		 * be any I belive */
+		 * be any I believe */
 		if (ci->extensions != NULL)
 			sk_X509_EXTENSION_pop_free(ci->extensions,
 						   X509_EXTENSION_free);
diff --git a/apps/dh.c b/apps/dh.c
index e54cd29..becbdb6 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -219,7 +219,7 @@
 		BN_print(stdout,dh->g);
 		printf("\n");
 		if (dh->length != 0)
-			printf("recomented private length=%ld\n",dh->length);
+			printf("recommended private length=%ld\n",dh->length);
 #endif
 		}
 	
@@ -298,7 +298,7 @@
 			}
 		if (!i)
 			{
-			BIO_printf(bio_err,"unable to write DH paramaters\n");
+			BIO_printf(bio_err,"unable to write DH parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
diff --git a/apps/dhparam.c b/apps/dhparam.c
index fa37b2a..5b769b7 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -335,7 +335,7 @@
 			}
 		if (!i)
 			{
-			BIO_printf(bio_err,"unable to write DH paramaters\n");
+			BIO_printf(bio_err,"unable to write DH parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 47d92cc..9fc5697 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -317,7 +317,7 @@
 			}
 		if (!i)
 			{
-			BIO_printf(bio_err,"unable to write DSA paramaters\n");
+			BIO_printf(bio_err,"unable to write DSA parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
diff --git a/apps/enc.c b/apps/enc.c
index d5db3bf..0beb637 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -245,7 +245,7 @@
 			BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
 #endif
 #ifndef NO_BF
-			BIO_printf(bio_err,"bf      :128 bit key BlowFish encryption\n");
+			BIO_printf(bio_err,"bf      :128 bit key Blowfish encryption\n");
 #endif
 #ifndef NO_RC4
 			BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 00a5565..ab760f6 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -94,7 +94,7 @@
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	if ((out=BIO_new(BIO_s_file())) == NULL)
 		{
-		BIO_printf(bio_err,"unable to creat BIO for output\n");
+		BIO_printf(bio_err,"unable to create BIO for output\n");
 		goto err;
 		}
 
@@ -178,7 +178,7 @@
 
 	if (rsa == NULL) goto err;
 	
-	/* We need to do the folloing for when the base number size is <
+	/* We need to do the following for when the base number size is <
 	 * long, esp windows 3.1 :-(. */
 	l=0L;
 	for (i=0; i<rsa->e->top; i++)
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index a027566..0c8dc47 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -492,7 +492,7 @@
     CRYPTO_push_info("verify MAC");
 #endif
 	if (!PKCS12_verify_mac (p12, mpass, -1)) {
-	    BIO_printf (bio_err, "Mac verify errror: invalid password?\n");
+	    BIO_printf (bio_err, "Mac verify error: invalid password?\n");
 	    ERR_print_errors (bio_err);
 	    goto end;
 	} else BIO_printf (bio_err, "MAC verified OK\n");
diff --git a/apps/s_client.c b/apps/s_client.c
index 0e15812..b70777e 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -148,7 +148,7 @@
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
-	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'openssl ciphers'\n");
+	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
 
 	}
@@ -354,7 +354,7 @@
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 	if (cipher != NULL)
 		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
-		BIO_printf(bio_err,"error seting cipher list\n");
+		BIO_printf(bio_err,"error setting cipher list\n");
 		ERR_print_errors(bio_err);
 		goto end;
 	}
@@ -370,7 +370,7 @@
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(ctx)))
 		{
-		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
+		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}
diff --git a/apps/s_server.c b/apps/s_server.c
index 87abdfa..f723e55 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -239,7 +239,7 @@
 #ifndef NO_DH
 	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
 #endif
-	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatability\n");
+	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	}
@@ -698,7 +698,7 @@
 
 	if (cipher != NULL)
 		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
-		BIO_printf(bio_err,"error seting cipher list\n");
+		BIO_printf(bio_err,"error setting cipher list\n");
 		ERR_print_errors(bio_err);
 		goto end;
 	}
@@ -1448,7 +1448,7 @@
 	/* make sure we re-use sessions */
 	SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
-	/* This kills performace */
+	/* This kills performance */
 /*	SSL_shutdown(con); A shutdown gets sent in the
  *	BIO_free_all(io) procession */
 #endif
diff --git a/apps/s_time.c b/apps/s_time.c
index c17ede4..5c3c251 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -216,7 +216,7 @@
                 file if not specified by this option\n\
 -CApath arg   - PEM format directory of CA's\n\
 -CAfile arg   - PEM format file of CA's\n\
--cipher       - prefered cipher to use, play with 'openssl ciphers'\n\n";
+-cipher       - preferred cipher to use, play with 'openssl ciphers'\n\n";
 
 	printf( "usage: s_time <args>\n\n" );
 
@@ -225,7 +225,7 @@
 	printf("-nbio         - Run with non-blocking IO\n");
 	printf("-ssl2         - Just use SSLv2\n");
 	printf("-ssl3         - Just use SSLv3\n");
-	printf("-bugs         - Turn on SSL bug compatability\n");
+	printf("-bugs         - Turn on SSL bug compatibility\n");
 	printf("-new          - Just time new connections\n");
 	printf("-reuse        - Just time connection reuse\n");
 	printf("-www page     - Retrieve 'page' from the site\n");
@@ -431,7 +431,7 @@
 	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
 		{
-		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
+		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}
diff --git a/apps/smime.c b/apps/smime.c
index adeba5c..95bda83 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -294,7 +294,7 @@
 		encerts = sk_X509_new_null();
 		while (*args) {
 			if(!(cert = load_cert(*args))) {
-				BIO_printf(bio_err, "Can't read recipent certificate file %s\n", *args);
+				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
 				goto end;
 			}
 			sk_X509_push(encerts, cert);
diff --git a/apps/verify.c b/apps/verify.c
index e580ace..a69c5d8 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -119,7 +119,7 @@
 				i = X509_PURPOSE_get_by_sname(*(++argv));
 				if(i < 0)
 					{
-					BIO_printf(bio_err, "unrecognised purpose\n");
+					BIO_printf(bio_err, "unrecognized purpose\n");
 					goto end;
 					}
 				xptmp = X509_PURPOSE_iget(i);
@@ -185,7 +185,7 @@
 end:
 	if (ret == 1) {
 		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
-		BIO_printf(bio_err,"recognised usages:\n");
+		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;
 			ptmp = X509_PURPOSE_iget(i);
diff --git a/apps/x509.c b/apps/x509.c
index c5b163e..56e2271 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -93,7 +93,7 @@
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -passin arg     - private key password\n",
-" -envpassin arg  - read private key password from encvironment variable \"arg\"\n",
+" -envpassin arg  - read private key password from environment variable \"arg\"\n",
 " -serial         - print serial number value\n",
 " -hash           - print hash value\n",
 " -subject        - print subject DN\n",
@@ -119,7 +119,7 @@
 " -req            - input is a certificate request, sign and output.\n",
 " -CA arg         - set the CA certificate, must be PEM format.\n",
 " -CAkey arg      - set the CA key, must be PEM format\n",
-"                   missing, it is asssumed to be in the CA file.\n",
+"                   missing, it is assumed to be in the CA file.\n",
 " -CAcreateserial - create serial number file if it does not exist\n",
 " -CAserial       - serial file\n",
 " -text           - print the certificate in text form\n",