diff --git a/base/libressl/libressl-cmake-rename-binaries.patch b/base/libressl/libressl-cmake-rename-binaries.patch new file mode 100644 index 0000000..41270cd --- /dev/null +++ b/base/libressl/libressl-cmake-rename-binaries.patch @@ -0,0 +1,15236 @@ +diff -Naur a/apps/nc/CMakeLists.txt b/apps/nc/CMakeLists.txt +--- a/apps/nc/CMakeLists.txt 2024-10-01 15:00:46.000000000 +0600 ++++ b/apps/nc/CMakeLists.txt 2025-01-09 23:19:23.219620732 +0600 +@@ -31,8 +31,8 @@ + + add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") + +-add_executable(nc ${NC_SRC}) +-target_include_directories(nc ++add_executable(nc-libre ${NC_SRC}) ++target_include_directories(nc-libre + PRIVATE + . + ./compat +@@ -40,12 +40,12 @@ + PUBLIC + ../../include + ${CMAKE_BINARY_DIR}/include) +-target_link_libraries(nc ${LIBTLS_LIBS} compat_obj) ++target_link_libraries(nc-libre ${LIBTLS_LIBS} compat_obj) + + if(ENABLE_NC) + if(ENABLE_LIBRESSL_INSTALL) +- install(TARGETS nc DESTINATION ${CMAKE_INSTALL_BINDIR}) +- install(FILES nc.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) ++ install(TARGETS nc-libre DESTINATION ${CMAKE_INSTALL_BINDIR}) ++ install(FILES nc-libre.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) + endif(ENABLE_LIBRESSL_INSTALL) + endif() + +diff -Naur a/apps/nc/nc.1 b/apps/nc/nc.1 +--- a/apps/nc/nc.1 2024-05-21 08:01:04.000000000 +0600 ++++ b/apps/nc/nc.1 1970-01-01 06:00:00.000000000 +0600 +@@ -1,589 +0,0 @@ +-.\" $OpenBSD: nc.1,v 1.98 2024/04/01 12:40:18 deraadt Exp $ +-.\" +-.\" Copyright (c) 1996 David Sacerdote +-.\" All rights reserved. +-.\" +-.\" Redistribution and use in source and binary forms, with or without +-.\" modification, are permitted provided that the following conditions +-.\" are met: +-.\" 1. Redistributions of source code must retain the above copyright +-.\" notice, this list of conditions and the following disclaimer. +-.\" 2. Redistributions in binary form must reproduce the above copyright +-.\" notice, this list of conditions and the following disclaimer in the +-.\" documentation and/or other materials provided with the distribution. +-.\" 3. The name of the author may not be used to endorse or promote products +-.\" derived from this software without specific prior written permission +-.\" +-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +-.\" +-.Dd $Mdocdate: April 1 2024 $ +-.Dt NC 1 +-.Os +-.Sh NAME +-.Nm nc +-.Nd arbitrary TCP and UDP connections and listens +-.Sh SYNOPSIS +-.Nm nc +-.Op Fl 46cDdFhklNnrStUuvz +-.Op Fl C Ar certfile +-.Op Fl e Ar name +-.Op Fl H Ar hash +-.Op Fl I Ar length +-.Op Fl i Ar interval +-.Op Fl K Ar keyfile +-.Op Fl M Ar ttl +-.Op Fl m Ar minttl +-.Op Fl O Ar length +-.Op Fl o Ar staplefile +-.Op Fl P Ar proxy_username +-.Op Fl p Ar source_port +-.Op Fl R Ar CAfile +-.Op Fl s Ar sourceaddr +-.Op Fl T Ar keyword +-.Op Fl V Ar rtable +-.Op Fl W Ar recvlimit +-.Op Fl w Ar timeout +-.Op Fl X Ar proxy_protocol +-.Op Fl x Ar proxy_address Ns Op : Ns Ar port +-.Op Fl Z Ar peercertfile +-.Op Ar destination +-.Op Ar port +-.Sh DESCRIPTION +-The +-.Nm +-(or +-.Nm netcat ) +-utility is used for just about anything under the sun involving TCP, +-UDP, or +-.Ux Ns -domain +-sockets. +-It can open TCP connections, send UDP packets, listen on arbitrary +-TCP and UDP ports, do port scanning, and deal with both IPv4 and +-IPv6. +-Unlike +-.Xr telnet 1 , +-.Nm +-scripts nicely, and separates error messages onto standard error instead +-of sending them to standard output, as +-.Xr telnet 1 +-does with some. +-.Pp +-Common uses include: +-.Pp +-.Bl -bullet -offset indent -compact +-.It +-simple TCP proxies +-.It +-shell-script based HTTP clients and servers +-.It +-network daemon testing +-.It +-a SOCKS or HTTP ProxyCommand for +-.Xr ssh 1 +-.It +-and much, much more +-.El +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl 4 +-Use IPv4 addresses only. +-.It Fl 6 +-Use IPv6 addresses only. +-.It Fl C Ar certfile +-Load the public key part of the TLS peer certificate from +-.Ar certfile , +-in PEM format. +-Requires +-.Fl c . +-.It Fl c +-Use TLS to connect or listen. +-Cannot be used together with any of the options +-.Fl FuU . +-.It Fl D +-Enable debugging on the socket. +-.It Fl d +-Do not attempt to read from stdin. +-.It Fl e Ar name +-Only accept the TLS peer certificate if it contains the +-.Ar name . +-Requires +-.Fl c . +-If not specified, +-.Ar destination +-is used. +-.It Fl F +-Pass the first connected socket using +-.Xr sendmsg 2 +-to stdout and exit. +-This is useful in conjunction with +-.Fl X +-to have +-.Nm +-perform connection setup with a proxy but then leave the rest of the +-connection to another program (e.g.\& +-.Xr ssh 1 +-using the +-.Xr ssh_config 5 +-.Cm ProxyUseFdpass +-option). +-Cannot be used with +-.Fl c +-or +-.Fl U . +-.It Fl H Ar hash +-Only accept the TLS peer certificate if its hash returned from +-.Xr tls_peer_cert_hash 3 +-matches +-.Ar hash . +-Requires +-.Fl c +-and cannot be used with +-.Fl T Cm noverify . +-.It Fl h +-Print out the +-.Nm +-help text and exit. +-.It Fl I Ar length +-Specify the size of the TCP receive buffer. +-.It Fl i Ar interval +-Sleep for +-.Ar interval +-seconds between lines of text sent and received. +-Also causes a delay time between connections to multiple ports. +-.It Fl K Ar keyfile +-Load the TLS private key from +-.Ar keyfile , +-in PEM format. +-Requires +-.Fl c . +-.It Fl k +-When a connection is completed, listen for another one. +-Requires +-.Fl l . +-When used together with the +-.Fl u +-option, the server socket is not connected and it can receive UDP datagrams from +-multiple hosts. +-.It Fl l +-Listen for an incoming connection rather than initiating a +-connection to a remote host. +-Cannot be used together with any of the options +-.Fl psxz . +-Additionally, any timeouts specified with the +-.Fl w +-option are ignored. +-.It Fl M Ar ttl +-Set the TTL / hop limit of outgoing packets. +-.It Fl m Ar minttl +-Ask the kernel to drop incoming packets whose TTL / hop limit is under +-.Ar minttl . +-.It Fl N +-.Xr shutdown 2 +-the network socket after EOF on the input. +-Some servers require this to finish their work. +-.It Fl n +-Do not perform domain name resolution. +-If a name cannot be resolved without DNS, an error will be reported. +-.It Fl O Ar length +-Specify the size of the TCP send buffer. +-.It Fl o Ar staplefile +-During the TLS handshake, load data to be stapled from +-.Ar staplefile , +-which is expected to contain an OCSP response from an OCSP server in +-DER format. +-Requires +-.Fl c +-and +-.Fl C . +-.It Fl P Ar proxy_username +-Specifies a username to present to a proxy server that requires authentication. +-If no username is specified then authentication will not be attempted. +-Proxy authentication is only supported for HTTP CONNECT proxies at present. +-.It Fl p Ar source_port +-Specify the source port +-.Nm +-should use, subject to privilege restrictions and availability. +-Cannot be used together with +-.Fl l . +-.It Fl R Ar CAfile +-Load the root CA bundle for TLS certificate verification from +-.Ar CAfile , +-in PEM format, instead of +-.Pa /etc/ssl/cert.pem . +-Requires +-.Fl c . +-.It Fl r +-Choose source and/or destination ports randomly +-instead of sequentially within a range or in the order that the system +-assigns them. +-.It Fl S +-Enable the RFC 2385 TCP MD5 signature option. +-.It Fl s Ar sourceaddr +-Set the source address to send packets from, +-which is useful on machines with multiple interfaces. +-For +-.Ux Ns -domain +-datagram sockets, specifies the local temporary socket file +-to create and use so that datagrams can be received. +-Cannot be used together with +-.Fl l +-or +-.Fl x . +-.It Fl T Ar keyword +-Change the IPv4 TOS/IPv6 traffic class value or the TLS options. +-.Pp +-For TLS options, +-.Ar keyword +-may be one of: +-.Cm noverify , +-which disables certificate verification; +-.Cm noname , +-which disables certificate name checking; +-.Cm clientcert , +-which requires a client certificate on incoming connections; or +-.Cm muststaple , +-which requires the peer to provide a valid stapled OCSP response +-with the handshake. +-The following TLS options specify a value in the form of a +-.Ar key Ns = Ns Ar value +-pair: +-.Cm ciphers , +-which allows the supported TLS ciphers to be specified (see +-.Xr tls_config_set_ciphers 3 +-for further details); +-.Cm protocols , +-which allows the supported TLS protocols to be specified (see +-.Xr tls_config_parse_protocols 3 +-for further details). +-Specifying TLS options requires +-.Fl c . +-.Pp +-For the IPv4 TOS/IPv6 traffic class value, +-.Ar keyword +-may be one of +-.Cm critical , +-.Cm inetcontrol , +-.Cm lowdelay , +-.Cm netcontrol , +-.Cm throughput , +-.Cm reliability , +-or one of the DiffServ Code Points: +-.Cm ef , +-.Cm af11 No ... Cm af43 , +-.Cm cs0 No ... Cm cs7 ; +-or a number in either hex or decimal. +-.It Fl t +-Send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests. +-This makes it possible to use +-.Nm +-to script telnet sessions. +-.It Fl U +-Use +-.Ux Ns -domain +-sockets. +-Cannot be used together with any of the options +-.Fl cFx . +-.It Fl u +-Use UDP instead of TCP. +-Cannot be used together with +-.Fl c +-or +-.Fl x . +-For +-.Ux Ns -domain +-sockets, use a datagram socket instead of a stream socket. +-If a +-.Ux Ns -domain +-socket is used, a temporary receiving socket is created in +-.Pa /tmp +-unless the +-.Fl s +-flag is given. +-.It Fl V Ar rtable +-Set the routing table to be used. +-.It Fl v +-Produce more verbose output. +-.It Fl W Ar recvlimit +-Terminate after receiving +-.Ar recvlimit +-packets from the network. +-.It Fl w Ar timeout +-Connections which cannot be established or are idle timeout after +-.Ar timeout +-seconds. +-The +-.Fl w +-flag has no effect on the +-.Fl l +-option, i.e.\& +-.Nm +-will listen forever for a connection, with or without the +-.Fl w +-flag. +-The default is no timeout. +-.It Fl X Ar proxy_protocol +-Use +-.Ar proxy_protocol +-when talking to the proxy server. +-Supported protocols are +-.Cm 4 +-(SOCKS v.4), +-.Cm 5 +-(SOCKS v.5) +-and +-.Cm connect +-(HTTPS proxy). +-If the protocol is not specified, SOCKS version 5 is used. +-.It Fl x Ar proxy_address Ns Op : Ns Ar port +-Connect to +-.Ar destination +-using a proxy at +-.Ar proxy_address +-and +-.Ar port . +-If +-.Ar port +-is not specified, the well-known port for the proxy protocol is used (1080 +-for SOCKS, 3128 for HTTPS). +-An IPv6 address can be specified unambiguously by enclosing +-.Ar proxy_address +-in square brackets. +-A proxy cannot be used with any of the options +-.Fl lsuU . +-.It Fl Z Ar peercertfile +-Save the peer certificates to +-.Ar peercertfile , +-in PEM format. +-Requires +-.Fl c . +-.It Fl z +-Only scan for listening daemons, without sending any data to them. +-Cannot be used together with +-.Fl l . +-.El +-.Pp +-.Ar destination +-can be a numerical IP address or a symbolic hostname +-(unless the +-.Fl n +-option is given). +-In general, a destination must be specified, +-unless the +-.Fl l +-option is given +-(in which case the local host is used). +-For +-.Ux Ns -domain +-sockets, a destination is required and is the socket path to connect to +-(or listen on if the +-.Fl l +-option is given). +-.Pp +-.Ar port +-can be specified as a numeric port number or as a service name. +-Port ranges may be specified as numeric port numbers of the form +-.Ar nn Ns - Ns Ar mm . +-In general, +-a destination port must be specified, +-unless the +-.Fl U +-option is given. +-For some options, the value 0 requests that the system choose a port number. +-.Sh CLIENT/SERVER MODEL +-It is quite simple to build a very basic client/server model using +-.Nm . +-On one console, start +-.Nm +-listening on a specific port for a connection. +-For example: +-.Pp +-.Dl $ nc -l 1234 +-.Pp +-.Nm +-is now listening on port 1234 for a connection. +-On a second console +-.Pq or a second machine , +-connect to the machine and port being listened on: +-.Pp +-.Dl $ nc -N 127.0.0.1 1234 +-.Pp +-There should now be a connection between the ports. +-Anything typed at the second console will be concatenated to the first, +-and vice-versa. +-After the connection has been set up, +-.Nm +-does not really care which side is being used as a +-.Sq server +-and which side is being used as a +-.Sq client . +-The connection may be terminated using an +-.Dv EOF +-.Pq Sq ^D , +-as the +-.Fl N +-flag was given. +-.Sh DATA TRANSFER +-The example in the previous section can be expanded to build a +-basic data transfer model. +-Any information input into one end of the connection will be output +-to the other end, and input and output can be easily captured in order to +-emulate file transfer. +-.Pp +-Start by using +-.Nm +-to listen on a specific port, with output captured into a file: +-.Pp +-.Dl $ nc -l 1234 > filename.out +-.Pp +-Using a second machine, connect to the listening +-.Nm +-process, feeding it the file which is to be transferred: +-.Pp +-.Dl $ nc -N host.example.com 1234 < filename.in +-.Pp +-After the file has been transferred, the connection will close automatically. +-.Sh TALKING TO SERVERS +-It is sometimes useful to talk to servers +-.Dq by hand +-rather than through a user interface. +-It can aid in troubleshooting, +-when it might be necessary to verify what data a server is sending +-in response to commands issued by the client. +-For example, to retrieve the home page of a web site: +-.Bd -literal -offset indent +-$ printf "GET / HTTP/1.0\er\en\er\en" | nc host.example.com 80 +-.Ed +-.Pp +-Note that this also displays the headers sent by the web server. +-They can be filtered, using a tool such as +-.Xr sed 1 , +-if necessary. +-.Pp +-More complicated examples can be built up when the user knows the format +-of requests required by the server. +-As another example, an email may be submitted to an SMTP server using: +-.Bd -literal -offset indent +-$ nc localhost 25 << EOF +-HELO host.example.com +-MAIL FROM: +-RCPT TO: +-DATA +-Body of email. +-\&. +-QUIT +-EOF +-.Ed +-.Sh PORT SCANNING +-It may be useful to know which ports are open and running services on +-a target machine. +-The +-.Fl z +-flag can be used to tell +-.Nm +-to report open ports, +-rather than initiate a connection. +-For example: +-.Bd -literal -offset indent +-$ nc -z host.example.com 20-30 +-Connection to host.example.com 22 port [tcp/ssh] succeeded! +-Connection to host.example.com 25 port [tcp/smtp] succeeded! +-.Ed +-.Pp +-The port range was specified to limit the search to ports 20 \- 30. +-.Pp +-Alternatively, it might be useful to know which server software +-is running, and which versions. +-This information is often contained within the greeting banners. +-In order to retrieve these, it is necessary to first make a connection, +-and then break the connection when the banner has been retrieved. +-This can be accomplished by specifying a small timeout with the +-.Fl w +-flag, or perhaps by issuing a +-.Qq Dv QUIT +-command to the server: +-.Bd -literal -offset indent +-$ echo "QUIT" | nc host.example.com 20-30 +-SSH-1.99-OpenSSH_3.6.1p2 +-Protocol mismatch. +-220 host.example.com IMS SMTP Receiver Version 0.84 Ready +-.Ed +-.Sh EXAMPLES +-Open a TCP connection to port 42 of host.example.com, using port 31337 as +-the source port, with a timeout of 5 seconds: +-.Pp +-.Dl $ nc -p 31337 -w 5 host.example.com 42 +-.Pp +-Open a TCP connection to port 443 of www.example.com, and negotiate TLS with +-any supported TLS protocol version and "compat" ciphers: +-.Pp +-.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443 +-.Pp +-Open a TCP connection to port 443 of www.google.ca, and negotiate TLS. +-Check for a different name in the certificate for validation: +-.Pp +-.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443 +-.Pp +-Open a UDP connection to port 53 of host.example.com: +-.Pp +-.Dl $ nc -u host.example.com 53 +-.Pp +-Open a TCP connection to port 42 of host.example.com using 10.1.2.3 as the +-IP for the local end of the connection: +-.Pp +-.Dl $ nc -s 10.1.2.3 host.example.com 42 +-.Pp +-Create and listen on a +-.Ux Ns -domain +-stream socket: +-.Pp +-.Dl $ nc -lU /var/tmp/dsocket +-.Pp +-Connect to port 42 of host.example.com via an HTTP proxy at 10.2.3.4, +-port 8080. +-This example could also be used by +-.Xr ssh 1 ; +-see the +-.Cm ProxyCommand +-directive in +-.Xr ssh_config 5 +-for more information. +-.Pp +-.Dl $ nc -x10.2.3.4:8080 -Xconnect host.example.com 42 +-.Pp +-The same example again, this time enabling proxy authentication with username +-.Dq ruser +-if the proxy requires it: +-.Pp +-.Dl $ nc -x10.2.3.4:8080 -Xconnect -Pruser host.example.com 42 +-.Sh SEE ALSO +-.Xr cat 1 , +-.Xr ssh 1 +-.Sh AUTHORS +-Original implementation by +-.An *Hobbit* Aq Mt hobbit@avian.org . +-.br +-Rewritten with IPv6 support by +-.An Eric Jackson Aq Mt ericj@monkey.org . +-.Sh CAVEATS +-UDP port scans using the +-.Fl uz +-combination of flags will always report success irrespective of +-the target machine's state. +-However, +-in conjunction with a traffic sniffer either on the target machine +-or an intermediary device, +-the +-.Fl uz +-combination could be useful for communications diagnostics. +-Note that the amount of UDP traffic generated may be limited either +-due to hardware resources and/or configuration settings. +diff -Naur a/apps/nc/nc-libre.1 b/apps/nc/nc-libre.1 +--- a/apps/nc/nc-libre.1 1970-01-01 06:00:00.000000000 +0600 ++++ b/apps/nc/nc-libre.1 2024-05-21 08:01:04.000000000 +0600 +@@ -0,0 +1,589 @@ ++.\" $OpenBSD: nc.1,v 1.98 2024/04/01 12:40:18 deraadt Exp $ ++.\" ++.\" Copyright (c) 1996 David Sacerdote ++.\" All rights reserved. ++.\" ++.\" Redistribution and use in source and binary forms, with or without ++.\" modification, are permitted provided that the following conditions ++.\" are met: ++.\" 1. Redistributions of source code must retain the above copyright ++.\" notice, this list of conditions and the following disclaimer. ++.\" 2. Redistributions in binary form must reproduce the above copyright ++.\" notice, this list of conditions and the following disclaimer in the ++.\" documentation and/or other materials provided with the distribution. ++.\" 3. The name of the author may not be used to endorse or promote products ++.\" derived from this software without specific prior written permission ++.\" ++.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++.\" ++.Dd $Mdocdate: April 1 2024 $ ++.Dt NC 1 ++.Os ++.Sh NAME ++.Nm nc ++.Nd arbitrary TCP and UDP connections and listens ++.Sh SYNOPSIS ++.Nm nc ++.Op Fl 46cDdFhklNnrStUuvz ++.Op Fl C Ar certfile ++.Op Fl e Ar name ++.Op Fl H Ar hash ++.Op Fl I Ar length ++.Op Fl i Ar interval ++.Op Fl K Ar keyfile ++.Op Fl M Ar ttl ++.Op Fl m Ar minttl ++.Op Fl O Ar length ++.Op Fl o Ar staplefile ++.Op Fl P Ar proxy_username ++.Op Fl p Ar source_port ++.Op Fl R Ar CAfile ++.Op Fl s Ar sourceaddr ++.Op Fl T Ar keyword ++.Op Fl V Ar rtable ++.Op Fl W Ar recvlimit ++.Op Fl w Ar timeout ++.Op Fl X Ar proxy_protocol ++.Op Fl x Ar proxy_address Ns Op : Ns Ar port ++.Op Fl Z Ar peercertfile ++.Op Ar destination ++.Op Ar port ++.Sh DESCRIPTION ++The ++.Nm ++(or ++.Nm netcat ) ++utility is used for just about anything under the sun involving TCP, ++UDP, or ++.Ux Ns -domain ++sockets. ++It can open TCP connections, send UDP packets, listen on arbitrary ++TCP and UDP ports, do port scanning, and deal with both IPv4 and ++IPv6. ++Unlike ++.Xr telnet 1 , ++.Nm ++scripts nicely, and separates error messages onto standard error instead ++of sending them to standard output, as ++.Xr telnet 1 ++does with some. ++.Pp ++Common uses include: ++.Pp ++.Bl -bullet -offset indent -compact ++.It ++simple TCP proxies ++.It ++shell-script based HTTP clients and servers ++.It ++network daemon testing ++.It ++a SOCKS or HTTP ProxyCommand for ++.Xr ssh 1 ++.It ++and much, much more ++.El ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl 4 ++Use IPv4 addresses only. ++.It Fl 6 ++Use IPv6 addresses only. ++.It Fl C Ar certfile ++Load the public key part of the TLS peer certificate from ++.Ar certfile , ++in PEM format. ++Requires ++.Fl c . ++.It Fl c ++Use TLS to connect or listen. ++Cannot be used together with any of the options ++.Fl FuU . ++.It Fl D ++Enable debugging on the socket. ++.It Fl d ++Do not attempt to read from stdin. ++.It Fl e Ar name ++Only accept the TLS peer certificate if it contains the ++.Ar name . ++Requires ++.Fl c . ++If not specified, ++.Ar destination ++is used. ++.It Fl F ++Pass the first connected socket using ++.Xr sendmsg 2 ++to stdout and exit. ++This is useful in conjunction with ++.Fl X ++to have ++.Nm ++perform connection setup with a proxy but then leave the rest of the ++connection to another program (e.g.\& ++.Xr ssh 1 ++using the ++.Xr ssh_config 5 ++.Cm ProxyUseFdpass ++option). ++Cannot be used with ++.Fl c ++or ++.Fl U . ++.It Fl H Ar hash ++Only accept the TLS peer certificate if its hash returned from ++.Xr tls_peer_cert_hash 3 ++matches ++.Ar hash . ++Requires ++.Fl c ++and cannot be used with ++.Fl T Cm noverify . ++.It Fl h ++Print out the ++.Nm ++help text and exit. ++.It Fl I Ar length ++Specify the size of the TCP receive buffer. ++.It Fl i Ar interval ++Sleep for ++.Ar interval ++seconds between lines of text sent and received. ++Also causes a delay time between connections to multiple ports. ++.It Fl K Ar keyfile ++Load the TLS private key from ++.Ar keyfile , ++in PEM format. ++Requires ++.Fl c . ++.It Fl k ++When a connection is completed, listen for another one. ++Requires ++.Fl l . ++When used together with the ++.Fl u ++option, the server socket is not connected and it can receive UDP datagrams from ++multiple hosts. ++.It Fl l ++Listen for an incoming connection rather than initiating a ++connection to a remote host. ++Cannot be used together with any of the options ++.Fl psxz . ++Additionally, any timeouts specified with the ++.Fl w ++option are ignored. ++.It Fl M Ar ttl ++Set the TTL / hop limit of outgoing packets. ++.It Fl m Ar minttl ++Ask the kernel to drop incoming packets whose TTL / hop limit is under ++.Ar minttl . ++.It Fl N ++.Xr shutdown 2 ++the network socket after EOF on the input. ++Some servers require this to finish their work. ++.It Fl n ++Do not perform domain name resolution. ++If a name cannot be resolved without DNS, an error will be reported. ++.It Fl O Ar length ++Specify the size of the TCP send buffer. ++.It Fl o Ar staplefile ++During the TLS handshake, load data to be stapled from ++.Ar staplefile , ++which is expected to contain an OCSP response from an OCSP server in ++DER format. ++Requires ++.Fl c ++and ++.Fl C . ++.It Fl P Ar proxy_username ++Specifies a username to present to a proxy server that requires authentication. ++If no username is specified then authentication will not be attempted. ++Proxy authentication is only supported for HTTP CONNECT proxies at present. ++.It Fl p Ar source_port ++Specify the source port ++.Nm ++should use, subject to privilege restrictions and availability. ++Cannot be used together with ++.Fl l . ++.It Fl R Ar CAfile ++Load the root CA bundle for TLS certificate verification from ++.Ar CAfile , ++in PEM format, instead of ++.Pa /etc/ssl/cert.pem . ++Requires ++.Fl c . ++.It Fl r ++Choose source and/or destination ports randomly ++instead of sequentially within a range or in the order that the system ++assigns them. ++.It Fl S ++Enable the RFC 2385 TCP MD5 signature option. ++.It Fl s Ar sourceaddr ++Set the source address to send packets from, ++which is useful on machines with multiple interfaces. ++For ++.Ux Ns -domain ++datagram sockets, specifies the local temporary socket file ++to create and use so that datagrams can be received. ++Cannot be used together with ++.Fl l ++or ++.Fl x . ++.It Fl T Ar keyword ++Change the IPv4 TOS/IPv6 traffic class value or the TLS options. ++.Pp ++For TLS options, ++.Ar keyword ++may be one of: ++.Cm noverify , ++which disables certificate verification; ++.Cm noname , ++which disables certificate name checking; ++.Cm clientcert , ++which requires a client certificate on incoming connections; or ++.Cm muststaple , ++which requires the peer to provide a valid stapled OCSP response ++with the handshake. ++The following TLS options specify a value in the form of a ++.Ar key Ns = Ns Ar value ++pair: ++.Cm ciphers , ++which allows the supported TLS ciphers to be specified (see ++.Xr tls_config_set_ciphers 3 ++for further details); ++.Cm protocols , ++which allows the supported TLS protocols to be specified (see ++.Xr tls_config_parse_protocols 3 ++for further details). ++Specifying TLS options requires ++.Fl c . ++.Pp ++For the IPv4 TOS/IPv6 traffic class value, ++.Ar keyword ++may be one of ++.Cm critical , ++.Cm inetcontrol , ++.Cm lowdelay , ++.Cm netcontrol , ++.Cm throughput , ++.Cm reliability , ++or one of the DiffServ Code Points: ++.Cm ef , ++.Cm af11 No ... Cm af43 , ++.Cm cs0 No ... Cm cs7 ; ++or a number in either hex or decimal. ++.It Fl t ++Send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests. ++This makes it possible to use ++.Nm ++to script telnet sessions. ++.It Fl U ++Use ++.Ux Ns -domain ++sockets. ++Cannot be used together with any of the options ++.Fl cFx . ++.It Fl u ++Use UDP instead of TCP. ++Cannot be used together with ++.Fl c ++or ++.Fl x . ++For ++.Ux Ns -domain ++sockets, use a datagram socket instead of a stream socket. ++If a ++.Ux Ns -domain ++socket is used, a temporary receiving socket is created in ++.Pa /tmp ++unless the ++.Fl s ++flag is given. ++.It Fl V Ar rtable ++Set the routing table to be used. ++.It Fl v ++Produce more verbose output. ++.It Fl W Ar recvlimit ++Terminate after receiving ++.Ar recvlimit ++packets from the network. ++.It Fl w Ar timeout ++Connections which cannot be established or are idle timeout after ++.Ar timeout ++seconds. ++The ++.Fl w ++flag has no effect on the ++.Fl l ++option, i.e.\& ++.Nm ++will listen forever for a connection, with or without the ++.Fl w ++flag. ++The default is no timeout. ++.It Fl X Ar proxy_protocol ++Use ++.Ar proxy_protocol ++when talking to the proxy server. ++Supported protocols are ++.Cm 4 ++(SOCKS v.4), ++.Cm 5 ++(SOCKS v.5) ++and ++.Cm connect ++(HTTPS proxy). ++If the protocol is not specified, SOCKS version 5 is used. ++.It Fl x Ar proxy_address Ns Op : Ns Ar port ++Connect to ++.Ar destination ++using a proxy at ++.Ar proxy_address ++and ++.Ar port . ++If ++.Ar port ++is not specified, the well-known port for the proxy protocol is used (1080 ++for SOCKS, 3128 for HTTPS). ++An IPv6 address can be specified unambiguously by enclosing ++.Ar proxy_address ++in square brackets. ++A proxy cannot be used with any of the options ++.Fl lsuU . ++.It Fl Z Ar peercertfile ++Save the peer certificates to ++.Ar peercertfile , ++in PEM format. ++Requires ++.Fl c . ++.It Fl z ++Only scan for listening daemons, without sending any data to them. ++Cannot be used together with ++.Fl l . ++.El ++.Pp ++.Ar destination ++can be a numerical IP address or a symbolic hostname ++(unless the ++.Fl n ++option is given). ++In general, a destination must be specified, ++unless the ++.Fl l ++option is given ++(in which case the local host is used). ++For ++.Ux Ns -domain ++sockets, a destination is required and is the socket path to connect to ++(or listen on if the ++.Fl l ++option is given). ++.Pp ++.Ar port ++can be specified as a numeric port number or as a service name. ++Port ranges may be specified as numeric port numbers of the form ++.Ar nn Ns - Ns Ar mm . ++In general, ++a destination port must be specified, ++unless the ++.Fl U ++option is given. ++For some options, the value 0 requests that the system choose a port number. ++.Sh CLIENT/SERVER MODEL ++It is quite simple to build a very basic client/server model using ++.Nm . ++On one console, start ++.Nm ++listening on a specific port for a connection. ++For example: ++.Pp ++.Dl $ nc -l 1234 ++.Pp ++.Nm ++is now listening on port 1234 for a connection. ++On a second console ++.Pq or a second machine , ++connect to the machine and port being listened on: ++.Pp ++.Dl $ nc -N 127.0.0.1 1234 ++.Pp ++There should now be a connection between the ports. ++Anything typed at the second console will be concatenated to the first, ++and vice-versa. ++After the connection has been set up, ++.Nm ++does not really care which side is being used as a ++.Sq server ++and which side is being used as a ++.Sq client . ++The connection may be terminated using an ++.Dv EOF ++.Pq Sq ^D , ++as the ++.Fl N ++flag was given. ++.Sh DATA TRANSFER ++The example in the previous section can be expanded to build a ++basic data transfer model. ++Any information input into one end of the connection will be output ++to the other end, and input and output can be easily captured in order to ++emulate file transfer. ++.Pp ++Start by using ++.Nm ++to listen on a specific port, with output captured into a file: ++.Pp ++.Dl $ nc -l 1234 > filename.out ++.Pp ++Using a second machine, connect to the listening ++.Nm ++process, feeding it the file which is to be transferred: ++.Pp ++.Dl $ nc -N host.example.com 1234 < filename.in ++.Pp ++After the file has been transferred, the connection will close automatically. ++.Sh TALKING TO SERVERS ++It is sometimes useful to talk to servers ++.Dq by hand ++rather than through a user interface. ++It can aid in troubleshooting, ++when it might be necessary to verify what data a server is sending ++in response to commands issued by the client. ++For example, to retrieve the home page of a web site: ++.Bd -literal -offset indent ++$ printf "GET / HTTP/1.0\er\en\er\en" | nc host.example.com 80 ++.Ed ++.Pp ++Note that this also displays the headers sent by the web server. ++They can be filtered, using a tool such as ++.Xr sed 1 , ++if necessary. ++.Pp ++More complicated examples can be built up when the user knows the format ++of requests required by the server. ++As another example, an email may be submitted to an SMTP server using: ++.Bd -literal -offset indent ++$ nc localhost 25 << EOF ++HELO host.example.com ++MAIL FROM: ++RCPT TO: ++DATA ++Body of email. ++\&. ++QUIT ++EOF ++.Ed ++.Sh PORT SCANNING ++It may be useful to know which ports are open and running services on ++a target machine. ++The ++.Fl z ++flag can be used to tell ++.Nm ++to report open ports, ++rather than initiate a connection. ++For example: ++.Bd -literal -offset indent ++$ nc -z host.example.com 20-30 ++Connection to host.example.com 22 port [tcp/ssh] succeeded! ++Connection to host.example.com 25 port [tcp/smtp] succeeded! ++.Ed ++.Pp ++The port range was specified to limit the search to ports 20 \- 30. ++.Pp ++Alternatively, it might be useful to know which server software ++is running, and which versions. ++This information is often contained within the greeting banners. ++In order to retrieve these, it is necessary to first make a connection, ++and then break the connection when the banner has been retrieved. ++This can be accomplished by specifying a small timeout with the ++.Fl w ++flag, or perhaps by issuing a ++.Qq Dv QUIT ++command to the server: ++.Bd -literal -offset indent ++$ echo "QUIT" | nc host.example.com 20-30 ++SSH-1.99-OpenSSH_3.6.1p2 ++Protocol mismatch. ++220 host.example.com IMS SMTP Receiver Version 0.84 Ready ++.Ed ++.Sh EXAMPLES ++Open a TCP connection to port 42 of host.example.com, using port 31337 as ++the source port, with a timeout of 5 seconds: ++.Pp ++.Dl $ nc -p 31337 -w 5 host.example.com 42 ++.Pp ++Open a TCP connection to port 443 of www.example.com, and negotiate TLS with ++any supported TLS protocol version and "compat" ciphers: ++.Pp ++.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443 ++.Pp ++Open a TCP connection to port 443 of www.google.ca, and negotiate TLS. ++Check for a different name in the certificate for validation: ++.Pp ++.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443 ++.Pp ++Open a UDP connection to port 53 of host.example.com: ++.Pp ++.Dl $ nc -u host.example.com 53 ++.Pp ++Open a TCP connection to port 42 of host.example.com using 10.1.2.3 as the ++IP for the local end of the connection: ++.Pp ++.Dl $ nc -s 10.1.2.3 host.example.com 42 ++.Pp ++Create and listen on a ++.Ux Ns -domain ++stream socket: ++.Pp ++.Dl $ nc -lU /var/tmp/dsocket ++.Pp ++Connect to port 42 of host.example.com via an HTTP proxy at 10.2.3.4, ++port 8080. ++This example could also be used by ++.Xr ssh 1 ; ++see the ++.Cm ProxyCommand ++directive in ++.Xr ssh_config 5 ++for more information. ++.Pp ++.Dl $ nc -x10.2.3.4:8080 -Xconnect host.example.com 42 ++.Pp ++The same example again, this time enabling proxy authentication with username ++.Dq ruser ++if the proxy requires it: ++.Pp ++.Dl $ nc -x10.2.3.4:8080 -Xconnect -Pruser host.example.com 42 ++.Sh SEE ALSO ++.Xr cat 1 , ++.Xr ssh 1 ++.Sh AUTHORS ++Original implementation by ++.An *Hobbit* Aq Mt hobbit@avian.org . ++.br ++Rewritten with IPv6 support by ++.An Eric Jackson Aq Mt ericj@monkey.org . ++.Sh CAVEATS ++UDP port scans using the ++.Fl uz ++combination of flags will always report success irrespective of ++the target machine's state. ++However, ++in conjunction with a traffic sniffer either on the target machine ++or an intermediary device, ++the ++.Fl uz ++combination could be useful for communications diagnostics. ++Note that the amount of UDP traffic generated may be limited either ++due to hardware resources and/or configuration settings. +diff -Naur a/apps/ocspcheck/CMakeLists.txt b/apps/ocspcheck/CMakeLists.txt +--- a/apps/ocspcheck/CMakeLists.txt 2024-04-09 07:28:30.000000000 +0600 ++++ b/apps/ocspcheck/CMakeLists.txt 2025-01-09 23:18:56.061808128 +0600 +@@ -13,17 +13,17 @@ + + add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") + +-add_executable(ocspcheck ${OCSPCHECK_SRC}) +-target_include_directories(ocspcheck ++add_executable(ocspcheck-libre ${OCSPCHECK_SRC}) ++target_include_directories(ocspcheck-libre + PRIVATE + ../../include/compat + PUBLIC + ../../include + ${CMAKE_BINARY_DIR}/include) +-target_link_libraries(ocspcheck tls ${OPENSSL_LIBS} compat_obj tls_compat_obj) ++target_link_libraries(ocspcheck-libre tls ${OPENSSL_LIBS} compat_obj tls_compat_obj) + + if(ENABLE_LIBRESSL_INSTALL) +- install(TARGETS ocspcheck DESTINATION ${CMAKE_INSTALL_BINDIR}) +- install(FILES ocspcheck.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8) ++ install(TARGETS ocspcheck-libre DESTINATION ${CMAKE_INSTALL_BINDIR}) ++ install(FILES ocspcheck-libre.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8) + + endif(ENABLE_LIBRESSL_INSTALL) +diff -Naur a/apps/ocspcheck/ocspcheck.8 b/apps/ocspcheck/ocspcheck.8 +--- a/apps/ocspcheck/ocspcheck.8 2023-07-05 14:08:29.000000000 +0600 ++++ b/apps/ocspcheck/ocspcheck.8 1970-01-01 06:00:00.000000000 +0600 +@@ -1,111 +0,0 @@ +-.\" $OpenBSD: ocspcheck.8,v 1.9 2017/11/29 21:15:45 jmc Exp $ +-.\" +-.\" Copyright (c) 2017 Bob Beck +-.\" +-.\" Permission to use, copy, modify, and distribute this software for any +-.\" purpose with or without fee is hereby granted, provided that the above +-.\" copyright notice and this permission notice appear in all copies. +-.\" +-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +-.\" +-.Dd $Mdocdate: November 29 2017 $ +-.Dt OCSPCHECK 8 +-.Os +-.Sh NAME +-.Nm ocspcheck +-.Nd check a certificate for validity against its OCSP responder +-.Sh SYNOPSIS +-.Nm +-.Op Fl Nv +-.Op Fl C Ar CAfile +-.Op Fl i Ar staplefile +-.Op Fl o Ar staplefile +-.Ar file +-.Sh DESCRIPTION +-The +-.Nm +-utility validates a PEM format certificate against the OCSP responder +-encoded in the certificate specified by the +-.Ar file +-argument. +-Normally it should be used for checking server certificates +-and maintaining saved OCSP responses to be used for OCSP stapling. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl C Ar CAfile +-Specify a PEM format root certificate bundle to use for the validation of +-requests. +-By default no certificates are used beyond those in the +-certificate chain provided by the +-.Ar file +-argument. +-.It Fl i Ar staplefile +-Specify an input filename from which a DER-encoded OCSP response +-will be read instead of fetching it from the OCSP server. +-A filename +-of +-.Sq - +-will read the response from standard input. +-.It Fl N +-Do not use a nonce value in the OCSP request, or validate that the +-nonce was returned in the OCSP response. +-By default a nonce is always used and validated when retrieving +-a response from an OCSP server. +-The use of this flag is a security risk as it will allow OCSP +-responses to be replayed. +-It should not be used unless the OCSP server does not support the +-use of OCSP nonces. +-.It Fl o Ar staplefile +-Specify an output filename where the DER encoded response from the +-OCSP server will be written, if the OCSP response validates. +-A filename +-of +-.Sq - +-will write the response to standard output. +-By default the response is not saved. +-.It Fl v +-Increase verbosity. +-This flag may be specified multiple times to get more verbose output. +-The default behaviour is to be silent unless something goes wrong. +-.El +-.Sh EXIT STATUS +-The +-.Nm +-utility exits 0 if the OCSP response validates for the certificate in +-.Ar file +-and all output is successfully written out. +-.Nm +-exits >0 if an error occurs or the OCSP response fails to validate. +-.Sh SEE ALSO +-.Xr nc 1 , +-.Xr tls_config_set_ocsp_staple_file 3 , +-.Xr tls_config_set_ocsp_staple_mem 3 , +-.Xr httpd 8 +-.Sh HISTORY +-The +-.Nm +-utility first appeared in +-.Ox 6.1 . +-.Sh AUTHORS +-.Nm +-was written by +-.An Bob Beck . +-.Sh CAVEATS +-While +-.Nm +-could possibly be used in scripts to query responders for server +-certificates seen on client connections, this is almost always a bad +-idea. +-God kills a kitten every time you make an OCSP query from the +-client side of a TLS connection. +-.Sh BUGS +-.Nm +-will create the output file if it does not exist. +-On failure a newly created output file will not be removed. +diff -Naur a/apps/ocspcheck/ocspcheck-libre.8 b/apps/ocspcheck/ocspcheck-libre.8 +--- a/apps/ocspcheck/ocspcheck-libre.8 1970-01-01 06:00:00.000000000 +0600 ++++ b/apps/ocspcheck/ocspcheck-libre.8 2023-07-05 14:08:29.000000000 +0600 +@@ -0,0 +1,111 @@ ++.\" $OpenBSD: ocspcheck.8,v 1.9 2017/11/29 21:15:45 jmc Exp $ ++.\" ++.\" Copyright (c) 2017 Bob Beck ++.\" ++.\" Permission to use, copy, modify, and distribute this software for any ++.\" purpose with or without fee is hereby granted, provided that the above ++.\" copyright notice and this permission notice appear in all copies. ++.\" ++.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ++.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ++.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ++.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++.\" ++.Dd $Mdocdate: November 29 2017 $ ++.Dt OCSPCHECK 8 ++.Os ++.Sh NAME ++.Nm ocspcheck ++.Nd check a certificate for validity against its OCSP responder ++.Sh SYNOPSIS ++.Nm ++.Op Fl Nv ++.Op Fl C Ar CAfile ++.Op Fl i Ar staplefile ++.Op Fl o Ar staplefile ++.Ar file ++.Sh DESCRIPTION ++The ++.Nm ++utility validates a PEM format certificate against the OCSP responder ++encoded in the certificate specified by the ++.Ar file ++argument. ++Normally it should be used for checking server certificates ++and maintaining saved OCSP responses to be used for OCSP stapling. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl C Ar CAfile ++Specify a PEM format root certificate bundle to use for the validation of ++requests. ++By default no certificates are used beyond those in the ++certificate chain provided by the ++.Ar file ++argument. ++.It Fl i Ar staplefile ++Specify an input filename from which a DER-encoded OCSP response ++will be read instead of fetching it from the OCSP server. ++A filename ++of ++.Sq - ++will read the response from standard input. ++.It Fl N ++Do not use a nonce value in the OCSP request, or validate that the ++nonce was returned in the OCSP response. ++By default a nonce is always used and validated when retrieving ++a response from an OCSP server. ++The use of this flag is a security risk as it will allow OCSP ++responses to be replayed. ++It should not be used unless the OCSP server does not support the ++use of OCSP nonces. ++.It Fl o Ar staplefile ++Specify an output filename where the DER encoded response from the ++OCSP server will be written, if the OCSP response validates. ++A filename ++of ++.Sq - ++will write the response to standard output. ++By default the response is not saved. ++.It Fl v ++Increase verbosity. ++This flag may be specified multiple times to get more verbose output. ++The default behaviour is to be silent unless something goes wrong. ++.El ++.Sh EXIT STATUS ++The ++.Nm ++utility exits 0 if the OCSP response validates for the certificate in ++.Ar file ++and all output is successfully written out. ++.Nm ++exits >0 if an error occurs or the OCSP response fails to validate. ++.Sh SEE ALSO ++.Xr nc 1 , ++.Xr tls_config_set_ocsp_staple_file 3 , ++.Xr tls_config_set_ocsp_staple_mem 3 , ++.Xr httpd 8 ++.Sh HISTORY ++The ++.Nm ++utility first appeared in ++.Ox 6.1 . ++.Sh AUTHORS ++.Nm ++was written by ++.An Bob Beck . ++.Sh CAVEATS ++While ++.Nm ++could possibly be used in scripts to query responders for server ++certificates seen on client connections, this is almost always a bad ++idea. ++God kills a kitten every time you make an OCSP query from the ++client side of a TLS connection. ++.Sh BUGS ++.Nm ++will create the output file if it does not exist. ++On failure a newly created output file will not be removed. +diff -Naur a/apps/openssl/CMakeLists.txt b/apps/openssl/CMakeLists.txt +--- a/apps/openssl/CMakeLists.txt 2024-09-25 09:27:29.000000000 +0600 ++++ b/apps/openssl/CMakeLists.txt 2025-01-09 23:19:42.325488896 +0600 +@@ -66,17 +66,17 @@ + endif() + endif() + +-add_executable(openssl ${OPENSSL_SRC}) +-target_include_directories(openssl ++add_executable(openssl-libre ${OPENSSL_SRC}) ++target_include_directories(openssl-libre + PRIVATE + . + ../../include/compat + PUBLIC + ../../include + ${CMAKE_BINARY_DIR}/include) +-target_link_libraries(openssl ${OPENSSL_LIBS} compat_obj) ++target_link_libraries(openssl-libre ${OPENSSL_LIBS} compat_obj) + + if(ENABLE_LIBRESSL_INSTALL) +- install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR}) +- install(FILES openssl.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) ++ install(TARGETS openssl-libre DESTINATION ${CMAKE_INSTALL_BINDIR}) ++ install(FILES openssl-libre.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) + endif(ENABLE_LIBRESSL_INSTALL) +diff -Naur a/apps/openssl/openssl.1 b/apps/openssl/openssl.1 +--- a/apps/openssl/openssl.1 2024-09-25 09:30:06.000000000 +0600 ++++ b/apps/openssl/openssl.1 1970-01-01 06:00:00.000000000 +0600 +@@ -1,6865 +0,0 @@ +-.\" $OpenBSD: openssl.1,v 1.161 2024/08/30 06:05:10 jmc Exp $ +-.\" ==================================================================== +-.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. +-.\" +-.\" Redistribution and use in source and binary forms, with or without +-.\" modification, are permitted provided that the following conditions +-.\" are met: +-.\" +-.\" 1. Redistributions of source code must retain the above copyright +-.\" notice, this list of conditions and the following disclaimer. +-.\" +-.\" 2. Redistributions in binary form must reproduce the above copyright +-.\" notice, this list of conditions and the following disclaimer in +-.\" the documentation and/or other materials provided with the +-.\" distribution. +-.\" +-.\" 3. All advertising materials mentioning features or use of this +-.\" software must display the following acknowledgment: +-.\" "This product includes software developed by the OpenSSL Project +-.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +-.\" +-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +-.\" endorse or promote products derived from this software without +-.\" prior written permission. For written permission, please contact +-.\" openssl-core@openssl.org. +-.\" +-.\" 5. Products derived from this software may not be called "OpenSSL" +-.\" nor may "OpenSSL" appear in their names without prior written +-.\" permission of the OpenSSL Project. +-.\" +-.\" 6. Redistributions of any form whatsoever must retain the following +-.\" acknowledgment: +-.\" "This product includes software developed by the OpenSSL Project +-.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +-.\" +-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +-.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +-.\" OF THE POSSIBILITY OF SUCH DAMAGE. +-.\" ==================================================================== +-.\" +-.\" This product includes cryptographic software written by Eric Young +-.\" (eay@cryptsoft.com). This product includes software written by Tim +-.\" Hudson (tjh@cryptsoft.com). +-.\" +-.\" +-.\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +-.\" All rights reserved. +-.\" +-.\" This package is an SSL implementation written +-.\" by Eric Young (eay@cryptsoft.com). +-.\" The implementation was written so as to conform with Netscapes SSL. +-.\" +-.\" This library is free for commercial and non-commercial use as long as +-.\" the following conditions are aheared to. The following conditions +-.\" apply to all code found in this distribution, be it the RC4, RSA, +-.\" lhash, DES, etc., code; not just the SSL code. The SSL documentation +-.\" included with this distribution is covered by the same copyright terms +-.\" except that the holder is Tim Hudson (tjh@cryptsoft.com). +-.\" +-.\" Copyright remains Eric Young's, and as such any Copyright notices in +-.\" the code are not to be removed. +-.\" If this package is used in a product, Eric Young should be given attribution +-.\" as the author of the parts of the library used. +-.\" This can be in the form of a textual message at program startup or +-.\" in documentation (online or textual) provided with the package. +-.\" +-.\" Redistribution and use in source and binary forms, with or without +-.\" modification, are permitted provided that the following conditions +-.\" are met: +-.\" 1. Redistributions of source code must retain the copyright +-.\" notice, this list of conditions and the following disclaimer. +-.\" 2. Redistributions in binary form must reproduce the above copyright +-.\" notice, this list of conditions and the following disclaimer in the +-.\" documentation and/or other materials provided with the distribution. +-.\" 3. All advertising materials mentioning features or use of this software +-.\" must display the following acknowledgement: +-.\" "This product includes cryptographic software written by +-.\" Eric Young (eay@cryptsoft.com)" +-.\" The word 'cryptographic' can be left out if the rouines from the library +-.\" being used are not cryptographic related :-). +-.\" 4. If you include any Windows specific code (or a derivative thereof) from +-.\" the apps directory (application code) you must include an +-.\" acknowledgement: +-.\" "This product includes software written by Tim Hudson +-.\" (tjh@cryptsoft.com)" +-.\" +-.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +-.\" SUCH DAMAGE. +-.\" +-.\" The licence and distribution terms for any publically available version or +-.\" derivative of this code cannot be changed. i.e. this code cannot simply be +-.\" copied and put under another distribution licence +-.\" [including the GNU Public Licence.] +-.\" +-.Dd $Mdocdate: August 30 2024 $ +-.Dt OPENSSL 1 +-.Os +-.Sh NAME +-.Nm openssl +-.Nd OpenSSL command line tool +-.Sh SYNOPSIS +-.Nm +-.Ar command +-.Op Ar command_opt ... +-.Op Ar command_arg ... +-.Pp +-.Nm +-.Cm list-standard-commands | +-.Cm list-message-digest-commands | +-.Cm list-cipher-commands | +-.Cm list-cipher-algorithms | +-.Cm list-message-digest-algorithms | +-.Cm list-public-key-algorithms +-.Pp +-.Nm +-.Cm no- Ns Ar command +-.Sh DESCRIPTION +-.Nm OpenSSL +-is a cryptography toolkit implementing the +-Transport Layer Security +-.Pq TLS +-network protocol, +-as well as related cryptography standards. +-.Pp +-The +-.Nm +-program is a command line tool for using the various +-cryptography functions of +-.Nm openssl Ns 's +-crypto library from the shell. +-.Pp +-The pseudo-commands +-.Cm list-standard-commands , list-message-digest-commands , +-and +-.Cm list-cipher-commands +-output a list +-.Pq one entry per line +-of the names of all standard commands, message digest commands, +-or cipher commands, respectively, that are available in the present +-.Nm +-utility. +-.Pp +-The pseudo-commands +-.Cm list-cipher-algorithms +-and +-.Cm list-message-digest-algorithms +-list all cipher and message digest names, +-one entry per line. +-Aliases are listed as: +-.Pp +-.D1 from => to +-.Pp +-The pseudo-command +-.Cm list-public-key-algorithms +-lists all supported public key algorithms. +-.Pp +-The pseudo-command +-.Cm no- Ns Ar command +-tests whether a command of the +-specified name is available. +-If +-.Ar command +-does not exist, +-it returns 0 +-and prints +-.Cm no- Ns Ar command ; +-otherwise it returns 1 and prints +-.Ar command . +-In both cases, the output goes to stdout and nothing is printed to stderr. +-Additional command line arguments are always ignored. +-Since for each cipher there is a command of the same name, +-this provides an easy way for shell scripts to test for the +-availability of ciphers in the +-.Nm +-program. +-.Pp +-.Sy Note : +-.Cm no- Ns Ar command +-is not able to detect pseudo-commands such as +-.Cm quit , +-.Cm list- Ns Ar ... Ns Cm -commands , +-or +-.Cm no- Ns Ar command +-itself. +-.Tg asn1parse +-.Sh ASN1PARSE +-.Bl -hang -width "openssl asn1parse" +-.It Nm openssl asn1parse +-.Bk -words +-.Op Fl i +-.Op Fl dlimit Ar number +-.Op Fl dump +-.Op Fl genconf Ar file +-.Op Fl genstr Ar str +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem | txt +-.Op Fl length Ar number +-.Op Fl noout +-.Op Fl offset Ar number +-.Op Fl oid Ar file +-.Op Fl out Ar file +-.Op Fl strparse Ar offset +-.Ek +-.El +-.Pp +-The +-.Nm asn1parse +-command is a diagnostic utility that can parse ASN.1 structures. +-It can also be used to extract data from ASN.1 formatted data. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl dlimit Ar number +-Dump the first +-.Ar number +-bytes of unknown data in hex form. +-.It Fl dump +-Dump unknown data in hex form. +-.It Fl genconf Ar file , Fl genstr Ar str +-Generate encoded data based on string +-.Ar str , +-file +-.Ar file , +-or both, using the format described in +-.Xr ASN1_generate_nconf 3 . +-If only +-.Ar file +-is present then the string is obtained from the default section +-using the name +-.Dq asn1 . +-The encoded data is passed through the ASN.1 parser and printed out as +-though it came from a file; +-the contents can thus be examined and written to a file using the +-.Fl out +-option. +-.It Fl i +-Indent the output according to the +-.Qq depth +-of the structures. +-.It Fl in Ar file +-The input file to read from, or standard input if not specified. +-.It Fl inform Cm der | pem | txt +-The input format. +-.It Fl length Ar number +-Number of bytes to parse; the default is until end of file. +-.It Fl noout +-Do not output the parsed version of the input file. +-.It Fl offset Ar number +-Starting offset to begin parsing; the default is start of file. +-.It Fl oid Ar file +-A file containing additional object identifiers +-.Pq OIDs . +-If an OID +-.Pq object identifier +-is not part of +-.Nm openssl Ns 's +-internal table, it will be represented in +-numerical form +-.Pq for example 1.2.3.4 . +-.Pp +-Each line consists of three columns: +-the first column is the OID in numerical format and should be followed by +-whitespace. +-The second column is the +-.Qq short name , +-which is a single word followed by whitespace. +-The final column is the rest of the line and is the +-.Qq long name . +-.Nm asn1parse +-displays the long name. +-.It Fl out Ar file +-The DER-encoded output file; the default is no encoded output +-(useful when combined with +-.Fl strparse ) . +-.It Fl strparse Ar offset +-Parse the content octets of the ASN.1 object starting at +-.Ar offset . +-This option can be used multiple times to +-.Qq drill down +-into a nested structure. +-.El +-.Tg ca +-.Sh CA +-.Bl -hang -width "openssl ca" +-.It Nm openssl ca +-.Bk -words +-.Op Fl batch +-.Op Fl cert Ar file +-.Op Fl config Ar file +-.Op Fl create_serial +-.Op Fl crl_CA_compromise Ar time +-.Op Fl crl_compromise Ar time +-.Op Fl crl_hold Ar instruction +-.Op Fl crl_reason Ar reason +-.Op Fl crldays Ar days +-.Op Fl crlexts Ar section +-.Op Fl crlhours Ar hours +-.Op Fl crlsec Ar seconds +-.Op Fl days Ar arg +-.Op Fl enddate Ar date +-.Op Fl extensions Ar section +-.Op Fl extfile Ar file +-.Op Fl gencrl +-.Op Fl in Ar file +-.Op Fl infiles +-.Op Fl key Ar password +-.Op Fl keyfile Ar file +-.Op Fl keyform Cm pem | der +-.Op Fl md Ar alg +-.Op Fl msie_hack +-.Op Fl multivalue-rdn +-.Op Fl name Ar section +-.Op Fl noemailDN +-.Op Fl notext +-.Op Fl out Ar file +-.Op Fl outdir Ar directory +-.Op Fl passin Ar arg +-.Op Fl policy Ar arg +-.Op Fl preserveDN +-.Op Fl revoke Ar file +-.Op Fl selfsign +-.Op Fl sigopt Ar nm:v +-.Op Fl ss_cert Ar file +-.Op Fl startdate Ar date +-.Op Fl status Ar serial +-.Op Fl subj Ar arg +-.Op Fl updatedb +-.Op Fl utf8 +-.Op Fl verbose +-.Ek +-.El +-.Pp +-The +-.Nm ca +-command is a minimal certificate authority (CA) application. +-It can be used to sign certificate requests in a variety of forms +-and generate certificate revocation lists (CRLs). +-It also maintains a text database of issued certificates and their status. +-.Pp +-The options relevant to CAs are as follows: +-.Bl -tag -width "XXXX" +-.It Fl batch +-Batch mode. +-In this mode no questions will be asked +-and all certificates will be certified automatically. +-.It Fl cert Ar file +-The CA certificate file. +-.It Fl config Ar file +-Specify an alternative configuration file. +-.It Fl create_serial +-If reading the serial from the text file as specified in the +-configuration fails, create a new random serial to be used as the +-next serial number. +-.It Fl days Ar arg +-The number of days to certify the certificate for. +-.It Fl enddate Ar date +-Set the expiry date. +-The format of the date is [YY]YYMMDDHHMMSSZ, +-with all four year digits required for dates from 2050 onwards. +-.It Fl extensions Ar section +-The section of the configuration file containing certificate extensions +-to be added when a certificate is issued (defaults to +-.Cm x509_extensions +-unless the +-.Fl extfile +-option is used). +-If no extension section is present, a V1 certificate is created. +-If the extension section is present +-.Pq even if it is empty , +-then a V3 certificate is created. +-See the +-.Xr x509v3.cnf 5 +-manual page for details of the extension section format. +-.It Fl extfile Ar file +-An additional configuration +-.Ar file +-to read certificate extensions from +-(using the default section unless the +-.Fl extensions +-option is also used). +-.It Fl in Ar file +-An input +-.Ar file +-containing a single certificate request to be signed by the CA. +-.It Fl infiles +-If present, this should be the last option; all subsequent arguments +-are assumed to be the names of files containing certificate requests. +-.It Fl key Ar password +-The +-.Fa password +-used to encrypt the private key. +-Since on some systems the command line arguments are visible, +-this option should be used with caution. +-.It Fl keyfile Ar file +-The private key to sign requests with. +-.It Fl keyform Cm pem | der +-Private key file format. +-The default is +-.Cm pem . +-.It Fl md Ar alg +-The message digest to use. +-Possible values include +-.Ar md5 +-and +-.Ar sha1 . +-This option also applies to CRLs. +-.It Fl msie_hack +-This is a legacy option to make +-.Nm ca +-work with very old versions of the IE certificate enrollment control +-.Qq certenr3 . +-It used UniversalStrings for almost everything. +-Since the old control has various security bugs, +-its use is strongly discouraged. +-The newer control +-.Qq Xenroll +-does not need this option. +-.It Fl multivalue-rdn +-This option causes the +-.Fl subj +-argument to be interpreted with full support for multivalued RDNs, +-for example +-.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . +-If +-.Fl multivalue-rdn +-is not used, the UID value is set to +-.Qq "123456+CN=John Doe" . +-.It Fl name Ar section +-Specifies the configuration file +-.Ar section +-to use (overrides +-.Cm default_ca +-in the +-.Cm ca +-section). +-.It Fl noemailDN +-The DN of a certificate can contain the EMAIL field if present in the +-request DN, however it is good policy just having the email set into +-the +-.Cm altName +-extension of the certificate. +-When this option is set, the EMAIL field is removed from the certificate's +-subject and set only in the, eventually present, extensions. +-The +-.Ar email_in_dn +-keyword can be used in the configuration file to enable this behaviour. +-.It Fl notext +-Don't output the text form of a certificate to the output file. +-.It Fl out Ar file +-The output file to output certificates to. +-The default is standard output. +-The certificate details will also be printed out to this file in +-PEM format. +-.It Fl outdir Ar directory +-The +-.Ar directory +-to output certificates to. +-The certificate will be written to a file consisting of the +-serial number in hex with +-.Qq .pem +-appended. +-.It Fl passin Ar arg +-The key password source. +-.It Fl policy Ar arg +-Define the CA +-.Qq policy +-to use. +-The policy section in the configuration file +-consists of a set of variables corresponding to certificate DN fields. +-The values may be one of +-.Qq match +-(the value must match the same field in the CA certificate), +-.Qq supplied +-(the value must be present), or +-.Qq optional +-(the value may be present). +-Any fields not mentioned in the policy section +-are silently deleted, unless the +-.Fl preserveDN +-option is set, +-but this can be regarded more of a quirk than intended behaviour. +-.It Fl preserveDN +-Normally, the DN order of a certificate is the same as the order of the +-fields in the relevant policy section. +-When this option is set, the order is the same as the request. +-This is largely for compatibility with the older IE enrollment control +-which would only accept certificates if their DNs matched the order of the +-request. +-This is not needed for Xenroll. +-.It Fl selfsign +-Indicates the issued certificates are to be signed with the key the +-certificate requests were signed with, given with +-.Fl keyfile . +-Certificate requests signed with a different key are ignored. +-If +-.Fl gencrl +-or +-.Fl ss_cert +-are given, +-.Fl selfsign +-is ignored. +-.Pp +-A consequence of using +-.Fl selfsign +-is that the self-signed certificate appears among the entries in +-the certificate database (see the configuration option +-.Cm database ) +-and uses the same serial number counter as all other certificates +-signed with the self-signed certificate. +-.It Fl sigopt Ar nm:v +-Pass options to the signature algorithm during sign or certify operations. +-The names and values of these options are algorithm-specific. +-.It Fl ss_cert Ar file +-A single self-signed certificate to be signed by the CA. +-.It Fl startdate Ar date +-Set the start date. +-The format of the date is [YY]YYMMDDHHMMSSZ, +-with all four year digits required for dates from 2050 onwards. +-.It Fl subj Ar arg +-Supersedes the subject name given in the request. +-The +-.Ar arg +-must be formatted as +-.Sm off +-.Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns / +-.Ar type2 Ns = Ar ... ; +-.Sm on +-characters may be escaped by +-.Sq \e +-.Pq backslash , +-no spaces are skipped. +-.It Fl utf8 +-Interpret field values read from a terminal or obtained from a +-configuration file as UTF-8 strings. +-By default, they are interpreted as ASCII. +-.It Fl verbose +-Print extra details about the operations being performed. +-.El +-.Pp +-The options relevant to CRLs are as follows: +-.Bl -tag -width "XXXX" +-.It Fl crl_CA_compromise Ar time +-This is the same as +-.Fl crl_compromise , +-except the revocation reason is set to CACompromise. +-.It Fl crl_compromise Ar time +-Set the revocation reason to keyCompromise and the compromise time to +-.Ar time . +-.Ar time +-should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ. +-.It Fl crl_hold Ar instruction +-Set the CRL revocation reason code to certificateHold and the hold +-instruction to +-.Ar instruction +-which must be an OID. +-Although any OID can be used, only holdInstructionNone +-(the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or +-holdInstructionReject will normally be used. +-.It Fl crl_reason Ar reason +-Revocation reason, where +-.Ar reason +-is one of: +-unspecified, keyCompromise, CACompromise, affiliationChanged, superseded, +-cessationOfOperation, certificateHold or removeFromCRL. +-The matching of +-.Ar reason +-is case insensitive. +-Setting any revocation reason will make the CRL v2. +-In practice, removeFromCRL is not particularly useful because it is only used +-in delta CRLs which are not currently implemented. +-.It Fl crldays Ar days +-The number of days before the next CRL is due. +-This is the days from now to place in the CRL +-.Cm nextUpdate +-field. +-.It Fl crlexts Ar section +-The +-.Ar section +-of the configuration file containing CRL extensions to include. +-If no CRL extension section is present then a V1 CRL is created; +-if the CRL extension section is present +-(even if it is empty) +-then a V2 CRL is created. +-The CRL extensions specified are CRL extensions and not CRL entry extensions. +-It should be noted that some software can't handle V2 CRLs. +-See the +-.Xr x509v3.cnf 5 +-manual page for details of the extension section format. +-.It Fl crlhours Ar hours +-The number of hours before the next CRL is due. +-.It Fl crlsec Ar seconds +-The number of seconds before the next CRL is due. +-.It Fl gencrl +-Generate a CRL based on information in the index file. +-.It Fl revoke Ar file +-A +-.Ar file +-containing a certificate to revoke. +-.It Fl status Ar serial +-Show the status of the certificate with serial number +-.Ar serial . +-.It Fl updatedb +-Update the database index to purge expired certificates. +-.El +-.Pp +-Many of the options can be set in the +-.Cm ca +-section of the configuration file +-(or in the default section of the configuration file), +-specified using +-.Cm default_ca +-or +-.Fl name . +-The options +-.Cm preserve +-and +-.Cm msie_hack +-are read directly from the +-.Cm ca +-section. +-.Pp +-Many of the configuration file options are identical to command line +-options. +-Where the option is present in the configuration file and the command line, +-the command line value is used. +-Where an option is described as mandatory, then it must be present in +-the configuration file or the command line equivalent +-.Pq if any +-used. +-.Bl -tag -width "XXXX" +-.It Cm certificate +-The same as +-.Fl cert . +-It gives the file containing the CA certificate. +-Mandatory. +-.It Cm copy_extensions +-Determines how extensions in certificate requests should be handled. +-If set to +-.Cm none +-or this option is not present, then extensions are +-ignored and not copied to the certificate. +-If set to +-.Cm copy , +-then any extensions present in the request that are not already present +-are copied to the certificate. +-If set to +-.Cm copyall , +-then all extensions in the request are copied to the certificate: +-if the extension is already present in the certificate it is deleted first. +-.Pp +-The +-.Cm copy_extensions +-option should be used with caution. +-If care is not taken, it can be a security risk. +-For example, if a certificate request contains a +-.Cm basicConstraints +-extension with CA:TRUE and the +-.Cm copy_extensions +-value is set to +-.Cm copyall +-and the user does not spot +-this when the certificate is displayed, then this will hand the requester +-a valid CA certificate. +-.Pp +-This situation can be avoided by setting +-.Cm copy_extensions +-to +-.Cm copy +-and including +-.Cm basicConstraints +-with CA:FALSE in the configuration file. +-Then if the request contains a +-.Cm basicConstraints +-extension, it will be ignored. +-.Pp +-The main use of this option is to allow a certificate request to supply +-values for certain extensions such as +-.Cm subjectAltName . +-.It Cm crl_extensions +-The same as +-.Fl crlexts . +-.It Cm crlnumber +-A text file containing the next CRL number to use in hex. +-The CRL number will be inserted in the CRLs only if this file exists. +-If this file is present, it must contain a valid CRL number. +-.It Cm database +-The text database file to use. +-Mandatory. +-This file must be present, though initially it will be empty. +-.It Cm default_crl_hours , default_crl_days +-The same as the +-.Fl crlhours +-and +-.Fl crldays +-options. +-These will only be used if neither command line option is present. +-At least one of these must be present to generate a CRL. +-.It Cm default_days +-The same as the +-.Fl days +-option. +-The number of days to certify a certificate for. +-.It Cm default_enddate +-The same as the +-.Fl enddate +-option. +-Either this option or +-.Cm default_days +-.Pq or the command line equivalents +-must be present. +-.It Cm default_md +-The same as the +-.Fl md +-option. +-The message digest to use. +-Mandatory. +-.It Cm default_startdate +-The same as the +-.Fl startdate +-option. +-The start date to certify a certificate for. +-If not set, the current time is used. +-.It Cm email_in_dn +-The same as +-.Fl noemailDN . +-If the EMAIL field is to be removed from the DN of the certificate, +-simply set this to +-.Qq no . +-If not present, the default is to allow for the EMAIL field in the +-certificate's DN. +-.It Cm msie_hack +-The same as +-.Fl msie_hack . +-.It Cm name_opt , cert_opt +-These options allow the format used to display the certificate details +-when asking the user to confirm signing. +-All the options supported by the +-.Nm x509 +-utilities' +-.Fl nameopt +-and +-.Fl certopt +-switches can be used here, except that +-.Cm no_signame +-and +-.Cm no_sigdump +-are permanently set and cannot be disabled +-(this is because the certificate signature cannot be displayed because +-the certificate has not been signed at this point). +-.Pp +-For convenience, the value +-.Cm ca_default +-is accepted by both to produce a reasonable output. +-.Pp +-If neither option is present, the format used in earlier versions of +-.Nm openssl +-is used. +-Use of the old format is strongly discouraged +-because it only displays fields mentioned in the +-.Cm policy +-section, +-mishandles multicharacter string types and does not display extensions. +-.It Cm new_certs_dir +-The same as the +-.Fl outdir +-command line option. +-It specifies the directory where new certificates will be placed. +-Mandatory. +-.It Cm oid_file +-This specifies a file containing additional object identifiers. +-Each line of the file should consist of the numerical form of the +-object identifier followed by whitespace, then the short name followed +-by whitespace and finally the long name. +-.It Cm oid_section +-This specifies a section in the configuration file containing extra +-object identifiers. +-Each line should consist of the short name of the object identifier +-followed by +-.Sq = +-and the numerical form. +-The short and long names are the same when this option is used. +-.It Cm policy +-The same as +-.Fl policy . +-Mandatory. +-.It Cm preserve +-The same as +-.Fl preserveDN . +-.It Cm private_key +-Same as the +-.Fl keyfile +-option. +-The file containing the CA private key. +-Mandatory. +-.It Cm serial +-A text file containing the next serial number to use in hex. +-Mandatory. +-This file must be present and contain a valid serial number. +-.It Cm unique_subject +-If the value +-.Cm yes +-is given, the valid certificate entries in the +-database must have unique subjects. +-If the value +-.Cm no +-is given, +-several valid certificate entries may have the exact same subject. +-The default value is +-.Cm yes . +-.Pp +-Note that it is valid in some circumstances for certificates to be created +-without any subject. +-In cases where there are multiple certificates without +-subjects this does not count as a duplicate. +-.It Cm x509_extensions +-The same as +-.Fl extensions . +-.El +-.Tg certhash +-.Sh CERTHASH +-.Bl -hang -width "openssl certhash" +-.It Nm openssl certhash +-.Bk -words +-.Op Fl nv +-.Ar dir ... +-.Ek +-.El +-.Pp +-The +-.Nm certhash +-command calculates a hash value of +-.Qq .pem +-file in the specified directory list and creates symbolic links for each file, +-where the name of the link is the hash value. +-See the +-.Xr SSL_CTX_load_verify_locations 3 +-manual page for how hash links are used. +-.Pp +-The links created are of the form +-.Qq HHHHHHHH.D , +-where each +-.Sq H +-is a hexadecimal character and +-.Sq D +-is a single decimal digit. +-The hashes for CRLs look similar, except the letter +-.Sq r +-appears after the period, like this: +-.Qq HHHHHHHH.rD . +-When processing a directory, +-.Nm certhash +-will first remove all links that have a name in that syntax and invalid +-reference. +-.Pp +-Multiple objects may have the same hash; they will be indicated by +-incrementing the +-.Sq D +-value. +-Duplicates are found by comparing the full SHA256 fingerprint. +-A warning will be displayed if a duplicate is found. +-.Pp +-A warning will also be displayed if there are files that cannot be parsed as +-either a certificate or a CRL. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl n +-Perform a dry-run, and do not make any changes. +-.It Fl v +-Print extra details about the processing. +-.It Ar dir ... +-Specify the directories to process. +-.El +-.Tg ciphers +-.Sh CIPHERS +-.Nm openssl ciphers +-.Op Fl hsVv +-.Op Fl tls1_2 +-.Op Fl tls1_3 +-.Op Ar control +-.Pp +-The +-.Nm ciphers +-command converts the +-.Ar control +-string from the format documented in +-.Xr SSL_CTX_set_cipher_list 3 +-into an ordered SSL cipher suite preference list. +-If no +-.Ar control +-string is specified, the +-.Cm DEFAULT +-list is printed. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl h , \&? +-Print a brief usage message. +-.It Fl s +-Only list ciphers that are supported by the TLS method. +-.It Fl tls1_2 | tls1_3 +-In combination with the +-.Fl s +-option, list the ciphers which could be used +-if the specified protocol version were negotiated. +-.It Fl V +-Verbose. +-List ciphers with cipher suite code in hex format, +-cipher name, and a complete description of protocol version, +-key exchange, authentication, encryption, and mac algorithms. +-.It Fl v +-Like +-.Fl V , +-but without cipher suite codes. +-.El +-.Tg cms +-.Sh CMS +-.Bl -hang -width "openssl cms" +-.It Nm openssl cms +-.Bk -words +-.Oo +-.Fl aes128 | aes192 | aes256 | camellia128 | +-.Fl camellia192 | camellia256 | des | des3 | +-.Fl rc2-40 | rc2-64 | rc2-128 +-.Oc +-.Op Fl CAfile Ar file +-.Op Fl CApath Ar directory +-.Op Fl CRLfile Ar file +-.Op Fl binary +-.Op Fl certfile Ar file +-.Op Fl certsout Ar file +-.Op Fl cmsout +-.Op Fl compress +-.Op Fl content Ar file +-.Op Fl crlfeol +-.Op Fl data_create +-.Op Fl data_out +-.Op Fl debug_decrypt +-.Op Fl decrypt +-.Op Fl digest_create +-.Op Fl digest_verify +-.Op Fl econtent_type Ar type +-.Op Fl encrypt +-.Op Fl EncryptedData_decrypt +-.Op Fl EncryptedData_encrypt +-.Op Fl from Ar addr +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem | smime +-.Op Fl inkey Ar file +-.Op Fl keyform Cm der | pem +-.Op Fl keyid +-.Op Fl keyopt Ar nm:v +-.Op Fl md Ar digest +-.Op Fl no_attr_verify +-.Op Fl no_content_verify +-.Op Fl no_signer_cert_verify +-.Op Fl noattr +-.Op Fl nocerts +-.Op Fl nodetach +-.Op Fl nointern +-.Op Fl nooldmime +-.Op Fl noout +-.Op Fl nosigs +-.Op Fl nosmimecap +-.Op Fl noverify +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem | smime +-.Op Fl passin Ar src +-.Op Fl print +-.Op Fl pwri_password Ar arg +-.Op Fl rctform Cm der | pem | smime +-.Op Fl receipt_request_all | receipt_request_first +-.Op Fl receipt_request_from Ar addr +-.Op Fl receipt_request_print +-.Op Fl receipt_request_to Ar addr +-.Op Fl recip Ar file +-.Op Fl resign +-.Op Fl secretkey Ar key +-.Op Fl secretkeyid Ar id +-.Op Fl sign +-.Op Fl sign_receipt +-.Op Fl signer Ar file +-.Op Fl stream | indef | noindef +-.Op Fl subject Ar s +-.Op Fl text +-.Op Fl to Ar addr +-.Op Fl uncompress +-.Op Fl verify +-.Op Fl verify_receipt Ar file +-.Op Fl verify_retcode +-.Op Ar cert.pem ... +-.Ek +-.El +-.Pp +-The +-.Nm cms +-command handles S/MIME v3.1 mail. +-It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME +-messages. +-.Pp +-The MIME message must be sent without any blank lines between the headers and +-the output. +-Some mail programs will automatically add a blank line. +-Piping the mail directly to sendmail is one way to achieve the correct format. +-.Pp +-The supplied message to be signed or encrypted must include the necessary MIME +-headers or many S/MIME clients won't display it properly (if at all). +-You can use the +-.Fl text +-option to automatically add plain text headers. +-.Pp +-A "signed and encrypted" message is one where a signed message is then +-encrypted. +-This can be produced by encrypting an already signed message. +-.Pp +-There are various operation options that set the type of operation to be +-performed. +-The meaning of the other options varies according to the operation type. +-.Bl -tag -width "XXXX" +-.It Fl encrypt +-Encrypt mail for the given recipient certificates. +-Input file is the message to be encrypted. +-The output file is the encrypted mail in MIME format. +-The actual CMS type is EnvelopedData. +-Note that no revocation check is done for the recipient cert, so if that +-key has been compromised, others may be able to decrypt the text. +-.It Fl decrypt +-Decrypt mail using the supplied certificate and private key. +-Expects an encrypted mail message in MIME format for the input file. +-The decrypted mail is written to the output file. +-.It Fl sign +-Sign mail using the supplied certificate and private key. +-Input file is the message to be signed. +-The signed message in MIME format is written to the output file. +-.It Fl verify +-Verify signed mail. +-Expects a signed mail message on input and outputs the signed data. +-Both clear text and opaque signing are supported. +-.It Fl cmsout +-Take an input message and write out a PEM encoded CMS structure. +-.It Fl resign +-Resign a message. +-Take an existing message and one or more new signers. +-This operation uses an existing message digest when adding a new signer. +-This means that attributes must be present in at least one existing +-signer using the same message digest or this operation will fail. +-.It Fl data_create +-Create a CMS Data type. +-.It Fl data_out +-Output a content from the input CMS Data type. +-.It Fl digest_create +-Create a CMS DigestedData type. +-.It Fl digest_verify +-Verify a CMS DigestedData type and output the content. +-.It Fl compress +-Create a CMS CompressedData type. +-Must be compiled with zlib support for this option to work. +-.It Fl uncompress +-Uncompress a CMS CompressedData type and output the content. +-Must be compiled with zlib support for this option to work. +-.It Fl EncryptedData_encrypt +-Encrypt a content using supplied symmetric key and algorithm using a +-CMS EncryptedData type. +-.It Fl EncryptedData_decrypt +-Decrypt a CMS EncryptedData type using supplied symmetric key. +-.It Fl sign_receipt +-Generate and output a signed receipt for the supplied message. +-The input message must contain a signed receipt request. +-Functionality is otherwise similar to the +-.Fl sign +-operation. +-.It Xo +-.Fl verify_receipt Ar file +-.Xc +-Verify a signed receipt in file. +-The input message must contain the original receipt request. +-Functionality is otherwise similar to the +-.Fl verify +-operation. +-.El +-.Pp +-The remaining options are as follows: +-.Bl -tag -width "XXXX" +-.It Xo +-.Fl aes128 | aes192 | aes256 | camellia128 | +-.Fl camellia192 | camellia256 | des | des3 | +-.Fl rc2-40 | rc2-64 | rc2-128 +-.Xc +-The encryption algorithm to use. +-128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA, +-DES (56 bits), triple DES (168 bits), +-or 40-, 64-, or 128-bit RC2, respectively; +-if not specified, triple DES is +-used. +-Only used with +-.Fl encrypt +-and +-.Fl EncryptedData_encrypt +-commands. +-.It Fl binary +-Normally the input message is converted to "canonical" format which is +-effectively using CR/LF as end of line, as required by the S/MIME specification. +-When this option is present, no translation occurs. +-This is useful when handling binary data which may not be in MIME format. +-.It Fl CAfile Ar file +-A file containing trusted CA certificates, used with +-.Fl verify +-and +-.Fl verify_receipt . +-.It Fl CApath Ar directory +-A directory containing trusted CA certificates, used with +-.Fl verify +-and +-.Fl verify_receipt . +-This directory must be a standard certificate directory: that is a hash +-of each subject name (using +-.Nm x509 Fl hash ) +-should be linked to each certificate. +-.It Fl CRLfile Ar file +-Allows additional certificate revocation lists to be specified for verification. +-The CRLs should be in PEM format. +-.It Ar cert.pem ... +-One or more certificates of message recipients: used when encrypting a message. +-.It Fl certfile Ar file +-Allows additional certificates to be specified. +-When signing, these will be included with the message. +-When verifying, these will be searched for the signer's certificates. +-The certificates should be in PEM format. +-.It Fl certsout Ar file +-A file that any certificates contained in the message are written to. +-.It Xo +-.Fl check_ss_sig , +-.Fl crl_check , +-.Fl crl_check_all , +-.Fl extended_crl , +-.Fl ignore_critical , +-.Fl issuer_checks , +-.Fl policy , +-.Fl policy_check , +-.Fl purpose , +-.Fl x509_strict +-.Xc +-Set various certificate chain validation options. +-See the +-.Nm verify +-command for details. +-.It Fl content Ar file +-A file containing the detached content. +-This is only useful with the +-.Fl verify +-command. +-This is only usable if the CMS structure is using the detached signature +-form where the content is not included. +-This option will override any content if the input format is S/MIME and +-it uses the multipart/signed MIME content type. +-.It Fl crlfeol +-Output a S/MIME message with CR/LF end of line. +-.It Fl debug_decrypt +-Set the CMS_DEBUG_DECRYPT flag when decrypting. +-This option should be used with caution, since this can be used to disable +-the MMA attack protection and return an error if no recipient can be found. +-See the +-.Xr CMS_decrypt 3 +-manual page for details of the flag. +-.It Xo +-.Fl from Ar addr , +-.Fl subject Ar s , +-.Fl to Ar addr +-.Xc +-The relevant mail headers. +-These are included outside the signed portion of a message so they may +-be included manually. +-If signing then many S/MIME mail clients check the signer's certificate's +-email address matches that specified in the From: address. +-.It Fl econtent_type Ar type +-Set the encapsulated content type, used with +-.Fl sign . +-If not supplied, the Data type is used. +-The type argument can be any valid OID name in either text or numerical format. +-.It Fl in Ar file +-The input message to be encrypted or signed or the message to be decrypted or +-verified. +-.It Fl inform Cm der | pem | smime +-The input format for the CMS structure. +-The default is +-.Cm smime , +-which reads an S/MIME format message. +-.Cm pem +-and +-.Cm der +-format change this to expect PEM and DER format CMS structures instead. +-This currently only affects the input format of the CMS structure; if no +-CMS structure is being input (for example with +-.Fl encrypt +-or +-.Fl sign ) +-this option has no effect. +-.It Fl inkey Ar file +-The private key to use when signing or decrypting. +-This must match the corresponding certificate. +-If this option is not specified then the private key must be included in +-the certificate file specified with the +-.Fl recip +-or +-.Fl signer +-file. +-When signing, this option can be used multiple times to specify successive keys. +-.It Fl keyform Cm der | pem +-Input private key format. +-The default is +-.Cm pem . +-.It Fl keyid +-Use subject key identifier to identify certificates instead of issuer +-name and serial number. +-The supplied certificate must include a subject key identifier extension. +-Supported by +-.Fl sign +-and +-.Fl encrypt +-operations. +-.It Fl keyopt Ar nm:v +-Set customised parameters for the preceding key or certificate +-for encryption and signing. +-It can currently be used to set RSA-PSS for signing, RSA-OAEP for +-encryption or to modify default parameters for ECDH. +-This option can be used multiple times. +-.It Fl md Ar digest +-The digest algorithm to use when signing or resigning. +-If not present then the default digest algorithm for the signing key +-will be used (usually SHA1). +-.It Fl no_attr_verify +-Do not verify the signer's attribute of a signature. +-.It Fl no_content_verify +-Do not verify the content of a signed message. +-.It Fl no_signer_cert_verify +-Do not verify the signer's certificate of a signed message. +-.It Fl noattr +-Do not include attributes. +-Normally when a message is signed a set of attributes are included which +-include the signing time and supported symmetric algorithms. +-With this option they are not included. +-.It Fl nocerts +-Do not include the signer's certificate. +-This will reduce the size of the signed message but the verifier must +-have a copy of the signer's certificate available locally (passed using +-the +-.Fl certfile +-option for example). +-.It Fl nodetach +-When signing a message, use opaque signing. +-This form is more resistant to translation by mail relays but it cannot be +-read by mail agents that do not support S/MIME. +-Without this option cleartext signing with the MIME type multipart/signed is +-used. +-.It Fl nointern +-Only the certificates specified in the +-.Fl certfile +-option are used. +-When verifying a message, normally certificates (if any) included in the +-message are searched for the signing certificate. +-The supplied certificates can still be used as untrusted CAs however. +-.It Fl nooldmime +-Output an old S/MIME content type like "application/x-pkcs7-". +-.It Fl noout +-Do not output the parsed CMS structure for the +-.Fl cmsout +-operation. +-This is useful when combined with the +-.Fl print +-option or if the syntax of the CMS structure is being checked. +-.It Fl nosigs +-Do not try to verify the signatures on the message. +-.It Fl nosmimecap +-Exclude the list of supported algorithms from signed attributes; other +-options such as signing time and content type are still included. +-.It Fl noverify +-Do not verify the signer's certificate of a signed message. +-.It Fl out Ar file +-The message text that has been decrypted or verified or the output MIME +-format message that has been signed or verified. +-.It Fl outform Cm der | pem | smime +-This specifies the output format for the CMS structure. +-The default is +-.Cm smime , +-which writes an S/MIME format message. +-.Cm pem +-and +-.Cm der +-format change this to write PEM and DER format CMS structures instead. +-This currently only affects the output format of the CMS structure; if +-no CMS structure is being output (for example with +-.Fl verify +-or +-.Fl decrypt ) +-this option has no effect. +-.It Fl passin Ar src +-The private key password source. +-.It Fl print +-Print out all fields of the CMS structure for the +-.Fl cmsout +-operation. +-This is mainly useful for testing purposes. +-.It Fl pwri_password Ar arg +-Specify PasswordRecipientInfo (PWRI) password to use. +-Supported by the +-.Fl encrypt +-and +-.Fl decrypt +-operations. +-.It Fl rctform Cm der | pem | smime +-Specify the format for a signed receipt for use with the +-.Fl receipt_verify +-operation. +-The default is +-.Cm smime . +-.It Fl receipt_request_all | receipt_request_first +-Indicate requests should be provided by all recipient or first tier +-recipients (those mailed directly and not from a mailing list), for the +-.Fl sign +-operation to include a signed receipt request. +-Ignored if +-.Fl receipt_request_from +-is included. +-.It Fl receipt_request_from Ar addr +-Add an explicit email address where receipts should be supplied. +-.It Fl receipt_request_print +-Print out the contents of any signed receipt requests for the +-.Fl verify +-operation. +-.It Fl receipt_request_to Ar addr +-Add an explicit email address where signed receipts should be sent to. +-This option must be supplied if a signed receipt is requested. +-.It Fl recip Ar file +-When decrypting a message, this specifies the recipient's certificate. +-The certificate must match one of the recipients of the message or an +-error occurs. +-When encrypting a message, this option may be used multiple times to +-specify each recipient. +-This form must be used if customised parameters are required (for example to +-specify RSA-OAEP). +-Only certificates carrying RSA, Diffie-Hellman or EC keys are supported +-by this option. +-.It Fl secretkey Ar key +-Specify symmetric key to use. +-The key must be supplied in hex format and be consistent with the +-algorithm used. +-Supported by the +-.Fl EncryptedData_encrypt , +-.Fl EncryptedData_decrypt , +-.Fl encrypt +-and +-.Fl decrypt +-operations. +-When used with +-.Fl encrypt +-or +-.Fl decrypt , +-the supplied key is used to wrap or unwrap the content encryption key +-using an AES key in the KEKRecipientInfo type. +-.It Fl secretkeyid Ar id +-The key identifier for the supplied symmetric key for KEKRecipientInfo type. +-This option must be present if the +-.Fl secretkey +-option is used with +-.Fl encrypt . +-With +-.Fl decrypt +-operations the id is used to locate the relevant key; if it is not supplied +-then an attempt is used to decrypt any KEKRecipientInfo structures. +-.It Fl signer Ar file +-A signing certificate when signing or resigning a message; this option +-can be used multiple times if more than one signer is required. +-If a message is being verified then the signers certificates will be +-written to this file if the verification was successful. +-.It Xo +-.Fl stream | +-.Fl indef | +-.Fl noindef +-.Xc +-The +-.Fl stream +-and +-.Fl indef +-options are equivalent and enable streaming I/O for encoding operations. +-This permits single pass processing of data without the need to hold the +-entire contents in memory, potentially supporting very large files. +-Streaming is automatically set for S/MIME signing with detached data if +-the output format is +-.Cm smime ; +-it is currently off by default for all other operations. +-.Fl noindef +-disable streaming I/O where it would produce an indefinite length +-constructed encoding. +-This option currently has no effect. +-.It Fl text +-Add plain text (text/plain) MIME headers to the supplied message if +-encrypting or signing. +-If decrypting or verifying, it strips off text headers: if the decrypted +-or verified message is not of MIME type text/plain then an error occurs. +-.It Fl verify_retcode +-Set verification error code to exit code to indicate what verification error +-has occurred. +-Supported by +-.Fl verify +-operation only. +-Exit code value minus 32 shows verification error code. +-See +-.Nm verify +-command for the list of verification error code. +-.El +-.Pp +-The exit codes for +-.Nm cms +-are as follows: +-.Pp +-.Bl -tag -width "XXXX" -offset 3n -compact +-.It 0 +-The operation was completely successful. +-.It 1 +-An error occurred parsing the command options. +-.It 2 +-One of the input files could not be read. +-.It 3 +-An error occurred creating the CMS file or when reading the MIME message. +-.It 4 +-An error occurred decrypting or verifying the message. +-.It 5 +-The message was verified correctly but an error occurred writing out the +-signer's certificates. +-.It 6 +-An error occurred writing the output file. +-.It 32+ +-A verify error occurred while +-.Fl verify_retcode +-is specified. +-.El +-.Tg crl +-.Sh CRL +-.Bl -hang -width "openssl crl" +-.It Nm openssl crl +-.Bk -words +-.Op Fl CAfile Ar file +-.Op Fl CApath Ar dir +-.Op Fl crlnumber +-.Op Fl fingerprint +-.Op Fl hash +-.Op Fl hash_old +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem +-.Op Fl issuer +-.Op Fl lastupdate +-.Op Fl nameopt Ar option +-.Op Fl nextupdate +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem +-.Op Fl text +-.Op Fl verify +-.Ek +-.El +-.Pp +-The +-.Nm crl +-command processes CRL files in DER or PEM format. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl CAfile Ar file +-Verify the signature on a CRL by looking up the issuing certificate in +-.Ar file . +-.It Fl CApath Ar directory +-Verify the signature on a CRL by looking up the issuing certificate in +-.Ar dir . +-This directory must be a standard certificate directory, +-i.e. a hash of each subject name (using +-.Cm x509 Fl hash ) +-should be linked to each certificate. +-.It Fl crlnumber +-Print the CRL number. +-.It Fl fingerprint +-Print the CRL fingerprint. +-.It Fl hash +-Output a hash of the issuer name. +-This can be used to look up CRLs in a directory by issuer name. +-.It Fl hash_old +-Output an old-style (MD5) hash of the issuer name. +-.It Fl in Ar file +-The input file to read from, or standard input if not specified. +-.It Fl inform Cm der | pem +-The input format. +-.It Fl issuer +-Output the issuer name. +-.It Fl lastupdate +-Output the +-.Cm thisUpdate +-field. +-This option is misnamed for historical reasons. +-.It Fl nameopt Ar option +-Specify certificate name options. +-.It Fl nextupdate +-Output the +-.Cm nextUpdate +-field. +-.It Fl noout +-Do not output the encoded version of the CRL. +-.It Fl out Ar file +-The output file to write to, or standard output if not specified. +-.It Fl outform Cm der | pem +-The output format. +-.It Fl text +-Print the CRL in plain text. +-.It Fl verify +-Verify the signature on the CRL. +-.El +-.Tg crl2pkcs7 +-.Sh CRL2PKCS7 +-.Bl -hang -width "openssl crl2pkcs7" +-.It Nm openssl crl2pkcs7 +-.Bk -words +-.Op Fl certfile Ar file +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem +-.Op Fl nocrl +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem +-.Ek +-.El +-.Pp +-The +-.Nm crl2pkcs7 +-command takes an optional CRL and one or more +-certificates and converts them into a PKCS#7 degenerate +-.Qq certificates only +-structure. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl certfile Ar file +-Add the certificates in PEM +-.Ar file +-to the PKCS#7 structure. +-This option can be used more than once +-to read certificates from multiple files. +-.It Fl in Ar file +-Read the CRL from +-.Ar file , +-or standard input if not specified. +-.It Fl inform Cm der | pem +-The input format. +-.It Fl nocrl +-Normally, a CRL is included in the output file. +-With this option, no CRL is +-included in the output file and a CRL is not read from the input file. +-.It Fl out Ar file +-Write the PKCS#7 structure to +-.Ar file , +-or standard output if not specified. +-.It Fl outform Cm der | pem +-The output format. +-.El +-.Tg dgst +-.Sh DGST +-.Bl -hang -width "openssl dgst" +-.It Nm openssl dgst +-.Bk -words +-.Op Fl cdr +-.Op Fl binary +-.Op Fl Ar digest +-.Op Fl hex +-.Op Fl hmac Ar key +-.Op Fl keyform Cm pem +-.Op Fl mac Ar algorithm +-.Op Fl macopt Ar nm : Ns Ar v +-.Op Fl out Ar file +-.Op Fl passin Ar arg +-.Op Fl prverify Ar file +-.Op Fl sign Ar file +-.Op Fl signature Ar file +-.Op Fl sigopt Ar nm : Ns Ar v +-.Op Fl verify Ar file +-.Op Ar +-.Ek +-.El +-.Pp +-The digest functions output the message digest of a supplied +-.Ar file +-or +-.Ar files +-in hexadecimal form. +-They can also be used for digital signing and verification. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl binary +-Output the digest or signature in binary form. +-.It Fl c +-Print the digest in two-digit groups separated by colons. +-.It Fl d +-Print BIO debugging information. +-.It Fl Ar digest +-Use the specified message +-.Ar digest . +-The default is SHA256. +-The available digests can be displayed using +-.Nm openssl +-.Cm list-message-digest-commands . +-The following are equivalent: +-.Nm openssl dgst +-.Fl sha256 +-and +-.Nm openssl +-.Cm sha256 . +-.It Fl hex +-Digest is to be output as a hex dump. +-This is the default case for a +-.Qq normal +-digest as opposed to a digital signature. +-.It Fl hmac Ar key +-Create a hashed MAC using +-.Ar key . +-.It Fl keyform Cm pem +-Specifies the key format to sign the digest with. +-.It Fl mac Ar algorithm +-Create a keyed Message Authentication Code (MAC). +-The most popular MAC algorithm is HMAC (hash-based MAC), +-but there are other MAC algorithms which are not based on hash. +-MAC keys and other options should be set via the +-.Fl macopt +-parameter. +-.It Fl macopt Ar nm : Ns Ar v +-Passes options to the MAC algorithm, specified by +-.Fl mac . +-The following options are supported by HMAC: +-.Bl -tag -width Ds +-.It Cm key : Ns Ar string +-Specifies the MAC key as an alphanumeric string +-(use if the key contain printable characters only). +-String length must conform to any restrictions of the MAC algorithm. +-.It Cm hexkey : Ns Ar string +-Specifies the MAC key in hexadecimal form (two hex digits per byte). +-Key length must conform to any restrictions of the MAC algorithm. +-.El +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl passin Ar arg +-The key password source. +-.It Fl prverify Ar file +-Verify the signature using the private key in +-.Ar file . +-The output is either +-.Qq Verification OK +-or +-.Qq Verification Failure . +-.It Fl r +-Print the digest in coreutils format. +-.It Fl sign Ar file +-Digitally sign the digest using the private key in +-.Ar file . +-.It Fl signature Ar file +-The actual signature to verify. +-.It Fl sigopt Ar nm : Ns Ar v +-Pass options to the signature algorithm during sign or verify operations. +-The names and values of these options are algorithm-specific. +-.It Fl verify Ar file +-Verify the signature using the public key in +-.Ar file . +-The output is either +-.Qq Verification OK +-or +-.Qq Verification Failure . +-.It Ar +-File or files to digest. +-If no files are specified then standard input is used. +-.El +-.Tg dhparam +-.Sh DHPARAM +-.Bl -hang -width "openssl dhparam" +-.It Nm openssl dhparam +-.Bk -words +-.Op Fl 2 | 5 +-.Op Fl C +-.Op Fl check +-.Op Fl dsaparam +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem +-.Op Fl text +-.Op Ar numbits +-.Ek +-.El +-.Pp +-The +-.Nm dhparam +-command is used to manipulate DH parameter files. +-Only the older PKCS#3 DH is supported, +-not the newer X9.42 DH. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl 2 , 5 +-The generator to use; +-2 is the default. +-If present, the input file is ignored and parameters are generated instead. +-.It Fl C +-Convert the parameters into C code. +-The parameters can then be loaded by calling the +-.No get_dh Ns Ar numbits +-function. +-.It Fl check +-Check the DH parameters. +-.It Fl dsaparam +-Read or create DSA parameters, +-converted to DH format on output. +-Otherwise, +-.Qq strong +-primes +-.Pq such that (p-1)/2 is also prime +-will be used for DH parameter generation. +-.Pp +-DH parameter generation with the +-.Fl dsaparam +-option is much faster, +-and the recommended exponent length is shorter, +-which makes DH key exchange more efficient. +-Beware that with such DSA-style DH parameters, +-a fresh DH key should be created for each use to +-avoid small-subgroup attacks that may be possible otherwise. +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-.It Fl inform Cm der | pem +-The input format. +-.It Fl noout +-Do not output the encoded version of the parameters. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl outform Cm der | pem +-The output format. +-.It Fl text +-Print the DH parameters in plain text. +-.It Ar numbits +-Generate a parameter set of size +-.Ar numbits . +-It must be the last option. +-If not present, a value of 2048 is used. +-If this value is present, the input file is ignored and +-parameters are generated instead. +-.El +-.Tg dsa +-.Sh DSA +-.Bl -hang -width "openssl dsa" +-.It Nm openssl dsa +-.Bk -words +-.Oo +-.Fl aes128 | aes192 | aes256 | +-.Fl des | des3 +-.Oc +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem | pvk +-.Op Fl modulus +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem | pvk +-.Op Fl passin Ar arg +-.Op Fl passout Ar arg +-.Op Fl pubin +-.Op Fl pubout +-.Op Fl pvk-none | pvk-strong | pvk-weak +-.Op Fl text +-.Ek +-.El +-.Pp +-The +-.Nm dsa +-command processes DSA keys. +-They can be converted between various forms and their components printed out. +-.Pp +-.Sy Note : +-This command uses the traditional +-.Nm SSLeay +-compatible format for private key encryption: +-newer applications should use the more secure PKCS#8 format using the +-.Nm pkcs8 +-command. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Xo +-.Fl aes128 | aes192 | aes256 | +-.Fl des | des3 +-.Xc +-Encrypt the private key with the AES, DES, or the triple DES +-ciphers, respectively, before outputting it. +-A pass phrase is prompted for. +-If none of these options are specified, the key is written in plain text. +-This means that using the +-.Nm dsa +-utility to read an encrypted key with no encryption option can be used to +-remove the pass phrase from a key, +-or by setting the encryption options it can be used to add or change +-the pass phrase. +-These options can only be used with PEM format output files. +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-If the key is encrypted, a pass phrase will be prompted for. +-.It Fl inform Cm der | pem | pvk +-The input format. +-.It Fl modulus +-Print the value of the public key component of the key. +-.It Fl noout +-Do not output the encoded version of the key. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-If any encryption options are set then a pass phrase will be +-prompted for. +-.It Fl outform Cm der | pem | pvk +-The output format. +-.It Fl passin Ar arg +-The key password source. +-.It Fl passout Ar arg +-The output file password source. +-.It Fl pubin +-Read in a public key, not a private key. +-.It Fl pubout +-Output a public key, not a private key. +-Automatically set if the input is a public key. +-.It Xo +-.Fl pvk-none | pvk-strong | pvk-weak +-.Xc +-Enable or disable PVK encoding. +-The default is +-.Fl pvk-strong . +-.It Fl text +-Print the public/private key in plain text. +-.El +-.Tg dsaparam +-.Sh DSAPARAM +-.Bl -hang -width "openssl dsaparam" +-.It Nm openssl dsaparam +-.Bk -words +-.Op Fl C +-.Op Fl genkey +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem +-.Op Fl text +-.Op Ar numbits +-.Ek +-.El +-.Pp +-The +-.Nm dsaparam +-command is used to manipulate or generate DSA parameter files. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl C +-Convert the parameters into C code. +-The parameters can then be loaded by calling the +-.No get_dsa Ns Ar XXX +-function. +-.It Fl genkey +-Generate a DSA key either using the specified or generated +-parameters. +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-If the +-.Ar numbits +-parameter is included, then this option is ignored. +-.It Fl inform Cm der | pem +-The input format. +-.It Fl noout +-Do not output the encoded version of the parameters. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl outform Cm der | pem +-The output format. +-.It Fl text +-Print the DSA parameters in plain text. +-.It Ar numbits +-Generate a parameter set of size +-.Ar numbits . +-If this option is included, the input file is ignored. +-.El +-.Tg ec +-.Sh EC +-.Bl -hang -width "openssl ec" +-.It Nm openssl ec +-.Bk -words +-.Op Fl conv_form Ar arg +-.Op Fl des +-.Op Fl des3 +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem +-.Op Fl param_enc Ar arg +-.Op Fl param_out +-.Op Fl passin Ar arg +-.Op Fl passout Ar arg +-.Op Fl pubin +-.Op Fl pubout +-.Op Fl text +-.Ek +-.El +-.Pp +-The +-.Nm ec +-command processes EC keys. +-They can be converted between various +-forms and their components printed out. +-.Nm openssl +-uses the private key format specified in +-.Dq SEC 1: Elliptic Curve Cryptography +-.Pq Lk https://www.secg.org/ . +-To convert an +-EC private key into the PKCS#8 private key format use the +-.Nm pkcs8 +-command. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl conv_form Ar arg +-Specify how the points on the elliptic curve are converted +-into octet strings. +-Possible values are: +-.Cm compressed , +-.Cm uncompressed +-(the default), +-and +-.Cm hybrid . +-For more information regarding +-the point conversion forms see the X9.62 standard. +-Note: +-Due to patent issues the +-.Cm compressed +-option is disabled by default for binary curves +-and can be enabled by defining the preprocessor macro +-.Dv OPENSSL_EC_BIN_PT_COMP +-at compile time. +-.It Fl des | des3 +-Encrypt the private key with DES, triple DES, or +-any other cipher supported by +-.Nm openssl . +-A pass phrase is prompted for. +-If none of these options are specified, the key is written in plain text. +-This means that using the +-.Nm ec +-utility to read in an encrypted key with no +-encryption option can be used to remove the pass phrase from a key, +-or by setting the encryption options +-it can be used to add or change the pass phrase. +-These options can only be used with PEM format output files. +-.It Fl in Ar file +-The input file to read a key from, +-or standard input if not specified. +-If the key is encrypted, a pass phrase will be prompted for. +-.It Fl inform Cm der | pem +-The input format. +-.It Fl noout +-Do not output the encoded version of the key. +-.It Fl out Ar file +-The output filename to write to, +-or standard output if not specified. +-If any encryption options are set then a pass phrase will be prompted for. +-.It Fl outform Cm der | pem +-The output format. +-.It Fl param_enc Ar arg +-Specify how the elliptic curve parameters are encoded. +-Possible value are: +-.Cm named_curve , +-i.e. the EC parameters are specified by an OID; or +-.Cm explicit , +-where the EC parameters are explicitly given +-(see RFC 3279 for the definition of the EC parameter structures). +-The default value is +-.Cm named_curve . +-Note: the +-.Cm implicitlyCA +-alternative, +-as specified in RFC 3279, +-is currently not implemented. +-.It Fl param_out +-Print the elliptic curve parameters. +-.It Fl passin Ar arg +-The key password source. +-.It Fl passout Ar arg +-The output file password source. +-.It Fl pubin +-Read in a public key, not a private key. +-.It Fl pubout +-Output a public key, not a private key. +-Automatically set if the input is a public key. +-.It Fl text +-Print the public/private key in plain text. +-.El +-.Tg ecparam +-.Sh ECPARAM +-.Bl -hang -width "openssl ecparam" +-.It Nm openssl ecparam +-.Bk -words +-.Op Fl C +-.Op Fl check +-.Op Fl conv_form Ar arg +-.Op Fl genkey +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem +-.Op Fl list_curves +-.Op Fl name Ar arg +-.Op Fl no_seed +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem +-.Op Fl param_enc Ar arg +-.Op Fl text +-.Ek +-.El +-.Pp +-The +-.Nm ecparam +-command is used to manipulate or generate EC parameter files. +-.Nm openssl +-is not able to generate new groups so +-.Nm ecparam +-can only create EC parameters from known (named) curves. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl C +-Convert the EC parameters into C code. +-The parameters can then be loaded by calling the +-.No get_ec_group_ Ns Ar XXX +-function. +-.It Fl check +-Validate the elliptic curve parameters. +-.It Fl conv_form Ar arg +-Specify how the points on the elliptic curve are converted +-into octet strings. +-Possible values are: +-.Cm compressed , +-.Cm uncompressed +-(the default), +-and +-.Cm hybrid . +-For more information regarding +-the point conversion forms see the X9.62 standard. +-Note: +-Due to patent issues the +-.Cm compressed +-option is disabled by default for binary curves +-and can be enabled by defining the preprocessor macro +-.Dv OPENSSL_EC_BIN_PT_COMP +-at compile time. +-.It Fl genkey +-Generate an EC private key using the specified parameters. +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-.It Fl inform Cm der | pem +-The input format. +-.It Fl list_curves +-Print a list of all +-currently implemented EC parameter names and exit. +-.It Fl name Ar arg +-Use the EC parameters with the specified "short" name. +-.It Fl no_seed +-Do not include the seed for the parameter generation +-in the ECParameters structure (see RFC 3279). +-.It Fl noout +-Do not output the encoded version of the parameters. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl outform Cm der | pem +-The output format. +-.It Fl param_enc Ar arg +-Specify how the elliptic curve parameters are encoded. +-Possible value are: +-.Cm named_curve , +-i.e. the EC parameters are specified by an OID, or +-.Cm explicit , +-where the EC parameters are explicitly given +-(see RFC 3279 for the definition of the EC parameter structures). +-The default value is +-.Cm named_curve . +-Note: the +-.Cm implicitlyCA +-alternative, as specified in RFC 3279, +-is currently not implemented. +-.It Fl text +-Print the EC parameters in plain text. +-.El +-.Tg enc +-.Sh ENC +-.Bl -hang -width "openssl enc" +-.It Nm openssl enc +-.Bk -words +-.Fl ciphername +-.Op Fl AadePpv +-.Op Fl base64 +-.Op Fl bufsize Ar number +-.Op Fl debug +-.Op Fl in Ar file +-.Op Fl iter Ar iterations +-.Op Fl iv Ar IV +-.Op Fl K Ar key +-.Op Fl k Ar password +-.Op Fl kfile Ar file +-.Op Fl md Ar digest +-.Op Fl none +-.Op Fl nopad +-.Op Fl nosalt +-.Op Fl out Ar file +-.Op Fl pass Ar arg +-.Op Fl pbkdf2 +-.Op Fl S Ar salt +-.Op Fl salt +-.Ek +-.El +-.Pp +-The symmetric cipher commands allow data to be encrypted or decrypted +-using various block and stream ciphers using keys based on passwords +-or explicitly provided. +-Base64 encoding or decoding can also be performed either by itself +-or in addition to the encryption or decryption. +-The program can be called either as +-.Nm openssl Ar ciphername +-or +-.Nm openssl enc - Ns Ar ciphername . +-.Pp +-Some of the ciphers do not have large keys and others have security +-implications if not used correctly. +-All the block ciphers normally use PKCS#5 padding, +-also known as standard block padding. +-If padding is disabled, the input data must be a multiple of the cipher +-block length. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl A +-If the +-.Fl a +-option is set, then base64 process the data on one line. +-.It Fl a , base64 +-Base64 process the data. +-This means that if encryption is taking place, the data is base64-encoded +-after encryption. +-If decryption is set, the input data is base64-decoded before +-being decrypted. +-.It Fl bufsize Ar number +-Set the buffer size for I/O. +-.It Fl d +-Decrypt the input data. +-.It Fl debug +-Debug the BIOs used for I/O. +-.It Fl e +-Encrypt the input data. +-This is the default. +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-.It Fl iter Ar iterations +-Use the pbkdf2 key derivation function, with +-.Ar iterations +-as the number of iterations. +-.It Fl iv Ar IV +-The actual +-.Ar IV +-.Pq initialisation vector +-to use: +-this must be represented as a string comprised only of hex digits. +-When only the +-.Ar key +-is specified using the +-.Fl K +-option, +-the IV must explicitly be defined. +-When a password is being specified using one of the other options, +-the IV is generated from this password. +-.It Fl K Ar key +-The actual +-.Ar key +-to use: +-this must be represented as a string comprised only of hex digits. +-If only the key is specified, +-the IV must also be specified using the +-.Fl iv +-option. +-When both a +-.Ar key +-and a +-.Ar password +-are specified, the +-.Ar key +-given with the +-.Fl K +-option will be used and the IV generated from the password will be taken. +-It probably does not make much sense to specify both +-.Ar key +-and +-.Ar password . +-.It Fl k Ar password +-The +-.Ar password +-to derive the key from. +-Superseded by the +-.Fl pass +-option. +-.It Fl kfile Ar file +-Read the password to derive the key from the first line of +-.Ar file . +-Superseded by the +-.Fl pass +-option. +-.It Fl md Ar digest +-Use +-.Ar digest +-to create a key from a pass phrase. +-Currently, the default value is +-.Cm sha256 . +-.It Fl none +-Use NULL cipher (no encryption or decryption of input). +-.It Fl nopad +-Disable standard block padding. +-.It Fl nosalt +-Don't use a salt in the key derivation routines. +-This option should never be used +-since it makes it possible to perform efficient dictionary +-attacks on the password and to attack stream cipher encrypted data. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl P +-Print out the salt, key, and IV used, then immediately exit; +-don't do any encryption or decryption. +-.It Fl p +-Print out the salt, key, and IV used. +-.It Fl pass Ar arg +-The password source. +-.It Fl pbkdf2 +-Use the pbkdf2 key derivation function, with +-the default of 10000 iterations. +-.It Fl S Ar salt +-The actual +-.Ar salt +-to use: +-this must be represented as a string comprised only of hex digits. +-.It Fl salt +-Use a salt in the key derivation routines (the default). +-When the salt is being used, +-the first eight bytes of the encrypted data are reserved for the salt: +-it is randomly generated when encrypting a file and read from the +-encrypted file when it is decrypted. +-.It Fl v +-Print extra details about the processing. +-.El +-.Tg errstr +-.Sh ERRSTR +-.Nm openssl errstr +-.Ar errno ... +-.Pp +-The +-.Nm errstr +-command performs error number to error string conversion, +-generating a human-readable string representing the error code +-.Ar errno . +-The string is obtained through the +-.Xr ERR_error_string_n 3 +-function and has the following format: +-.Pp +-.Dl error:[error code]:[library name]:[function name]:[reason string] +-.Pp +-.Bq error code +-is an 8-digit hexadecimal number. +-The remaining fields +-.Bq library name , +-.Bq function name , +-and +-.Bq reason string +-are all ASCII text. +-.Tg gendsa +-.Sh GENDSA +-.Bl -hang -width "openssl gendsa" +-.It Nm openssl gendsa +-.Bk -words +-.Oo +-.Fl aes128 | aes192 | aes256 | camellia128 | +-.Fl camellia192 | camellia256 | des | des3 | idea +-.Oc +-.Op Fl out Ar file +-.Op Fl passout Ar arg +-.Ar paramfile +-.Ek +-.El +-.Pp +-The +-.Nm gendsa +-command generates a DSA private key from a DSA parameter file +-(typically generated by the +-.Nm openssl dsaparam +-command). +-DSA key generation is little more than random number generation so it is +-much quicker than, +-for example, +-RSA key generation. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Xo +-.Fl aes128 | aes192 | aes256 | +-.Fl camellia128 | camellia192 | camellia256 | +-.Fl des | des3 | +-.Fl idea +-.Xc +-Encrypt the private key with the AES, CAMELLIA, DES, triple DES +-or the IDEA ciphers, respectively, before outputting it. +-A pass phrase is prompted for. +-If none of these options are specified, no encryption is used. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl passout Ar arg +-The output file password source. +-.It Ar paramfile +-Specify the DSA parameter file to use. +-The parameters in this file determine the size of the private key. +-.El +-.Tg genpkey +-.Sh GENPKEY +-.Bl -hang -width "openssl genpkey" +-.It Nm openssl genpkey +-.Bk -words +-.Op Fl algorithm Ar alg +-.Op Ar cipher +-.Op Fl genparam +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem +-.Op Fl paramfile Ar file +-.Op Fl pass Ar arg +-.Op Fl pkeyopt Ar opt : Ns Ar value +-.Op Fl text +-.Ek +-.El +-.Pp +-The +-.Nm genpkey +-command generates private keys. +-The use of this +-program is encouraged over the algorithm specific utilities +-because additional algorithm options can be used. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl algorithm Ar alg +-The public key algorithm to use, +-such as RSA, DSA, or DH. +-This option must precede any +-.Fl pkeyopt +-options. +-The options +-.Fl paramfile +-and +-.Fl algorithm +-are mutually exclusive. +-.It Ar cipher +-Encrypt the private key with the supplied cipher. +-Any algorithm name accepted by +-.Xr EVP_get_cipherbyname 3 +-is acceptable. +-.It Fl genparam +-Generate a set of parameters instead of a private key. +-This option must precede any +-.Fl algorithm , +-.Fl paramfile , +-or +-.Fl pkeyopt +-options. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl outform Cm der | pem +-The output format. +-.It Fl paramfile Ar file +-Some public key algorithms generate a private key based on a set of parameters, +-which can be supplied using this option. +-If this option is used, the public key +-algorithm used is determined by the parameters. +-This option must precede any +-.Fl pkeyopt +-options. +-The options +-.Fl paramfile +-and +-.Fl algorithm +-are mutually exclusive. +-.It Fl pass Ar arg +-The output file password source. +-.It Fl pkeyopt Ar opt : Ns Ar value +-Set the public key algorithm option +-.Ar opt +-to +-.Ar value , +-as follows: +-.Bl -tag -width Ds -offset indent +-.It rsa_keygen_bits : Ns Ar numbits +-(RSA) +-The number of bits in the generated key. +-The default is 2048. +-.It rsa_keygen_pubexp : Ns Ar value +-(RSA) +-The RSA public exponent value. +-This can be a large decimal or hexadecimal value if preceded by 0x. +-The default is 65537. +-.It dsa_paramgen_bits : Ns Ar numbits +-(DSA) +-The number of bits in the generated parameters. +-The default is 1024. +-.It dh_paramgen_prime_len : Ns Ar numbits +-(DH) +-The number of bits in the prime parameter +-.Ar p . +-.It dh_paramgen_generator : Ns Ar value +-(DH) +-The value to use for the generator +-.Ar g . +-.It ec_paramgen_curve : Ns Ar curve +-(EC) +-The elliptic curve to use. +-.El +-.It Fl text +-Print the private/public key in plain text. +-.El +-.Tg genrsa +-.Sh GENRSA +-.Bl -hang -width "openssl genrsa" +-.It Nm openssl genrsa +-.Bk -words +-.Op Fl 3 | f4 +-.Oo +-.Fl aes128 | aes192 | aes256 | camellia128 | +-.Fl camellia192 | camellia256 | des | des3 | idea +-.Oc +-.Op Fl out Ar file +-.Op Fl passout Ar arg +-.Op Ar numbits +-.Ek +-.El +-.Pp +-The +-.Nm genrsa +-command generates an RSA private key, +-which essentially involves the generation of two prime numbers. +-When generating the key, +-various symbols will be output to indicate the progress of the generation. +-A +-.Sq \&. +-represents each number which has passed an initial sieve test; +-.Sq + +-means a number has passed a single round of the Miller-Rabin primality test; +-.Sq * +-means the number has failed primality testing +-and needs to be generated afresh. +-A newline means that the number has passed all the prime tests +-(the actual number depends on the key size). +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl 3 | f4 +-The public exponent to use, either 3 or 65537. +-The default is 65537. +-.It Xo +-.Fl aes128 | aes192 | aes256 | +-.Fl camellia128 | camellia192 | camellia256 | +-.Fl des | des3 | +-.Fl idea +-.Xc +-Encrypt the private key with the AES, CAMELLIA, DES, triple DES +-or the IDEA ciphers, respectively, before outputting it. +-If none of these options are specified, no encryption is used. +-If encryption is used, a pass phrase is prompted for, +-if it is not supplied via the +-.Fl passout +-option. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl passout Ar arg +-The output file password source. +-.It Ar numbits +-The size of the private key to generate in bits. +-This must be the last option specified. +-The default is 2048. +-.El +-.Tg ocsp +-.Sh OCSP +-.Bl -hang -width "openssl ocsp" +-.It Nm openssl ocsp +-.Bk -words +-.Op Fl CA Ar file +-.Op Fl CAfile Ar file +-.Op Fl CApath Ar directory +-.Op Fl cert Ar file +-.Op Fl dgst Ar alg +-.Op Fl header Ar name value +-.Op Fl host Ar hostname : Ns Ar port +-.Op Fl ignore_err +-.Op Fl index Ar indexfile +-.Op Fl issuer Ar file +-.Op Fl ndays Ar days +-.Op Fl nmin Ar minutes +-.Op Fl no_cert_checks +-.Op Fl no_cert_verify +-.Op Fl no_certs +-.Op Fl no_chain +-.Op Fl no_explicit +-.Op Fl no_intern +-.Op Fl no_nonce +-.Op Fl no_signature_verify +-.Op Fl nonce +-.Op Fl noverify +-.Op Fl nrequest Ar number +-.Op Fl out Ar file +-.Op Fl path Ar path +-.Op Fl port Ar portnum +-.Op Fl req_text +-.Op Fl reqin Ar file +-.Op Fl reqout Ar file +-.Op Fl resp_key_id +-.Op Fl resp_no_certs +-.Op Fl resp_text +-.Op Fl respin Ar file +-.Op Fl respout Ar file +-.Op Fl rkey Ar file +-.Op Fl rother Ar file +-.Op Fl rsigner Ar file +-.Op Fl serial Ar num +-.Op Fl sign_other Ar file +-.Op Fl signer Ar file +-.Op Fl signkey Ar file +-.Op Fl status_age Ar age +-.Op Fl text +-.Op Fl timeout Ar seconds +-.Op Fl trust_other +-.Op Fl url Ar responder_url +-.Op Fl VAfile Ar file +-.Op Fl validity_period Ar nsec +-.Op Fl verify_other Ar file +-.Ek +-.El +-.Pp +-The Online Certificate Status Protocol (OCSP) +-enables applications to determine the (revocation) state +-of an identified certificate (RFC 2560). +-.Pp +-The +-.Nm ocsp +-command performs many common OCSP tasks. +-It can be used to print out requests and responses, +-create requests and send queries to an OCSP responder, +-and behave like a mini OCSP server itself. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl CAfile Ar file , Fl CApath Ar directory +-A file or path containing trusted CA certificates, +-used to verify the signature on the OCSP response. +-.It Fl cert Ar file +-Add the certificate +-.Ar file +-to the request. +-The issuer certificate is taken from the previous +-.Fl issuer +-option, or an error occurs if no issuer certificate is specified. +-.It Fl dgst Ar alg +-Use the digest algorithm +-.Ar alg +-for certificate identification in the OCSP request. +-By default SHA1 is used. +-.It Xo +-.Fl host Ar hostname : Ns Ar port , +-.Fl path Ar path +-.Xc +-Send +-the OCSP request to +-.Ar hostname +-on +-.Ar port . +-.Fl path +-specifies the HTTP path name to use, or +-.Pa / +-by default. +-.It Fl header Ar name value +-Add the header name with the specified value to the OCSP request that is sent +-to the responder. +-This may be repeated. +-.It Fl issuer Ar file +-The current issuer certificate, in PEM format. +-Can be used multiple times and must come before any +-.Fl cert +-options. +-.It Fl no_cert_checks +-Don't perform any additional checks on the OCSP response signer's certificate. +-That is, do not make any checks to see if the signer's certificate is +-authorised to provide the necessary status information: +-as a result this option should only be used for testing purposes. +-.It Fl no_cert_verify +-Don't verify the OCSP response signer's certificate at all. +-Since this option allows the OCSP response to be signed by any certificate, +-it should only be used for testing purposes. +-.It Fl no_certs +-Don't include any certificates in the signed request. +-.It Fl no_chain +-Do not use certificates in the response as additional untrusted CA +-certificates. +-.It Fl no_explicit +-Don't check the explicit trust for OCSP signing in the root CA certificate. +-.It Fl no_intern +-Ignore certificates contained in the OCSP response +-when searching for the signer's certificate. +-The signer's certificate must be specified with either the +-.Fl verify_other +-or +-.Fl VAfile +-options. +-.It Fl no_signature_verify +-Don't check the signature on the OCSP response. +-Since this option tolerates invalid signatures on OCSP responses, +-it will normally only be used for testing purposes. +-.It Fl nonce , no_nonce +-Add an OCSP nonce extension to a request, +-or disable an OCSP nonce addition. +-Normally, if an OCSP request is input using the +-.Fl respin +-option no nonce is added: +-using the +-.Fl nonce +-option will force the addition of a nonce. +-If an OCSP request is being created (using the +-.Fl cert +-and +-.Fl serial +-options), +-a nonce is automatically added; specifying +-.Fl no_nonce +-overrides this. +-.It Fl noverify +-Don't attempt to verify the OCSP response signature or the nonce values. +-This is normally only be used for debugging +-since it disables all verification of the responder's certificate. +-.It Fl out Ar file +-Specify the output file to write to, +-or standard output if not specified. +-.It Fl req_text , resp_text , text +-Print out the text form of the OCSP request, response, or both, respectively. +-.It Fl reqin Ar file , Fl respin Ar file +-Read an OCSP request or response file from +-.Ar file . +-These options are ignored +-if an OCSP request or response creation is implied by other options +-(for example with the +-.Fl serial , cert , +-and +-.Fl host +-options). +-.It Fl reqout Ar file , Fl respout Ar file +-Write out the DER-encoded certificate request or response to +-.Ar file . +-.It Fl serial Ar num +-Same as the +-.Fl cert +-option except the certificate with serial number +-.Ar num +-is added to the request. +-The serial number is interpreted as a decimal integer unless preceded by +-.Sq 0x . +-Negative integers can also be specified +-by preceding the value with a minus sign. +-.It Fl sign_other Ar file +-Additional certificates to include in the signed request. +-.It Fl signer Ar file , Fl signkey Ar file +-Sign the OCSP request using the certificate specified in the +-.Fl signer +-option and the private key specified by the +-.Fl signkey +-option. +-If the +-.Fl signkey +-option is not present, then the private key is read from the same file +-as the certificate. +-If neither option is specified, the OCSP request is not signed. +-.It Fl timeout Ar seconds +-Connection timeout to the OCSP responder in seconds. +-.It Fl trust_other +-The certificates specified by the +-.Fl verify_other +-option should be explicitly trusted and no additional checks will be +-performed on them. +-This is useful when the complete responder certificate chain is not available +-or trusting a root CA is not appropriate. +-.It Fl url Ar responder_url +-Specify the responder URL. +-Both HTTP and HTTPS +-.Pq SSL/TLS +-URLs can be specified. +-.It Fl VAfile Ar file +-A file containing explicitly trusted responder certificates. +-Equivalent to the +-.Fl verify_other +-and +-.Fl trust_other +-options. +-.It Fl validity_period Ar nsec , Fl status_age Ar age +-The range of times, in seconds, which will be tolerated in an OCSP response. +-Each certificate status response includes a notBefore time +-and an optional notAfter time. +-The current time should fall between these two values, +-but the interval between the two times may be only a few seconds. +-In practice the OCSP responder and clients' clocks may not be precisely +-synchronised and so such a check may fail. +-To avoid this the +-.Fl validity_period +-option can be used to specify an acceptable error range in seconds, +-the default value being 5 minutes. +-.Pp +-If the notAfter time is omitted from a response, +-it means that new status information is immediately available. +-In this case the age of the notBefore field is checked +-to see it is not older than +-.Ar age +-seconds old. +-By default, this additional check is not performed. +-.It Fl verify_other Ar file +-A file containing additional certificates to search +-when attempting to locate the OCSP response signing certificate. +-Some responders omit the actual signer's certificate from the response, +-so this can be used to supply the necessary certificate. +-.El +-.Pp +-The options for the OCSP server are as follows: +-.Bl -tag -width "XXXX" +-.It Fl CA Ar file +-CA certificate corresponding to the revocation information in +-.Ar indexfile . +-.It Fl ignore_err +-Ignore the invalid response. +-.It Fl index Ar indexfile +-.Ar indexfile +-is a text index file in ca format +-containing certificate revocation information. +-.Pp +-If this option is specified, +-.Nm ocsp +-is in responder mode, otherwise it is in client mode. +-The requests the responder processes can be either specified on +-the command line (using the +-.Fl issuer +-and +-.Fl serial +-options), supplied in a file (using the +-.Fl respin +-option), or via external OCSP clients (if +-.Ar port +-or +-.Ar url +-is specified). +-.Pp +-If this option is present, then the +-.Fl CA +-and +-.Fl rsigner +-options must also be present. +-.It Fl nmin Ar minutes , Fl ndays Ar days +-Number of +-.Ar minutes +-or +-.Ar days +-when fresh revocation information is available: +-used in the nextUpdate field. +-If neither option is present, +-the nextUpdate field is omitted, +-meaning fresh revocation information is immediately available. +-.It Fl nrequest Ar number +-Exit after receiving +-.Ar number +-requests (the default is unlimited). +-.It Fl port Ar portnum +-Port to listen for OCSP requests on. +-May also be specified using the +-.Fl url +-option. +-.It Fl resp_key_id +-Identify the signer certificate using the key ID; +-the default is to use the subject name. +-.It Fl resp_no_certs +-Don't include any certificates in the OCSP response. +-.It Fl rkey Ar file +-The private key to sign OCSP responses with; +-if not present, the file specified in the +-.Fl rsigner +-option is used. +-.It Fl rother Ar file +-Additional certificates to include in the OCSP response. +-.It Fl rsigner Ar file +-The certificate to sign OCSP responses with. +-.El +-.Pp +-Initially the OCSP responder certificate is located and the signature on +-the OCSP request checked using the responder certificate's public key. +-Then a normal certificate verify is performed on the OCSP responder certificate +-building up a certificate chain in the process. +-The locations of the trusted certificates used to build the chain can be +-specified by the +-.Fl CAfile +-and +-.Fl CApath +-options or they will be looked for in the standard +-.Nm openssl +-certificates directory. +-.Pp +-If the initial verify fails, the OCSP verify process halts with an error. +-Otherwise the issuing CA certificate in the request is compared to the OCSP +-responder certificate: if there is a match then the OCSP verify succeeds. +-.Pp +-Otherwise the OCSP responder certificate's CA is checked against the issuing +-CA certificate in the request. +-If there is a match and the OCSPSigning extended key usage is present +-in the OCSP responder certificate, then the OCSP verify succeeds. +-.Pp +-Otherwise the root CA of the OCSP responder's CA is checked to see if it +-is trusted for OCSP signing. +-If it is, the OCSP verify succeeds. +-.Pp +-If none of these checks is successful, the OCSP verify fails. +-What this effectively means is that if the OCSP responder certificate is +-authorised directly by the CA it is issuing revocation information about +-(and it is correctly configured), +-then verification will succeed. +-.Pp +-If the OCSP responder is a global responder, +-which can give details about multiple CAs +-and has its own separate certificate chain, +-then its root CA can be trusted for OCSP signing. +-Alternatively, the responder certificate itself can be explicitly trusted +-with the +-.Fl VAfile +-option. +-.Tg passwd +-.Sh PASSWD +-.Bl -hang -width "openssl passwd" +-.It Nm openssl passwd +-.Bk -words +-.Op Fl 1 | apr1 | crypt +-.Op Fl in Ar file +-.Op Fl noverify +-.Op Fl quiet +-.Op Fl reverse +-.Op Fl salt Ar string +-.Op Fl stdin +-.Op Fl table +-.Op Ar password +-.Ek +-.El +-.Pp +-The +-.Nm passwd +-command computes the hash of a password. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl 1 +-Use the MD5 based +-.Bx +-password algorithm +-.Qq 1 . +-.It Fl apr1 +-Use the +-.Qq apr1 +-algorithm +-.Po +-Apache variant of the +-.Bx +-algorithm +-.Pc . +-.It Fl crypt +-Use the +-.Qq crypt +-algorithm (the default). +-.It Fl in Ar file +-Read passwords from +-.Ar file . +-.It Fl noverify +-Don't verify when reading a password from the terminal. +-.It Fl quiet +-Don't output warnings when passwords given on the command line are truncated. +-.It Fl reverse +-Switch table columns. +-This only makes sense in conjunction with the +-.Fl table +-option. +-.It Fl salt Ar string +-Use the salt specified by +-.Ar string . +-When reading a password from the terminal, this implies +-.Fl noverify . +-.It Fl stdin +-Read passwords from standard input. +-.It Fl table +-In the output list, prepend the cleartext password and a TAB character +-to each password hash. +-.El +-.Tg pkcs7 +-.Sh PKCS7 +-.Bl -hang -width "openssl pkcs7" +-.It Nm openssl pkcs7 +-.Bk -words +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem +-.Op Fl print +-.Op Fl print_certs +-.Op Fl text +-.Ek +-.El +-.Pp +-The +-.Nm pkcs7 +-command processes PKCS#7 files in DER or PEM format. +-The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-.It Fl inform Cm der | pem +-The input format. +-.It Fl noout +-Don't output the encoded version of the PKCS#7 structure +-(or certificates if +-.Fl print_certs +-is set). +-.It Fl out Ar file +-The output to write to, +-or standard output if not specified. +-.It Fl outform Cm der | pem +-The output format. +-.It Fl print +-Print the ASN.1 representation of PKCS#7 structure. +-.It Fl print_certs +-Print any certificates or CRLs contained in the file, +-preceded by their subject and issuer names in a one-line format. +-.It Fl text +-Print certificate details in full rather than just subject and issuer names. +-.El +-.Tg pkcs8 +-.Sh PKCS8 +-.Bl -hang -width "openssl pkcs8" +-.It Nm openssl pkcs8 +-.Bk -words +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem +-.Op Fl nocrypt +-.Op Fl noiter +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem +-.Op Fl passin Ar arg +-.Op Fl passout Ar arg +-.Op Fl topk8 +-.Op Fl v1 Ar alg +-.Op Fl v2 Ar alg +-.Ek +-.El +-.Pp +-The +-.Nm pkcs8 +-command processes private keys +-(both encrypted and unencrypted) +-in PKCS#8 format +-with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. +-The default encryption is only 56 bits; +-keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts +-are more secure. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-If the key is encrypted, a pass phrase will be prompted for. +-.It Fl inform Cm der | pem +-The input format. +-.It Fl nocrypt +-Generate an unencrypted PrivateKeyInfo structure. +-This option does not encrypt private keys at all +-and should only be used when absolutely necessary. +-.It Fl noiter +-Use an iteration count of 1. +-See the +-.Sx PKCS12 +-section below for a detailed explanation of this option. +-.It Fl out Ar file +-The output file to write to, +-or standard output if none is specified. +-If any encryption options are set, a pass phrase will be prompted for. +-.It Fl outform Cm der | pem +-The output format. +-.It Fl passin Ar arg +-The key password source. +-.It Fl passout Ar arg +-The output file password source. +-.It Fl topk8 +-Read a traditional format private key and write a PKCS#8 format key. +-.It Fl v1 Ar alg +-Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use. +-.Pp +-.Bl -tag -width "XXXX" -compact +-.It PBE-MD5-DES +-56-bit DES. +-.It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES +-64-bit RC2 or 56-bit DES. +-.It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES +-.It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40 +-PKCS#12 password-based encryption algorithm, +-which allow strong encryption algorithms like triple DES or 128-bit RC2. +-.El +-.It Fl v2 Ar alg +-Use PKCS#5 v2.0 algorithms. +-Supports algorithms such as 168-bit triple DES or 128-bit RC2, +-however not many implementations support PKCS#5 v2.0 yet +-(if using private keys with +-.Nm openssl +-this doesn't matter). +-.Pp +-.Ar alg +-is the encryption algorithm to use; +-valid values include des, des3, and rc2. +-It is recommended that des3 is used. +-.El +-.Tg pkcs12 +-.Sh PKCS12 +-.Bl -hang -width "openssl pkcs12" +-.It Nm openssl pkcs12 +-.Bk -words +-.Oo +-.Fl aes128 | aes192 | aes256 | camellia128 | +-.Fl camellia192 | camellia256 | des | des3 | idea +-.Oc +-.Op Fl cacerts +-.Op Fl CAfile Ar file +-.Op Fl caname Ar name +-.Op Fl CApath Ar directory +-.Op Fl certfile Ar file +-.Op Fl certpbe Ar alg +-.Op Fl chain +-.Op Fl clcerts +-.Op Fl descert +-.Op Fl export +-.Op Fl in Ar file +-.Op Fl info +-.Op Fl inkey Ar file +-.Op Fl keyex +-.Op Fl keypbe Ar alg +-.Op Fl keysig +-.Op Fl macalg Ar alg +-.Op Fl maciter +-.Op Fl name Ar name +-.Op Fl nocerts +-.Op Fl nodes +-.Op Fl noiter +-.Op Fl nokeys +-.Op Fl nomac +-.Op Fl nomaciter +-.Op Fl nomacver +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl passin Ar arg +-.Op Fl passout Ar arg +-.Op Fl password Ar arg +-.Op Fl twopass +-.Ek +-.El +-.Pp +-The +-.Nm pkcs12 +-command allows PKCS#12 files +-.Pq sometimes referred to as PFX files +-to be created and parsed. +-By default, a PKCS#12 file is parsed; +-a PKCS#12 file can be created by using the +-.Fl export +-option. +-.Pp +-The options for parsing a PKCS12 file are as follows: +-.Bl -tag -width "XXXX" +-.It Xo +-.Fl aes128 | aes192 | aes256 | +-.Fl camellia128 | camellia192 | camellia256 | +-.Fl des | des3 | +-.Fl idea +-.Xc +-Encrypt private keys using AES, CAMELLIA, DES, triple DES +-or the IDEA ciphers, respectively. +-The default is triple DES. +-.It Fl cacerts +-Only output CA certificates +-.Pq not client certificates . +-.It Fl clcerts +-Only output client certificates +-.Pq not CA certificates . +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-.It Fl info +-Output additional information about the PKCS#12 file structure, +-algorithms used, and iteration counts. +-.It Fl nocerts +-Do not output certificates. +-.It Fl nodes +-Do not encrypt private keys. +-.It Fl nokeys +-Do not output private keys. +-.It Fl nomacver +-Do not attempt to verify the integrity MAC before reading the file. +-.It Fl noout +-Do not output the keys and certificates to the output file +-version of the PKCS#12 file. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl passin Ar arg +-The key password source. +-.It Fl passout Ar arg +-The output file password source. +-.It Fl twopass +-Prompt for separate integrity and encryption passwords: most software +-always assumes these are the same so this option will render such +-PKCS#12 files unreadable. +-.El +-.Pp +-The options for PKCS12 file creation are as follows: +-.Bl -tag -width "XXXX" +-.It Fl CAfile Ar file +-CA storage as a file. +-.It Fl CApath Ar directory +-CA storage as a directory. +-The directory must be a standard certificate directory: +-that is, a hash of each subject name (using +-.Nm x509 Fl hash ) +-should be linked to each certificate. +-.It Fl caname Ar name +-Specify the +-.Qq friendly name +-for other certificates. +-May be used multiple times to specify names for all certificates +-in the order they appear. +-.It Fl certfile Ar file +-A file to read additional certificates from. +-.It Fl certpbe Ar alg , Fl keypbe Ar alg +-Specify the algorithm used to encrypt the private key and +-certificates to be selected. +-Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used. +-If a cipher name +-(as output by the +-.Cm list-cipher-algorithms +-command) is specified then it +-is used with PKCS#5 v2.0. +-For interoperability reasons it is advisable to only use PKCS#12 algorithms. +-.It Fl chain +-Include the entire certificate chain of the user certificate. +-The standard CA store is used for this search. +-If the search fails, it is considered a fatal error. +-.It Fl descert +-Encrypt the certificate using triple DES; this may render the PKCS#12 +-file unreadable by some +-.Qq export grade +-software. +-By default, the private key is encrypted using triple DES and the +-certificate using 40-bit RC2. +-.It Fl export +-Create a PKCS#12 file (rather than parsing one). +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-The order doesn't matter but one private key and its corresponding +-certificate should be present. +-If additional certificates are present, they will also be included +-in the PKCS#12 file. +-.It Fl inkey Ar file +-File to read a private key from. +-If not present, a private key must be present in the input file. +-.It Fl keyex | keysig +-Specify whether the private key is to be used for key exchange or just signing. +-Normally, +-.Qq export grade +-software will only allow 512-bit RSA keys to be +-used for encryption purposes, but arbitrary length keys for signing. +-The +-.Fl keysig +-option marks the key for signing only. +-Signing only keys can be used for S/MIME signing, authenticode +-(ActiveX control signing) +-and SSL client authentication. +-.It Fl macalg Ar alg +-Specify the MAC digest algorithm. +-The default is SHA1. +-.It Fl maciter +-Included for compatibility only: +-it used to be needed to use MAC iterations counts +-but they are now used by default. +-.It Fl name Ar name +-Specify the +-.Qq friendly name +-for the certificate and private key. +-This name is typically displayed in list boxes by software importing the file. +-.It Fl nomac +-Don't attempt to provide the MAC integrity. +-.It Fl nomaciter , noiter +-Affect the iteration counts on the MAC and key algorithms. +-.Pp +-To discourage attacks by using large dictionaries of common passwords, +-the algorithm that derives keys from passwords can have an iteration count +-applied to it: this causes a certain part of the algorithm to be repeated +-and slows it down. +-The MAC is used to check the file integrity but since it will normally +-have the same password as the keys and certificates it could also be attacked. +-By default, both MAC and encryption iteration counts are set to 2048; +-using these options the MAC and encryption iteration counts can be set to 1. +-Since this reduces the file security, you should not use these options +-unless you really have to. +-Most software supports both MAC and key iteration counts. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl passin Ar arg +-The key password source. +-.It Fl passout Ar arg +-The output file password source. +-.It Fl password Ar arg +-With +-.Fl export , +-.Fl password +-is equivalent to +-.Fl passout . +-Otherwise, +-.Fl password +-is equivalent to +-.Fl passin . +-.El +-.Tg pkey +-.Sh PKEY +-.Bl -hang -width "openssl pkey" +-.It Nm openssl pkey +-.Bk -words +-.Op Ar cipher +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem +-.Op Fl passin Ar arg +-.Op Fl passout Ar arg +-.Op Fl pubin +-.Op Fl pubout +-.Op Fl text +-.Op Fl text_pub +-.Ek +-.El +-.Pp +-The +-.Nm pkey +-command processes public or private keys. +-They can be converted between various forms +-and their components printed out. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Ar cipher +-Encrypt the private key with the specified cipher. +-Any algorithm name accepted by +-.Xr EVP_get_cipherbyname 3 +-is acceptable, such as +-.Cm des3 . +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-If the key is encrypted, a pass phrase will be prompted for. +-.It Fl inform Cm der | pem +-The input format. +-.It Fl noout +-Do not output the encoded version of the key. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-If any encryption options are set then a pass phrase +-will be prompted for. +-.It Fl outform Cm der | pem +-The output format. +-.It Fl passin Ar arg +-The key password source. +-.It Fl passout Ar arg +-The output file password source. +-.It Fl pubin +-Read in a public key, not a private key. +-.It Fl pubout +-Output a public key, not a private key. +-Automatically set if the input is a public key. +-.It Fl text +-Print the public/private key in plain text. +-.It Fl text_pub +-Print out only public key components +-even if a private key is being processed. +-.El +-.Tg pkeyparam +-.Sh PKEYPARAM +-.Cm openssl pkeyparam +-.Op Fl in Ar file +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl text +-.Pp +-The +-.Nm pkeyparam +-command processes public or private keys. +-The key type is determined by the PEM headers. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-.It Fl noout +-Do not output the encoded version of the parameters. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl text +-Print the parameters in plain text. +-.El +-.Tg pkeyutl +-.Sh PKEYUTL +-.Bl -hang -width "openssl pkeyutl" +-.It Nm openssl pkeyutl +-.Bk -words +-.Op Fl asn1parse +-.Op Fl certin +-.Op Fl decrypt +-.Op Fl derive +-.Op Fl encrypt +-.Op Fl hexdump +-.Op Fl in Ar file +-.Op Fl inkey Ar file +-.Op Fl keyform Cm der | pem +-.Op Fl out Ar file +-.Op Fl passin Ar arg +-.Op Fl peerform Cm der | pem +-.Op Fl peerkey Ar file +-.Op Fl pkeyopt Ar opt : Ns Ar value +-.Op Fl pubin +-.Op Fl rev +-.Op Fl sigfile Ar file +-.Op Fl sign +-.Op Fl verify +-.Op Fl verifyrecover +-.Ek +-.El +-.Pp +-The +-.Nm pkeyutl +-command can be used to perform public key operations using +-any supported algorithm. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl asn1parse +-ASN.1 parse the output data. +-This is useful when combined with the +-.Fl verifyrecover +-option when an ASN.1 structure is signed. +-.It Fl certin +-The input is a certificate containing a public key. +-.It Fl decrypt +-Decrypt the input data using a private key. +-.It Fl derive +-Derive a shared secret using the peer key. +-.It Fl encrypt +-Encrypt the input data using a public key. +-.It Fl hexdump +-Hex dump the output data. +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-.It Fl inkey Ar file +-The input key file. +-By default it should be a private key. +-.It Fl keyform Cm der | pem +-The key format. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl passin Ar arg +-The key password source. +-.It Fl peerform Cm der | pem +-The peer key format. +-.It Fl peerkey Ar file +-The peer key file, used by key derivation (agreement) operations. +-.It Fl pkeyopt Ar opt : Ns Ar value +-Set the public key algorithm option +-.Ar opt +-to +-.Ar value . +-Unless otherwise mentioned, all algorithms support the format +-.Ar digest : Ns Ar alg , +-which specifies the digest to use +-for sign, verify, and verifyrecover operations. +-The value +-.Ar alg +-should represent a digest name as used in the +-.Xr EVP_get_digestbyname 3 +-function. +-.Pp +-The RSA algorithm supports the +-encrypt, decrypt, sign, verify, and verifyrecover operations in general. +-Some padding modes only support some of these +-operations however. +-.Bl -tag -width Ds +-.It rsa_padding_mode : Ns Ar mode +-This sets the RSA padding mode. +-Acceptable values for +-.Ar mode +-are +-.Cm pkcs1 +-for PKCS#1 padding; +-.Cm none +-for no padding; +-.Cm oaep +-for OAEP mode; +-.Cm x931 +-for X9.31 mode; +-and +-.Cm pss +-for PSS. +-.Pp +-In PKCS#1 padding if the message digest is not set then the supplied data is +-signed or verified directly instead of using a DigestInfo structure. +-If a digest is set then a DigestInfo +-structure is used and its length +-must correspond to the digest type. +-For oeap mode only encryption and decryption is supported. +-For x931 if the digest type is set it is used to format the block data; +-otherwise the first byte is used to specify the X9.31 digest ID. +-Sign, verify, and verifyrecover can be performed in this mode. +-For pss mode only sign and verify are supported and the digest type must be +-specified. +-.It rsa_pss_saltlen : Ns Ar len +-For pss +-mode only this option specifies the salt length. +-Two special values are supported: +--1 sets the salt length to the digest length. +-When signing, -2 sets the salt length to the maximum permissible value. +-When verifying, -2 causes the salt length to be automatically determined +-based on the PSS block structure. +-.El +-.Pp +-The DSA algorithm supports the sign and verify operations. +-Currently there are no additional options other than +-.Ar digest . +-Only the SHA1 digest can be used and this digest is assumed by default. +-.Pp +-The DH algorithm supports the derive operation +-and no additional options. +-.Pp +-The EC algorithm supports the sign, verify, and derive operations. +-The sign and verify operations use ECDSA and derive uses ECDH. +-Currently there are no additional options other than +-.Ar digest . +-Only the SHA1 digest can be used and this digest is assumed by default. +-.It Fl pubin +-The input file is a public key. +-.It Fl rev +-Reverse the order of the input buffer. +-.It Fl sigfile Ar file +-Signature file (verify operation only). +-.It Fl sign +-Sign the input data and output the signed result. +-This requires a private key. +-.It Fl verify +-Verify the input data against the signature file and indicate if the +-verification succeeded or failed. +-.It Fl verifyrecover +-Verify the input data and output the recovered data. +-.El +-.Tg prime +-.Sh PRIME +-.Cm openssl prime +-.Op Fl bits Ar n +-.Op Fl checks Ar n +-.Op Fl generate +-.Op Fl hex +-.Op Fl safe +-.Ar p +-.Pp +-The +-.Nm prime +-command is used to generate prime numbers, +-or to check numbers for primality. +-Results are probabilistic: +-they have an exceedingly high likelihood of being correct, +-but are not guaranteed. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl bits Ar n +-Specify the number of bits in the generated prime number. +-Must be used in conjunction with +-.Fl generate . +-.It Fl checks Ar n +-Perform a Miller-Rabin probabilistic primality test with +-.Ar n +-iterations. +-The default is 20. +-.It Fl generate +-Generate a pseudo-random prime number. +-Must be used in conjunction with +-.Fl bits . +-.It Fl hex +-Output in hex format. +-.It Fl safe +-Generate only +-.Qq safe +-prime numbers +-(i.e. a prime p so that (p-1)/2 is also prime). +-.It Ar p +-Test if number +-.Ar p +-is prime. +-.El +-.Tg rand +-.Sh RAND +-.Bl -hang -width "openssl rand" +-.It Nm openssl rand +-.Bk -words +-.Op Fl base64 +-.Op Fl hex +-.Op Fl out Ar file +-.Ar num +-.Ek +-.El +-.Pp +-The +-.Nm rand +-command outputs +-.Ar num +-pseudo-random bytes. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl base64 +-Perform base64 encoding on the output. +-.It Fl hex +-Specify hexadecimal output. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.El +-.Tg req +-.Sh REQ +-.Bl -hang -width "openssl req" +-.It Nm openssl req +-.Bk -words +-.Op Fl addext Ar ext +-.Op Fl batch +-.Op Fl config Ar file +-.Op Fl days Ar n +-.Op Fl extensions Ar section +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem +-.Op Fl key Ar keyfile +-.Op Fl keyform Cm der | pem +-.Op Fl keyout Ar file +-.Op Fl md4 | md5 | sha1 +-.Op Fl modulus +-.Op Fl multivalue-rdn +-.Op Fl nameopt Ar option +-.Op Fl new +-.Op Fl newhdr +-.Op Fl newkey Ar arg +-.Op Fl nodes +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem +-.Op Fl passin Ar arg +-.Op Fl passout Ar arg +-.Op Fl pkeyopt Ar opt:value +-.Op Fl pubkey +-.Op Fl reqexts Ar section +-.Op Fl reqopt Ar option +-.Op Fl set_serial Ar n +-.Op Fl sigopt Ar nm:v +-.Op Fl subj Ar arg +-.Op Fl subject +-.Op Fl text +-.Op Fl utf8 +-.Op Fl verbose +-.Op Fl verify +-.Op Fl x509 +-.Ek +-.El +-.Pp +-The +-.Nm req +-command primarily creates and processes certificate requests +-in PKCS#10 format. +-It can additionally create self-signed certificates, +-for use as root CAs, for example. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl addext Ar ext +-Add a specific extension to the certificate (if the +-.Fl x509 +-option is present) or certificate request. +-The argument must have the form of a key=value pair as it would appear in a +-config file. +-This option can be given multiple times. +-.It Fl batch +-Non-interactive mode. +-.It Fl config Ar file +-Specify an alternative configuration file. +-.It Fl days Ar n +-Specify the number of days to certify the certificate for. +-The default is 30 days. +-Used with the +-.Fl x509 +-option. +-.It Fl extensions Ar section , Fl reqexts Ar section +-Specify alternative sections to include certificate +-extensions (with +-.Fl x509 ) +-or certificate request extensions, +-allowing several different sections to be used in the same configuration file. +-.It Fl in Ar file +-The input file to read a request from, +-or standard input if not specified. +-A request is only read if the creation options +-.Fl new +-and +-.Fl newkey +-are not specified. +-.It Fl inform Cm der | pem +-The input format. +-.It Fl key Ar keyfile +-The file to read the private key from. +-It also accepts PKCS#8 format private keys for PEM format files. +-.It Fl keyform Cm der | pem +-The format of the private key file specified in the +-.Fl key +-argument. +-The default is +-.Cm pem . +-.It Fl keyout Ar file +-The file to write the newly created private key to. +-If this option is not specified, +-the filename present in the configuration file is used. +-.It Fl md5 | sha1 | sha256 +-The message digest to sign the request with. +-This overrides the digest algorithm specified in the configuration file. +-.Pp +-Some public key algorithms may override this choice. +-For instance, DSA signatures always use SHA1. +-.It Fl modulus +-Print the value of the modulus of the public key contained in the request. +-.It Fl multivalue-rdn +-This option causes the +-.Fl subj +-argument to be interpreted with full support for multivalued RDNs, +-for example +-.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . +-If +-.Fl multivalue-rdn +-is not used, the UID value is set to +-.Qq "123456+CN=John Doe" . +-.It Fl nameopt Ar option , Fl reqopt Ar option +-Determine how the subject or issuer names are displayed. +-.Ar option +-can be a single option or multiple options separated by commas. +-Alternatively, these options may be used more than once to set multiple options. +-See the +-.Sx X509 +-section below for details. +-.It Fl new +-Generate a new certificate request. +-The user is prompted for the relevant field values. +-The actual fields prompted for and their maximum and minimum sizes +-are specified in the configuration file and any requested extensions. +-.Pp +-If the +-.Fl key +-option is not used, it will generate a new RSA private +-key using information specified in the configuration file. +-.It Fl newhdr +-Add the word NEW to the PEM file header and footer lines +-on the outputted request. +-Some software and CAs need this. +-.It Fl newkey Ar arg +-Create a new certificate request and a new private key. +-The argument takes one of several forms. +-.Pp +-.No rsa : Ns Ar nbits +-generates an RSA key +-.Ar nbits +-in size. +-If +-.Ar nbits +-is omitted, +-the default key size is used. +-.Pp +-.No dsa : Ns Ar file +-generates a DSA key using the parameters in +-.Ar file . +-.Pp +-.No param : Ns Ar file +-generates a key using the parameters or certificate in +-.Ar file . +-.Pp +-All other algorithms support the form +-.Ar algorithm : Ns Ar file , +-where file may be an algorithm parameter file, +-created by the +-.Cm genpkey -genparam +-command or an X.509 certificate for a key with appropriate algorithm. +-.Ar file +-can be omitted, +-in which case any parameters can be specified via the +-.Fl pkeyopt +-option. +-.It Fl nodes +-Do not encrypt the private key. +-.It Fl noout +-Do not output the encoded version of the request. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl outform Cm der | pem +-The output format. +-.It Fl passin Ar arg +-The key password source. +-.It Fl passout Ar arg +-The output file password source. +-.It Fl pkeyopt Ar opt:value +-Set the public key algorithm option +-.Ar opt +-to +-.Ar value . +-.It Fl pubkey +-Output the public key. +-.It Fl reqopt Ar option +-Customise the output format used with +-.Fl text . +-The +-.Ar option +-argument can be a single option or multiple options separated by commas. +-See also the discussion of +-.Fl certopt +-in the +-.Nm x509 +-command. +-.It Fl set_serial Ar n +-Serial number to use when outputting a self-signed certificate. +-This may be specified as a decimal value or a hex value if preceded by +-.Sq 0x . +-It is possible to use negative serial numbers but this is not recommended. +-.It Fl sigopt Ar nm:v +-Pass options to the signature algorithm during sign operation. +-The names and values of these options are algorithm-specific. +-.It Fl subj Ar arg +-Replaces the subject field of an input request +-with the specified data and output the modified request. +-.Ar arg +-must be formatted as /type0=value0/type1=value1/type2=...; +-characters may be escaped by +-.Sq \e +-(backslash); +-no spaces are skipped. +-.It Fl subject +-Print the request subject (or certificate subject if +-.Fl x509 +-is specified). +-.It Fl text +-Print the certificate request in plain text. +-.It Fl utf8 +-Interpret field values as UTF8 strings, not ASCII. +-.It Fl verbose +-Print extra details about the operations being performed. +-.It Fl verify +-Verify the signature on the request. +-.It Fl x509 +-Output a self-signed certificate instead of a certificate request. +-This is typically used to generate a test certificate or a self-signed root CA. +-The extensions added to the certificate (if any) +-are specified in the configuration file. +-Unless specified using the +-.Fl set_serial +-option, 0 is used for the serial number. +-.El +-.Pp +-The configuration options are specified in the +-.Qq req +-section of the configuration file. +-The options available are as follows: +-.Bl -tag -width "XXXX" +-.It Cm attributes +-The section containing any request attributes: its format +-is the same as +-.Cm distinguished_name . +-Typically these may contain the challengePassword or unstructuredName types. +-They are currently ignored by the +-.Nm openssl +-request signing utilities, but some CAs might want them. +-.It Cm default_bits +-The default key size, in bits. +-The default is 2048. +-It is used if the +-.Fl new +-option is used and can be overridden by using the +-.Fl newkey +-option. +-.It Cm default_keyfile +-The default file to write a private key to, +-or standard output if not specified. +-It can be overridden by the +-.Fl keyout +-option. +-.It Cm default_md +-The digest algorithm to use. +-Possible values include +-.Cm md5 , +-.Cm sha1 +-and +-.Cm sha256 +-(the default). +-It can be overridden on the command line. +-.It Cm distinguished_name +-The section containing the distinguished name fields to +-prompt for when generating a certificate or certificate request. +-The format is described below. +-.It Cm encrypt_key +-If set to +-.Qq no +-and a private key is generated, it is not encrypted. +-It is equivalent to the +-.Fl nodes +-option. +-For compatibility, +-.Cm encrypt_rsa_key +-is an equivalent option. +-.It Cm input_password | output_password +-The passwords for the input private key file (if present) +-and the output private key file (if one will be created). +-The command line options +-.Fl passin +-and +-.Fl passout +-override the configuration file values. +-.It Cm oid_file +-A file containing additional OBJECT IDENTIFIERS. +-Each line of the file should consist of the numerical form of the +-object identifier, followed by whitespace, then the short name followed +-by whitespace and finally the long name. +-.It Cm oid_section +-Specify a section in the configuration file containing extra +-object identifiers. +-Each line should consist of the short name of the +-object identifier followed by +-.Sq = +-and the numerical form. +-The short and long names are the same when this option is used. +-.It Cm prompt +-If set to +-.Qq no , +-it disables prompting of certificate fields +-and just takes values from the config file directly. +-It also changes the expected format of the +-.Cm distinguished_name +-and +-.Cm attributes +-sections. +-.It Cm req_extensions +-The configuration file section containing a list of +-extensions to add to the certificate request. +-It can be overridden by the +-.Fl reqexts +-option. +-.It Cm string_mask +-Limit the string types for encoding certain fields. +-The following values may be used, limiting strings to the indicated types: +-.Bl -tag -width "MASK:number" +-.It Cm utf8only +-UTF8String. +-This is the default, as recommended by PKIX in RFC 2459. +-.It Cm default +-PrintableString, IA5String, T61String, BMPString, UTF8String. +-.It Cm pkix +-PrintableString, IA5String, BMPString, UTF8String. +-Inspired by the PKIX recommendation in RFC 2459 for certificates +-generated before 2004, but differs by also permitting IA5String. +-.It Cm nombstr +-PrintableString, IA5String, T61String, UniversalString. +-A workaround for some ancient software that had problems +-with the variable-sized BMPString and UTF8String types. +-.It Cm MASK : Ns Ar number +-An explicit bitmask of permitted types, where +-.Ar number +-is a C-style hex, decimal, or octal number that's a bit-wise OR of +-.Dv B_ASN1_* +-values from +-.In openssl/asn1.h . +-.El +-.It Cm utf8 +-If set to +-.Qq yes , +-field values are interpreted as UTF8 strings. +-.It Cm x509_extensions +-The configuration file section containing a list of +-extensions to add to a certificate generated when the +-.Fl x509 +-switch is used. +-It can be overridden by the +-.Fl extensions +-command line switch. +-.El +-.Pp +-There are two separate formats for the distinguished name and attribute +-sections. +-If the +-.Fl prompt +-option is set to +-.Qq no , +-then these sections just consist of field names and values. +-If the +-.Fl prompt +-option is absent or not set to +-.Qq no , +-then the file contains field prompting information of the form: +-.Bd -unfilled -offset indent +-fieldName="prompt" +-fieldName_default="default field value" +-fieldName_min= 2 +-fieldName_max= 4 +-.Ed +-.Pp +-.Qq fieldName +-is the field name being used, for example +-.Cm commonName +-(or CN). +-The +-.Qq prompt +-string is used to ask the user to enter the relevant details. +-If the user enters nothing, the default value is used; +-if no default value is present, the field is omitted. +-A field can still be omitted if a default value is present, +-if the user just enters the +-.Sq \&. +-character. +-.Pp +-The number of characters entered must be between the +-fieldName_min and fieldName_max limits: +-there may be additional restrictions based on the field being used +-(for example +-.Cm countryName +-can only ever be two characters long and must fit in a +-.Cm PrintableString ) . +-.Pp +-Some fields (such as +-.Cm organizationName ) +-can be used more than once in a DN. +-This presents a problem because configuration files will +-not recognize the same name occurring twice. +-To avoid this problem, if the +-.Cm fieldName +-contains some characters followed by a full stop, they will be ignored. +-So, for example, a second +-.Cm organizationName +-can be input by calling it +-.Qq 1.organizationName . +-.Pp +-The actual permitted field names are any object identifier short or +-long names. +-These are compiled into +-.Nm openssl +-and include the usual values such as +-.Cm commonName , countryName , localityName , organizationName , +-.Cm organizationalUnitName , stateOrProvinceName . +-Additionally, +-.Cm emailAddress +-is included as well as +-.Cm name , surname , givenName , initials +-and +-.Cm dnQualifier . +-.Pp +-Additional object identifiers can be defined with the +-.Cm oid_file +-or +-.Cm oid_section +-options in the configuration file. +-Any additional fields will be treated as though they were a +-.Cm DirectoryString . +-.Tg rsa +-.Sh RSA +-.Bl -hang -width "openssl rsa" +-.It Nm openssl rsa +-.Bk -words +-.Op Fl aes128 | aes192 | aes256 | des | des3 +-.Op Fl check +-.Op Fl in Ar file +-.Op Fl inform Cm der | net | pem | pvk +-.Op Fl modulus +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl outform Cm der | net | pem | pvk +-.Op Fl passin Ar arg +-.Op Fl passout Ar arg +-.Op Fl pubin +-.Op Fl pubout +-.Op Fl pvk-none | pvk-strong | pvk-weak +-.Op Fl RSAPublicKey_in +-.Op Fl RSAPublicKey_out +-.Op Fl text +-.Ek +-.El +-.Pp +-The +-.Nm rsa +-command processes RSA keys. +-They can be converted between various forms and their components printed out. +-.Nm rsa +-uses the traditional +-.Nm SSLeay +-compatible format for private key encryption: +-newer applications should use the more secure PKCS#8 format using the +-.Nm pkcs8 +-utility. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl aes128 | aes192 | aes256 | des | des3 +-Encrypt the private key with the AES, DES, +-or the triple DES ciphers, respectively, before outputting it. +-A pass phrase is prompted for. +-If none of these options are specified, the key is written in plain text. +-This means that using the +-.Nm rsa +-utility to read in an encrypted key with no encryption option can be used +-to remove the pass phrase from a key, or by setting the encryption options +-it can be used to add or change the pass phrase. +-These options can only be used with PEM format output files. +-.It Fl check +-Check the consistency of an RSA private key. +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-If the key is encrypted, a pass phrase will be prompted for. +-.It Fl inform Cm der | net | pem | pvk +-The input format. +-.It Fl noout +-Do not output the encoded version of the key. +-.It Fl modulus +-Print the value of the modulus of the key. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl outform Cm der | net | pem | pvk +-The output format. +-.It Fl passin Ar arg +-The key password source. +-.It Fl passout Ar arg +-The output file password source. +-.It Fl pubin +-Read in a public key, +-not a private key. +-.It Fl pubout +-Output a public key, +-not a private key. +-Automatically set if the input is a public key. +-.It Xo +-.Fl pvk-none | pvk-strong | pvk-weak +-.Xc +-Enable or disable PVK encoding. +-The default is +-.Fl pvk-strong . +-.It Fl RSAPublicKey_in , RSAPublicKey_out +-Same as +-.Fl pubin +-and +-.Fl pubout +-except +-.Cm RSAPublicKey +-format is used instead. +-.It Fl text +-Print the public/private key components in plain text. +-.El +-.Tg rsautl +-.Sh RSAUTL +-.Bl -hang -width "openssl rsautl" +-.It Nm openssl rsautl +-.Bk -words +-.Op Fl asn1parse +-.Op Fl certin +-.Op Fl decrypt +-.Op Fl encrypt +-.Op Fl hexdump +-.Op Fl in Ar file +-.Op Fl inkey Ar file +-.Op Fl keyform Cm der | pem +-.Op Fl oaep | pkcs | raw | x931 +-.Op Fl out Ar file +-.Op Fl passin Ar arg +-.Op Fl pubin +-.Op Fl rev +-.Op Fl sign +-.Op Fl verify +-.Ek +-.El +-.Pp +-The +-.Nm rsautl +-command can be used to sign, verify, encrypt and decrypt +-data using the RSA algorithm. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl asn1parse +-Asn1parse the output data; this is useful when combined with the +-.Fl verify +-option. +-.It Fl certin +-The input is a certificate containing an RSA public key. +-.It Fl decrypt +-Decrypt the input data using an RSA private key. +-.It Fl encrypt +-Encrypt the input data using an RSA public key. +-.It Fl hexdump +-Hex dump the output data. +-.It Fl in Ar file +-The input to read from, +-or standard input if not specified. +-.It Fl inkey Ar file +-The input key file; by default an RSA private key. +-.It Fl keyform Cm der | pem +-The private key format. +-The default is +-.Cm pem . +-.It Fl oaep | pkcs | raw | x931 +-The padding to use: +-PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31, +-respectively. +-For signatures, only +-.Fl pkcs +-and +-.Fl raw +-can be used. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl passin Ar arg +-The key password source. +-.It Fl pubin +-The input file is an RSA public key. +-.It Fl rev +-Reverse the order of the input buffer. +-.It Fl sign +-Sign the input data and output the signed result. +-This requires an RSA private key. +-.It Fl verify +-Verify the input data and output the recovered data. +-.El +-.Tg s_client +-.Sh S_CLIENT +-.Bl -hang -width "openssl s_client" +-.It Nm openssl s_client +-.Bk -words +-.Op Fl 4 | 6 +-.Op Fl alpn Ar protocols +-.Op Fl bugs +-.Op Fl CAfile Ar file +-.Op Fl CApath Ar directory +-.Op Fl cert Ar file +-.Op Fl certform Cm der | pem +-.Op Fl check_ss_sig +-.Op Fl cipher Ar cipherlist +-.Op Fl connect Ar host Ns Op : Ns Ar port +-.Op Fl crl_check +-.Op Fl crl_check_all +-.Op Fl crlf +-.Op Fl debug +-.Op Fl dtls +-.Op Fl dtls1_2 +-.Op Fl extended_crl +-.Op Fl groups Ar list +-.Op Fl host Ar host +-.Op Fl ign_eof +-.Op Fl ignore_critical +-.Op Fl issuer_checks +-.Op Fl key Ar keyfile +-.Op Fl keyform Cm der | pem +-.Op Fl keymatexport Ar label +-.Op Fl keymatexportlen Ar len +-.Op Fl legacy_server_connect +-.Op Fl msg +-.Op Fl mtu Ar mtu +-.Op Fl nbio +-.Op Fl nbio_test +-.Op Fl no_comp +-.Op Fl no_ign_eof +-.Op Fl no_legacy_server_connect +-.Op Fl no_ticket +-.Op Fl no_tls1_2 +-.Op Fl no_tls1_3 +-.Op Fl pass Ar arg +-.Op Fl policy_check +-.Op Fl port Ar port +-.Op Fl prexit +-.Op Fl proxy Ar host : Ns Ar port +-.Op Fl quiet +-.Op Fl reconnect +-.Op Fl servername Ar name +-.Op Fl serverpref +-.Op Fl sess_in Ar file +-.Op Fl sess_out Ar file +-.Op Fl showcerts +-.Op Fl starttls Ar protocol +-.Op Fl state +-.Op Fl status +-.Op Fl timeout +-.Op Fl tls1_2 +-.Op Fl tls1_3 +-.Op Fl tlsextdebug +-.Op Fl use_srtp Ar profiles +-.Op Fl verify Ar depth +-.Op Fl verify_return_error +-.Op Fl x509_strict +-.Op Fl xmpphost Ar host +-.Ek +-.El +-.Pp +-The +-.Nm s_client +-command implements a generic SSL/TLS client which connects +-to a remote host using SSL/TLS. +-.Pp +-If a connection is established with an SSL server, any data received +-from the server is displayed and any key presses will be sent to the +-server. +-When used interactively (which means neither +-.Fl quiet +-nor +-.Fl ign_eof +-have been given), the session will be renegotiated if the line begins with an +-.Cm R ; +-if the line begins with a +-.Cm Q +-or if end of file is reached, the connection will be closed down. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl 4 +-Attempt connections using IPv4 only. +-.It Fl 6 +-Attempt connections using IPv6 only. +-.It Fl alpn Ar protocols +-Enable the Application-Layer Protocol Negotiation. +-.Ar protocols +-is a comma-separated list of protocol names that the client should advertise +-support for. +-.It Fl bugs +-Enable various workarounds for buggy implementations. +-.It Fl CAfile Ar file +-A +-.Ar file +-containing trusted certificates to use during server authentication +-and to use when attempting to build the client certificate chain. +-.It Fl CApath Ar directory +-The +-.Ar directory +-to use for server certificate verification. +-This directory must be in +-.Qq hash format ; +-see +-.Fl verify +-for more information. +-These are also used when building the client certificate chain. +-.It Fl cert Ar file +-The certificate to use, if one is requested by the server. +-The default is not to use a certificate. +-.It Fl certform Cm der | pem +-The certificate format. +-The default is +-.Cm pem . +-.It Xo +-.Fl check_ss_sig , +-.Fl crl_check , +-.Fl crl_check_all , +-.Fl extended_crl , +-.Fl ignore_critical , +-.Fl issuer_checks , +-.Fl policy_check , +-.Fl x509_strict +-.Xc +-Set various certificate chain validation options. +-See the +-.Nm verify +-command for details. +-.It Fl cipher Ar cipherlist +-Modify the cipher list sent by the client. +-Although the server determines which cipher suite is used, it should take +-the first supported cipher in the list sent by the client. +-See the +-.Nm ciphers +-command for more information. +-.It Fl connect Ar host Ns Op : Ns Ar port +-The +-.Ar host +-and +-.Ar port +-to connect to. +-If not specified, an attempt is made to connect to the local host +-on port 4433. +-Alternatively, the host and port pair may be separated using a forward-slash +-character, +-which is useful for numeric IPv6 addresses. +-.It Fl crlf +-Translate a line feed from the terminal into CR+LF, +-as required by some servers. +-.It Fl debug +-Print extensive debugging information, including a hex dump of all traffic. +-.It Fl dtls +-Permit any version of DTLS. +-.It Fl dtls1_2 +-Permit only DTLS1.2. +-.It Fl groups Ar list +-Set the supported elliptic curve groups to the colon separated +-.Ar list +-of group NIDs or names as documented in +-.Xr SSL_CTX_set1_groups_list 3 . +-.It Fl host Ar host +-The +-.Ar host +-to connect to. +-The default is localhost. +-.It Fl ign_eof +-Inhibit shutting down the connection when end of file is reached in the input. +-.It Fl key Ar keyfile +-The private key to use. +-If not specified, the certificate file will be used. +-.It Fl keyform Cm der | pem +-The private key format. +-The default is +-.Cm pem . +-.It Fl keymatexport Ar label +-Export keying material using label. +-.It Fl keymatexportlen Ar len +-Export len bytes of keying material (default 20). +-.It Fl legacy_server_connect , no_legacy_server_connect +-Allow or disallow initial connection to servers that don't support RI. +-.It Fl msg +-Show all protocol messages with hex dump. +-.It Fl mtu Ar mtu +-Set the link layer MTU. +-.It Fl nbio +-Turn on non-blocking I/O. +-.It Fl nbio_test +-Test non-blocking I/O. +-.It Fl no_ign_eof +-Shut down the connection when end of file is reached in the input. +-Can be used to override the implicit +-.Fl ign_eof +-after +-.Fl quiet . +-.It Fl no_tls1_2 | no_tls1_3 +-Disable the use of TLS1.2 and 1.3, respectively. +-.It Fl no_ticket +-Disable RFC 4507 session ticket support. +-.It Fl pass Ar arg +-The private key password source. +-.It Fl port Ar port +-The +-.Ar port +-to connect to. +-The default is 4433. +-.It Fl prexit +-Print session information when the program exits. +-This will always attempt +-to print out information even if the connection fails. +-Normally, information will only be printed out once if the connection succeeds. +-This option is useful because the cipher in use may be renegotiated +-or the connection may fail because a client certificate is required or is +-requested only after an attempt is made to access a certain URL. +-Note that the output produced by this option is not always accurate +-because a connection might never have been established. +-.It Fl proxy Ar host : Ns Ar port +-Use the HTTP proxy at +-.Ar host +-and +-.Ar port . +-The connection to the proxy is done in cleartext and the +-.Fl connect +-argument is given to the proxy. +-If not specified, localhost is used as final destination. +-After that, switch the connection through the proxy to the destination +-to TLS. +-.It Fl quiet +-Inhibit printing of session and certificate information. +-This implicitly turns on +-.Fl ign_eof +-as well. +-.It Fl reconnect +-Reconnect to the same server 5 times using the same session ID; this can +-be used as a test that session caching is working. +-.It Fl servername Ar name +-Include the TLS Server Name Indication (SNI) extension in the ClientHello +-message, using the specified server +-.Ar name . +-.It Fl showcerts +-Display the whole server certificate chain: normally only the server +-certificate itself is displayed. +-.It Fl serverpref +-Use the server's cipher preferences. +-.It Fl sess_in Ar file +-Load TLS session from file. +-The client will attempt to resume a connection from this session. +-.It Fl sess_out Ar file +-Output TLS session to file. +-.It Fl starttls Ar protocol +-Send the protocol-specific messages to switch to TLS for communication. +-.Ar protocol +-is a keyword for the intended protocol. +-Currently, the supported keywords are +-.Qq ftp , +-.Qq imap , +-.Qq smtp , +-.Qq pop3 , +-and +-.Qq xmpp . +-.It Fl state +-Print the SSL session states. +-.It Fl status +-Send a certificate status request to the server (OCSP stapling). +-The server response (if any) is printed out. +-.It Fl timeout +-Enable send/receive timeout on DTLS connections. +-.It Fl tls1_2 | tls1_3 +-Permit only TLS1.2 or 1.3 respectively. +-.It Fl tlsextdebug +-Print a hex dump of any TLS extensions received from the server. +-.It Fl use_srtp Ar profiles +-Offer SRTP key management with a colon-separated profile list. +-.It Fl verify Ar depth +-Turn on server certificate verification, +-with a maximum length of +-.Ar depth . +-Currently the verify operation continues after errors so all the problems +-with a certificate chain can be seen. +-As a side effect the connection will never fail due to a server +-certificate verify failure. +-.It Fl verify_return_error +-Return verification error. +-.It Fl xmpphost Ar hostname +-When used with +-.Fl starttls Ar xmpp , +-specify the host for the "to" attribute of the stream element. +-If this option is not specified then the host specified with +-.Fl connect +-will be used. +-.El +-.Tg s_server +-.Sh S_SERVER +-.Bl -hang -width "openssl s_server" +-.It Nm openssl s_server +-.Bk -words +-.Op Fl accept Ar port +-.Op Fl alpn Ar protocols +-.Op Fl bugs +-.Op Fl CAfile Ar file +-.Op Fl CApath Ar directory +-.Op Fl cert Ar file +-.Op Fl cert2 Ar file +-.Op Fl certform Cm der | pem +-.Op Fl cipher Ar cipherlist +-.Op Fl context Ar id +-.Op Fl crl_check +-.Op Fl crl_check_all +-.Op Fl crlf +-.Op Fl dcert Ar file +-.Op Fl dcertform Cm der | pem +-.Op Fl debug +-.Op Fl dhparam Ar file +-.Op Fl dkey Ar file +-.Op Fl dkeyform Cm der | pem +-.Op Fl dpass Ar arg +-.Op Fl dtls +-.Op Fl dtls1 +-.Op Fl dtls1_2 +-.Op Fl groups Ar list +-.Op Fl HTTP +-.Op Fl id_prefix Ar arg +-.Op Fl key Ar keyfile +-.Op Fl key2 Ar keyfile +-.Op Fl keyform Cm der | pem +-.Op Fl keymatexport Ar label +-.Op Fl keymatexportlen Ar len +-.Op Fl msg +-.Op Fl mtu Ar mtu +-.Op Fl naccept Ar num +-.Op Fl named_curve Ar arg +-.Op Fl nbio +-.Op Fl nbio_test +-.Op Fl no_cache +-.Op Fl no_dhe +-.Op Fl no_ecdhe +-.Op Fl no_ticket +-.Op Fl no_tls1_2 +-.Op Fl no_tls1_3 +-.Op Fl no_tmp_rsa +-.Op Fl nocert +-.Op Fl pass Ar arg +-.Op Fl quiet +-.Op Fl servername Ar name +-.Op Fl servername_fatal +-.Op Fl serverpref +-.Op Fl state +-.Op Fl status +-.Op Fl status_timeout Ar nsec +-.Op Fl status_url Ar url +-.Op Fl status_verbose +-.Op Fl timeout +-.Op Fl tls1_2 +-.Op Fl tls1_3 +-.Op Fl tlsextdebug +-.Op Fl use_srtp Ar profiles +-.Op Fl Verify Ar depth +-.Op Fl verify Ar depth +-.Op Fl verify_return_error +-.Op Fl WWW +-.Op Fl www +-.Ek +-.El +-.Pp +-The +-.Nm s_server +-command implements a generic SSL/TLS server which listens +-for connections on a given port using SSL/TLS. +-.Pp +-If a connection request is established with a client and neither the +-.Fl www +-nor the +-.Fl WWW +-option has been used, then any data received +-from the client is displayed and any key presses are sent to the client. +-Certain single letter commands perform special operations: +-.Pp +-.Bl -tag -width "XXXX" -compact +-.It Ic P +-Send plain text, which should cause the client to disconnect. +-.It Ic Q +-End the current SSL connection and exit. +-.It Ic q +-End the current SSL connection, but still accept new connections. +-.It Ic R +-Renegotiate the SSL session and request a client certificate. +-.It Ic r +-Renegotiate the SSL session. +-.It Ic S +-Print out some session cache status information. +-.El +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl accept Ar port +-Listen on TCP +-.Ar port +-for connections. +-The default is port 4433. +-.It Fl alpn Ar protocols +-Enable the Application-Layer Protocol Negotiation. +-.Ar protocols +-is a comma-separated list of supported protocol names. +-.It Fl bugs +-Enable various workarounds for buggy implementations. +-.It Fl CAfile Ar file +-A +-.Ar file +-containing trusted certificates to use during client authentication +-and to use when attempting to build the server certificate chain. +-The list is also used in the list of acceptable client CAs passed to the +-client when a certificate is requested. +-.It Fl CApath Ar directory +-The +-.Ar directory +-to use for client certificate verification. +-This directory must be in +-.Qq hash format ; +-see +-.Fl verify +-for more information. +-These are also used when building the server certificate chain. +-.It Fl cert Ar file +-The certificate to use: most server's cipher suites require the use of a +-certificate and some require a certificate with a certain public key type. +-For example, the DSS cipher suites require a certificate containing a DSS +-(DSA) key. +-If not specified, the file +-.Pa server.pem +-will be used. +-.It Fl cert2 Ar file +-The certificate to use for servername. +-.It Fl certform Cm der | pem +-The certificate format. +-The default is +-.Cm pem . +-.It Fl cipher Ar cipherlist +-Modify the cipher list used by the server. +-This allows the cipher list used by the server to be modified. +-When the client sends a list of supported ciphers, the first client cipher +-also included in the server list is used. +-Because the client specifies the preference order, the order of the server +-cipherlist is irrelevant. +-See the +-.Nm ciphers +-command for more information. +-.It Fl context Ar id +-Set the SSL context ID. +-It can be given any string value. +-.It Fl crl_check , crl_check_all +-Check the peer certificate has not been revoked by its CA. +-The CRLs are appended to the certificate file. +-.Fl crl_check_all +-checks all CRLs of all CAs in the chain. +-.It Fl crlf +-Translate a line feed from the terminal into CR+LF. +-.It Fl dcert Ar file , Fl dkey Ar file +-Specify an additional certificate and private key; these behave in the +-same manner as the +-.Fl cert +-and +-.Fl key +-options except there is no default if they are not specified +-(no additional certificate or key is used). +-By using RSA and DSS certificates and keys, +-a server can support clients which only support RSA or DSS cipher suites +-by using an appropriate certificate. +-.It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg +-Additional certificate and private key format, and private key password source, +-respectively. +-.It Fl debug +-Print extensive debugging information, including a hex dump of all traffic. +-.It Fl dhparam Ar file +-The DH parameter file to use. +-The ephemeral DH cipher suites generate keys +-using a set of DH parameters. +-If not specified, an attempt is made to +-load the parameters from the server certificate file. +-If this fails, a static set of parameters hard coded into the +-.Nm s_server +-program will be used. +-.It Fl dtls +-Permit any version of DTLS. +-.It Fl dtls1_2 +-Permit only DTLS1.2. +-.It Fl groups Ar list +-Set the supported elliptic curve groups to the colon separated +-.Ar list +-of group NIDs or names as documented in +-.Xr SSL_CTX_set1_groups_list 3 . +-.It Fl HTTP +-Emulate a simple web server. +-Pages are resolved relative to the current directory. +-For example if the URL +-.Pa https://myhost/page.html +-is requested, the file +-.Pa ./page.html +-will be loaded. +-The files loaded are assumed to contain a complete and correct HTTP +-response (lines that are part of the HTTP response line and headers +-must end with CRLF). +-.It Fl id_prefix Ar arg +-Generate SSL/TLS session IDs prefixed by +-.Ar arg . +-This is mostly useful for testing any SSL/TLS code +-that wish to deal with multiple servers, +-when each of which might be generating a unique range of session IDs. +-.It Fl key Ar keyfile +-The private key to use. +-If not specified, the certificate file will be used. +-.It Fl key2 Ar keyfile +-The private key to use for servername. +-.It Fl keyform Cm der | pem +-The private key format. +-The default is +-.Cm pem . +-.It Fl keymatexport Ar label +-Export keying material using label. +-.It Fl keymatexportlen Ar len +-Export len bytes of keying material (default 20). +-.It Fl msg +-Show all protocol messages with hex dump. +-.It Fl mtu Ar mtu +-Set the link layer MTU. +-.It Fl naccept Ar num +-Terminate server after +-.Ar num +-connections. +-.It Fl named_curve Ar arg +-Specify the elliptic curve name to use for ephemeral ECDH keys. +-This option is deprecated; use +-.Fl groups +-instead. +-.It Fl nbio +-Turn on non-blocking I/O. +-.It Fl nbio_test +-Test non-blocking I/O. +-.It Fl no_cache +-Disable session caching. +-.It Fl no_dhe +-Disable ephemeral DH cipher suites. +-.It Fl no_ecdhe +-Disable ephemeral ECDH cipher suites. +-.It Fl no_ticket +-Disable RFC 4507 session ticket support. +-.It Fl no_tls1_2 | no_tls1_3 +-Disable the use of TLS1.2 and 1.3, respectively. +-.It Fl no_tmp_rsa +-Disable temporary RSA key generation. +-.It Fl nocert +-Do not use a certificate. +-This restricts the cipher suites available to the anonymous ones +-(currently just anonymous DH). +-.It Fl pass Ar arg +-The private key password source. +-.It Fl quiet +-Inhibit printing of session and certificate information. +-.It Fl servername Ar name +-Set the TLS Server Name Indication (SNI) extension with +-.Ar name . +-.It Fl servername_fatal +-Send fatal alert if servername does not match. +-The default is warning alert. +-.It Fl serverpref +-Use server's cipher preferences. +-.It Fl state +-Print the SSL session states. +-.It Fl status +-Enables certificate status request support (OCSP stapling). +-.It Fl status_timeout Ar nsec +-Sets the timeout for OCSP response in seconds. +-.It Fl status_url Ar url +-Sets a fallback responder URL to use if no responder URL is present in the +-server certificate. +-Without this option, an error is returned if the server certificate does not +-contain a responder address. +-.It Fl status_verbose +-Enables certificate status request support (OCSP stapling) and gives a verbose +-printout of the OCSP response. +-.It Fl timeout +-Enable send/receive timeout on DTLS connections. +-.It Fl tls1_2 | tls1_3 +-Permit only TLS1.2, or 1.3, respectively. +-.It Fl tlsextdebug +-Print a hex dump of any TLS extensions received from the server. +-.It Fl use_srtp Ar profiles +-Offer SRTP key management with a colon-separated profile list. +-.It Fl verify_return_error +-Return verification error. +-.It Fl WWW +-Emulate a simple web server. +-Pages are resolved relative to the current directory. +-For example if the URL +-.Pa https://myhost/page.html +-is requested, the file +-.Pa ./page.html +-will be loaded. +-.It Fl www +-Send a status message to the client when it connects, +-including information about the ciphers used and various session parameters. +-The output is in HTML format so this option will normally be used with a +-web browser. +-.It Fl Verify Ar depth , Fl verify Ar depth +-Request a certificate chain from the client, +-with a maximum length of +-.Ar depth . +-With +-.Fl Verify , +-the client must supply a certificate or an error occurs; +-with +-.Fl verify , +-a certificate is requested but the client does not have to send one. +-.El +-.Tg s_time +-.Sh S_TIME +-.Bl -hang -width "openssl s_time" +-.It Nm openssl s_time +-.Bk -words +-.Op Fl bugs +-.Op Fl CAfile Ar file +-.Op Fl CApath Ar directory +-.Op Fl cert Ar file +-.Op Fl cipher Ar cipherlist +-.Op Fl connect Ar host Ns Op : Ns Ar port +-.Op Fl key Ar keyfile +-.Op Fl nbio +-.Op Fl new +-.Op Fl no_shutdown +-.Op Fl reuse +-.Op Fl time Ar seconds +-.Op Fl verify Ar depth +-.Op Fl www Ar page +-.Ek +-.El +-.Pp +-The +-.Nm s_time +-command implements a generic SSL/TLS client which connects to a +-remote host using SSL/TLS. +-It can request a page from the server and includes +-the time to transfer the payload data in its timing measurements. +-It measures the number of connections within a given timeframe, +-the amount of data transferred +-.Pq if any , +-and calculates the average time spent for one connection. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl bugs +-Enable various workarounds for buggy implementations. +-.It Fl CAfile Ar file +-A +-.Ar file +-containing trusted certificates to use during server authentication +-and to use when attempting to build the client certificate chain. +-.It Fl CApath Ar directory +-The directory to use for server certificate verification. +-This directory must be in +-.Qq hash format ; +-see +-.Nm verify +-for more information. +-These are also used when building the client certificate chain. +-.It Fl cert Ar file +-The certificate to use, if one is requested by the server. +-The default is not to use a certificate. +-.It Fl cipher Ar cipherlist +-Modify the cipher list sent by the client. +-Although the server determines which cipher suite is used, +-it should take the first supported cipher in the list sent by the client. +-See the +-.Nm ciphers +-command for more information. +-.It Fl connect Ar host Ns Op : Ns Ar port +-The host and port to connect to. +-.It Fl key Ar keyfile +-The private key to use. +-If not specified, the certificate file will be used. +-.It Fl nbio +-Turn on non-blocking I/O. +-.It Fl new +-Perform the timing test using a new session ID for each connection. +-If neither +-.Fl new +-nor +-.Fl reuse +-are specified, +-they are both on by default and executed in sequence. +-.It Fl no_shutdown +-Shut down the connection without sending a +-.Qq close notify +-shutdown alert to the server. +-.It Fl reuse +-Perform the timing test using the same session ID for each connection. +-If neither +-.Fl new +-nor +-.Fl reuse +-are specified, +-they are both on by default and executed in sequence. +-.It Fl time Ar seconds +-Limit +-.Nm s_time +-benchmarks to the number of +-.Ar seconds . +-The default is 30 seconds. +-.It Fl verify Ar depth +-Turn on server certificate verification, +-with a maximum length of +-.Ar depth . +-Currently the verify operation continues after errors, so all the problems +-with a certificate chain can be seen. +-As a side effect, +-the connection will never fail due to a server certificate verify failure. +-.It Fl www Ar page +-The page to GET from the server. +-A value of +-.Sq / +-gets the index.htm[l] page. +-If this parameter is not specified, +-.Nm s_time +-will only perform the handshake to establish SSL connections +-but not transfer any payload data. +-.El +-.Tg sess_id +-.Sh SESS_ID +-.Bl -hang -width "openssl sess_id" +-.It Nm openssl sess_id +-.Bk -words +-.Op Fl cert +-.Op Fl context Ar ID +-.Op Fl in Ar file +-.Op Fl inform Cm der | pem +-.Op Fl noout +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem +-.Op Fl text +-.Ek +-.El +-.Pp +-The +-.Nm sess_id +-program processes the encoded version of the SSL session structure and +-optionally prints out SSL session details +-(for example the SSL session master key) +-in human-readable format. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl cert +-If a certificate is present in the session, +-it will be output using this option; +-if the +-.Fl text +-option is also present, then it will be printed out in text form. +-.It Fl context Ar ID +-Set the session +-.Ar ID . +-The ID can be any string of characters. +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-.It Fl inform Cm der | pem +-The input format. +-.Cm der +-uses an ASN.1 DER-encoded format containing session details. +-The precise format can vary from one version to the next. +-.Cm pem +-is the default format: it consists of the DER +-format base64-encoded with additional header and footer lines. +-.It Fl noout +-Do not output the encoded version of the session. +-.It Fl out Ar file +-The output file to write to, +-or standard output if not specified. +-.It Fl outform Cm der | pem +-The output format. +-.It Fl text +-Print the various public or private key components in plain text, +-in addition to the encoded version. +-.El +-.Pp +-The output of +-.Nm sess_id +-is composed as follows: +-.Pp +-.Bl -tag -width "Verify return code " -offset 3n -compact +-.It Protocol +-The protocol in use. +-.It Cipher +-The actual raw SSL or TLS cipher code. +-.It Session-ID +-The SSL session ID, in hex format. +-.It Session-ID-ctx +-The session ID context, in hex format. +-.It Master-Key +-The SSL session master key. +-.It Key-Arg +-The key argument; this is only used in SSL v2. +-.It Start Time +-The session start time. +-.Ux +-format. +-.It Timeout +-The timeout, in seconds. +-.It Verify return code +-The return code when a certificate is verified. +-.El +-.Pp +-Since the SSL session output contains the master key, it is possible to read +-the contents of an encrypted session using this information. +-Therefore appropriate security precautions +-should be taken if the information is being output by a +-.Qq real +-application. +-This is, however, strongly discouraged and should only be used for +-debugging purposes. +-.Tg smime +-.Sh SMIME +-.Bl -hang -width "openssl smime" +-.It Nm openssl smime +-.Bk -words +-.Oo +-.Fl aes128 | aes192 | aes256 | des | +-.Fl des3 | rc2-40 | rc2-64 | rc2-128 +-.Oc +-.Op Fl binary +-.Op Fl CAfile Ar file +-.Op Fl CApath Ar directory +-.Op Fl certfile Ar file +-.Op Fl check_ss_sig +-.Op Fl content Ar file +-.Op Fl crl_check +-.Op Fl crl_check_all +-.Op Fl decrypt +-.Op Fl encrypt +-.Op Fl extended_crl +-.Op Fl from Ar addr +-.Op Fl ignore_critical +-.Op Fl in Ar file +-.Op Fl indef +-.Op Fl inform Cm der | pem | smime +-.Op Fl inkey Ar file +-.Op Fl issuer_checks +-.Op Fl keyform Cm der | pem +-.Op Fl md Ar digest +-.Op Fl noattr +-.Op Fl nocerts +-.Op Fl nochain +-.Op Fl nodetach +-.Op Fl noindef +-.Op Fl nointern +-.Op Fl nosigs +-.Op Fl nosmimecap +-.Op Fl noverify +-.Op Fl out Ar file +-.Op Fl outform Cm der | pem | smime +-.Op Fl passin Ar arg +-.Op Fl pk7out +-.Op Fl policy_check +-.Op Fl recip Ar file +-.Op Fl resign +-.Op Fl sign +-.Op Fl signer Ar file +-.Op Fl stream +-.Op Fl subject Ar s +-.Op Fl text +-.Op Fl to Ar addr +-.Op Fl verify +-.Op Fl x509_strict +-.Op Ar cert.pem ... +-.Ek +-.El +-.Pp +-The +-.Nm smime +-command handles S/MIME mail. +-It can encrypt, decrypt, sign, and verify S/MIME messages. +-.Pp +-The MIME message must be sent without any blank lines between the +-headers and the output. +-Some mail programs will automatically add a blank line. +-Piping the mail directly to an MTA is one way to +-achieve the correct format. +-.Pp +-The supplied message to be signed or encrypted must include the necessary +-MIME headers or many S/MIME clients won't display it properly (if at all). +-Use the +-.Fl text +-option to automatically add plain text headers. +-.Pp +-A +-.Qq signed and encrypted +-message is one where a signed message is then encrypted. +-This can be produced by encrypting an already signed message. +-.Pp +-There are a number of operations that can be performed, as follows: +-.Bl -tag -width "XXXX" +-.It Fl decrypt +-Decrypt mail using the supplied certificate and private key. +-The input file is an encrypted mail message in MIME format. +-The decrypted mail is written to the output file. +-.It Fl encrypt +-Encrypt mail for the given recipient certificates. +-The input is the message to be encrypted. +-The output file is the encrypted mail, in MIME format. +-.It Fl pk7out +-Take an input message and write out a PEM-encoded PKCS#7 structure. +-.It Fl resign +-Resign a message: take an existing message and one or more new signers. +-.It Fl sign +-Sign mail using the supplied certificate and private key. +-The input file is the message to be signed. +-The signed message, in MIME format, is written to the output file. +-.It Fl verify +-Verify signed mail. +-The input is a signed mail message and the output is the signed data. +-Both clear text and opaque signing is supported. +-.El +-.Pp +-The remaining options are as follows: +-.Bl -tag -width "XXXX" +-.It Xo +-.Fl aes128 | aes192 | aes256 | des | +-.Fl des3 | rc2-40 | rc2-64 | rc2-128 +-.Xc +-The encryption algorithm to use. +-128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits), +-or 40-, 64-, or 128-bit RC2, respectively; +-if not specified, 40-bit RC2 is +-used. +-Only used with +-.Fl encrypt . +-.It Fl binary +-Normally, the input message is converted to +-.Qq canonical +-format which uses CR/LF as end of line, +-as required by the S/MIME specification. +-When this option is present, no translation occurs. +-This is useful when handling binary data which may not be in MIME format. +-.It Fl CAfile Ar file +-A +-.Ar file +-containing trusted CA certificates; only used with +-.Fl verify . +-.It Fl CApath Ar directory +-A +-.Ar directory +-containing trusted CA certificates; only used with +-.Fl verify . +-This directory must be a standard certificate directory: +-that is, a hash of each subject name (using +-.Nm x509 -hash ) +-should be linked to each certificate. +-.It Ar cert.pem ... +-One or more certificates of message recipients: used when encrypting +-a message. +-.It Fl certfile Ar file +-Allows additional certificates to be specified. +-When signing, these will be included with the message. +-When verifying, these will be searched for the signers' certificates. +-The certificates should be in PEM format. +-.It Xo +-.Fl check_ss_sig , +-.Fl crl_check , +-.Fl crl_check_all , +-.Fl extended_crl , +-.Fl ignore_critical , +-.Fl issuer_checks , +-.Fl policy_check , +-.Fl x509_strict +-.Xc +-Set various certificate chain validation options. +-See the +-.Nm verify +-command for details. +-.It Fl content Ar file +-A file containing the detached content. +-This is only useful with the +-.Fl verify +-option, +-and only usable if the PKCS#7 structure is using the detached +-signature form where the content is not included. +-This option will override any content if the input format is S/MIME +-and it uses the multipart/signed MIME content type. +-.It Xo +-.Fl from Ar addr , +-.Fl subject Ar s , +-.Fl to Ar addr +-.Xc +-The relevant mail headers. +-These are included outside the signed +-portion of a message so they may be included manually. +-When signing, many S/MIME +-mail clients check that the signer's certificate email +-address matches the From: address. +-.It Fl in Ar file +-The input file to read from. +-.It Fl indef +-Enable streaming I/O for encoding operations. +-This permits single pass processing of data without +-the need to hold the entire contents in memory, +-potentially supporting very large files. +-Streaming is automatically set for S/MIME signing with detached +-data if the output format is SMIME; +-it is currently off by default for all other operations. +-.It Fl inform Cm der | pem | smime +-The input format. +-.It Fl inkey Ar file +-The private key to use when signing or decrypting, +-which must match the corresponding certificate. +-If this option is not specified, the private key must be included +-in the certificate file specified with +-the +-.Fl recip +-or +-.Fl signer +-file. +-When signing, +-this option can be used multiple times to specify successive keys. +-.It Fl keyform Cm der | pem +-Input private key format. +-The default is +-.Cm pem . +-.It Fl md Ar digest +-The digest algorithm to use when signing or resigning. +-If not present then the default digest algorithm for the signing key is used +-(usually SHA1). +-.It Fl noattr +-Do not include attributes. +-.It Fl nocerts +-Do not include the signer's certificate. +-This will reduce the size of the signed message but the verifier must +-have a copy of the signer's certificate available locally (passed using the +-.Fl certfile +-option, for example). +-.It Fl nochain +-Do not do chain verification of signers' certificates: that is, +-don't use the certificates in the signed message as untrusted CAs. +-.It Fl nodetach +-When signing a message, use opaque signing: this form is more resistant +-to translation by mail relays but it cannot be read by mail agents that +-do not support S/MIME. +-Without this option cleartext signing with the MIME type +-multipart/signed is used. +-.It Fl noindef +-Disable streaming I/O where it would produce an encoding of indefinite length +-(currently has no effect). +-.It Fl nointern +-Only use certificates specified in the +-.Fl certfile . +-The supplied certificates can still be used as untrusted CAs. +-.It Fl nosigs +-Do not try to verify the signatures on the message. +-.It Fl nosmimecap +-Exclude the list of supported algorithms from signed attributes, +-other options such as signing time and content type are still included. +-.It Fl noverify +-Do not verify the signer's certificate of a signed message. +-.It Fl out Ar file +-The output file to write to. +-.It Fl outform Cm der | pem | smime +-The output format. +-The default is smime, which writes an S/MIME format message. +-.Cm pem +-and +-.Cm der +-change this to write PEM and DER format PKCS#7 structures instead. +-This currently only affects the output format of the PKCS#7 +-structure; if no PKCS#7 structure is being output (for example with +-.Fl verify +-or +-.Fl decrypt ) +-this option has no effect. +-.It Fl passin Ar arg +-The key password source. +-.It Fl recip Ar file +-The recipients certificate when decrypting a message. +-This certificate +-must match one of the recipients of the message or an error occurs. +-.It Fl signer Ar file +-A signing certificate when signing or resigning a message; +-this option can be used multiple times if more than one signer is required. +-If a message is being verified, the signer's certificates will be +-written to this file if the verification was successful. +-.It Fl stream +-The same as +-.Fl indef . +-.It Fl text +-Add plain text (text/plain) MIME +-headers to the supplied message if encrypting or signing. +-If decrypting or verifying, it strips off text headers: +-if the decrypted or verified message is not of MIME type text/plain +-then an error occurs. +-.El +-.Pp +-The exit codes for +-.Nm smime +-are as follows: +-.Pp +-.Bl -tag -width "XXXX" -offset 3n -compact +-.It 0 +-The operation was completely successful. +-.It 1 +-An error occurred parsing the command options. +-.It 2 +-One of the input files could not be read. +-.It 3 +-An error occurred creating the file or when reading the message. +-.It 4 +-An error occurred decrypting or verifying the message. +-.It 5 +-An error occurred writing certificates. +-.El +-.Tg speed +-.Sh SPEED +-.Bl -hang -width "openssl speed" +-.It Nm openssl speed +-.Bk -words +-.Op Ar algorithm +-.Op Fl decrypt +-.Op Fl elapsed +-.Op Fl evp Ar algorithm +-.Op Fl mr +-.Op Fl multi Ar number +-.Op Fl unaligned Ar number +-.Ek +-.El +-.Pp +-The +-.Nm speed +-command is used to test the performance of cryptographic algorithms. +-.Bl -tag -width "XXXX" +-.It Ar algorithm +-Perform the test using +-.Ar algorithm . +-The default is to test all algorithms. +-.It Fl decrypt +-Time decryption instead of encryption; +-must be used with +-.Fl evp . +-.It Fl elapsed +-Measure time in real time instead of CPU user time. +-.It Fl evp Ar algorithm +-Perform the test using one of the algorithms accepted by +-.Xr EVP_get_cipherbyname 3 . +-.It Fl mr +-Produce machine readable output. +-.It Fl multi Ar number +-Run +-.Ar number +-benchmarks in parallel. +-.It Fl unaligned Ar number +-Use allocated buffers with an offset of +-.Ar number +-bytes from the alignment provided by +-.Xr malloc 3 . +-.Ar number +-should be between 0 and 16. +-.El +-.Tg ts +-.Sh TS +-.Bk -words +-.Bl -hang -width "openssl ts" +-.It Nm openssl ts +-.Fl query +-.Op Fl md4 | md5 | ripemd160 | sha1 +-.Op Fl cert +-.Op Fl config Ar configfile +-.Op Fl data Ar file_to_hash +-.Op Fl digest Ar digest_bytes +-.Op Fl in Ar request.tsq +-.Op Fl no_nonce +-.Op Fl out Ar request.tsq +-.Op Fl policy Ar object_id +-.Op Fl text +-.It Nm openssl ts +-.Fl reply +-.Op Fl chain Ar certs_file.pem +-.Op Fl config Ar configfile +-.Op Fl in Ar response.tsr +-.Op Fl inkey Ar private.pem +-.Op Fl out Ar response.tsr +-.Op Fl passin Ar arg +-.Op Fl policy Ar object_id +-.Op Fl queryfile Ar request.tsq +-.Op Fl section Ar tsa_section +-.Op Fl signer Ar tsa_cert.pem +-.Op Fl text +-.Op Fl token_in +-.Op Fl token_out +-.It Nm openssl ts +-.Fl verify +-.Op Fl CAfile Ar trusted_certs.pem +-.Op Fl CApath Ar trusted_cert_path +-.Op Fl data Ar file_to_hash +-.Op Fl digest Ar digest_bytes +-.Op Fl in Ar response.tsr +-.Op Fl queryfile Ar request.tsq +-.Op Fl token_in +-.Op Fl untrusted Ar cert_file.pem +-.El +-.Ek +-.Pp +-The +-.Nm ts +-command is a basic Time Stamping Authority (TSA) client and server +-application as specified in RFC 3161 (Time-Stamp Protocol, TSP). +-A TSA can be part of a PKI deployment and its role is to provide long +-term proof of the existence of specific data. +-Here is a brief description of the protocol: +-.Bl -enum +-.It +-The TSA client computes a one-way hash value for a data file and sends +-the hash to the TSA. +-.It +-The TSA attaches the current date and time to the received hash value, +-signs them and sends the time stamp token back to the client. +-By creating this token the TSA certifies the existence of the original +-data file at the time of response generation. +-.It +-The TSA client receives the time stamp token and verifies the +-signature on it. +-It also checks if the token contains the same hash +-value that it had sent to the TSA. +-.El +-.Pp +-There is one DER-encoded protocol data unit defined for transporting a time +-stamp request to the TSA and one for sending the time stamp response +-back to the client. +-The +-.Nm ts +-command has three main functions: +-creating a time stamp request based on a data file; +-creating a time stamp response based on a request; +-and verifying if a response corresponds +-to a particular request or a data file. +-.Pp +-There is no support for sending the requests/responses automatically +-over HTTP or TCP yet as suggested in RFC 3161. +-Users must send the requests either by FTP or email. +-.Pp +-The +-.Fl query +-switch can be used for creating and printing a time stamp +-request with the following options: +-.Bl -tag -width Ds +-.It Fl cert +-Expect the TSA to include its signing certificate in the response. +-.It Fl config Ar configfile +-Specify an alternative configuration file. +-Only the OID section is used. +-.It Fl data Ar file_to_hash +-The data file for which the time stamp request needs to be created. +-The default is standard input. +-.It Fl digest Ar digest_bytes +-Specify the message imprint explicitly without the data file. +-The imprint must be specified in a hexadecimal format, +-two characters per byte, +-the bytes optionally separated by colons. +-The number of bytes must match the message digest algorithm in use. +-.It Fl in Ar request.tsq +-A previously created time stamp request in DER +-format that will be printed into the output file. +-Useful for examining the content of a request in human-readable format. +-.It Fl md4 | md5 | ripemd160 | sha | sha1 +-The message digest to apply to the data file. +-It supports all the message digest algorithms that are supported by the +-.Nm dgst +-command. +-The default is SHA1. +-.It Fl no_nonce +-Specify no nonce in the request. +-The default, to include a 64-bit long pseudo-random nonce, +-is recommended to protect against replay attacks. +-.It Fl out Ar request.tsq +-The output file to write to, +-or standard output if not specified. +-.It Fl policy Ar object_id +-The policy that the client expects the TSA to use for creating the +-time stamp token. +-Either dotted OID notation or OID names defined +-in the config file can be used. +-If no policy is requested, the TSA uses its own default policy. +-.It Fl text +-Output in human-readable text format instead of DER. +-.El +-.Pp +-A time stamp response (TimeStampResp) consists of a response status +-and the time stamp token itself (ContentInfo), +-if the token generation was successful. +-The +-.Fl reply +-command is for creating a time stamp +-response or time stamp token based on a request and printing the +-response/token in human-readable format. +-If +-.Fl token_out +-is not specified the output is always a time stamp response (TimeStampResp), +-otherwise it is a time stamp token (ContentInfo). +-.Bl -tag -width Ds +-.It Fl chain Ar certs_file.pem +-The collection of PEM certificates +-that will be included in the response +-in addition to the signer certificate if the +-.Fl cert +-option was used for the request. +-This file is supposed to contain the certificate chain +-for the signer certificate from its issuer upwards. +-The +-.Fl reply +-command does not build a certificate chain automatically. +-.It Fl config Ar configfile +-Specify an alternative configuration file. +-.It Fl in Ar response.tsr +-Specify a previously created time stamp response (or time stamp token, if +-.Fl token_in +-is also specified) +-in DER format that will be written to the output file. +-This option does not require a request; +-it is useful, for example, +-to examine the content of a response or token +-or to extract the time stamp token from a response. +-If the input is a token and the output is a time stamp response, a default +-.Qq granted +-status info is added to the token. +-.It Fl inkey Ar private.pem +-The signer private key of the TSA in PEM format. +-Overrides the +-.Cm signer_key +-config file option. +-.It Fl out Ar response.tsr +-The response is written to this file. +-The format and content of the file depends on other options (see +-.Fl text +-and +-.Fl token_out ) . +-The default is stdout. +-.It Fl passin Ar arg +-The key password source. +-.It Fl policy Ar object_id +-The default policy to use for the response. +-Either dotted OID notation or OID names defined +-in the config file can be used. +-If no policy is requested, the TSA uses its own default policy. +-.It Fl queryfile Ar request.tsq +-The file containing a DER-encoded time stamp request. +-.It Fl section Ar tsa_section +-The config file section containing the settings for response generation. +-.It Fl signer Ar tsa_cert.pem +-The PEM signer certificate of the TSA. +-The TSA signing certificate must have exactly one extended key usage +-assigned to it: timeStamping. +-The extended key usage must also be critical, +-otherwise the certificate is going to be refused. +-Overrides the +-.Cm signer_cert +-variable of the config file. +-.It Fl text +-Output in human-readable text format instead of DER. +-.It Fl token_in +-The input is a DER-encoded time stamp token (ContentInfo) +-instead of a time stamp response (TimeStampResp). +-.It Fl token_out +-The output is a time stamp token (ContentInfo) +-instead of a time stamp response (TimeStampResp). +-.El +-.Pp +-The +-.Fl verify +-command is for verifying if a time stamp response or time stamp token +-is valid and matches a particular time stamp request or data file. +-The +-.Fl verify +-command does not use the configuration file. +-.Bl -tag -width Ds +-.It Fl CAfile Ar trusted_certs.pem +-The file containing a set of trusted self-signed PEM CA certificates. +-See +-.Nm verify +-for additional details. +-Either this option or +-.Fl CApath +-must be specified. +-.It Fl CApath Ar trusted_cert_path +-The directory containing the trusted CA certificates of the client. +-See +-.Nm verify +-for additional details. +-Either this option or +-.Fl CAfile +-must be specified. +-.It Fl data Ar file_to_hash +-The response or token must be verified against +-.Ar file_to_hash . +-The file is hashed with the message digest algorithm specified in the token. +-The +-.Fl digest +-and +-.Fl queryfile +-options must not be specified with this one. +-.It Fl digest Ar digest_bytes +-The response or token must be verified against the message digest specified +-with this option. +-The number of bytes must match the message digest algorithm +-specified in the token. +-The +-.Fl data +-and +-.Fl queryfile +-options must not be specified with this one. +-.It Fl in Ar response.tsr +-The time stamp response that needs to be verified, in DER format. +-This option in mandatory. +-.It Fl queryfile Ar request.tsq +-The original time stamp request, in DER format. +-The +-.Fl data +-and +-.Fl digest +-options must not be specified with this one. +-.It Fl token_in +-The input is a DER-encoded time stamp token (ContentInfo) +-instead of a time stamp response (TimeStampResp). +-.It Fl untrusted Ar cert_file.pem +-Additional untrusted PEM certificates which may be needed +-when building the certificate chain for the TSA's signing certificate. +-This file must contain the TSA signing certificate and +-all intermediate CA certificates unless the response includes them. +-.El +-.Pp +-Options specified on the command line always override +-the settings in the config file: +-.Bl -tag -width Ds +-.It Cm tsa Ar section , Cm default_tsa +-This is the main section and it specifies the name of another section +-that contains all the options for the +-.Fl reply +-option. +-This section can be overridden with the +-.Fl section +-command line switch. +-.It Cm oid_file +-See +-.Nm ca +-for a description. +-.It Cm oid_section +-See +-.Nm ca +-for a description. +-.It Cm serial +-The file containing the hexadecimal serial number of the +-last time stamp response created. +-This number is incremented by 1 for each response. +-If the file does not exist at the time of response generation, +-a new file is created with serial number 1. +-This parameter is mandatory. +-.It Cm signer_cert +-TSA signing certificate, in PEM format. +-The same as the +-.Fl signer +-command line option. +-.It Cm certs +-A set of PEM-encoded certificates that need to be +-included in the response. +-The same as the +-.Fl chain +-command line option. +-.It Cm signer_key +-The private key of the TSA, in PEM format. +-The same as the +-.Fl inkey +-command line option. +-.It Cm default_policy +-The default policy to use when the request does not mandate any policy. +-The same as the +-.Fl policy +-command line option. +-.It Cm other_policies +-Comma separated list of policies that are also acceptable by the TSA +-and used only if the request explicitly specifies one of them. +-.It Cm digests +-The list of message digest algorithms that the TSA accepts. +-At least one algorithm must be specified. +-This parameter is mandatory. +-.It Cm accuracy +-The accuracy of the time source of the TSA in seconds, milliseconds +-and microseconds. +-For example, secs:1, millisecs:500, microsecs:100. +-If any of the components is missing, +-zero is assumed for that field. +-.It Cm clock_precision_digits +-The maximum number of digits, which represent the fraction of seconds, +-that need to be included in the time field. +-The trailing zeroes must be removed from the time, +-so there might actually be fewer digits +-or no fraction of seconds at all. +-The maximum value is 6; +-the default is 0. +-.It Cm ordering +-If this option is yes, +-the responses generated by this TSA can always be ordered, +-even if the time difference between two responses is less +-than the sum of their accuracies. +-The default is no. +-.It Cm tsa_name +-Set this option to yes if the subject name of the TSA must be included in +-the TSA name field of the response. +-The default is no. +-.It Cm ess_cert_id_chain +-The SignedData objects created by the TSA always contain the +-certificate identifier of the signing certificate in a signed +-attribute (see RFC 2634, Enhanced Security Services). +-If this option is set to yes and either the +-.Cm certs +-variable or the +-.Fl chain +-option is specified then the certificate identifiers of the chain will also +-be included in the SigningCertificate signed attribute. +-If this variable is set to no, +-only the signing certificate identifier is included. +-The default is no. +-.El +-.Tg verify +-.Sh VERIFY +-.Bl -hang -width "openssl verify" +-.It Nm openssl verify +-.Bk -words +-.Op Fl CAfile Ar file +-.Op Fl CApath Ar directory +-.Op Fl check_ss_sig +-.Op Fl CRLfile Ar file +-.Op Fl crl_check +-.Op Fl crl_check_all +-.Op Fl explicit_policy +-.Op Fl extended_crl +-.Op Fl help +-.Op Fl ignore_critical +-.Op Fl inhibit_any +-.Op Fl inhibit_map +-.Op Fl issuer_checks +-.Op Fl legacy_verify +-.Op Fl policy_check +-.Op Fl purpose Ar purpose +-.Op Fl trusted Ar file +-.Op Fl untrusted Ar file +-.Op Fl verbose +-.Op Fl x509_strict +-.Op Ar certificates +-.Ek +-.El +-.Pp +-The +-.Nm verify +-command verifies certificate chains. +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl CAfile Ar file +-A +-.Ar file +-of trusted certificates. +-The +-.Ar file +-should contain multiple certificates in PEM format, concatenated together. +-.It Fl CApath Ar directory +-A +-.Ar directory +-of trusted certificates. +-The certificates, or symbolic links to them, +-should have names of the form +-.Ar hash Ns .0 , +-where +-.Ar hash +-is the hashed certificate subject name +-(see the +-.Fl hash +-option of the +-.Nm x509 +-utility). +-.It Fl check_ss_sig +-Verify the signature on the self-signed root CA. +-This is disabled by default +-because it doesn't add any security. +-.It Fl CRLfile Ar file +-The +-.Ar file +-should contain one or more CRLs in PEM format. +-.It Fl crl_check +-Check end entity certificate validity by attempting to look up a valid CRL. +-If a valid CRL cannot be found, an error occurs. +-.It Fl crl_check_all +-Check the validity of all certificates in the chain by attempting +-to look up valid CRLs. +-.It Fl explicit_policy +-Set policy variable require-explicit-policy (RFC 3280). +-.It Fl extended_crl +-Enable extended CRL features such as indirect CRLs and alternate CRL +-signing keys. +-.It Fl help +-Print a usage message. +-.It Fl ignore_critical +-Ignore critical extensions instead of rejecting the certificate. +-.It Fl inhibit_any +-Set policy variable inhibit-any-policy (RFC 3280). +-.It Fl inhibit_map +-Set policy variable inhibit-policy-mapping (RFC 3280). +-.It Fl issuer_checks +-Print diagnostics relating to searches for the issuer certificate +-of the current certificate +-showing why each candidate issuer certificate was rejected. +-The presence of rejection messages +-does not itself imply that anything is wrong: +-during the normal verify process several rejections may take place. +-.It Fl legacy_verify +-Use the legacy X.509 certificate chain verification code. +-.It Fl policy_check +-Enable certificate policy processing. +-.It Fl purpose Ar purpose +-The intended use for the certificate. +-Without this option no chain verification will be done. +-Currently accepted uses are +-.Cm sslclient , sslserver , +-.Cm nssslserver , smimesign , +-.Cm smimeencrypt , crlsign , +-.Cm any , +-and +-.Cm ocsphelper . +-.It Fl trusted Ar file +-A +-.Ar file +-of trusted certificates. +-The +-.Ar file +-should contain multiple certificates. +-.It Fl untrusted Ar file +-A +-.Ar file +-of untrusted certificates. +-The +-.Ar file +-should contain multiple certificates. +-.It Fl verbose +-Print extra information about the operations being performed. +-.It Fl x509_strict +-Disable workarounds for broken certificates which have to be disabled +-for strict X.509 compliance. +-.It Ar certificates +-One or more PEM +-.Ar certificates +-to verify. +-If no certificate files are included, an attempt is made to read +-a certificate from standard input. +-If the first certificate filename begins with a dash, +-use a lone dash to mark the last option. +-.El +-.Pp +-The +-.Nm verify +-program uses the same functions as the internal SSL and S/MIME verification, +-with one crucial difference: +-wherever possible an attempt is made to continue after an error, +-whereas normally the verify operation would halt on the first error. +-This allows all the problems with a certificate chain to be determined. +-.Pp +-The verify operation consists of a number of separate steps. +-Firstly a certificate chain is built up starting from the supplied certificate +-and ending in the root CA. +-It is an error if the whole chain cannot be built up. +-The chain is built up by looking up the issuer's certificate of the current +-certificate. +-If a certificate is found which is its own issuer, it is assumed +-to be the root CA. +-.Pp +-All certificates whose subject name matches the issuer name +-of the current certificate are subject to further tests. +-The relevant authority key identifier components of the current certificate +-(if present) must match the subject key identifier (if present) +-and issuer and serial number of the candidate issuer; +-in addition the +-.Cm keyUsage +-extension of the candidate issuer (if present) must permit certificate signing. +-.Pp +-The lookup first looks in the list of untrusted certificates and if no match +-is found the remaining lookups are from the trusted certificates. +-The root CA is always looked up in the trusted certificate list: +-if the certificate to verify is a root certificate, +-then an exact match must be found in the trusted list. +-.Pp +-The second operation is to check every untrusted certificate's extensions for +-consistency with the supplied purpose. +-If the +-.Fl purpose +-option is not included, then no checks are done. +-The supplied or +-.Qq leaf +-certificate must have extensions compatible with the supplied purpose +-and all other certificates must also be valid CA certificates. +-The precise extensions required are described in more detail in +-the +-.Nm X509 +-section below. +-.Pp +-The third operation is to check the trust settings on the root CA. +-The root CA should be trusted for the supplied purpose. +-A certificate with no trust settings is considered to be valid for +-all purposes. +-.Pp +-The final operation is to check the validity of the certificate chain. +-The validity period is checked against the current system time and the +-.Cm notBefore +-and +-.Cm notAfter +-dates in the certificate. +-The certificate signatures are also checked at this point. +-.Pp +-If all operations complete successfully, the certificate is considered +-valid. +-If any operation fails then the certificate is not valid. +-When a verify operation fails, the output messages can be somewhat cryptic. +-The general form of the error message is: +-.Bd -literal +-server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit) +-error 24 at 1 depth lookup:invalid CA certificate +-.Ed +-.Pp +-The first line contains the name of the certificate being verified, followed by +-the subject name of the certificate. +-The second line contains the error number as defined by the +-.Dv X509_V_ERR_* +-constants in +-.In openssl/x509_vfy.h , +-the associated error message documented in +-.Xr X509_STORE_CTX_get_error 3 , +-and the depth. +-The depth is the number of the certificate being verified when a +-problem was detected starting with zero for the certificate being verified +-itself, then 1 for the CA that signed the certificate and so on. +-.Tg version +-.Sh VERSION +-.Nm openssl version +-.Op Fl abdfpv +-.Pp +-The +-.Nm version +-command is used to print out version information about +-.Nm openssl . +-.Pp +-The options are as follows: +-.Bl -tag -width Ds +-.It Fl a +-All information: this is the same as setting all the other flags. +-.It Fl b +-The date the current version of +-.Nm openssl +-was built. +-.It Fl d +-.Ev OPENSSLDIR +-setting. +-.It Fl f +-Compilation flags. +-.It Fl p +-Platform setting. +-.It Fl v +-The current +-.Nm openssl +-version. +-.El +-.Tg x509 +-.Sh X509 +-.Bl -hang -width "openssl x509" +-.It Nm openssl x509 +-.Bk -words +-.Op Fl C +-.Op Fl addreject Ar arg +-.Op Fl addtrust Ar arg +-.Op Fl alias +-.Op Fl CA Ar file +-.Op Fl CAcreateserial +-.Op Fl CAform Cm der | pem +-.Op Fl CAkey Ar file +-.Op Fl CAkeyform Cm der | pem +-.Op Fl CAserial Ar file +-.Op Fl certopt Ar option +-.Op Fl checkend Ar arg +-.Op Fl clrext +-.Op Fl clrreject +-.Op Fl clrtrust +-.Op Fl dates +-.Op Fl days Ar arg +-.Op Fl email +-.Op Fl enddate +-.Op Fl extensions Ar section +-.Op Fl extfile Ar file +-.Op Fl fingerprint +-.Op Fl force_pubkey Ar key +-.Op Fl hash +-.Op Fl in Ar file +-.Op Fl inform Cm der | net | pem +-.Op Fl issuer +-.Op Fl issuer_hash +-.Op Fl issuer_hash_old +-.Op Fl keyform Cm der | pem +-.Op Fl md5 | sha1 +-.Op Fl modulus +-.Op Fl multivalue-rdn +-.Op Fl nameopt Ar option +-.Op Fl new +-.Op Fl next_serial +-.Op Fl noout +-.Op Fl ocsp_uri +-.Op Fl ocspid +-.Op Fl out Ar file +-.Op Fl outform Cm der | net | pem +-.Op Fl passin Ar arg +-.Op Fl pubkey +-.Op Fl purpose +-.Op Fl req +-.Op Fl serial +-.Op Fl set_issuer Ar name +-.Op Fl set_serial Ar n +-.Op Fl set_subject Ar name +-.Op Fl setalias Ar arg +-.Op Fl signkey Ar file +-.Op Fl sigopt Ar nm:v +-.Op Fl startdate +-.Op Fl subject +-.Op Fl subject_hash +-.Op Fl subject_hash_old +-.Op Fl text +-.Op Fl trustout +-.Op Fl utf8 +-.Op Fl x509toreq +-.Ek +-.El +-.Pp +-The +-.Nm x509 +-command is a multi-purpose certificate utility. +-It can be used to display certificate information, convert certificates to +-various forms, sign certificate requests like a +-.Qq mini CA , +-or edit certificate trust settings. +-.Pp +-The following are x509 input, output, and general purpose options: +-.Bl -tag -width "XXXX" +-.It Fl in Ar file +-The input file to read from, +-or standard input if not specified. +-This option cannot be used with +-.Fl new . +-.It Fl inform Cm der | net | pem +-The input format. +-Normally, the command will expect an X.509 certificate, +-but this can change if other options such as +-.Fl in +-or +-.Fl req +-are present. +-.It Fl md5 | sha1 +-The digest to use. +-This affects any signing or display option that uses a message digest, +-such as the +-.Fl fingerprint , signkey , +-and +-.Fl CA +-options. +-If not specified, MD5 is used. +-SHA1 is always used with DSA keys. +-.It Fl out Ar file +-The output file to write to, +-or standard output if none is specified. +-.It Fl outform Cm der | net | pem +-The output format. +-.It Fl passin Ar arg +-The key password source. +-.El +-.Pp +-The following are x509 display options: +-.Bl -tag -width "XXXX" +-.It Fl C +-Output the certificate in the form of a C source file. +-.It Fl certopt Ar option +-Customise the output format used with +-.Fl text , +-either using a list of comma-separated options or by specifying +-.Fl certopt +-multiple times. +-The default behaviour is to print all fields. +-The options are as follows: +-.Pp +-.Bl -tag -width "no_extensions" -offset indent -compact +-.It Cm ca_default +-Equivalent to +-.Cm no_issuer , no_pubkey , no_header , +-.Cm no_version , no_sigdump , +-and +-.Cm no_signame . +-.It Cm compatible +-Equivalent to no output options at all. +-.It Cm ext_default +-Print unsupported certificate extensions. +-.It Cm ext_dump +-Hex dump unsupported extensions. +-.It Cm ext_error +-Print an error message for unsupported certificate extensions. +-.It Cm ext_parse +-ASN.1 parse unsupported extensions. +-.It Cm no_aux +-Do not print certificate trust information. +-.It Cm no_extensions +-Do not print X509V3 extensions. +-.It Cm no_header +-Do not print header (Certificate and Data) information. +-.It Cm no_issuer +-Do not print the issuer name. +-.It Cm no_pubkey +-Do not print the public key. +-.It Cm no_serial +-Do not print the serial number. +-.It Cm no_sigdump +-Do not give a hexadecimal dump of the certificate signature. +-.It Cm no_signame +-Do not print the signature algorithm used. +-.It Cm no_subject +-Do not print the subject name. +-.It Cm no_validity +-Do not print the +-.Cm notBefore +-and +-.Cm notAfter +-(validity) fields. +-.It Cm no_version +-Do not print the version number. +-.El +-.It Fl dates +-Print the start and expiry date of a certificate. +-.It Fl email +-Output the email addresses, if any. +-.It Fl enddate +-Print the expiry date of the certificate; that is, the +-.Cm notAfter +-date. +-.It Fl fingerprint +-Print the digest of the DER-encoded version of the whole certificate. +-.It Fl hash +-A synonym for +-.Fl subject_hash . +-.It Fl issuer +-Print the issuer name. +-.It Fl issuer_hash +-Print the hash of the certificate issuer name. +-.It Fl issuer_hash_old +-Print the hash of the certificate issuer name +-using the older algorithm as used by +-.Nm openssl +-versions before 1.0.0. +-.It Fl modulus +-Print the value of the modulus of the public key contained in the certificate. +-.It Fl multivalue-rdn +-This option causes the +-.Fl subj +-argument to be interpreted with full support for multivalued RDNs, +-for example +-.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . +-If +-.Fl multivalue-rdn +-is not used, the UID value is set to +-.Qq "123456+CN=John Doe" . +-.It Fl nameopt Ar option +-Customise how the subject or issuer names are displayed, +-either using a list of comma-separated options or by specifying +-.Fl nameopt +-multiple times. +-The default behaviour is to use the +-.Cm oneline +-format. +-The options, +-which can be preceded by a dash to turn them off, +-are as follows: +-.Bl -tag -width "XXXX" +-.It Cm align +-Align field values for a more readable output. +-Only usable with +-.Ar sep_multiline . +-.It Cm compat +-Use the old format, +-equivalent to specifying no options at all. +-.It Cm dn_rev +-Reverse the fields of the DN, as required by RFC 2253. +-As a side effect, this also reverses the order of multiple AVAs. +-.It Cm dump_all +-Dump all fields. +-When used with +-.Ar dump_der , +-it allows the DER encoding of the structure to be unambiguously determined. +-.It Cm dump_der +-Any fields that need to be hexdumped are +-dumped using the DER encoding of the field. +-Otherwise just the content octets will be displayed. +-Both options use the RFC 2253 #XXXX... format. +-.It Cm dump_nostr +-Dump non-character string types +-(for example OCTET STRING); +-usually, non-character string types are displayed +-as though each content octet represents a single character. +-.It Cm dump_unknown +-Dump any field whose OID is not recognised by +-.Nm openssl . +-.It Cm esc_2253 +-Escape the +-.Qq special +-characters required by RFC 2253 in a field that is +-.Dq \& ,+"<>; . +-Additionally, +-.Sq # +-is escaped at the beginning of a string +-and a space character at the beginning or end of a string. +-.It Cm esc_ctrl +-Escape control characters. +-That is, those with ASCII values less than 0x20 (space) +-and the delete (0x7f) character. +-They are escaped using the RFC 2253 \eXX notation (where XX are two hex +-digits representing the character value). +-.It Cm esc_msb +-Escape characters with the MSB set; that is, with ASCII values larger than +-127. +-.It Cm multiline +-A multiline format. +-Equivalent to +-.Cm esc_ctrl , esc_msb , sep_multiline , +-.Cm space_eq , lname , +-and +-.Cm align . +-.It Cm no_type +-Do not attempt to interpret multibyte characters. +-That is, content octets are merely dumped as though one octet +-represents each character. +-This is useful for diagnostic purposes +-but results in rather odd looking output. +-.It Cm nofname , sname , lname , oid +-Alter how the field name is displayed: +-.Cm nofname +-does not display the field at all; +-.Cm sname +-uses the short name form (CN for +-.Cm commonName , +-for example); +-.Cm lname +-uses the long form. +-.Cm oid +-represents the OID in numerical form and is useful for diagnostic purpose. +-.It Cm oneline +-A one line format which is more readable than +-.Cm RFC2253 . +-Equivalent to +-.Cm esc_2253 , esc_ctrl , esc_msb , utf8 , +-.Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc , +-.Cm space_eq , +-and +-.Cm sname . +-.It Cm RFC2253 +-Displays names compatible with RFC 2253. +-Equivalent to +-.Cm esc_2253 , esc_ctrl , +-.Cm esc_msb , utf8 , dump_nostr , dump_unknown , +-.Cm dump_der , sep_comma_plus , dn_rev , +-and +-.Cm sname . +-.It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline +-Determine the field separators: +-the first character is between RDNs and the second between multiple AVAs +-(multiple AVAs are very rare and their use is discouraged). +-The options ending in +-.Qq space +-additionally place a space after the separator to make it more readable. +-.Cm sep_multiline +-uses a linefeed character for the RDN separator and a spaced +-.Sq + +-for the AVA separator, +-as well as indenting the fields by four characters. +-If no field separator is specified then +-.Cm sep_comma_plus_space +-is used by default. +-.It Cm show_type +-Show the type of the ASN.1 character string. +-The type precedes the field contents. +-For example +-.Qq BMPSTRING: Hello World . +-.It Cm space_eq +-Place spaces round the +-.Sq = +-character which follows the field name. +-.It Cm use_quote +-Escape some characters by surrounding the whole string with +-.Sq \&" +-characters. +-Without the option, all escaping is done with the +-.Sq \e +-character. +-.It Cm utf8 +-Convert all strings to UTF8 format first, as required by RFC 2253. +-On a UTF8 compatible terminal, +-the use of this option (and not setting +-.Cm esc_msb ) +-may result in the correct display of multibyte characters. +-Usually, multibyte characters larger than 0xff +-are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX +-for 32 bits, +-and any UTF8Strings are converted to their character form first. +-.El +-.It Fl next_serial +-Print the next serial number. +-.It Fl noout +-Do not output the encoded version of the request. +-.It Fl ocsp_uri +-Print the OCSP responder addresses, if any. +-.It Fl ocspid +-Print OCSP hash values for the subject name and public key. +-.It Fl pubkey +-Print the public key. +-.It Fl serial +-Print the certificate serial number. +-.It Fl sigopt Ar nm:v +-Pass options to the signature algorithm during sign or certify operations. +-The names and values of these options are algorithm-specific. +-.It Fl startdate +-Print the start date of the certificate; that is, the +-.Cm notBefore +-date. +-.It Fl subject +-Print the subject name. +-.It Fl subject_hash +-Print the hash of the certificate subject name. +-This is used in +-.Nm openssl +-to form an index to allow certificates in a directory to be looked up +-by subject name. +-.It Fl subject_hash_old +-Print the hash of the certificate subject name +-using the older algorithm as used by +-.Nm openssl +-versions before 1.0.0. +-.It Fl text +-Print the full certificate in text form. +-.El +-.Pp +-A trusted certificate is a certificate which has several +-additional pieces of information attached to it such as the permitted +-and prohibited uses of the certificate and an alias. +-When a certificate is being verified, at least one certificate must be trusted. +-By default, a trusted certificate must be stored locally and be a root CA. +-The following are x509 trust settings options: +-.Bl -tag -width "XXXX" +-.It Fl addreject Ar arg +-Add a prohibited use. +-Accepts the same values as the +-.Fl addtrust +-option. +-.It Fl addtrust Ar arg +-Add a trusted certificate use. +-Any object name can be used here, but currently only +-.Cm clientAuth +-(SSL client use), +-.Cm serverAuth +-(SSL server use), +-and +-.Cm emailProtection +-(S/MIME email) are used. +-.It Fl alias +-Output the certificate alias. +-.It Fl clrreject +-Clear all the prohibited or rejected uses of the certificate. +-.It Fl clrtrust +-Clear all the permitted or trusted uses of the certificate. +-.It Fl purpose +-Perform tests on the certificate extensions. +-The same code is used when verifying untrusted certificates in chains, +-so this section is useful if a chain is rejected by the verify code. +-.Pp +-The +-.Cm basicConstraints +-extension CA flag is used to determine whether the +-certificate can be used as a CA. +-If the CA flag is true, it is a CA; +-if the CA flag is false, it is not a CA. +-All CAs should have the CA flag set to true. +-.Pp +-If the +-.Cm basicConstraints +-extension is absent, then the certificate is +-considered to be a possible CA; +-other extensions are checked according to the intended use of the certificate. +-A warning is given in this case because the certificate should really not +-be regarded as a CA. +-However it is allowed to be a CA to work around some broken software. +-.Pp +-If the certificate is a V1 certificate +-(and thus has no extensions) and it is self-signed, +-it is also assumed to be a CA but a warning is again given. +-This is to work around the problem of Verisign roots +-which are V1 self-signed certificates. +-.Pp +-If the +-.Cm keyUsage +-extension is present, then additional restraints are +-made on the uses of the certificate. +-A CA certificate must have the +-.Cm keyCertSign +-bit set if the +-.Cm keyUsage +-extension is present. +-.Pp +-The extended key usage extension places additional restrictions on the +-certificate uses. +-If this extension is present, whether critical or not, +-the key can only be used for the purposes specified. +-.Pp +-A complete description of each test is given below. +-The comments about +-.Cm basicConstraints +-and +-.Cm keyUsage +-and V1 certificates above apply to all CA certificates. +-.Bl -tag -width "XXXX" +-.It SSL Client +-The extended key usage extension must be absent or include the +-web client authentication OID. +-.Cm keyUsage +-must be absent or it must have the +-.Cm digitalSignature +-bit set. +-The Netscape certificate type must be absent +-or it must have the SSL client bit set. +-.It SSL Client CA +-The extended key usage extension must be absent or include the +-web client authentication OID. +-The Netscape certificate type must be absent +-or it must have the SSL CA bit set: +-this is used as a workaround if the +-.Cm basicConstraints +-extension is absent. +-.It SSL Server +-The extended key usage extension must be absent or include the +-web server authentication and/or one of the SGC OIDs. +-.Cm keyUsage +-must be absent or it must have the +-.Cm digitalSignature +-set, the +-.Cm keyEncipherment +-set, or both bits set. +-The Netscape certificate type must be absent or have the SSL server bit set. +-.It SSL Server CA +-The extended key usage extension must be absent or include the +-web server authentication and/or one of the SGC OIDs. +-The Netscape certificate type must be absent or the SSL CA bit must be set: +-this is used as a workaround if the +-.Cm basicConstraints +-extension is absent. +-.It Netscape SSL Server +-For Netscape SSL clients to connect to an SSL server; it must have the +-.Cm keyEncipherment +-bit set if the +-.Cm keyUsage +-extension is present. +-This isn't always valid because some cipher suites use the key for +-digital signing. +-Otherwise it is the same as a normal SSL server. +-.It Common S/MIME Client Tests +-The extended key usage extension must be absent or include the +-email protection OID. +-The Netscape certificate type must be absent or should have the S/MIME bit set. +-If the S/MIME bit is not set in Netscape certificate type, then the SSL +-client bit is tolerated as an alternative but a warning is shown: +-this is because some Verisign certificates don't set the S/MIME bit. +-.It S/MIME Signing +-In addition to the common S/MIME client tests, the +-.Cm digitalSignature +-bit must be set if the +-.Cm keyUsage +-extension is present. +-.It S/MIME Encryption +-In addition to the common S/MIME tests, the +-.Cm keyEncipherment +-bit must be set if the +-.Cm keyUsage +-extension is present. +-.It S/MIME CA +-The extended key usage extension must be absent or include the +-email protection OID. +-The Netscape certificate type must be absent +-or must have the S/MIME CA bit set: +-this is used as a workaround if the +-.Cm basicConstraints +-extension is absent. +-.It CRL Signing +-The +-.Cm keyUsage +-extension must be absent or it must have the CRL signing bit set. +-.It CRL Signing CA +-The normal CA tests apply, except the +-.Cm basicConstraints +-extension must be present. +-.El +-.It Fl setalias Ar arg +-Set the alias of the certificate, +-allowing the certificate to be referred to using a nickname, +-such as +-.Qq Steve's Certificate . +-.It Fl trustout +-Output a trusted certificate +-(the default if any trust settings are modified). +-An ordinary or trusted certificate can be input, but by default an ordinary +-certificate is output and any trust settings are discarded. +-.El +-.Pp +-The +-.Nm x509 +-utility can be used to sign certificates and requests: +-it can thus behave like a mini CA. +-The following are x509 signing options: +-.Bl -tag -width "XXXX" +-.It Fl CA Ar file +-The CA certificate to be used for signing. +-When this option is present, +-.Nm x509 +-behaves like a mini CA. +-The input file is signed by the CA using this option; +-that is, its issuer name is set to the subject name of the CA and it is +-digitally signed using the CA's private key. +-.Pp +-This option is normally combined with the +-.Fl req +-option. +-Without the +-.Fl req +-option, the input is a certificate which must be self-signed. +-.It Fl CAcreateserial +-Create the CA serial number file if it does not exist +-instead of generating an error. +-The file will contain the serial number +-.Sq 02 +-and the certificate being signed will have +-.Sq 1 +-as its serial number. +-.It Fl CAform Cm der | pem +-The format of the CA certificate file. +-The default is +-.Cm pem . +-.It Fl CAkey Ar file +-Set the CA private key to sign a certificate with. +-Otherwise it is assumed that the CA private key is present +-in the CA certificate file. +-.It Fl CAkeyform Cm der | pem +-The format of the CA private key. +-The default is +-.Cm pem . +-.It Fl CAserial Ar file +-Use the serial number in +-.Ar file +-to sign a certificate. +-The file should consist of one line containing an even number of hex digits +-with the serial number to use. +-After each use the serial number is incremented and written out +-to the file again. +-.Pp +-The default filename consists of the CA certificate file base name with +-.Pa .srl +-appended. +-For example, if the CA certificate file is called +-.Pa mycacert.pem , +-it expects to find a serial number file called +-.Pa mycacert.srl . +-.It Fl checkend Ar arg +-Check whether the certificate expires in the next +-.Ar arg +-seconds. +-If so, exit with return value 1; +-otherwise exit with return value 0. +-.It Fl clrext +-Delete any extensions from a certificate. +-This option is used when a certificate is being created from another +-certificate (for example with the +-.Fl signkey +-or the +-.Fl CA +-options). +-Normally, all extensions are retained. +-.It Fl days Ar arg +-The number of days to make a certificate valid for. +-The default is 30 days. +-.It Fl extensions Ar section +-The section to add certificate extensions from. +-If this option is not specified, the extensions should either be +-contained in the unnamed (default) section +-or the default section should contain a variable called +-.Qq extensions +-which contains the section to use. +-.It Fl extfile Ar file +-File containing certificate extensions to use. +-If not specified, no extensions are added to the certificate. +-.It Fl force_pubkey Ar key +-Set the public key of the certificate to the public key contained in +-.Ar key . +-.It Fl keyform Cm der | pem +-The format of the key file used in the +-.Fl force_pubkey +-and +-.Fl signkey +-options. +-.It Fl new +-Generate a new certificate using the subject given by +-.Fl set_subject +-and signed by +-.Fl signkey . +-If no public key is provided with +-.Fl force_pubkey , +-the resulting certificate is self-signed. +-This option cannot be used with +-.Fl in +-or +-.Fl req . +-.It Fl req +-Expect a certificate request on input instead of a certificate. +-This option cannot be used with +-.Fl new . +-.It Fl set_issuer Ar name +-The issuer name to use. +-.Ar name +-must be formatted as /type0=value0/type1=value1/type2=...; +-characters may be escaped by +-.Sq \e +-(backslash); +-no spaces are skipped. +-.It Fl set_serial Ar n +-The serial number to use. +-This option can be used with either the +-.Fl signkey +-or +-.Fl CA +-options. +-If used in conjunction with the +-.Fl CA +-option, the serial number file (as specified by the +-.Fl CAserial +-or +-.Fl CAcreateserial +-options) is not used. +-.Pp +-The serial number can be decimal or hex (if preceded by +-.Sq 0x ) . +-Negative serial numbers can also be specified but their use is not recommended. +-.It Fl set_subject Ar name +-The subject name to use. +-.Ar name +-must be formatted as /type0=value0/type1=value1/type2=...; +-characters may be escaped by +-.Sq \e +-(backslash); +-no spaces are skipped. +-.It Fl signkey Ar file +-Self-sign +-.Ar file +-using the supplied private key. +-.Pp +-If the input file is a certificate, it sets the issuer name to the +-subject name (i.e. makes it self-signed), +-changes the public key to the supplied value, +-and changes the start and end dates. +-The start date is set to the current time and the end date is set to +-a value determined by the +-.Fl days +-option. +-Any certificate extensions are retained unless the +-.Fl clrext +-option is supplied. +-.Pp +-If the input is a certificate request, a self-signed certificate +-is created using the supplied private key using the subject name in +-the request. +-.It Fl utf8 +-Interpret field values read from a terminal or obtained from a configuration +-file as UTF-8 strings. +-By default, they are interpreted as ASCII. +-.It Fl x509toreq +-Convert a certificate into a certificate request. +-The +-.Fl signkey +-option is used to pass the required private key. +-.El +-.Sh COMMON NOTATION +-Several commands share a common syntax, +-as detailed below. +-.Pp +-Password arguments, typically specified using +-.Fl passin +-and +-.Fl passout +-for input and output passwords, +-allow passwords to be obtained from a variety of sources. +-Both of these options take a single argument, described below. +-If no password argument is given and a password is required, +-then the user is prompted to enter one: +-this will typically be read from the current terminal with echoing turned off. +-.Bl -tag -width "pass:password" -offset indent +-.It Cm pass : Ns Ar password +-The actual password is +-.Ar password . +-Since the password is visible to utilities, +-this form should only be used where security is not important. +-.It Cm env : Ns Ar var +-Obtain the password from the environment variable +-.Ar var . +-Since the environment of other processes is visible, +-this option should be used with caution. +-.It Cm file : Ns Ar path +-The first line of +-.Ar path +-is the password. +-If the same +-.Ar path +-argument is supplied to +-.Fl passin +-and +-.Fl passout , +-then the first line will be used for the input password and the next line +-for the output password. +-.Ar path +-need not refer to a regular file: +-it could, for example, refer to a device or named pipe. +-.It Cm fd : Ns Ar number +-Read the password from the file descriptor +-.Ar number . +-This can be used to send the data via a pipe, for example. +-.It Cm stdin +-Read the password from standard input. +-.El +-.Pp +-Input/output formats, +-typically specified using +-.Fl inform +-and +-.Fl outform , +-indicate the format being read from or written to. +-The argument is case insensitive. +-.Pp +-.Bl -tag -width Ds -offset indent -compact +-.It Cm der +-Distinguished Encoding Rules (DER) +-is a binary format. +-.It Cm net +-Insecure legacy format. +-.It Cm pem +-Privacy Enhanced Mail (PEM) +-is base64-encoded. +-.It Cm pvk +-Private Key format. +-.It Cm smime +-An SMIME format message. +-.It Cm txt +-Plain ASCII text. +-.El +-.Sh ENVIRONMENT +-The following environment variables affect the execution of +-.Nm openssl : +-.Bl -tag -width "/etc/ssl/openssl.cnf" +-.It Ev OPENSSL_CONF +-The location of the master configuration file. +-.El +-.Sh FILES +-.Bl -tag -width "/etc/ssl/openssl.cnf" -compact +-.It Pa /etc/ssl/ +-Default config directory for +-.Nm openssl . +-.It Pa /etc/ssl/lib/ +-Unused. +-.It Pa /etc/ssl/private/ +-Default private key directory. +-.It Pa /etc/ssl/openssl.cnf +-Default configuration file for +-.Nm openssl . +-.It Pa /etc/ssl/x509v3.cnf +-Default configuration file for +-.Nm x509 +-certificates. +-.El +-.Sh SEE ALSO +-.Xr acme-client 1 , +-.Xr nc 1 , +-.Xr openssl.cnf 5 , +-.Xr x509v3.cnf 5 , +-.Xr ssl 8 , +-.Xr starttls 8 +-.Sh STANDARDS +-.Rs +-.%A T. Dierks +-.%A C. Allen +-.%D January 1999 +-.%R RFC 2246 +-.%T The TLS Protocol Version 1.0 +-.Re +-.Pp +-.Rs +-.%A M. Wahl +-.%A S. Killie +-.%A T. Howes +-.%D December 1997 +-.%R RFC 2253 +-.%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names +-.Re +-.Pp +-.Rs +-.%A B. Kaliski +-.%D March 1998 +-.%R RFC 2315 +-.%T PKCS #7: Cryptographic Message Syntax Version 1.5 +-.Re +-.Pp +-.Rs +-.%A R. Housley +-.%A W. Ford +-.%A W. Polk +-.%A D. Solo +-.%D January 1999 +-.%R RFC 2459 +-.%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile +-.Re +-.Pp +-.Rs +-.%A M. Myers +-.%A R. Ankney +-.%A A. Malpani +-.%A S. Galperin +-.%A C. Adams +-.%D June 1999 +-.%R RFC 2560 +-.%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP +-.Re +-.Pp +-.Rs +-.%A R. Housley +-.%D June 1999 +-.%R RFC 2630 +-.%T Cryptographic Message Syntax +-.Re +-.Pp +-.Rs +-.%A P. Chown +-.%D June 2002 +-.%R RFC 3268 +-.%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) +-.Re +diff -Naur a/apps/openssl/openssl-libre.1 b/apps/openssl/openssl-libre.1 +--- a/apps/openssl/openssl-libre.1 1970-01-01 06:00:00.000000000 +0600 ++++ b/apps/openssl/openssl-libre.1 2025-01-09 23:29:16.599526244 +0600 +@@ -0,0 +1,6865 @@ ++.\" $OpenBSD: openssl.1,v 1.161 2024/08/30 06:05:10 jmc Exp $ ++.\" ==================================================================== ++.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ++.\" ++.\" Redistribution and use in source and binary forms, with or without ++.\" modification, are permitted provided that the following conditions ++.\" are met: ++.\" ++.\" 1. Redistributions of source code must retain the above copyright ++.\" notice, this list of conditions and the following disclaimer. ++.\" ++.\" 2. Redistributions in binary form must reproduce the above copyright ++.\" notice, this list of conditions and the following disclaimer in ++.\" the documentation and/or other materials provided with the ++.\" distribution. ++.\" ++.\" 3. All advertising materials mentioning features or use of this ++.\" software must display the following acknowledgment: ++.\" "This product includes software developed by the OpenSSL Project ++.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++.\" ++.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++.\" endorse or promote products derived from this software without ++.\" prior written permission. For written permission, please contact ++.\" openssl-core@openssl.org. ++.\" ++.\" 5. Products derived from this software may not be called "OpenSSL" ++.\" nor may "OpenSSL" appear in their names without prior written ++.\" permission of the OpenSSL Project. ++.\" ++.\" 6. Redistributions of any form whatsoever must retain the following ++.\" acknowledgment: ++.\" "This product includes software developed by the OpenSSL Project ++.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++.\" ++.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++.\" OF THE POSSIBILITY OF SUCH DAMAGE. ++.\" ==================================================================== ++.\" ++.\" This product includes cryptographic software written by Eric Young ++.\" (eay@cryptsoft.com). This product includes software written by Tim ++.\" Hudson (tjh@cryptsoft.com). ++.\" ++.\" ++.\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++.\" All rights reserved. ++.\" ++.\" This package is an SSL implementation written ++.\" by Eric Young (eay@cryptsoft.com). ++.\" The implementation was written so as to conform with Netscapes SSL. ++.\" ++.\" This library is free for commercial and non-commercial use as long as ++.\" the following conditions are aheared to. The following conditions ++.\" apply to all code found in this distribution, be it the RC4, RSA, ++.\" lhash, DES, etc., code; not just the SSL code. The SSL documentation ++.\" included with this distribution is covered by the same copyright terms ++.\" except that the holder is Tim Hudson (tjh@cryptsoft.com). ++.\" ++.\" Copyright remains Eric Young's, and as such any Copyright notices in ++.\" the code are not to be removed. ++.\" If this package is used in a product, Eric Young should be given attribution ++.\" as the author of the parts of the library used. ++.\" This can be in the form of a textual message at program startup or ++.\" in documentation (online or textual) provided with the package. ++.\" ++.\" Redistribution and use in source and binary forms, with or without ++.\" modification, are permitted provided that the following conditions ++.\" are met: ++.\" 1. Redistributions of source code must retain the copyright ++.\" notice, this list of conditions and the following disclaimer. ++.\" 2. Redistributions in binary form must reproduce the above copyright ++.\" notice, this list of conditions and the following disclaimer in the ++.\" documentation and/or other materials provided with the distribution. ++.\" 3. All advertising materials mentioning features or use of this software ++.\" must display the following acknowledgement: ++.\" "This product includes cryptographic software written by ++.\" Eric Young (eay@cryptsoft.com)" ++.\" The word 'cryptographic' can be left out if the rouines from the library ++.\" being used are not cryptographic related :-). ++.\" 4. If you include any Windows specific code (or a derivative thereof) from ++.\" the apps directory (application code) you must include an ++.\" acknowledgement: ++.\" "This product includes software written by Tim Hudson ++.\" (tjh@cryptsoft.com)" ++.\" ++.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ++.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE ++.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++.\" SUCH DAMAGE. ++.\" ++.\" The licence and distribution terms for any publically available version or ++.\" derivative of this code cannot be changed. i.e. this code cannot simply be ++.\" copied and put under another distribution licence ++.\" [including the GNU Public Licence.] ++.\" ++.Dd $Mdocdate: August 30 2024 $ ++.Dt OPENSSL 1 ++.Os ++.Sh NAME ++.Nm openssl ++.Nd OpenSSL command line tool ++.Sh SYNOPSIS ++.Nm ++.Ar command ++.Op Ar command_opt ... ++.Op Ar command_arg ... ++.Pp ++.Nm ++.Cm list-standard-commands | ++.Cm list-message-digest-commands | ++.Cm list-cipher-commands | ++.Cm list-cipher-algorithms | ++.Cm list-message-digest-algorithms | ++.Cm list-public-key-algorithms ++.Pp ++.Nm ++.Cm no- Ns Ar command ++.Sh DESCRIPTION ++.Nm OpenSSL ++is a cryptography toolkit implementing the ++Transport Layer Security ++.Pq TLS ++network protocol, ++as well as related cryptography standards. ++.Pp ++The ++.Nm ++program is a command line tool for using the various ++cryptography functions of ++.Nm openssl Ns 's ++crypto library from the shell. ++.Pp ++The pseudo-commands ++.Cm list-standard-commands , list-message-digest-commands , ++and ++.Cm list-cipher-commands ++output a list ++.Pq one entry per line ++of the names of all standard commands, message digest commands, ++or cipher commands, respectively, that are available in the present ++.Nm ++utility. ++.Pp ++The pseudo-commands ++.Cm list-cipher-algorithms ++and ++.Cm list-message-digest-algorithms ++list all cipher and message digest names, ++one entry per line. ++Aliases are listed as: ++.Pp ++.D1 from => to ++.Pp ++The pseudo-command ++.Cm list-public-key-algorithms ++lists all supported public key algorithms. ++.Pp ++The pseudo-command ++.Cm no- Ns Ar command ++tests whether a command of the ++specified name is available. ++If ++.Ar command ++does not exist, ++it returns 0 ++and prints ++.Cm no- Ns Ar command ; ++otherwise it returns 1 and prints ++.Ar command . ++In both cases, the output goes to stdout and nothing is printed to stderr. ++Additional command line arguments are always ignored. ++Since for each cipher there is a command of the same name, ++this provides an easy way for shell scripts to test for the ++availability of ciphers in the ++.Nm ++program. ++.Pp ++.Sy Note : ++.Cm no- Ns Ar command ++is not able to detect pseudo-commands such as ++.Cm quit , ++.Cm list- Ns Ar ... Ns Cm -commands , ++or ++.Cm no- Ns Ar command ++itself. ++.Tg asn1parse ++.Sh ASN1PARSE ++.Bl -hang -width "openssl asn1parse" ++.It Nm openssl asn1parse ++.Bk -words ++.Op Fl i ++.Op Fl dlimit Ar number ++.Op Fl dump ++.Op Fl genconf Ar file ++.Op Fl genstr Ar str ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem | txt ++.Op Fl length Ar number ++.Op Fl noout ++.Op Fl offset Ar number ++.Op Fl oid Ar file ++.Op Fl out Ar file ++.Op Fl strparse Ar offset ++.Ek ++.El ++.Pp ++The ++.Nm asn1parse ++command is a diagnostic utility that can parse ASN.1 structures. ++It can also be used to extract data from ASN.1 formatted data. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl dlimit Ar number ++Dump the first ++.Ar number ++bytes of unknown data in hex form. ++.It Fl dump ++Dump unknown data in hex form. ++.It Fl genconf Ar file , Fl genstr Ar str ++Generate encoded data based on string ++.Ar str , ++file ++.Ar file , ++or both, using the format described in ++.Xr ASN1_generate_nconf 3 . ++If only ++.Ar file ++is present then the string is obtained from the default section ++using the name ++.Dq asn1 . ++The encoded data is passed through the ASN.1 parser and printed out as ++though it came from a file; ++the contents can thus be examined and written to a file using the ++.Fl out ++option. ++.It Fl i ++Indent the output according to the ++.Qq depth ++of the structures. ++.It Fl in Ar file ++The input file to read from, or standard input if not specified. ++.It Fl inform Cm der | pem | txt ++The input format. ++.It Fl length Ar number ++Number of bytes to parse; the default is until end of file. ++.It Fl noout ++Do not output the parsed version of the input file. ++.It Fl offset Ar number ++Starting offset to begin parsing; the default is start of file. ++.It Fl oid Ar file ++A file containing additional object identifiers ++.Pq OIDs . ++If an OID ++.Pq object identifier ++is not part of ++.Nm openssl Ns 's ++internal table, it will be represented in ++numerical form ++.Pq for example 1.2.3.4 . ++.Pp ++Each line consists of three columns: ++the first column is the OID in numerical format and should be followed by ++whitespace. ++The second column is the ++.Qq short name , ++which is a single word followed by whitespace. ++The final column is the rest of the line and is the ++.Qq long name . ++.Nm asn1parse ++displays the long name. ++.It Fl out Ar file ++The DER-encoded output file; the default is no encoded output ++(useful when combined with ++.Fl strparse ) . ++.It Fl strparse Ar offset ++Parse the content octets of the ASN.1 object starting at ++.Ar offset . ++This option can be used multiple times to ++.Qq drill down ++into a nested structure. ++.El ++.Tg ca ++.Sh CA ++.Bl -hang -width "openssl ca" ++.It Nm openssl ca ++.Bk -words ++.Op Fl batch ++.Op Fl cert Ar file ++.Op Fl config Ar file ++.Op Fl create_serial ++.Op Fl crl_CA_compromise Ar time ++.Op Fl crl_compromise Ar time ++.Op Fl crl_hold Ar instruction ++.Op Fl crl_reason Ar reason ++.Op Fl crldays Ar days ++.Op Fl crlexts Ar section ++.Op Fl crlhours Ar hours ++.Op Fl crlsec Ar seconds ++.Op Fl days Ar arg ++.Op Fl enddate Ar date ++.Op Fl extensions Ar section ++.Op Fl extfile Ar file ++.Op Fl gencrl ++.Op Fl in Ar file ++.Op Fl infiles ++.Op Fl key Ar password ++.Op Fl keyfile Ar file ++.Op Fl keyform Cm pem | der ++.Op Fl md Ar alg ++.Op Fl msie_hack ++.Op Fl multivalue-rdn ++.Op Fl name Ar section ++.Op Fl noemailDN ++.Op Fl notext ++.Op Fl out Ar file ++.Op Fl outdir Ar directory ++.Op Fl passin Ar arg ++.Op Fl policy Ar arg ++.Op Fl preserveDN ++.Op Fl revoke Ar file ++.Op Fl selfsign ++.Op Fl sigopt Ar nm:v ++.Op Fl ss_cert Ar file ++.Op Fl startdate Ar date ++.Op Fl status Ar serial ++.Op Fl subj Ar arg ++.Op Fl updatedb ++.Op Fl utf8 ++.Op Fl verbose ++.Ek ++.El ++.Pp ++The ++.Nm ca ++command is a minimal certificate authority (CA) application. ++It can be used to sign certificate requests in a variety of forms ++and generate certificate revocation lists (CRLs). ++It also maintains a text database of issued certificates and their status. ++.Pp ++The options relevant to CAs are as follows: ++.Bl -tag -width "XXXX" ++.It Fl batch ++Batch mode. ++In this mode no questions will be asked ++and all certificates will be certified automatically. ++.It Fl cert Ar file ++The CA certificate file. ++.It Fl config Ar file ++Specify an alternative configuration file. ++.It Fl create_serial ++If reading the serial from the text file as specified in the ++configuration fails, create a new random serial to be used as the ++next serial number. ++.It Fl days Ar arg ++The number of days to certify the certificate for. ++.It Fl enddate Ar date ++Set the expiry date. ++The format of the date is [YY]YYMMDDHHMMSSZ, ++with all four year digits required for dates from 2050 onwards. ++.It Fl extensions Ar section ++The section of the configuration file containing certificate extensions ++to be added when a certificate is issued (defaults to ++.Cm x509_extensions ++unless the ++.Fl extfile ++option is used). ++If no extension section is present, a V1 certificate is created. ++If the extension section is present ++.Pq even if it is empty , ++then a V3 certificate is created. ++See the ++.Xr x509v3.cnf 5 ++manual page for details of the extension section format. ++.It Fl extfile Ar file ++An additional configuration ++.Ar file ++to read certificate extensions from ++(using the default section unless the ++.Fl extensions ++option is also used). ++.It Fl in Ar file ++An input ++.Ar file ++containing a single certificate request to be signed by the CA. ++.It Fl infiles ++If present, this should be the last option; all subsequent arguments ++are assumed to be the names of files containing certificate requests. ++.It Fl key Ar password ++The ++.Fa password ++used to encrypt the private key. ++Since on some systems the command line arguments are visible, ++this option should be used with caution. ++.It Fl keyfile Ar file ++The private key to sign requests with. ++.It Fl keyform Cm pem | der ++Private key file format. ++The default is ++.Cm pem . ++.It Fl md Ar alg ++The message digest to use. ++Possible values include ++.Ar md5 ++and ++.Ar sha1 . ++This option also applies to CRLs. ++.It Fl msie_hack ++This is a legacy option to make ++.Nm ca ++work with very old versions of the IE certificate enrollment control ++.Qq certenr3 . ++It used UniversalStrings for almost everything. ++Since the old control has various security bugs, ++its use is strongly discouraged. ++The newer control ++.Qq Xenroll ++does not need this option. ++.It Fl multivalue-rdn ++This option causes the ++.Fl subj ++argument to be interpreted with full support for multivalued RDNs, ++for example ++.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . ++If ++.Fl multivalue-rdn ++is not used, the UID value is set to ++.Qq "123456+CN=John Doe" . ++.It Fl name Ar section ++Specifies the configuration file ++.Ar section ++to use (overrides ++.Cm default_ca ++in the ++.Cm ca ++section). ++.It Fl noemailDN ++The DN of a certificate can contain the EMAIL field if present in the ++request DN, however it is good policy just having the email set into ++the ++.Cm altName ++extension of the certificate. ++When this option is set, the EMAIL field is removed from the certificate's ++subject and set only in the, eventually present, extensions. ++The ++.Ar email_in_dn ++keyword can be used in the configuration file to enable this behaviour. ++.It Fl notext ++Don't output the text form of a certificate to the output file. ++.It Fl out Ar file ++The output file to output certificates to. ++The default is standard output. ++The certificate details will also be printed out to this file in ++PEM format. ++.It Fl outdir Ar directory ++The ++.Ar directory ++to output certificates to. ++The certificate will be written to a file consisting of the ++serial number in hex with ++.Qq .pem ++appended. ++.It Fl passin Ar arg ++The key password source. ++.It Fl policy Ar arg ++Define the CA ++.Qq policy ++to use. ++The policy section in the configuration file ++consists of a set of variables corresponding to certificate DN fields. ++The values may be one of ++.Qq match ++(the value must match the same field in the CA certificate), ++.Qq supplied ++(the value must be present), or ++.Qq optional ++(the value may be present). ++Any fields not mentioned in the policy section ++are silently deleted, unless the ++.Fl preserveDN ++option is set, ++but this can be regarded more of a quirk than intended behaviour. ++.It Fl preserveDN ++Normally, the DN order of a certificate is the same as the order of the ++fields in the relevant policy section. ++When this option is set, the order is the same as the request. ++This is largely for compatibility with the older IE enrollment control ++which would only accept certificates if their DNs matched the order of the ++request. ++This is not needed for Xenroll. ++.It Fl selfsign ++Indicates the issued certificates are to be signed with the key the ++certificate requests were signed with, given with ++.Fl keyfile . ++Certificate requests signed with a different key are ignored. ++If ++.Fl gencrl ++or ++.Fl ss_cert ++are given, ++.Fl selfsign ++is ignored. ++.Pp ++A consequence of using ++.Fl selfsign ++is that the self-signed certificate appears among the entries in ++the certificate database (see the configuration option ++.Cm database ) ++and uses the same serial number counter as all other certificates ++signed with the self-signed certificate. ++.It Fl sigopt Ar nm:v ++Pass options to the signature algorithm during sign or certify operations. ++The names and values of these options are algorithm-specific. ++.It Fl ss_cert Ar file ++A single self-signed certificate to be signed by the CA. ++.It Fl startdate Ar date ++Set the start date. ++The format of the date is [YY]YYMMDDHHMMSSZ, ++with all four year digits required for dates from 2050 onwards. ++.It Fl subj Ar arg ++Supersedes the subject name given in the request. ++The ++.Ar arg ++must be formatted as ++.Sm off ++.Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns / ++.Ar type2 Ns = Ar ... ; ++.Sm on ++characters may be escaped by ++.Sq \e ++.Pq backslash , ++no spaces are skipped. ++.It Fl utf8 ++Interpret field values read from a terminal or obtained from a ++configuration file as UTF-8 strings. ++By default, they are interpreted as ASCII. ++.It Fl verbose ++Print extra details about the operations being performed. ++.El ++.Pp ++The options relevant to CRLs are as follows: ++.Bl -tag -width "XXXX" ++.It Fl crl_CA_compromise Ar time ++This is the same as ++.Fl crl_compromise , ++except the revocation reason is set to CACompromise. ++.It Fl crl_compromise Ar time ++Set the revocation reason to keyCompromise and the compromise time to ++.Ar time . ++.Ar time ++should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ. ++.It Fl crl_hold Ar instruction ++Set the CRL revocation reason code to certificateHold and the hold ++instruction to ++.Ar instruction ++which must be an OID. ++Although any OID can be used, only holdInstructionNone ++(the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or ++holdInstructionReject will normally be used. ++.It Fl crl_reason Ar reason ++Revocation reason, where ++.Ar reason ++is one of: ++unspecified, keyCompromise, CACompromise, affiliationChanged, superseded, ++cessationOfOperation, certificateHold or removeFromCRL. ++The matching of ++.Ar reason ++is case insensitive. ++Setting any revocation reason will make the CRL v2. ++In practice, removeFromCRL is not particularly useful because it is only used ++in delta CRLs which are not currently implemented. ++.It Fl crldays Ar days ++The number of days before the next CRL is due. ++This is the days from now to place in the CRL ++.Cm nextUpdate ++field. ++.It Fl crlexts Ar section ++The ++.Ar section ++of the configuration file containing CRL extensions to include. ++If no CRL extension section is present then a V1 CRL is created; ++if the CRL extension section is present ++(even if it is empty) ++then a V2 CRL is created. ++The CRL extensions specified are CRL extensions and not CRL entry extensions. ++It should be noted that some software can't handle V2 CRLs. ++See the ++.Xr x509v3.cnf 5 ++manual page for details of the extension section format. ++.It Fl crlhours Ar hours ++The number of hours before the next CRL is due. ++.It Fl crlsec Ar seconds ++The number of seconds before the next CRL is due. ++.It Fl gencrl ++Generate a CRL based on information in the index file. ++.It Fl revoke Ar file ++A ++.Ar file ++containing a certificate to revoke. ++.It Fl status Ar serial ++Show the status of the certificate with serial number ++.Ar serial . ++.It Fl updatedb ++Update the database index to purge expired certificates. ++.El ++.Pp ++Many of the options can be set in the ++.Cm ca ++section of the configuration file ++(or in the default section of the configuration file), ++specified using ++.Cm default_ca ++or ++.Fl name . ++The options ++.Cm preserve ++and ++.Cm msie_hack ++are read directly from the ++.Cm ca ++section. ++.Pp ++Many of the configuration file options are identical to command line ++options. ++Where the option is present in the configuration file and the command line, ++the command line value is used. ++Where an option is described as mandatory, then it must be present in ++the configuration file or the command line equivalent ++.Pq if any ++used. ++.Bl -tag -width "XXXX" ++.It Cm certificate ++The same as ++.Fl cert . ++It gives the file containing the CA certificate. ++Mandatory. ++.It Cm copy_extensions ++Determines how extensions in certificate requests should be handled. ++If set to ++.Cm none ++or this option is not present, then extensions are ++ignored and not copied to the certificate. ++If set to ++.Cm copy , ++then any extensions present in the request that are not already present ++are copied to the certificate. ++If set to ++.Cm copyall , ++then all extensions in the request are copied to the certificate: ++if the extension is already present in the certificate it is deleted first. ++.Pp ++The ++.Cm copy_extensions ++option should be used with caution. ++If care is not taken, it can be a security risk. ++For example, if a certificate request contains a ++.Cm basicConstraints ++extension with CA:TRUE and the ++.Cm copy_extensions ++value is set to ++.Cm copyall ++and the user does not spot ++this when the certificate is displayed, then this will hand the requester ++a valid CA certificate. ++.Pp ++This situation can be avoided by setting ++.Cm copy_extensions ++to ++.Cm copy ++and including ++.Cm basicConstraints ++with CA:FALSE in the configuration file. ++Then if the request contains a ++.Cm basicConstraints ++extension, it will be ignored. ++.Pp ++The main use of this option is to allow a certificate request to supply ++values for certain extensions such as ++.Cm subjectAltName . ++.It Cm crl_extensions ++The same as ++.Fl crlexts . ++.It Cm crlnumber ++A text file containing the next CRL number to use in hex. ++The CRL number will be inserted in the CRLs only if this file exists. ++If this file is present, it must contain a valid CRL number. ++.It Cm database ++The text database file to use. ++Mandatory. ++This file must be present, though initially it will be empty. ++.It Cm default_crl_hours , default_crl_days ++The same as the ++.Fl crlhours ++and ++.Fl crldays ++options. ++These will only be used if neither command line option is present. ++At least one of these must be present to generate a CRL. ++.It Cm default_days ++The same as the ++.Fl days ++option. ++The number of days to certify a certificate for. ++.It Cm default_enddate ++The same as the ++.Fl enddate ++option. ++Either this option or ++.Cm default_days ++.Pq or the command line equivalents ++must be present. ++.It Cm default_md ++The same as the ++.Fl md ++option. ++The message digest to use. ++Mandatory. ++.It Cm default_startdate ++The same as the ++.Fl startdate ++option. ++The start date to certify a certificate for. ++If not set, the current time is used. ++.It Cm email_in_dn ++The same as ++.Fl noemailDN . ++If the EMAIL field is to be removed from the DN of the certificate, ++simply set this to ++.Qq no . ++If not present, the default is to allow for the EMAIL field in the ++certificate's DN. ++.It Cm msie_hack ++The same as ++.Fl msie_hack . ++.It Cm name_opt , cert_opt ++These options allow the format used to display the certificate details ++when asking the user to confirm signing. ++All the options supported by the ++.Nm x509 ++utilities' ++.Fl nameopt ++and ++.Fl certopt ++switches can be used here, except that ++.Cm no_signame ++and ++.Cm no_sigdump ++are permanently set and cannot be disabled ++(this is because the certificate signature cannot be displayed because ++the certificate has not been signed at this point). ++.Pp ++For convenience, the value ++.Cm ca_default ++is accepted by both to produce a reasonable output. ++.Pp ++If neither option is present, the format used in earlier versions of ++.Nm openssl ++is used. ++Use of the old format is strongly discouraged ++because it only displays fields mentioned in the ++.Cm policy ++section, ++mishandles multicharacter string types and does not display extensions. ++.It Cm new_certs_dir ++The same as the ++.Fl outdir ++command line option. ++It specifies the directory where new certificates will be placed. ++Mandatory. ++.It Cm oid_file ++This specifies a file containing additional object identifiers. ++Each line of the file should consist of the numerical form of the ++object identifier followed by whitespace, then the short name followed ++by whitespace and finally the long name. ++.It Cm oid_section ++This specifies a section in the configuration file containing extra ++object identifiers. ++Each line should consist of the short name of the object identifier ++followed by ++.Sq = ++and the numerical form. ++The short and long names are the same when this option is used. ++.It Cm policy ++The same as ++.Fl policy . ++Mandatory. ++.It Cm preserve ++The same as ++.Fl preserveDN . ++.It Cm private_key ++Same as the ++.Fl keyfile ++option. ++The file containing the CA private key. ++Mandatory. ++.It Cm serial ++A text file containing the next serial number to use in hex. ++Mandatory. ++This file must be present and contain a valid serial number. ++.It Cm unique_subject ++If the value ++.Cm yes ++is given, the valid certificate entries in the ++database must have unique subjects. ++If the value ++.Cm no ++is given, ++several valid certificate entries may have the exact same subject. ++The default value is ++.Cm yes . ++.Pp ++Note that it is valid in some circumstances for certificates to be created ++without any subject. ++In cases where there are multiple certificates without ++subjects this does not count as a duplicate. ++.It Cm x509_extensions ++The same as ++.Fl extensions . ++.El ++.Tg certhash ++.Sh CERTHASH ++.Bl -hang -width "openssl certhash" ++.It Nm openssl certhash ++.Bk -words ++.Op Fl nv ++.Ar dir ... ++.Ek ++.El ++.Pp ++The ++.Nm certhash ++command calculates a hash value of ++.Qq .pem ++file in the specified directory list and creates symbolic links for each file, ++where the name of the link is the hash value. ++See the ++.Xr SSL_CTX_load_verify_locations 3 ++manual page for how hash links are used. ++.Pp ++The links created are of the form ++.Qq HHHHHHHH.D , ++where each ++.Sq H ++is a hexadecimal character and ++.Sq D ++is a single decimal digit. ++The hashes for CRLs look similar, except the letter ++.Sq r ++appears after the period, like this: ++.Qq HHHHHHHH.rD . ++When processing a directory, ++.Nm certhash ++will first remove all links that have a name in that syntax and invalid ++reference. ++.Pp ++Multiple objects may have the same hash; they will be indicated by ++incrementing the ++.Sq D ++value. ++Duplicates are found by comparing the full SHA256 fingerprint. ++A warning will be displayed if a duplicate is found. ++.Pp ++A warning will also be displayed if there are files that cannot be parsed as ++either a certificate or a CRL. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl n ++Perform a dry-run, and do not make any changes. ++.It Fl v ++Print extra details about the processing. ++.It Ar dir ... ++Specify the directories to process. ++.El ++.Tg ciphers ++.Sh CIPHERS ++.Nm openssl ciphers ++.Op Fl hsVv ++.Op Fl tls1_2 ++.Op Fl tls1_3 ++.Op Ar control ++.Pp ++The ++.Nm ciphers ++command converts the ++.Ar control ++string from the format documented in ++.Xr SSL_CTX_set_cipher_list 3 ++into an ordered SSL cipher suite preference list. ++If no ++.Ar control ++string is specified, the ++.Cm DEFAULT ++list is printed. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl h , \&? ++Print a brief usage message. ++.It Fl s ++Only list ciphers that are supported by the TLS method. ++.It Fl tls1_2 | tls1_3 ++In combination with the ++.Fl s ++option, list the ciphers which could be used ++if the specified protocol version were negotiated. ++.It Fl V ++Verbose. ++List ciphers with cipher suite code in hex format, ++cipher name, and a complete description of protocol version, ++key exchange, authentication, encryption, and mac algorithms. ++.It Fl v ++Like ++.Fl V , ++but without cipher suite codes. ++.El ++.Tg cms ++.Sh CMS ++.Bl -hang -width "openssl cms" ++.It Nm openssl cms ++.Bk -words ++.Oo ++.Fl aes128 | aes192 | aes256 | camellia128 | ++.Fl camellia192 | camellia256 | des | des3 | ++.Fl rc2-40 | rc2-64 | rc2-128 ++.Oc ++.Op Fl CAfile Ar file ++.Op Fl CApath Ar directory ++.Op Fl CRLfile Ar file ++.Op Fl binary ++.Op Fl certfile Ar file ++.Op Fl certsout Ar file ++.Op Fl cmsout ++.Op Fl compress ++.Op Fl content Ar file ++.Op Fl crlfeol ++.Op Fl data_create ++.Op Fl data_out ++.Op Fl debug_decrypt ++.Op Fl decrypt ++.Op Fl digest_create ++.Op Fl digest_verify ++.Op Fl econtent_type Ar type ++.Op Fl encrypt ++.Op Fl EncryptedData_decrypt ++.Op Fl EncryptedData_encrypt ++.Op Fl from Ar addr ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem | smime ++.Op Fl inkey Ar file ++.Op Fl keyform Cm der | pem ++.Op Fl keyid ++.Op Fl keyopt Ar nm:v ++.Op Fl md Ar digest ++.Op Fl no_attr_verify ++.Op Fl no_content_verify ++.Op Fl no_signer_cert_verify ++.Op Fl noattr ++.Op Fl nocerts ++.Op Fl nodetach ++.Op Fl nointern ++.Op Fl nooldmime ++.Op Fl noout ++.Op Fl nosigs ++.Op Fl nosmimecap ++.Op Fl noverify ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem | smime ++.Op Fl passin Ar src ++.Op Fl print ++.Op Fl pwri_password Ar arg ++.Op Fl rctform Cm der | pem | smime ++.Op Fl receipt_request_all | receipt_request_first ++.Op Fl receipt_request_from Ar addr ++.Op Fl receipt_request_print ++.Op Fl receipt_request_to Ar addr ++.Op Fl recip Ar file ++.Op Fl resign ++.Op Fl secretkey Ar key ++.Op Fl secretkeyid Ar id ++.Op Fl sign ++.Op Fl sign_receipt ++.Op Fl signer Ar file ++.Op Fl stream | indef | noindef ++.Op Fl subject Ar s ++.Op Fl text ++.Op Fl to Ar addr ++.Op Fl uncompress ++.Op Fl verify ++.Op Fl verify_receipt Ar file ++.Op Fl verify_retcode ++.Op Ar cert.pem ... ++.Ek ++.El ++.Pp ++The ++.Nm cms ++command handles S/MIME v3.1 mail. ++It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME ++messages. ++.Pp ++The MIME message must be sent without any blank lines between the headers and ++the output. ++Some mail programs will automatically add a blank line. ++Piping the mail directly to sendmail is one way to achieve the correct format. ++.Pp ++The supplied message to be signed or encrypted must include the necessary MIME ++headers or many S/MIME clients won't display it properly (if at all). ++You can use the ++.Fl text ++option to automatically add plain text headers. ++.Pp ++A "signed and encrypted" message is one where a signed message is then ++encrypted. ++This can be produced by encrypting an already signed message. ++.Pp ++There are various operation options that set the type of operation to be ++performed. ++The meaning of the other options varies according to the operation type. ++.Bl -tag -width "XXXX" ++.It Fl encrypt ++Encrypt mail for the given recipient certificates. ++Input file is the message to be encrypted. ++The output file is the encrypted mail in MIME format. ++The actual CMS type is EnvelopedData. ++Note that no revocation check is done for the recipient cert, so if that ++key has been compromised, others may be able to decrypt the text. ++.It Fl decrypt ++Decrypt mail using the supplied certificate and private key. ++Expects an encrypted mail message in MIME format for the input file. ++The decrypted mail is written to the output file. ++.It Fl sign ++Sign mail using the supplied certificate and private key. ++Input file is the message to be signed. ++The signed message in MIME format is written to the output file. ++.It Fl verify ++Verify signed mail. ++Expects a signed mail message on input and outputs the signed data. ++Both clear text and opaque signing are supported. ++.It Fl cmsout ++Take an input message and write out a PEM encoded CMS structure. ++.It Fl resign ++Resign a message. ++Take an existing message and one or more new signers. ++This operation uses an existing message digest when adding a new signer. ++This means that attributes must be present in at least one existing ++signer using the same message digest or this operation will fail. ++.It Fl data_create ++Create a CMS Data type. ++.It Fl data_out ++Output a content from the input CMS Data type. ++.It Fl digest_create ++Create a CMS DigestedData type. ++.It Fl digest_verify ++Verify a CMS DigestedData type and output the content. ++.It Fl compress ++Create a CMS CompressedData type. ++Must be compiled with zlib support for this option to work. ++.It Fl uncompress ++Uncompress a CMS CompressedData type and output the content. ++Must be compiled with zlib support for this option to work. ++.It Fl EncryptedData_encrypt ++Encrypt a content using supplied symmetric key and algorithm using a ++CMS EncryptedData type. ++.It Fl EncryptedData_decrypt ++Decrypt a CMS EncryptedData type using supplied symmetric key. ++.It Fl sign_receipt ++Generate and output a signed receipt for the supplied message. ++The input message must contain a signed receipt request. ++Functionality is otherwise similar to the ++.Fl sign ++operation. ++.It Xo ++.Fl verify_receipt Ar file ++.Xc ++Verify a signed receipt in file. ++The input message must contain the original receipt request. ++Functionality is otherwise similar to the ++.Fl verify ++operation. ++.El ++.Pp ++The remaining options are as follows: ++.Bl -tag -width "XXXX" ++.It Xo ++.Fl aes128 | aes192 | aes256 | camellia128 | ++.Fl camellia192 | camellia256 | des | des3 | ++.Fl rc2-40 | rc2-64 | rc2-128 ++.Xc ++The encryption algorithm to use. ++128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA, ++DES (56 bits), triple DES (168 bits), ++or 40-, 64-, or 128-bit RC2, respectively; ++if not specified, triple DES is ++used. ++Only used with ++.Fl encrypt ++and ++.Fl EncryptedData_encrypt ++commands. ++.It Fl binary ++Normally the input message is converted to "canonical" format which is ++effectively using CR/LF as end of line, as required by the S/MIME specification. ++When this option is present, no translation occurs. ++This is useful when handling binary data which may not be in MIME format. ++.It Fl CAfile Ar file ++A file containing trusted CA certificates, used with ++.Fl verify ++and ++.Fl verify_receipt . ++.It Fl CApath Ar directory ++A directory containing trusted CA certificates, used with ++.Fl verify ++and ++.Fl verify_receipt . ++This directory must be a standard certificate directory: that is a hash ++of each subject name (using ++.Nm x509 Fl hash ) ++should be linked to each certificate. ++.It Fl CRLfile Ar file ++Allows additional certificate revocation lists to be specified for verification. ++The CRLs should be in PEM format. ++.It Ar cert.pem ... ++One or more certificates of message recipients: used when encrypting a message. ++.It Fl certfile Ar file ++Allows additional certificates to be specified. ++When signing, these will be included with the message. ++When verifying, these will be searched for the signer's certificates. ++The certificates should be in PEM format. ++.It Fl certsout Ar file ++A file that any certificates contained in the message are written to. ++.It Xo ++.Fl check_ss_sig , ++.Fl crl_check , ++.Fl crl_check_all , ++.Fl extended_crl , ++.Fl ignore_critical , ++.Fl issuer_checks , ++.Fl policy , ++.Fl policy_check , ++.Fl purpose , ++.Fl x509_strict ++.Xc ++Set various certificate chain validation options. ++See the ++.Nm verify ++command for details. ++.It Fl content Ar file ++A file containing the detached content. ++This is only useful with the ++.Fl verify ++command. ++This is only usable if the CMS structure is using the detached signature ++form where the content is not included. ++This option will override any content if the input format is S/MIME and ++it uses the multipart/signed MIME content type. ++.It Fl crlfeol ++Output a S/MIME message with CR/LF end of line. ++.It Fl debug_decrypt ++Set the CMS_DEBUG_DECRYPT flag when decrypting. ++This option should be used with caution, since this can be used to disable ++the MMA attack protection and return an error if no recipient can be found. ++See the ++.Xr CMS_decrypt 3 ++manual page for details of the flag. ++.It Xo ++.Fl from Ar addr , ++.Fl subject Ar s , ++.Fl to Ar addr ++.Xc ++The relevant mail headers. ++These are included outside the signed portion of a message so they may ++be included manually. ++If signing then many S/MIME mail clients check the signer's certificate's ++email address matches that specified in the From: address. ++.It Fl econtent_type Ar type ++Set the encapsulated content type, used with ++.Fl sign . ++If not supplied, the Data type is used. ++The type argument can be any valid OID name in either text or numerical format. ++.It Fl in Ar file ++The input message to be encrypted or signed or the message to be decrypted or ++verified. ++.It Fl inform Cm der | pem | smime ++The input format for the CMS structure. ++The default is ++.Cm smime , ++which reads an S/MIME format message. ++.Cm pem ++and ++.Cm der ++format change this to expect PEM and DER format CMS structures instead. ++This currently only affects the input format of the CMS structure; if no ++CMS structure is being input (for example with ++.Fl encrypt ++or ++.Fl sign ) ++this option has no effect. ++.It Fl inkey Ar file ++The private key to use when signing or decrypting. ++This must match the corresponding certificate. ++If this option is not specified then the private key must be included in ++the certificate file specified with the ++.Fl recip ++or ++.Fl signer ++file. ++When signing, this option can be used multiple times to specify successive keys. ++.It Fl keyform Cm der | pem ++Input private key format. ++The default is ++.Cm pem . ++.It Fl keyid ++Use subject key identifier to identify certificates instead of issuer ++name and serial number. ++The supplied certificate must include a subject key identifier extension. ++Supported by ++.Fl sign ++and ++.Fl encrypt ++operations. ++.It Fl keyopt Ar nm:v ++Set customised parameters for the preceding key or certificate ++for encryption and signing. ++It can currently be used to set RSA-PSS for signing, RSA-OAEP for ++encryption or to modify default parameters for ECDH. ++This option can be used multiple times. ++.It Fl md Ar digest ++The digest algorithm to use when signing or resigning. ++If not present then the default digest algorithm for the signing key ++will be used (usually SHA1). ++.It Fl no_attr_verify ++Do not verify the signer's attribute of a signature. ++.It Fl no_content_verify ++Do not verify the content of a signed message. ++.It Fl no_signer_cert_verify ++Do not verify the signer's certificate of a signed message. ++.It Fl noattr ++Do not include attributes. ++Normally when a message is signed a set of attributes are included which ++include the signing time and supported symmetric algorithms. ++With this option they are not included. ++.It Fl nocerts ++Do not include the signer's certificate. ++This will reduce the size of the signed message but the verifier must ++have a copy of the signer's certificate available locally (passed using ++the ++.Fl certfile ++option for example). ++.It Fl nodetach ++When signing a message, use opaque signing. ++This form is more resistant to translation by mail relays but it cannot be ++read by mail agents that do not support S/MIME. ++Without this option cleartext signing with the MIME type multipart/signed is ++used. ++.It Fl nointern ++Only the certificates specified in the ++.Fl certfile ++option are used. ++When verifying a message, normally certificates (if any) included in the ++message are searched for the signing certificate. ++The supplied certificates can still be used as untrusted CAs however. ++.It Fl nooldmime ++Output an old S/MIME content type like "application/x-pkcs7-". ++.It Fl noout ++Do not output the parsed CMS structure for the ++.Fl cmsout ++operation. ++This is useful when combined with the ++.Fl print ++option or if the syntax of the CMS structure is being checked. ++.It Fl nosigs ++Do not try to verify the signatures on the message. ++.It Fl nosmimecap ++Exclude the list of supported algorithms from signed attributes; other ++options such as signing time and content type are still included. ++.It Fl noverify ++Do not verify the signer's certificate of a signed message. ++.It Fl out Ar file ++The message text that has been decrypted or verified or the output MIME ++format message that has been signed or verified. ++.It Fl outform Cm der | pem | smime ++This specifies the output format for the CMS structure. ++The default is ++.Cm smime , ++which writes an S/MIME format message. ++.Cm pem ++and ++.Cm der ++format change this to write PEM and DER format CMS structures instead. ++This currently only affects the output format of the CMS structure; if ++no CMS structure is being output (for example with ++.Fl verify ++or ++.Fl decrypt ) ++this option has no effect. ++.It Fl passin Ar src ++The private key password source. ++.It Fl print ++Print out all fields of the CMS structure for the ++.Fl cmsout ++operation. ++This is mainly useful for testing purposes. ++.It Fl pwri_password Ar arg ++Specify PasswordRecipientInfo (PWRI) password to use. ++Supported by the ++.Fl encrypt ++and ++.Fl decrypt ++operations. ++.It Fl rctform Cm der | pem | smime ++Specify the format for a signed receipt for use with the ++.Fl receipt_verify ++operation. ++The default is ++.Cm smime . ++.It Fl receipt_request_all | receipt_request_first ++Indicate requests should be provided by all recipient or first tier ++recipients (those mailed directly and not from a mailing list), for the ++.Fl sign ++operation to include a signed receipt request. ++Ignored if ++.Fl receipt_request_from ++is included. ++.It Fl receipt_request_from Ar addr ++Add an explicit email address where receipts should be supplied. ++.It Fl receipt_request_print ++Print out the contents of any signed receipt requests for the ++.Fl verify ++operation. ++.It Fl receipt_request_to Ar addr ++Add an explicit email address where signed receipts should be sent to. ++This option must be supplied if a signed receipt is requested. ++.It Fl recip Ar file ++When decrypting a message, this specifies the recipient's certificate. ++The certificate must match one of the recipients of the message or an ++error occurs. ++When encrypting a message, this option may be used multiple times to ++specify each recipient. ++This form must be used if customised parameters are required (for example to ++specify RSA-OAEP). ++Only certificates carrying RSA, Diffie-Hellman or EC keys are supported ++by this option. ++.It Fl secretkey Ar key ++Specify symmetric key to use. ++The key must be supplied in hex format and be consistent with the ++algorithm used. ++Supported by the ++.Fl EncryptedData_encrypt , ++.Fl EncryptedData_decrypt , ++.Fl encrypt ++and ++.Fl decrypt ++operations. ++When used with ++.Fl encrypt ++or ++.Fl decrypt , ++the supplied key is used to wrap or unwrap the content encryption key ++using an AES key in the KEKRecipientInfo type. ++.It Fl secretkeyid Ar id ++The key identifier for the supplied symmetric key for KEKRecipientInfo type. ++This option must be present if the ++.Fl secretkey ++option is used with ++.Fl encrypt . ++With ++.Fl decrypt ++operations the id is used to locate the relevant key; if it is not supplied ++then an attempt is used to decrypt any KEKRecipientInfo structures. ++.It Fl signer Ar file ++A signing certificate when signing or resigning a message; this option ++can be used multiple times if more than one signer is required. ++If a message is being verified then the signers certificates will be ++written to this file if the verification was successful. ++.It Xo ++.Fl stream | ++.Fl indef | ++.Fl noindef ++.Xc ++The ++.Fl stream ++and ++.Fl indef ++options are equivalent and enable streaming I/O for encoding operations. ++This permits single pass processing of data without the need to hold the ++entire contents in memory, potentially supporting very large files. ++Streaming is automatically set for S/MIME signing with detached data if ++the output format is ++.Cm smime ; ++it is currently off by default for all other operations. ++.Fl noindef ++disable streaming I/O where it would produce an indefinite length ++constructed encoding. ++This option currently has no effect. ++.It Fl text ++Add plain text (text/plain) MIME headers to the supplied message if ++encrypting or signing. ++If decrypting or verifying, it strips off text headers: if the decrypted ++or verified message is not of MIME type text/plain then an error occurs. ++.It Fl verify_retcode ++Set verification error code to exit code to indicate what verification error ++has occurred. ++Supported by ++.Fl verify ++operation only. ++Exit code value minus 32 shows verification error code. ++See ++.Nm verify ++command for the list of verification error code. ++.El ++.Pp ++The exit codes for ++.Nm cms ++are as follows: ++.Pp ++.Bl -tag -width "XXXX" -offset 3n -compact ++.It 0 ++The operation was completely successful. ++.It 1 ++An error occurred parsing the command options. ++.It 2 ++One of the input files could not be read. ++.It 3 ++An error occurred creating the CMS file or when reading the MIME message. ++.It 4 ++An error occurred decrypting or verifying the message. ++.It 5 ++The message was verified correctly but an error occurred writing out the ++signer's certificates. ++.It 6 ++An error occurred writing the output file. ++.It 32+ ++A verify error occurred while ++.Fl verify_retcode ++is specified. ++.El ++.Tg crl ++.Sh CRL ++.Bl -hang -width "openssl crl" ++.It Nm openssl crl ++.Bk -words ++.Op Fl CAfile Ar file ++.Op Fl CApath Ar dir ++.Op Fl crlnumber ++.Op Fl fingerprint ++.Op Fl hash ++.Op Fl hash_old ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem ++.Op Fl issuer ++.Op Fl lastupdate ++.Op Fl nameopt Ar option ++.Op Fl nextupdate ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem ++.Op Fl text ++.Op Fl verify ++.Ek ++.El ++.Pp ++The ++.Nm crl ++command processes CRL files in DER or PEM format. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl CAfile Ar file ++Verify the signature on a CRL by looking up the issuing certificate in ++.Ar file . ++.It Fl CApath Ar directory ++Verify the signature on a CRL by looking up the issuing certificate in ++.Ar dir . ++This directory must be a standard certificate directory, ++i.e. a hash of each subject name (using ++.Cm x509 Fl hash ) ++should be linked to each certificate. ++.It Fl crlnumber ++Print the CRL number. ++.It Fl fingerprint ++Print the CRL fingerprint. ++.It Fl hash ++Output a hash of the issuer name. ++This can be used to look up CRLs in a directory by issuer name. ++.It Fl hash_old ++Output an old-style (MD5) hash of the issuer name. ++.It Fl in Ar file ++The input file to read from, or standard input if not specified. ++.It Fl inform Cm der | pem ++The input format. ++.It Fl issuer ++Output the issuer name. ++.It Fl lastupdate ++Output the ++.Cm thisUpdate ++field. ++This option is misnamed for historical reasons. ++.It Fl nameopt Ar option ++Specify certificate name options. ++.It Fl nextupdate ++Output the ++.Cm nextUpdate ++field. ++.It Fl noout ++Do not output the encoded version of the CRL. ++.It Fl out Ar file ++The output file to write to, or standard output if not specified. ++.It Fl outform Cm der | pem ++The output format. ++.It Fl text ++Print the CRL in plain text. ++.It Fl verify ++Verify the signature on the CRL. ++.El ++.Tg crl2pkcs7 ++.Sh CRL2PKCS7 ++.Bl -hang -width "openssl crl2pkcs7" ++.It Nm openssl crl2pkcs7 ++.Bk -words ++.Op Fl certfile Ar file ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem ++.Op Fl nocrl ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem ++.Ek ++.El ++.Pp ++The ++.Nm crl2pkcs7 ++command takes an optional CRL and one or more ++certificates and converts them into a PKCS#7 degenerate ++.Qq certificates only ++structure. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl certfile Ar file ++Add the certificates in PEM ++.Ar file ++to the PKCS#7 structure. ++This option can be used more than once ++to read certificates from multiple files. ++.It Fl in Ar file ++Read the CRL from ++.Ar file , ++or standard input if not specified. ++.It Fl inform Cm der | pem ++The input format. ++.It Fl nocrl ++Normally, a CRL is included in the output file. ++With this option, no CRL is ++included in the output file and a CRL is not read from the input file. ++.It Fl out Ar file ++Write the PKCS#7 structure to ++.Ar file , ++or standard output if not specified. ++.It Fl outform Cm der | pem ++The output format. ++.El ++.Tg dgst ++.Sh DGST ++.Bl -hang -width "openssl dgst" ++.It Nm openssl dgst ++.Bk -words ++.Op Fl cdr ++.Op Fl binary ++.Op Fl Ar digest ++.Op Fl hex ++.Op Fl hmac Ar key ++.Op Fl keyform Cm pem ++.Op Fl mac Ar algorithm ++.Op Fl macopt Ar nm : Ns Ar v ++.Op Fl out Ar file ++.Op Fl passin Ar arg ++.Op Fl prverify Ar file ++.Op Fl sign Ar file ++.Op Fl signature Ar file ++.Op Fl sigopt Ar nm : Ns Ar v ++.Op Fl verify Ar file ++.Op Ar ++.Ek ++.El ++.Pp ++The digest functions output the message digest of a supplied ++.Ar file ++or ++.Ar files ++in hexadecimal form. ++They can also be used for digital signing and verification. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl binary ++Output the digest or signature in binary form. ++.It Fl c ++Print the digest in two-digit groups separated by colons. ++.It Fl d ++Print BIO debugging information. ++.It Fl Ar digest ++Use the specified message ++.Ar digest . ++The default is SHA256. ++The available digests can be displayed using ++.Nm openssl ++.Cm list-message-digest-commands . ++The following are equivalent: ++.Nm openssl dgst ++.Fl sha256 ++and ++.Nm openssl ++.Cm sha256 . ++.It Fl hex ++Digest is to be output as a hex dump. ++This is the default case for a ++.Qq normal ++digest as opposed to a digital signature. ++.It Fl hmac Ar key ++Create a hashed MAC using ++.Ar key . ++.It Fl keyform Cm pem ++Specifies the key format to sign the digest with. ++.It Fl mac Ar algorithm ++Create a keyed Message Authentication Code (MAC). ++The most popular MAC algorithm is HMAC (hash-based MAC), ++but there are other MAC algorithms which are not based on hash. ++MAC keys and other options should be set via the ++.Fl macopt ++parameter. ++.It Fl macopt Ar nm : Ns Ar v ++Passes options to the MAC algorithm, specified by ++.Fl mac . ++The following options are supported by HMAC: ++.Bl -tag -width Ds ++.It Cm key : Ns Ar string ++Specifies the MAC key as an alphanumeric string ++(use if the key contain printable characters only). ++String length must conform to any restrictions of the MAC algorithm. ++.It Cm hexkey : Ns Ar string ++Specifies the MAC key in hexadecimal form (two hex digits per byte). ++Key length must conform to any restrictions of the MAC algorithm. ++.El ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl passin Ar arg ++The key password source. ++.It Fl prverify Ar file ++Verify the signature using the private key in ++.Ar file . ++The output is either ++.Qq Verification OK ++or ++.Qq Verification Failure . ++.It Fl r ++Print the digest in coreutils format. ++.It Fl sign Ar file ++Digitally sign the digest using the private key in ++.Ar file . ++.It Fl signature Ar file ++The actual signature to verify. ++.It Fl sigopt Ar nm : Ns Ar v ++Pass options to the signature algorithm during sign or verify operations. ++The names and values of these options are algorithm-specific. ++.It Fl verify Ar file ++Verify the signature using the public key in ++.Ar file . ++The output is either ++.Qq Verification OK ++or ++.Qq Verification Failure . ++.It Ar ++File or files to digest. ++If no files are specified then standard input is used. ++.El ++.Tg dhparam ++.Sh DHPARAM ++.Bl -hang -width "openssl dhparam" ++.It Nm openssl dhparam ++.Bk -words ++.Op Fl 2 | 5 ++.Op Fl C ++.Op Fl check ++.Op Fl dsaparam ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem ++.Op Fl text ++.Op Ar numbits ++.Ek ++.El ++.Pp ++The ++.Nm dhparam ++command is used to manipulate DH parameter files. ++Only the older PKCS#3 DH is supported, ++not the newer X9.42 DH. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl 2 , 5 ++The generator to use; ++2 is the default. ++If present, the input file is ignored and parameters are generated instead. ++.It Fl C ++Convert the parameters into C code. ++The parameters can then be loaded by calling the ++.No get_dh Ns Ar numbits ++function. ++.It Fl check ++Check the DH parameters. ++.It Fl dsaparam ++Read or create DSA parameters, ++converted to DH format on output. ++Otherwise, ++.Qq strong ++primes ++.Pq such that (p-1)/2 is also prime ++will be used for DH parameter generation. ++.Pp ++DH parameter generation with the ++.Fl dsaparam ++option is much faster, ++and the recommended exponent length is shorter, ++which makes DH key exchange more efficient. ++Beware that with such DSA-style DH parameters, ++a fresh DH key should be created for each use to ++avoid small-subgroup attacks that may be possible otherwise. ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++.It Fl inform Cm der | pem ++The input format. ++.It Fl noout ++Do not output the encoded version of the parameters. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl outform Cm der | pem ++The output format. ++.It Fl text ++Print the DH parameters in plain text. ++.It Ar numbits ++Generate a parameter set of size ++.Ar numbits . ++It must be the last option. ++If not present, a value of 2048 is used. ++If this value is present, the input file is ignored and ++parameters are generated instead. ++.El ++.Tg dsa ++.Sh DSA ++.Bl -hang -width "openssl dsa" ++.It Nm openssl dsa ++.Bk -words ++.Oo ++.Fl aes128 | aes192 | aes256 | ++.Fl des | des3 ++.Oc ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem | pvk ++.Op Fl modulus ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem | pvk ++.Op Fl passin Ar arg ++.Op Fl passout Ar arg ++.Op Fl pubin ++.Op Fl pubout ++.Op Fl pvk-none | pvk-strong | pvk-weak ++.Op Fl text ++.Ek ++.El ++.Pp ++The ++.Nm dsa ++command processes DSA keys. ++They can be converted between various forms and their components printed out. ++.Pp ++.Sy Note : ++This command uses the traditional ++.Nm SSLeay ++compatible format for private key encryption: ++newer applications should use the more secure PKCS#8 format using the ++.Nm pkcs8 ++command. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Xo ++.Fl aes128 | aes192 | aes256 | ++.Fl des | des3 ++.Xc ++Encrypt the private key with the AES, DES, or the triple DES ++ciphers, respectively, before outputting it. ++A pass phrase is prompted for. ++If none of these options are specified, the key is written in plain text. ++This means that using the ++.Nm dsa ++utility to read an encrypted key with no encryption option can be used to ++remove the pass phrase from a key, ++or by setting the encryption options it can be used to add or change ++the pass phrase. ++These options can only be used with PEM format output files. ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++If the key is encrypted, a pass phrase will be prompted for. ++.It Fl inform Cm der | pem | pvk ++The input format. ++.It Fl modulus ++Print the value of the public key component of the key. ++.It Fl noout ++Do not output the encoded version of the key. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++If any encryption options are set then a pass phrase will be ++prompted for. ++.It Fl outform Cm der | pem | pvk ++The output format. ++.It Fl passin Ar arg ++The key password source. ++.It Fl passout Ar arg ++The output file password source. ++.It Fl pubin ++Read in a public key, not a private key. ++.It Fl pubout ++Output a public key, not a private key. ++Automatically set if the input is a public key. ++.It Xo ++.Fl pvk-none | pvk-strong | pvk-weak ++.Xc ++Enable or disable PVK encoding. ++The default is ++.Fl pvk-strong . ++.It Fl text ++Print the public/private key in plain text. ++.El ++.Tg dsaparam ++.Sh DSAPARAM ++.Bl -hang -width "openssl dsaparam" ++.It Nm openssl dsaparam ++.Bk -words ++.Op Fl C ++.Op Fl genkey ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem ++.Op Fl text ++.Op Ar numbits ++.Ek ++.El ++.Pp ++The ++.Nm dsaparam ++command is used to manipulate or generate DSA parameter files. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl C ++Convert the parameters into C code. ++The parameters can then be loaded by calling the ++.No get_dsa Ns Ar XXX ++function. ++.It Fl genkey ++Generate a DSA key either using the specified or generated ++parameters. ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++If the ++.Ar numbits ++parameter is included, then this option is ignored. ++.It Fl inform Cm der | pem ++The input format. ++.It Fl noout ++Do not output the encoded version of the parameters. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl outform Cm der | pem ++The output format. ++.It Fl text ++Print the DSA parameters in plain text. ++.It Ar numbits ++Generate a parameter set of size ++.Ar numbits . ++If this option is included, the input file is ignored. ++.El ++.Tg ec ++.Sh EC ++.Bl -hang -width "openssl ec" ++.It Nm openssl ec ++.Bk -words ++.Op Fl conv_form Ar arg ++.Op Fl des ++.Op Fl des3 ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem ++.Op Fl param_enc Ar arg ++.Op Fl param_out ++.Op Fl passin Ar arg ++.Op Fl passout Ar arg ++.Op Fl pubin ++.Op Fl pubout ++.Op Fl text ++.Ek ++.El ++.Pp ++The ++.Nm ec ++command processes EC keys. ++They can be converted between various ++forms and their components printed out. ++.Nm openssl ++uses the private key format specified in ++.Dq SEC 1: Elliptic Curve Cryptography ++.Pq Lk https://www.secg.org/ . ++To convert an ++EC private key into the PKCS#8 private key format use the ++.Nm pkcs8 ++command. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl conv_form Ar arg ++Specify how the points on the elliptic curve are converted ++into octet strings. ++Possible values are: ++.Cm compressed , ++.Cm uncompressed ++(the default), ++and ++.Cm hybrid . ++For more information regarding ++the point conversion forms see the X9.62 standard. ++Note: ++Due to patent issues the ++.Cm compressed ++option is disabled by default for binary curves ++and can be enabled by defining the preprocessor macro ++.Dv OPENSSL_EC_BIN_PT_COMP ++at compile time. ++.It Fl des | des3 ++Encrypt the private key with DES, triple DES, or ++any other cipher supported by ++.Nm openssl . ++A pass phrase is prompted for. ++If none of these options are specified, the key is written in plain text. ++This means that using the ++.Nm ec ++utility to read in an encrypted key with no ++encryption option can be used to remove the pass phrase from a key, ++or by setting the encryption options ++it can be used to add or change the pass phrase. ++These options can only be used with PEM format output files. ++.It Fl in Ar file ++The input file to read a key from, ++or standard input if not specified. ++If the key is encrypted, a pass phrase will be prompted for. ++.It Fl inform Cm der | pem ++The input format. ++.It Fl noout ++Do not output the encoded version of the key. ++.It Fl out Ar file ++The output filename to write to, ++or standard output if not specified. ++If any encryption options are set then a pass phrase will be prompted for. ++.It Fl outform Cm der | pem ++The output format. ++.It Fl param_enc Ar arg ++Specify how the elliptic curve parameters are encoded. ++Possible value are: ++.Cm named_curve , ++i.e. the EC parameters are specified by an OID; or ++.Cm explicit , ++where the EC parameters are explicitly given ++(see RFC 3279 for the definition of the EC parameter structures). ++The default value is ++.Cm named_curve . ++Note: the ++.Cm implicitlyCA ++alternative, ++as specified in RFC 3279, ++is currently not implemented. ++.It Fl param_out ++Print the elliptic curve parameters. ++.It Fl passin Ar arg ++The key password source. ++.It Fl passout Ar arg ++The output file password source. ++.It Fl pubin ++Read in a public key, not a private key. ++.It Fl pubout ++Output a public key, not a private key. ++Automatically set if the input is a public key. ++.It Fl text ++Print the public/private key in plain text. ++.El ++.Tg ecparam ++.Sh ECPARAM ++.Bl -hang -width "openssl ecparam" ++.It Nm openssl ecparam ++.Bk -words ++.Op Fl C ++.Op Fl check ++.Op Fl conv_form Ar arg ++.Op Fl genkey ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem ++.Op Fl list_curves ++.Op Fl name Ar arg ++.Op Fl no_seed ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem ++.Op Fl param_enc Ar arg ++.Op Fl text ++.Ek ++.El ++.Pp ++The ++.Nm ecparam ++command is used to manipulate or generate EC parameter files. ++.Nm openssl ++is not able to generate new groups so ++.Nm ecparam ++can only create EC parameters from known (named) curves. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl C ++Convert the EC parameters into C code. ++The parameters can then be loaded by calling the ++.No get_ec_group_ Ns Ar XXX ++function. ++.It Fl check ++Validate the elliptic curve parameters. ++.It Fl conv_form Ar arg ++Specify how the points on the elliptic curve are converted ++into octet strings. ++Possible values are: ++.Cm compressed , ++.Cm uncompressed ++(the default), ++and ++.Cm hybrid . ++For more information regarding ++the point conversion forms see the X9.62 standard. ++Note: ++Due to patent issues the ++.Cm compressed ++option is disabled by default for binary curves ++and can be enabled by defining the preprocessor macro ++.Dv OPENSSL_EC_BIN_PT_COMP ++at compile time. ++.It Fl genkey ++Generate an EC private key using the specified parameters. ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++.It Fl inform Cm der | pem ++The input format. ++.It Fl list_curves ++Print a list of all ++currently implemented EC parameter names and exit. ++.It Fl name Ar arg ++Use the EC parameters with the specified "short" name. ++.It Fl no_seed ++Do not include the seed for the parameter generation ++in the ECParameters structure (see RFC 3279). ++.It Fl noout ++Do not output the encoded version of the parameters. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl outform Cm der | pem ++The output format. ++.It Fl param_enc Ar arg ++Specify how the elliptic curve parameters are encoded. ++Possible value are: ++.Cm named_curve , ++i.e. the EC parameters are specified by an OID, or ++.Cm explicit , ++where the EC parameters are explicitly given ++(see RFC 3279 for the definition of the EC parameter structures). ++The default value is ++.Cm named_curve . ++Note: the ++.Cm implicitlyCA ++alternative, as specified in RFC 3279, ++is currently not implemented. ++.It Fl text ++Print the EC parameters in plain text. ++.El ++.Tg enc ++.Sh ENC ++.Bl -hang -width "openssl enc" ++.It Nm openssl enc ++.Bk -words ++.Fl ciphername ++.Op Fl AadePpv ++.Op Fl base64 ++.Op Fl bufsize Ar number ++.Op Fl debug ++.Op Fl in Ar file ++.Op Fl iter Ar iterations ++.Op Fl iv Ar IV ++.Op Fl K Ar key ++.Op Fl k Ar password ++.Op Fl kfile Ar file ++.Op Fl md Ar digest ++.Op Fl none ++.Op Fl nopad ++.Op Fl nosalt ++.Op Fl out Ar file ++.Op Fl pass Ar arg ++.Op Fl pbkdf2 ++.Op Fl S Ar salt ++.Op Fl salt ++.Ek ++.El ++.Pp ++The symmetric cipher commands allow data to be encrypted or decrypted ++using various block and stream ciphers using keys based on passwords ++or explicitly provided. ++Base64 encoding or decoding can also be performed either by itself ++or in addition to the encryption or decryption. ++The program can be called either as ++.Nm openssl Ar ciphername ++or ++.Nm openssl enc - Ns Ar ciphername . ++.Pp ++Some of the ciphers do not have large keys and others have security ++implications if not used correctly. ++All the block ciphers normally use PKCS#5 padding, ++also known as standard block padding. ++If padding is disabled, the input data must be a multiple of the cipher ++block length. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl A ++If the ++.Fl a ++option is set, then base64 process the data on one line. ++.It Fl a , base64 ++Base64 process the data. ++This means that if encryption is taking place, the data is base64-encoded ++after encryption. ++If decryption is set, the input data is base64-decoded before ++being decrypted. ++.It Fl bufsize Ar number ++Set the buffer size for I/O. ++.It Fl d ++Decrypt the input data. ++.It Fl debug ++Debug the BIOs used for I/O. ++.It Fl e ++Encrypt the input data. ++This is the default. ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++.It Fl iter Ar iterations ++Use the pbkdf2 key derivation function, with ++.Ar iterations ++as the number of iterations. ++.It Fl iv Ar IV ++The actual ++.Ar IV ++.Pq initialisation vector ++to use: ++this must be represented as a string comprised only of hex digits. ++When only the ++.Ar key ++is specified using the ++.Fl K ++option, ++the IV must explicitly be defined. ++When a password is being specified using one of the other options, ++the IV is generated from this password. ++.It Fl K Ar key ++The actual ++.Ar key ++to use: ++this must be represented as a string comprised only of hex digits. ++If only the key is specified, ++the IV must also be specified using the ++.Fl iv ++option. ++When both a ++.Ar key ++and a ++.Ar password ++are specified, the ++.Ar key ++given with the ++.Fl K ++option will be used and the IV generated from the password will be taken. ++It probably does not make much sense to specify both ++.Ar key ++and ++.Ar password . ++.It Fl k Ar password ++The ++.Ar password ++to derive the key from. ++Superseded by the ++.Fl pass ++option. ++.It Fl kfile Ar file ++Read the password to derive the key from the first line of ++.Ar file . ++Superseded by the ++.Fl pass ++option. ++.It Fl md Ar digest ++Use ++.Ar digest ++to create a key from a pass phrase. ++Currently, the default value is ++.Cm sha256 . ++.It Fl none ++Use NULL cipher (no encryption or decryption of input). ++.It Fl nopad ++Disable standard block padding. ++.It Fl nosalt ++Don't use a salt in the key derivation routines. ++This option should never be used ++since it makes it possible to perform efficient dictionary ++attacks on the password and to attack stream cipher encrypted data. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl P ++Print out the salt, key, and IV used, then immediately exit; ++don't do any encryption or decryption. ++.It Fl p ++Print out the salt, key, and IV used. ++.It Fl pass Ar arg ++The password source. ++.It Fl pbkdf2 ++Use the pbkdf2 key derivation function, with ++the default of 10000 iterations. ++.It Fl S Ar salt ++The actual ++.Ar salt ++to use: ++this must be represented as a string comprised only of hex digits. ++.It Fl salt ++Use a salt in the key derivation routines (the default). ++When the salt is being used, ++the first eight bytes of the encrypted data are reserved for the salt: ++it is randomly generated when encrypting a file and read from the ++encrypted file when it is decrypted. ++.It Fl v ++Print extra details about the processing. ++.El ++.Tg errstr ++.Sh ERRSTR ++.Nm openssl errstr ++.Ar errno ... ++.Pp ++The ++.Nm errstr ++command performs error number to error string conversion, ++generating a human-readable string representing the error code ++.Ar errno . ++The string is obtained through the ++.Xr ERR_error_string_n 3 ++function and has the following format: ++.Pp ++.Dl error:[error code]:[library name]:[function name]:[reason string] ++.Pp ++.Bq error code ++is an 8-digit hexadecimal number. ++The remaining fields ++.Bq library name , ++.Bq function name , ++and ++.Bq reason string ++are all ASCII text. ++.Tg gendsa ++.Sh GENDSA ++.Bl -hang -width "openssl gendsa" ++.It Nm openssl gendsa ++.Bk -words ++.Oo ++.Fl aes128 | aes192 | aes256 | camellia128 | ++.Fl camellia192 | camellia256 | des | des3 | idea ++.Oc ++.Op Fl out Ar file ++.Op Fl passout Ar arg ++.Ar paramfile ++.Ek ++.El ++.Pp ++The ++.Nm gendsa ++command generates a DSA private key from a DSA parameter file ++(typically generated by the ++.Nm openssl dsaparam ++command). ++DSA key generation is little more than random number generation so it is ++much quicker than, ++for example, ++RSA key generation. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Xo ++.Fl aes128 | aes192 | aes256 | ++.Fl camellia128 | camellia192 | camellia256 | ++.Fl des | des3 | ++.Fl idea ++.Xc ++Encrypt the private key with the AES, CAMELLIA, DES, triple DES ++or the IDEA ciphers, respectively, before outputting it. ++A pass phrase is prompted for. ++If none of these options are specified, no encryption is used. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl passout Ar arg ++The output file password source. ++.It Ar paramfile ++Specify the DSA parameter file to use. ++The parameters in this file determine the size of the private key. ++.El ++.Tg genpkey ++.Sh GENPKEY ++.Bl -hang -width "openssl genpkey" ++.It Nm openssl genpkey ++.Bk -words ++.Op Fl algorithm Ar alg ++.Op Ar cipher ++.Op Fl genparam ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem ++.Op Fl paramfile Ar file ++.Op Fl pass Ar arg ++.Op Fl pkeyopt Ar opt : Ns Ar value ++.Op Fl text ++.Ek ++.El ++.Pp ++The ++.Nm genpkey ++command generates private keys. ++The use of this ++program is encouraged over the algorithm specific utilities ++because additional algorithm options can be used. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl algorithm Ar alg ++The public key algorithm to use, ++such as RSA, DSA, or DH. ++This option must precede any ++.Fl pkeyopt ++options. ++The options ++.Fl paramfile ++and ++.Fl algorithm ++are mutually exclusive. ++.It Ar cipher ++Encrypt the private key with the supplied cipher. ++Any algorithm name accepted by ++.Xr EVP_get_cipherbyname 3 ++is acceptable. ++.It Fl genparam ++Generate a set of parameters instead of a private key. ++This option must precede any ++.Fl algorithm , ++.Fl paramfile , ++or ++.Fl pkeyopt ++options. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl outform Cm der | pem ++The output format. ++.It Fl paramfile Ar file ++Some public key algorithms generate a private key based on a set of parameters, ++which can be supplied using this option. ++If this option is used, the public key ++algorithm used is determined by the parameters. ++This option must precede any ++.Fl pkeyopt ++options. ++The options ++.Fl paramfile ++and ++.Fl algorithm ++are mutually exclusive. ++.It Fl pass Ar arg ++The output file password source. ++.It Fl pkeyopt Ar opt : Ns Ar value ++Set the public key algorithm option ++.Ar opt ++to ++.Ar value , ++as follows: ++.Bl -tag -width Ds -offset indent ++.It rsa_keygen_bits : Ns Ar numbits ++(RSA) ++The number of bits in the generated key. ++The default is 2048. ++.It rsa_keygen_pubexp : Ns Ar value ++(RSA) ++The RSA public exponent value. ++This can be a large decimal or hexadecimal value if preceded by 0x. ++The default is 65537. ++.It dsa_paramgen_bits : Ns Ar numbits ++(DSA) ++The number of bits in the generated parameters. ++The default is 1024. ++.It dh_paramgen_prime_len : Ns Ar numbits ++(DH) ++The number of bits in the prime parameter ++.Ar p . ++.It dh_paramgen_generator : Ns Ar value ++(DH) ++The value to use for the generator ++.Ar g . ++.It ec_paramgen_curve : Ns Ar curve ++(EC) ++The elliptic curve to use. ++.El ++.It Fl text ++Print the private/public key in plain text. ++.El ++.Tg genrsa ++.Sh GENRSA ++.Bl -hang -width "openssl genrsa" ++.It Nm openssl genrsa ++.Bk -words ++.Op Fl 3 | f4 ++.Oo ++.Fl aes128 | aes192 | aes256 | camellia128 | ++.Fl camellia192 | camellia256 | des | des3 | idea ++.Oc ++.Op Fl out Ar file ++.Op Fl passout Ar arg ++.Op Ar numbits ++.Ek ++.El ++.Pp ++The ++.Nm genrsa ++command generates an RSA private key, ++which essentially involves the generation of two prime numbers. ++When generating the key, ++various symbols will be output to indicate the progress of the generation. ++A ++.Sq \&. ++represents each number which has passed an initial sieve test; ++.Sq + ++means a number has passed a single round of the Miller-Rabin primality test; ++.Sq * ++means the number has failed primality testing ++and needs to be generated afresh. ++A newline means that the number has passed all the prime tests ++(the actual number depends on the key size). ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl 3 | f4 ++The public exponent to use, either 3 or 65537. ++The default is 65537. ++.It Xo ++.Fl aes128 | aes192 | aes256 | ++.Fl camellia128 | camellia192 | camellia256 | ++.Fl des | des3 | ++.Fl idea ++.Xc ++Encrypt the private key with the AES, CAMELLIA, DES, triple DES ++or the IDEA ciphers, respectively, before outputting it. ++If none of these options are specified, no encryption is used. ++If encryption is used, a pass phrase is prompted for, ++if it is not supplied via the ++.Fl passout ++option. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl passout Ar arg ++The output file password source. ++.It Ar numbits ++The size of the private key to generate in bits. ++This must be the last option specified. ++The default is 2048. ++.El ++.Tg ocsp ++.Sh OCSP ++.Bl -hang -width "openssl ocsp" ++.It Nm openssl ocsp ++.Bk -words ++.Op Fl CA Ar file ++.Op Fl CAfile Ar file ++.Op Fl CApath Ar directory ++.Op Fl cert Ar file ++.Op Fl dgst Ar alg ++.Op Fl header Ar name value ++.Op Fl host Ar hostname : Ns Ar port ++.Op Fl ignore_err ++.Op Fl index Ar indexfile ++.Op Fl issuer Ar file ++.Op Fl ndays Ar days ++.Op Fl nmin Ar minutes ++.Op Fl no_cert_checks ++.Op Fl no_cert_verify ++.Op Fl no_certs ++.Op Fl no_chain ++.Op Fl no_explicit ++.Op Fl no_intern ++.Op Fl no_nonce ++.Op Fl no_signature_verify ++.Op Fl nonce ++.Op Fl noverify ++.Op Fl nrequest Ar number ++.Op Fl out Ar file ++.Op Fl path Ar path ++.Op Fl port Ar portnum ++.Op Fl req_text ++.Op Fl reqin Ar file ++.Op Fl reqout Ar file ++.Op Fl resp_key_id ++.Op Fl resp_no_certs ++.Op Fl resp_text ++.Op Fl respin Ar file ++.Op Fl respout Ar file ++.Op Fl rkey Ar file ++.Op Fl rother Ar file ++.Op Fl rsigner Ar file ++.Op Fl serial Ar num ++.Op Fl sign_other Ar file ++.Op Fl signer Ar file ++.Op Fl signkey Ar file ++.Op Fl status_age Ar age ++.Op Fl text ++.Op Fl timeout Ar seconds ++.Op Fl trust_other ++.Op Fl url Ar responder_url ++.Op Fl VAfile Ar file ++.Op Fl validity_period Ar nsec ++.Op Fl verify_other Ar file ++.Ek ++.El ++.Pp ++The Online Certificate Status Protocol (OCSP) ++enables applications to determine the (revocation) state ++of an identified certificate (RFC 2560). ++.Pp ++The ++.Nm ocsp ++command performs many common OCSP tasks. ++It can be used to print out requests and responses, ++create requests and send queries to an OCSP responder, ++and behave like a mini OCSP server itself. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl CAfile Ar file , Fl CApath Ar directory ++A file or path containing trusted CA certificates, ++used to verify the signature on the OCSP response. ++.It Fl cert Ar file ++Add the certificate ++.Ar file ++to the request. ++The issuer certificate is taken from the previous ++.Fl issuer ++option, or an error occurs if no issuer certificate is specified. ++.It Fl dgst Ar alg ++Use the digest algorithm ++.Ar alg ++for certificate identification in the OCSP request. ++By default SHA1 is used. ++.It Xo ++.Fl host Ar hostname : Ns Ar port , ++.Fl path Ar path ++.Xc ++Send ++the OCSP request to ++.Ar hostname ++on ++.Ar port . ++.Fl path ++specifies the HTTP path name to use, or ++.Pa / ++by default. ++.It Fl header Ar name value ++Add the header name with the specified value to the OCSP request that is sent ++to the responder. ++This may be repeated. ++.It Fl issuer Ar file ++The current issuer certificate, in PEM format. ++Can be used multiple times and must come before any ++.Fl cert ++options. ++.It Fl no_cert_checks ++Don't perform any additional checks on the OCSP response signer's certificate. ++That is, do not make any checks to see if the signer's certificate is ++authorised to provide the necessary status information: ++as a result this option should only be used for testing purposes. ++.It Fl no_cert_verify ++Don't verify the OCSP response signer's certificate at all. ++Since this option allows the OCSP response to be signed by any certificate, ++it should only be used for testing purposes. ++.It Fl no_certs ++Don't include any certificates in the signed request. ++.It Fl no_chain ++Do not use certificates in the response as additional untrusted CA ++certificates. ++.It Fl no_explicit ++Don't check the explicit trust for OCSP signing in the root CA certificate. ++.It Fl no_intern ++Ignore certificates contained in the OCSP response ++when searching for the signer's certificate. ++The signer's certificate must be specified with either the ++.Fl verify_other ++or ++.Fl VAfile ++options. ++.It Fl no_signature_verify ++Don't check the signature on the OCSP response. ++Since this option tolerates invalid signatures on OCSP responses, ++it will normally only be used for testing purposes. ++.It Fl nonce , no_nonce ++Add an OCSP nonce extension to a request, ++or disable an OCSP nonce addition. ++Normally, if an OCSP request is input using the ++.Fl respin ++option no nonce is added: ++using the ++.Fl nonce ++option will force the addition of a nonce. ++If an OCSP request is being created (using the ++.Fl cert ++and ++.Fl serial ++options), ++a nonce is automatically added; specifying ++.Fl no_nonce ++overrides this. ++.It Fl noverify ++Don't attempt to verify the OCSP response signature or the nonce values. ++This is normally only be used for debugging ++since it disables all verification of the responder's certificate. ++.It Fl out Ar file ++Specify the output file to write to, ++or standard output if not specified. ++.It Fl req_text , resp_text , text ++Print out the text form of the OCSP request, response, or both, respectively. ++.It Fl reqin Ar file , Fl respin Ar file ++Read an OCSP request or response file from ++.Ar file . ++These options are ignored ++if an OCSP request or response creation is implied by other options ++(for example with the ++.Fl serial , cert , ++and ++.Fl host ++options). ++.It Fl reqout Ar file , Fl respout Ar file ++Write out the DER-encoded certificate request or response to ++.Ar file . ++.It Fl serial Ar num ++Same as the ++.Fl cert ++option except the certificate with serial number ++.Ar num ++is added to the request. ++The serial number is interpreted as a decimal integer unless preceded by ++.Sq 0x . ++Negative integers can also be specified ++by preceding the value with a minus sign. ++.It Fl sign_other Ar file ++Additional certificates to include in the signed request. ++.It Fl signer Ar file , Fl signkey Ar file ++Sign the OCSP request using the certificate specified in the ++.Fl signer ++option and the private key specified by the ++.Fl signkey ++option. ++If the ++.Fl signkey ++option is not present, then the private key is read from the same file ++as the certificate. ++If neither option is specified, the OCSP request is not signed. ++.It Fl timeout Ar seconds ++Connection timeout to the OCSP responder in seconds. ++.It Fl trust_other ++The certificates specified by the ++.Fl verify_other ++option should be explicitly trusted and no additional checks will be ++performed on them. ++This is useful when the complete responder certificate chain is not available ++or trusting a root CA is not appropriate. ++.It Fl url Ar responder_url ++Specify the responder URL. ++Both HTTP and HTTPS ++.Pq SSL/TLS ++URLs can be specified. ++.It Fl VAfile Ar file ++A file containing explicitly trusted responder certificates. ++Equivalent to the ++.Fl verify_other ++and ++.Fl trust_other ++options. ++.It Fl validity_period Ar nsec , Fl status_age Ar age ++The range of times, in seconds, which will be tolerated in an OCSP response. ++Each certificate status response includes a notBefore time ++and an optional notAfter time. ++The current time should fall between these two values, ++but the interval between the two times may be only a few seconds. ++In practice the OCSP responder and clients' clocks may not be precisely ++synchronised and so such a check may fail. ++To avoid this the ++.Fl validity_period ++option can be used to specify an acceptable error range in seconds, ++the default value being 5 minutes. ++.Pp ++If the notAfter time is omitted from a response, ++it means that new status information is immediately available. ++In this case the age of the notBefore field is checked ++to see it is not older than ++.Ar age ++seconds old. ++By default, this additional check is not performed. ++.It Fl verify_other Ar file ++A file containing additional certificates to search ++when attempting to locate the OCSP response signing certificate. ++Some responders omit the actual signer's certificate from the response, ++so this can be used to supply the necessary certificate. ++.El ++.Pp ++The options for the OCSP server are as follows: ++.Bl -tag -width "XXXX" ++.It Fl CA Ar file ++CA certificate corresponding to the revocation information in ++.Ar indexfile . ++.It Fl ignore_err ++Ignore the invalid response. ++.It Fl index Ar indexfile ++.Ar indexfile ++is a text index file in ca format ++containing certificate revocation information. ++.Pp ++If this option is specified, ++.Nm ocsp ++is in responder mode, otherwise it is in client mode. ++The requests the responder processes can be either specified on ++the command line (using the ++.Fl issuer ++and ++.Fl serial ++options), supplied in a file (using the ++.Fl respin ++option), or via external OCSP clients (if ++.Ar port ++or ++.Ar url ++is specified). ++.Pp ++If this option is present, then the ++.Fl CA ++and ++.Fl rsigner ++options must also be present. ++.It Fl nmin Ar minutes , Fl ndays Ar days ++Number of ++.Ar minutes ++or ++.Ar days ++when fresh revocation information is available: ++used in the nextUpdate field. ++If neither option is present, ++the nextUpdate field is omitted, ++meaning fresh revocation information is immediately available. ++.It Fl nrequest Ar number ++Exit after receiving ++.Ar number ++requests (the default is unlimited). ++.It Fl port Ar portnum ++Port to listen for OCSP requests on. ++May also be specified using the ++.Fl url ++option. ++.It Fl resp_key_id ++Identify the signer certificate using the key ID; ++the default is to use the subject name. ++.It Fl resp_no_certs ++Don't include any certificates in the OCSP response. ++.It Fl rkey Ar file ++The private key to sign OCSP responses with; ++if not present, the file specified in the ++.Fl rsigner ++option is used. ++.It Fl rother Ar file ++Additional certificates to include in the OCSP response. ++.It Fl rsigner Ar file ++The certificate to sign OCSP responses with. ++.El ++.Pp ++Initially the OCSP responder certificate is located and the signature on ++the OCSP request checked using the responder certificate's public key. ++Then a normal certificate verify is performed on the OCSP responder certificate ++building up a certificate chain in the process. ++The locations of the trusted certificates used to build the chain can be ++specified by the ++.Fl CAfile ++and ++.Fl CApath ++options or they will be looked for in the standard ++.Nm openssl ++certificates directory. ++.Pp ++If the initial verify fails, the OCSP verify process halts with an error. ++Otherwise the issuing CA certificate in the request is compared to the OCSP ++responder certificate: if there is a match then the OCSP verify succeeds. ++.Pp ++Otherwise the OCSP responder certificate's CA is checked against the issuing ++CA certificate in the request. ++If there is a match and the OCSPSigning extended key usage is present ++in the OCSP responder certificate, then the OCSP verify succeeds. ++.Pp ++Otherwise the root CA of the OCSP responder's CA is checked to see if it ++is trusted for OCSP signing. ++If it is, the OCSP verify succeeds. ++.Pp ++If none of these checks is successful, the OCSP verify fails. ++What this effectively means is that if the OCSP responder certificate is ++authorised directly by the CA it is issuing revocation information about ++(and it is correctly configured), ++then verification will succeed. ++.Pp ++If the OCSP responder is a global responder, ++which can give details about multiple CAs ++and has its own separate certificate chain, ++then its root CA can be trusted for OCSP signing. ++Alternatively, the responder certificate itself can be explicitly trusted ++with the ++.Fl VAfile ++option. ++.Tg passwd ++.Sh PASSWD ++.Bl -hang -width "openssl passwd" ++.It Nm openssl passwd ++.Bk -words ++.Op Fl 1 | apr1 | crypt ++.Op Fl in Ar file ++.Op Fl noverify ++.Op Fl quiet ++.Op Fl reverse ++.Op Fl salt Ar string ++.Op Fl stdin ++.Op Fl table ++.Op Ar password ++.Ek ++.El ++.Pp ++The ++.Nm passwd ++command computes the hash of a password. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl 1 ++Use the MD5 based ++.Bx ++password algorithm ++.Qq 1 . ++.It Fl apr1 ++Use the ++.Qq apr1 ++algorithm ++.Po ++Apache variant of the ++.Bx ++algorithm ++.Pc . ++.It Fl crypt ++Use the ++.Qq crypt ++algorithm (the default). ++.It Fl in Ar file ++Read passwords from ++.Ar file . ++.It Fl noverify ++Don't verify when reading a password from the terminal. ++.It Fl quiet ++Don't output warnings when passwords given on the command line are truncated. ++.It Fl reverse ++Switch table columns. ++This only makes sense in conjunction with the ++.Fl table ++option. ++.It Fl salt Ar string ++Use the salt specified by ++.Ar string . ++When reading a password from the terminal, this implies ++.Fl noverify . ++.It Fl stdin ++Read passwords from standard input. ++.It Fl table ++In the output list, prepend the cleartext password and a TAB character ++to each password hash. ++.El ++.Tg pkcs7 ++.Sh PKCS7 ++.Bl -hang -width "openssl pkcs7" ++.It Nm openssl pkcs7 ++.Bk -words ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem ++.Op Fl print ++.Op Fl print_certs ++.Op Fl text ++.Ek ++.El ++.Pp ++The ++.Nm pkcs7 ++command processes PKCS#7 files in DER or PEM format. ++The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++.It Fl inform Cm der | pem ++The input format. ++.It Fl noout ++Don't output the encoded version of the PKCS#7 structure ++(or certificates if ++.Fl print_certs ++is set). ++.It Fl out Ar file ++The output to write to, ++or standard output if not specified. ++.It Fl outform Cm der | pem ++The output format. ++.It Fl print ++Print the ASN.1 representation of PKCS#7 structure. ++.It Fl print_certs ++Print any certificates or CRLs contained in the file, ++preceded by their subject and issuer names in a one-line format. ++.It Fl text ++Print certificate details in full rather than just subject and issuer names. ++.El ++.Tg pkcs8 ++.Sh PKCS8 ++.Bl -hang -width "openssl pkcs8" ++.It Nm openssl pkcs8 ++.Bk -words ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem ++.Op Fl nocrypt ++.Op Fl noiter ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem ++.Op Fl passin Ar arg ++.Op Fl passout Ar arg ++.Op Fl topk8 ++.Op Fl v1 Ar alg ++.Op Fl v2 Ar alg ++.Ek ++.El ++.Pp ++The ++.Nm pkcs8 ++command processes private keys ++(both encrypted and unencrypted) ++in PKCS#8 format ++with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. ++The default encryption is only 56 bits; ++keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts ++are more secure. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++If the key is encrypted, a pass phrase will be prompted for. ++.It Fl inform Cm der | pem ++The input format. ++.It Fl nocrypt ++Generate an unencrypted PrivateKeyInfo structure. ++This option does not encrypt private keys at all ++and should only be used when absolutely necessary. ++.It Fl noiter ++Use an iteration count of 1. ++See the ++.Sx PKCS12 ++section below for a detailed explanation of this option. ++.It Fl out Ar file ++The output file to write to, ++or standard output if none is specified. ++If any encryption options are set, a pass phrase will be prompted for. ++.It Fl outform Cm der | pem ++The output format. ++.It Fl passin Ar arg ++The key password source. ++.It Fl passout Ar arg ++The output file password source. ++.It Fl topk8 ++Read a traditional format private key and write a PKCS#8 format key. ++.It Fl v1 Ar alg ++Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use. ++.Pp ++.Bl -tag -width "XXXX" -compact ++.It PBE-MD5-DES ++56-bit DES. ++.It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES ++64-bit RC2 or 56-bit DES. ++.It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES ++.It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40 ++PKCS#12 password-based encryption algorithm, ++which allow strong encryption algorithms like triple DES or 128-bit RC2. ++.El ++.It Fl v2 Ar alg ++Use PKCS#5 v2.0 algorithms. ++Supports algorithms such as 168-bit triple DES or 128-bit RC2, ++however not many implementations support PKCS#5 v2.0 yet ++(if using private keys with ++.Nm openssl ++this doesn't matter). ++.Pp ++.Ar alg ++is the encryption algorithm to use; ++valid values include des, des3, and rc2. ++It is recommended that des3 is used. ++.El ++.Tg pkcs12 ++.Sh PKCS12 ++.Bl -hang -width "openssl pkcs12" ++.It Nm openssl pkcs12 ++.Bk -words ++.Oo ++.Fl aes128 | aes192 | aes256 | camellia128 | ++.Fl camellia192 | camellia256 | des | des3 | idea ++.Oc ++.Op Fl cacerts ++.Op Fl CAfile Ar file ++.Op Fl caname Ar name ++.Op Fl CApath Ar directory ++.Op Fl certfile Ar file ++.Op Fl certpbe Ar alg ++.Op Fl chain ++.Op Fl clcerts ++.Op Fl descert ++.Op Fl export ++.Op Fl in Ar file ++.Op Fl info ++.Op Fl inkey Ar file ++.Op Fl keyex ++.Op Fl keypbe Ar alg ++.Op Fl keysig ++.Op Fl macalg Ar alg ++.Op Fl maciter ++.Op Fl name Ar name ++.Op Fl nocerts ++.Op Fl nodes ++.Op Fl noiter ++.Op Fl nokeys ++.Op Fl nomac ++.Op Fl nomaciter ++.Op Fl nomacver ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl passin Ar arg ++.Op Fl passout Ar arg ++.Op Fl password Ar arg ++.Op Fl twopass ++.Ek ++.El ++.Pp ++The ++.Nm pkcs12 ++command allows PKCS#12 files ++.Pq sometimes referred to as PFX files ++to be created and parsed. ++By default, a PKCS#12 file is parsed; ++a PKCS#12 file can be created by using the ++.Fl export ++option. ++.Pp ++The options for parsing a PKCS12 file are as follows: ++.Bl -tag -width "XXXX" ++.It Xo ++.Fl aes128 | aes192 | aes256 | ++.Fl camellia128 | camellia192 | camellia256 | ++.Fl des | des3 | ++.Fl idea ++.Xc ++Encrypt private keys using AES, CAMELLIA, DES, triple DES ++or the IDEA ciphers, respectively. ++The default is triple DES. ++.It Fl cacerts ++Only output CA certificates ++.Pq not client certificates . ++.It Fl clcerts ++Only output client certificates ++.Pq not CA certificates . ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++.It Fl info ++Output additional information about the PKCS#12 file structure, ++algorithms used, and iteration counts. ++.It Fl nocerts ++Do not output certificates. ++.It Fl nodes ++Do not encrypt private keys. ++.It Fl nokeys ++Do not output private keys. ++.It Fl nomacver ++Do not attempt to verify the integrity MAC before reading the file. ++.It Fl noout ++Do not output the keys and certificates to the output file ++version of the PKCS#12 file. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl passin Ar arg ++The key password source. ++.It Fl passout Ar arg ++The output file password source. ++.It Fl twopass ++Prompt for separate integrity and encryption passwords: most software ++always assumes these are the same so this option will render such ++PKCS#12 files unreadable. ++.El ++.Pp ++The options for PKCS12 file creation are as follows: ++.Bl -tag -width "XXXX" ++.It Fl CAfile Ar file ++CA storage as a file. ++.It Fl CApath Ar directory ++CA storage as a directory. ++The directory must be a standard certificate directory: ++that is, a hash of each subject name (using ++.Nm x509 Fl hash ) ++should be linked to each certificate. ++.It Fl caname Ar name ++Specify the ++.Qq friendly name ++for other certificates. ++May be used multiple times to specify names for all certificates ++in the order they appear. ++.It Fl certfile Ar file ++A file to read additional certificates from. ++.It Fl certpbe Ar alg , Fl keypbe Ar alg ++Specify the algorithm used to encrypt the private key and ++certificates to be selected. ++Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used. ++If a cipher name ++(as output by the ++.Cm list-cipher-algorithms ++command) is specified then it ++is used with PKCS#5 v2.0. ++For interoperability reasons it is advisable to only use PKCS#12 algorithms. ++.It Fl chain ++Include the entire certificate chain of the user certificate. ++The standard CA store is used for this search. ++If the search fails, it is considered a fatal error. ++.It Fl descert ++Encrypt the certificate using triple DES; this may render the PKCS#12 ++file unreadable by some ++.Qq export grade ++software. ++By default, the private key is encrypted using triple DES and the ++certificate using 40-bit RC2. ++.It Fl export ++Create a PKCS#12 file (rather than parsing one). ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++The order doesn't matter but one private key and its corresponding ++certificate should be present. ++If additional certificates are present, they will also be included ++in the PKCS#12 file. ++.It Fl inkey Ar file ++File to read a private key from. ++If not present, a private key must be present in the input file. ++.It Fl keyex | keysig ++Specify whether the private key is to be used for key exchange or just signing. ++Normally, ++.Qq export grade ++software will only allow 512-bit RSA keys to be ++used for encryption purposes, but arbitrary length keys for signing. ++The ++.Fl keysig ++option marks the key for signing only. ++Signing only keys can be used for S/MIME signing, authenticode ++(ActiveX control signing) ++and SSL client authentication. ++.It Fl macalg Ar alg ++Specify the MAC digest algorithm. ++The default is SHA1. ++.It Fl maciter ++Included for compatibility only: ++it used to be needed to use MAC iterations counts ++but they are now used by default. ++.It Fl name Ar name ++Specify the ++.Qq friendly name ++for the certificate and private key. ++This name is typically displayed in list boxes by software importing the file. ++.It Fl nomac ++Don't attempt to provide the MAC integrity. ++.It Fl nomaciter , noiter ++Affect the iteration counts on the MAC and key algorithms. ++.Pp ++To discourage attacks by using large dictionaries of common passwords, ++the algorithm that derives keys from passwords can have an iteration count ++applied to it: this causes a certain part of the algorithm to be repeated ++and slows it down. ++The MAC is used to check the file integrity but since it will normally ++have the same password as the keys and certificates it could also be attacked. ++By default, both MAC and encryption iteration counts are set to 2048; ++using these options the MAC and encryption iteration counts can be set to 1. ++Since this reduces the file security, you should not use these options ++unless you really have to. ++Most software supports both MAC and key iteration counts. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl passin Ar arg ++The key password source. ++.It Fl passout Ar arg ++The output file password source. ++.It Fl password Ar arg ++With ++.Fl export , ++.Fl password ++is equivalent to ++.Fl passout . ++Otherwise, ++.Fl password ++is equivalent to ++.Fl passin . ++.El ++.Tg pkey ++.Sh PKEY ++.Bl -hang -width "openssl pkey" ++.It Nm openssl pkey ++.Bk -words ++.Op Ar cipher ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem ++.Op Fl passin Ar arg ++.Op Fl passout Ar arg ++.Op Fl pubin ++.Op Fl pubout ++.Op Fl text ++.Op Fl text_pub ++.Ek ++.El ++.Pp ++The ++.Nm pkey ++command processes public or private keys. ++They can be converted between various forms ++and their components printed out. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Ar cipher ++Encrypt the private key with the specified cipher. ++Any algorithm name accepted by ++.Xr EVP_get_cipherbyname 3 ++is acceptable, such as ++.Cm des3 . ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++If the key is encrypted, a pass phrase will be prompted for. ++.It Fl inform Cm der | pem ++The input format. ++.It Fl noout ++Do not output the encoded version of the key. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++If any encryption options are set then a pass phrase ++will be prompted for. ++.It Fl outform Cm der | pem ++The output format. ++.It Fl passin Ar arg ++The key password source. ++.It Fl passout Ar arg ++The output file password source. ++.It Fl pubin ++Read in a public key, not a private key. ++.It Fl pubout ++Output a public key, not a private key. ++Automatically set if the input is a public key. ++.It Fl text ++Print the public/private key in plain text. ++.It Fl text_pub ++Print out only public key components ++even if a private key is being processed. ++.El ++.Tg pkeyparam ++.Sh PKEYPARAM ++.Cm openssl pkeyparam ++.Op Fl in Ar file ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl text ++.Pp ++The ++.Nm pkeyparam ++command processes public or private keys. ++The key type is determined by the PEM headers. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++.It Fl noout ++Do not output the encoded version of the parameters. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl text ++Print the parameters in plain text. ++.El ++.Tg pkeyutl ++.Sh PKEYUTL ++.Bl -hang -width "openssl pkeyutl" ++.It Nm openssl pkeyutl ++.Bk -words ++.Op Fl asn1parse ++.Op Fl certin ++.Op Fl decrypt ++.Op Fl derive ++.Op Fl encrypt ++.Op Fl hexdump ++.Op Fl in Ar file ++.Op Fl inkey Ar file ++.Op Fl keyform Cm der | pem ++.Op Fl out Ar file ++.Op Fl passin Ar arg ++.Op Fl peerform Cm der | pem ++.Op Fl peerkey Ar file ++.Op Fl pkeyopt Ar opt : Ns Ar value ++.Op Fl pubin ++.Op Fl rev ++.Op Fl sigfile Ar file ++.Op Fl sign ++.Op Fl verify ++.Op Fl verifyrecover ++.Ek ++.El ++.Pp ++The ++.Nm pkeyutl ++command can be used to perform public key operations using ++any supported algorithm. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl asn1parse ++ASN.1 parse the output data. ++This is useful when combined with the ++.Fl verifyrecover ++option when an ASN.1 structure is signed. ++.It Fl certin ++The input is a certificate containing a public key. ++.It Fl decrypt ++Decrypt the input data using a private key. ++.It Fl derive ++Derive a shared secret using the peer key. ++.It Fl encrypt ++Encrypt the input data using a public key. ++.It Fl hexdump ++Hex dump the output data. ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++.It Fl inkey Ar file ++The input key file. ++By default it should be a private key. ++.It Fl keyform Cm der | pem ++The key format. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl passin Ar arg ++The key password source. ++.It Fl peerform Cm der | pem ++The peer key format. ++.It Fl peerkey Ar file ++The peer key file, used by key derivation (agreement) operations. ++.It Fl pkeyopt Ar opt : Ns Ar value ++Set the public key algorithm option ++.Ar opt ++to ++.Ar value . ++Unless otherwise mentioned, all algorithms support the format ++.Ar digest : Ns Ar alg , ++which specifies the digest to use ++for sign, verify, and verifyrecover operations. ++The value ++.Ar alg ++should represent a digest name as used in the ++.Xr EVP_get_digestbyname 3 ++function. ++.Pp ++The RSA algorithm supports the ++encrypt, decrypt, sign, verify, and verifyrecover operations in general. ++Some padding modes only support some of these ++operations however. ++.Bl -tag -width Ds ++.It rsa_padding_mode : Ns Ar mode ++This sets the RSA padding mode. ++Acceptable values for ++.Ar mode ++are ++.Cm pkcs1 ++for PKCS#1 padding; ++.Cm none ++for no padding; ++.Cm oaep ++for OAEP mode; ++.Cm x931 ++for X9.31 mode; ++and ++.Cm pss ++for PSS. ++.Pp ++In PKCS#1 padding if the message digest is not set then the supplied data is ++signed or verified directly instead of using a DigestInfo structure. ++If a digest is set then a DigestInfo ++structure is used and its length ++must correspond to the digest type. ++For oeap mode only encryption and decryption is supported. ++For x931 if the digest type is set it is used to format the block data; ++otherwise the first byte is used to specify the X9.31 digest ID. ++Sign, verify, and verifyrecover can be performed in this mode. ++For pss mode only sign and verify are supported and the digest type must be ++specified. ++.It rsa_pss_saltlen : Ns Ar len ++For pss ++mode only this option specifies the salt length. ++Two special values are supported: ++-1 sets the salt length to the digest length. ++When signing, -2 sets the salt length to the maximum permissible value. ++When verifying, -2 causes the salt length to be automatically determined ++based on the PSS block structure. ++.El ++.Pp ++The DSA algorithm supports the sign and verify operations. ++Currently there are no additional options other than ++.Ar digest . ++Only the SHA1 digest can be used and this digest is assumed by default. ++.Pp ++The DH algorithm supports the derive operation ++and no additional options. ++.Pp ++The EC algorithm supports the sign, verify, and derive operations. ++The sign and verify operations use ECDSA and derive uses ECDH. ++Currently there are no additional options other than ++.Ar digest . ++Only the SHA1 digest can be used and this digest is assumed by default. ++.It Fl pubin ++The input file is a public key. ++.It Fl rev ++Reverse the order of the input buffer. ++.It Fl sigfile Ar file ++Signature file (verify operation only). ++.It Fl sign ++Sign the input data and output the signed result. ++This requires a private key. ++.It Fl verify ++Verify the input data against the signature file and indicate if the ++verification succeeded or failed. ++.It Fl verifyrecover ++Verify the input data and output the recovered data. ++.El ++.Tg prime ++.Sh PRIME ++.Cm openssl prime ++.Op Fl bits Ar n ++.Op Fl checks Ar n ++.Op Fl generate ++.Op Fl hex ++.Op Fl safe ++.Ar p ++.Pp ++The ++.Nm prime ++command is used to generate prime numbers, ++or to check numbers for primality. ++Results are probabilistic: ++they have an exceedingly high likelihood of being correct, ++but are not guaranteed. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl bits Ar n ++Specify the number of bits in the generated prime number. ++Must be used in conjunction with ++.Fl generate . ++.It Fl checks Ar n ++Perform a Miller-Rabin probabilistic primality test with ++.Ar n ++iterations. ++The default is 20. ++.It Fl generate ++Generate a pseudo-random prime number. ++Must be used in conjunction with ++.Fl bits . ++.It Fl hex ++Output in hex format. ++.It Fl safe ++Generate only ++.Qq safe ++prime numbers ++(i.e. a prime p so that (p-1)/2 is also prime). ++.It Ar p ++Test if number ++.Ar p ++is prime. ++.El ++.Tg rand ++.Sh RAND ++.Bl -hang -width "openssl rand" ++.It Nm openssl rand ++.Bk -words ++.Op Fl base64 ++.Op Fl hex ++.Op Fl out Ar file ++.Ar num ++.Ek ++.El ++.Pp ++The ++.Nm rand ++command outputs ++.Ar num ++pseudo-random bytes. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl base64 ++Perform base64 encoding on the output. ++.It Fl hex ++Specify hexadecimal output. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.El ++.Tg req ++.Sh REQ ++.Bl -hang -width "openssl req" ++.It Nm openssl req ++.Bk -words ++.Op Fl addext Ar ext ++.Op Fl batch ++.Op Fl config Ar file ++.Op Fl days Ar n ++.Op Fl extensions Ar section ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem ++.Op Fl key Ar keyfile ++.Op Fl keyform Cm der | pem ++.Op Fl keyout Ar file ++.Op Fl md4 | md5 | sha1 ++.Op Fl modulus ++.Op Fl multivalue-rdn ++.Op Fl nameopt Ar option ++.Op Fl new ++.Op Fl newhdr ++.Op Fl newkey Ar arg ++.Op Fl nodes ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem ++.Op Fl passin Ar arg ++.Op Fl passout Ar arg ++.Op Fl pkeyopt Ar opt:value ++.Op Fl pubkey ++.Op Fl reqexts Ar section ++.Op Fl reqopt Ar option ++.Op Fl set_serial Ar n ++.Op Fl sigopt Ar nm:v ++.Op Fl subj Ar arg ++.Op Fl subject ++.Op Fl text ++.Op Fl utf8 ++.Op Fl verbose ++.Op Fl verify ++.Op Fl x509 ++.Ek ++.El ++.Pp ++The ++.Nm req ++command primarily creates and processes certificate requests ++in PKCS#10 format. ++It can additionally create self-signed certificates, ++for use as root CAs, for example. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl addext Ar ext ++Add a specific extension to the certificate (if the ++.Fl x509 ++option is present) or certificate request. ++The argument must have the form of a key=value pair as it would appear in a ++config file. ++This option can be given multiple times. ++.It Fl batch ++Non-interactive mode. ++.It Fl config Ar file ++Specify an alternative configuration file. ++.It Fl days Ar n ++Specify the number of days to certify the certificate for. ++The default is 30 days. ++Used with the ++.Fl x509 ++option. ++.It Fl extensions Ar section , Fl reqexts Ar section ++Specify alternative sections to include certificate ++extensions (with ++.Fl x509 ) ++or certificate request extensions, ++allowing several different sections to be used in the same configuration file. ++.It Fl in Ar file ++The input file to read a request from, ++or standard input if not specified. ++A request is only read if the creation options ++.Fl new ++and ++.Fl newkey ++are not specified. ++.It Fl inform Cm der | pem ++The input format. ++.It Fl key Ar keyfile ++The file to read the private key from. ++It also accepts PKCS#8 format private keys for PEM format files. ++.It Fl keyform Cm der | pem ++The format of the private key file specified in the ++.Fl key ++argument. ++The default is ++.Cm pem . ++.It Fl keyout Ar file ++The file to write the newly created private key to. ++If this option is not specified, ++the filename present in the configuration file is used. ++.It Fl md5 | sha1 | sha256 ++The message digest to sign the request with. ++This overrides the digest algorithm specified in the configuration file. ++.Pp ++Some public key algorithms may override this choice. ++For instance, DSA signatures always use SHA1. ++.It Fl modulus ++Print the value of the modulus of the public key contained in the request. ++.It Fl multivalue-rdn ++This option causes the ++.Fl subj ++argument to be interpreted with full support for multivalued RDNs, ++for example ++.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . ++If ++.Fl multivalue-rdn ++is not used, the UID value is set to ++.Qq "123456+CN=John Doe" . ++.It Fl nameopt Ar option , Fl reqopt Ar option ++Determine how the subject or issuer names are displayed. ++.Ar option ++can be a single option or multiple options separated by commas. ++Alternatively, these options may be used more than once to set multiple options. ++See the ++.Sx X509 ++section below for details. ++.It Fl new ++Generate a new certificate request. ++The user is prompted for the relevant field values. ++The actual fields prompted for and their maximum and minimum sizes ++are specified in the configuration file and any requested extensions. ++.Pp ++If the ++.Fl key ++option is not used, it will generate a new RSA private ++key using information specified in the configuration file. ++.It Fl newhdr ++Add the word NEW to the PEM file header and footer lines ++on the outputted request. ++Some software and CAs need this. ++.It Fl newkey Ar arg ++Create a new certificate request and a new private key. ++The argument takes one of several forms. ++.Pp ++.No rsa : Ns Ar nbits ++generates an RSA key ++.Ar nbits ++in size. ++If ++.Ar nbits ++is omitted, ++the default key size is used. ++.Pp ++.No dsa : Ns Ar file ++generates a DSA key using the parameters in ++.Ar file . ++.Pp ++.No param : Ns Ar file ++generates a key using the parameters or certificate in ++.Ar file . ++.Pp ++All other algorithms support the form ++.Ar algorithm : Ns Ar file , ++where file may be an algorithm parameter file, ++created by the ++.Cm genpkey -genparam ++command or an X.509 certificate for a key with appropriate algorithm. ++.Ar file ++can be omitted, ++in which case any parameters can be specified via the ++.Fl pkeyopt ++option. ++.It Fl nodes ++Do not encrypt the private key. ++.It Fl noout ++Do not output the encoded version of the request. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl outform Cm der | pem ++The output format. ++.It Fl passin Ar arg ++The key password source. ++.It Fl passout Ar arg ++The output file password source. ++.It Fl pkeyopt Ar opt:value ++Set the public key algorithm option ++.Ar opt ++to ++.Ar value . ++.It Fl pubkey ++Output the public key. ++.It Fl reqopt Ar option ++Customise the output format used with ++.Fl text . ++The ++.Ar option ++argument can be a single option or multiple options separated by commas. ++See also the discussion of ++.Fl certopt ++in the ++.Nm x509 ++command. ++.It Fl set_serial Ar n ++Serial number to use when outputting a self-signed certificate. ++This may be specified as a decimal value or a hex value if preceded by ++.Sq 0x . ++It is possible to use negative serial numbers but this is not recommended. ++.It Fl sigopt Ar nm:v ++Pass options to the signature algorithm during sign operation. ++The names and values of these options are algorithm-specific. ++.It Fl subj Ar arg ++Replaces the subject field of an input request ++with the specified data and output the modified request. ++.Ar arg ++must be formatted as /type0=value0/type1=value1/type2=...; ++characters may be escaped by ++.Sq \e ++(backslash); ++no spaces are skipped. ++.It Fl subject ++Print the request subject (or certificate subject if ++.Fl x509 ++is specified). ++.It Fl text ++Print the certificate request in plain text. ++.It Fl utf8 ++Interpret field values as UTF8 strings, not ASCII. ++.It Fl verbose ++Print extra details about the operations being performed. ++.It Fl verify ++Verify the signature on the request. ++.It Fl x509 ++Output a self-signed certificate instead of a certificate request. ++This is typically used to generate a test certificate or a self-signed root CA. ++The extensions added to the certificate (if any) ++are specified in the configuration file. ++Unless specified using the ++.Fl set_serial ++option, 0 is used for the serial number. ++.El ++.Pp ++The configuration options are specified in the ++.Qq req ++section of the configuration file. ++The options available are as follows: ++.Bl -tag -width "XXXX" ++.It Cm attributes ++The section containing any request attributes: its format ++is the same as ++.Cm distinguished_name . ++Typically these may contain the challengePassword or unstructuredName types. ++They are currently ignored by the ++.Nm openssl ++request signing utilities, but some CAs might want them. ++.It Cm default_bits ++The default key size, in bits. ++The default is 2048. ++It is used if the ++.Fl new ++option is used and can be overridden by using the ++.Fl newkey ++option. ++.It Cm default_keyfile ++The default file to write a private key to, ++or standard output if not specified. ++It can be overridden by the ++.Fl keyout ++option. ++.It Cm default_md ++The digest algorithm to use. ++Possible values include ++.Cm md5 , ++.Cm sha1 ++and ++.Cm sha256 ++(the default). ++It can be overridden on the command line. ++.It Cm distinguished_name ++The section containing the distinguished name fields to ++prompt for when generating a certificate or certificate request. ++The format is described below. ++.It Cm encrypt_key ++If set to ++.Qq no ++and a private key is generated, it is not encrypted. ++It is equivalent to the ++.Fl nodes ++option. ++For compatibility, ++.Cm encrypt_rsa_key ++is an equivalent option. ++.It Cm input_password | output_password ++The passwords for the input private key file (if present) ++and the output private key file (if one will be created). ++The command line options ++.Fl passin ++and ++.Fl passout ++override the configuration file values. ++.It Cm oid_file ++A file containing additional OBJECT IDENTIFIERS. ++Each line of the file should consist of the numerical form of the ++object identifier, followed by whitespace, then the short name followed ++by whitespace and finally the long name. ++.It Cm oid_section ++Specify a section in the configuration file containing extra ++object identifiers. ++Each line should consist of the short name of the ++object identifier followed by ++.Sq = ++and the numerical form. ++The short and long names are the same when this option is used. ++.It Cm prompt ++If set to ++.Qq no , ++it disables prompting of certificate fields ++and just takes values from the config file directly. ++It also changes the expected format of the ++.Cm distinguished_name ++and ++.Cm attributes ++sections. ++.It Cm req_extensions ++The configuration file section containing a list of ++extensions to add to the certificate request. ++It can be overridden by the ++.Fl reqexts ++option. ++.It Cm string_mask ++Limit the string types for encoding certain fields. ++The following values may be used, limiting strings to the indicated types: ++.Bl -tag -width "MASK:number" ++.It Cm utf8only ++UTF8String. ++This is the default, as recommended by PKIX in RFC 2459. ++.It Cm default ++PrintableString, IA5String, T61String, BMPString, UTF8String. ++.It Cm pkix ++PrintableString, IA5String, BMPString, UTF8String. ++Inspired by the PKIX recommendation in RFC 2459 for certificates ++generated before 2004, but differs by also permitting IA5String. ++.It Cm nombstr ++PrintableString, IA5String, T61String, UniversalString. ++A workaround for some ancient software that had problems ++with the variable-sized BMPString and UTF8String types. ++.It Cm MASK : Ns Ar number ++An explicit bitmask of permitted types, where ++.Ar number ++is a C-style hex, decimal, or octal number that's a bit-wise OR of ++.Dv B_ASN1_* ++values from ++.In openssl/asn1.h . ++.El ++.It Cm utf8 ++If set to ++.Qq yes , ++field values are interpreted as UTF8 strings. ++.It Cm x509_extensions ++The configuration file section containing a list of ++extensions to add to a certificate generated when the ++.Fl x509 ++switch is used. ++It can be overridden by the ++.Fl extensions ++command line switch. ++.El ++.Pp ++There are two separate formats for the distinguished name and attribute ++sections. ++If the ++.Fl prompt ++option is set to ++.Qq no , ++then these sections just consist of field names and values. ++If the ++.Fl prompt ++option is absent or not set to ++.Qq no , ++then the file contains field prompting information of the form: ++.Bd -unfilled -offset indent ++fieldName="prompt" ++fieldName_default="default field value" ++fieldName_min= 2 ++fieldName_max= 4 ++.Ed ++.Pp ++.Qq fieldName ++is the field name being used, for example ++.Cm commonName ++(or CN). ++The ++.Qq prompt ++string is used to ask the user to enter the relevant details. ++If the user enters nothing, the default value is used; ++if no default value is present, the field is omitted. ++A field can still be omitted if a default value is present, ++if the user just enters the ++.Sq \&. ++character. ++.Pp ++The number of characters entered must be between the ++fieldName_min and fieldName_max limits: ++there may be additional restrictions based on the field being used ++(for example ++.Cm countryName ++can only ever be two characters long and must fit in a ++.Cm PrintableString ) . ++.Pp ++Some fields (such as ++.Cm organizationName ) ++can be used more than once in a DN. ++This presents a problem because configuration files will ++not recognize the same name occurring twice. ++To avoid this problem, if the ++.Cm fieldName ++contains some characters followed by a full stop, they will be ignored. ++So, for example, a second ++.Cm organizationName ++can be input by calling it ++.Qq 1.organizationName . ++.Pp ++The actual permitted field names are any object identifier short or ++long names. ++These are compiled into ++.Nm openssl ++and include the usual values such as ++.Cm commonName , countryName , localityName , organizationName , ++.Cm organizationalUnitName , stateOrProvinceName . ++Additionally, ++.Cm emailAddress ++is included as well as ++.Cm name , surname , givenName , initials ++and ++.Cm dnQualifier . ++.Pp ++Additional object identifiers can be defined with the ++.Cm oid_file ++or ++.Cm oid_section ++options in the configuration file. ++Any additional fields will be treated as though they were a ++.Cm DirectoryString . ++.Tg rsa ++.Sh RSA ++.Bl -hang -width "openssl rsa" ++.It Nm openssl rsa ++.Bk -words ++.Op Fl aes128 | aes192 | aes256 | des | des3 ++.Op Fl check ++.Op Fl in Ar file ++.Op Fl inform Cm der | net | pem | pvk ++.Op Fl modulus ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl outform Cm der | net | pem | pvk ++.Op Fl passin Ar arg ++.Op Fl passout Ar arg ++.Op Fl pubin ++.Op Fl pubout ++.Op Fl pvk-none | pvk-strong | pvk-weak ++.Op Fl RSAPublicKey_in ++.Op Fl RSAPublicKey_out ++.Op Fl text ++.Ek ++.El ++.Pp ++The ++.Nm rsa ++command processes RSA keys. ++They can be converted between various forms and their components printed out. ++.Nm rsa ++uses the traditional ++.Nm SSLeay ++compatible format for private key encryption: ++newer applications should use the more secure PKCS#8 format using the ++.Nm pkcs8 ++utility. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl aes128 | aes192 | aes256 | des | des3 ++Encrypt the private key with the AES, DES, ++or the triple DES ciphers, respectively, before outputting it. ++A pass phrase is prompted for. ++If none of these options are specified, the key is written in plain text. ++This means that using the ++.Nm rsa ++utility to read in an encrypted key with no encryption option can be used ++to remove the pass phrase from a key, or by setting the encryption options ++it can be used to add or change the pass phrase. ++These options can only be used with PEM format output files. ++.It Fl check ++Check the consistency of an RSA private key. ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++If the key is encrypted, a pass phrase will be prompted for. ++.It Fl inform Cm der | net | pem | pvk ++The input format. ++.It Fl noout ++Do not output the encoded version of the key. ++.It Fl modulus ++Print the value of the modulus of the key. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl outform Cm der | net | pem | pvk ++The output format. ++.It Fl passin Ar arg ++The key password source. ++.It Fl passout Ar arg ++The output file password source. ++.It Fl pubin ++Read in a public key, ++not a private key. ++.It Fl pubout ++Output a public key, ++not a private key. ++Automatically set if the input is a public key. ++.It Xo ++.Fl pvk-none | pvk-strong | pvk-weak ++.Xc ++Enable or disable PVK encoding. ++The default is ++.Fl pvk-strong . ++.It Fl RSAPublicKey_in , RSAPublicKey_out ++Same as ++.Fl pubin ++and ++.Fl pubout ++except ++.Cm RSAPublicKey ++format is used instead. ++.It Fl text ++Print the public/private key components in plain text. ++.El ++.Tg rsautl ++.Sh RSAUTL ++.Bl -hang -width "openssl rsautl" ++.It Nm openssl rsautl ++.Bk -words ++.Op Fl asn1parse ++.Op Fl certin ++.Op Fl decrypt ++.Op Fl encrypt ++.Op Fl hexdump ++.Op Fl in Ar file ++.Op Fl inkey Ar file ++.Op Fl keyform Cm der | pem ++.Op Fl oaep | pkcs | raw | x931 ++.Op Fl out Ar file ++.Op Fl passin Ar arg ++.Op Fl pubin ++.Op Fl rev ++.Op Fl sign ++.Op Fl verify ++.Ek ++.El ++.Pp ++The ++.Nm rsautl ++command can be used to sign, verify, encrypt and decrypt ++data using the RSA algorithm. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl asn1parse ++Asn1parse the output data; this is useful when combined with the ++.Fl verify ++option. ++.It Fl certin ++The input is a certificate containing an RSA public key. ++.It Fl decrypt ++Decrypt the input data using an RSA private key. ++.It Fl encrypt ++Encrypt the input data using an RSA public key. ++.It Fl hexdump ++Hex dump the output data. ++.It Fl in Ar file ++The input to read from, ++or standard input if not specified. ++.It Fl inkey Ar file ++The input key file; by default an RSA private key. ++.It Fl keyform Cm der | pem ++The private key format. ++The default is ++.Cm pem . ++.It Fl oaep | pkcs | raw | x931 ++The padding to use: ++PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31, ++respectively. ++For signatures, only ++.Fl pkcs ++and ++.Fl raw ++can be used. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl passin Ar arg ++The key password source. ++.It Fl pubin ++The input file is an RSA public key. ++.It Fl rev ++Reverse the order of the input buffer. ++.It Fl sign ++Sign the input data and output the signed result. ++This requires an RSA private key. ++.It Fl verify ++Verify the input data and output the recovered data. ++.El ++.Tg s_client ++.Sh S_CLIENT ++.Bl -hang -width "openssl s_client" ++.It Nm openssl s_client ++.Bk -words ++.Op Fl 4 | 6 ++.Op Fl alpn Ar protocols ++.Op Fl bugs ++.Op Fl CAfile Ar file ++.Op Fl CApath Ar directory ++.Op Fl cert Ar file ++.Op Fl certform Cm der | pem ++.Op Fl check_ss_sig ++.Op Fl cipher Ar cipherlist ++.Op Fl connect Ar host Ns Op : Ns Ar port ++.Op Fl crl_check ++.Op Fl crl_check_all ++.Op Fl crlf ++.Op Fl debug ++.Op Fl dtls ++.Op Fl dtls1_2 ++.Op Fl extended_crl ++.Op Fl groups Ar list ++.Op Fl host Ar host ++.Op Fl ign_eof ++.Op Fl ignore_critical ++.Op Fl issuer_checks ++.Op Fl key Ar keyfile ++.Op Fl keyform Cm der | pem ++.Op Fl keymatexport Ar label ++.Op Fl keymatexportlen Ar len ++.Op Fl legacy_server_connect ++.Op Fl msg ++.Op Fl mtu Ar mtu ++.Op Fl nbio ++.Op Fl nbio_test ++.Op Fl no_comp ++.Op Fl no_ign_eof ++.Op Fl no_legacy_server_connect ++.Op Fl no_ticket ++.Op Fl no_tls1_2 ++.Op Fl no_tls1_3 ++.Op Fl pass Ar arg ++.Op Fl policy_check ++.Op Fl port Ar port ++.Op Fl prexit ++.Op Fl proxy Ar host : Ns Ar port ++.Op Fl quiet ++.Op Fl reconnect ++.Op Fl servername Ar name ++.Op Fl serverpref ++.Op Fl sess_in Ar file ++.Op Fl sess_out Ar file ++.Op Fl showcerts ++.Op Fl starttls Ar protocol ++.Op Fl state ++.Op Fl status ++.Op Fl timeout ++.Op Fl tls1_2 ++.Op Fl tls1_3 ++.Op Fl tlsextdebug ++.Op Fl use_srtp Ar profiles ++.Op Fl verify Ar depth ++.Op Fl verify_return_error ++.Op Fl x509_strict ++.Op Fl xmpphost Ar host ++.Ek ++.El ++.Pp ++The ++.Nm s_client ++command implements a generic SSL/TLS client which connects ++to a remote host using SSL/TLS. ++.Pp ++If a connection is established with an SSL server, any data received ++from the server is displayed and any key presses will be sent to the ++server. ++When used interactively (which means neither ++.Fl quiet ++nor ++.Fl ign_eof ++have been given), the session will be renegotiated if the line begins with an ++.Cm R ; ++if the line begins with a ++.Cm Q ++or if end of file is reached, the connection will be closed down. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl 4 ++Attempt connections using IPv4 only. ++.It Fl 6 ++Attempt connections using IPv6 only. ++.It Fl alpn Ar protocols ++Enable the Application-Layer Protocol Negotiation. ++.Ar protocols ++is a comma-separated list of protocol names that the client should advertise ++support for. ++.It Fl bugs ++Enable various workarounds for buggy implementations. ++.It Fl CAfile Ar file ++A ++.Ar file ++containing trusted certificates to use during server authentication ++and to use when attempting to build the client certificate chain. ++.It Fl CApath Ar directory ++The ++.Ar directory ++to use for server certificate verification. ++This directory must be in ++.Qq hash format ; ++see ++.Fl verify ++for more information. ++These are also used when building the client certificate chain. ++.It Fl cert Ar file ++The certificate to use, if one is requested by the server. ++The default is not to use a certificate. ++.It Fl certform Cm der | pem ++The certificate format. ++The default is ++.Cm pem . ++.It Xo ++.Fl check_ss_sig , ++.Fl crl_check , ++.Fl crl_check_all , ++.Fl extended_crl , ++.Fl ignore_critical , ++.Fl issuer_checks , ++.Fl policy_check , ++.Fl x509_strict ++.Xc ++Set various certificate chain validation options. ++See the ++.Nm verify ++command for details. ++.It Fl cipher Ar cipherlist ++Modify the cipher list sent by the client. ++Although the server determines which cipher suite is used, it should take ++the first supported cipher in the list sent by the client. ++See the ++.Nm ciphers ++command for more information. ++.It Fl connect Ar host Ns Op : Ns Ar port ++The ++.Ar host ++and ++.Ar port ++to connect to. ++If not specified, an attempt is made to connect to the local host ++on port 4433. ++Alternatively, the host and port pair may be separated using a forward-slash ++character, ++which is useful for numeric IPv6 addresses. ++.It Fl crlf ++Translate a line feed from the terminal into CR+LF, ++as required by some servers. ++.It Fl debug ++Print extensive debugging information, including a hex dump of all traffic. ++.It Fl dtls ++Permit any version of DTLS. ++.It Fl dtls1_2 ++Permit only DTLS1.2. ++.It Fl groups Ar list ++Set the supported elliptic curve groups to the colon separated ++.Ar list ++of group NIDs or names as documented in ++.Xr SSL_CTX_set1_groups_list 3 . ++.It Fl host Ar host ++The ++.Ar host ++to connect to. ++The default is localhost. ++.It Fl ign_eof ++Inhibit shutting down the connection when end of file is reached in the input. ++.It Fl key Ar keyfile ++The private key to use. ++If not specified, the certificate file will be used. ++.It Fl keyform Cm der | pem ++The private key format. ++The default is ++.Cm pem . ++.It Fl keymatexport Ar label ++Export keying material using label. ++.It Fl keymatexportlen Ar len ++Export len bytes of keying material (default 20). ++.It Fl legacy_server_connect , no_legacy_server_connect ++Allow or disallow initial connection to servers that don't support RI. ++.It Fl msg ++Show all protocol messages with hex dump. ++.It Fl mtu Ar mtu ++Set the link layer MTU. ++.It Fl nbio ++Turn on non-blocking I/O. ++.It Fl nbio_test ++Test non-blocking I/O. ++.It Fl no_ign_eof ++Shut down the connection when end of file is reached in the input. ++Can be used to override the implicit ++.Fl ign_eof ++after ++.Fl quiet . ++.It Fl no_tls1_2 | no_tls1_3 ++Disable the use of TLS1.2 and 1.3, respectively. ++.It Fl no_ticket ++Disable RFC 4507 session ticket support. ++.It Fl pass Ar arg ++The private key password source. ++.It Fl port Ar port ++The ++.Ar port ++to connect to. ++The default is 4433. ++.It Fl prexit ++Print session information when the program exits. ++This will always attempt ++to print out information even if the connection fails. ++Normally, information will only be printed out once if the connection succeeds. ++This option is useful because the cipher in use may be renegotiated ++or the connection may fail because a client certificate is required or is ++requested only after an attempt is made to access a certain URL. ++Note that the output produced by this option is not always accurate ++because a connection might never have been established. ++.It Fl proxy Ar host : Ns Ar port ++Use the HTTP proxy at ++.Ar host ++and ++.Ar port . ++The connection to the proxy is done in cleartext and the ++.Fl connect ++argument is given to the proxy. ++If not specified, localhost is used as final destination. ++After that, switch the connection through the proxy to the destination ++to TLS. ++.It Fl quiet ++Inhibit printing of session and certificate information. ++This implicitly turns on ++.Fl ign_eof ++as well. ++.It Fl reconnect ++Reconnect to the same server 5 times using the same session ID; this can ++be used as a test that session caching is working. ++.It Fl servername Ar name ++Include the TLS Server Name Indication (SNI) extension in the ClientHello ++message, using the specified server ++.Ar name . ++.It Fl showcerts ++Display the whole server certificate chain: normally only the server ++certificate itself is displayed. ++.It Fl serverpref ++Use the server's cipher preferences. ++.It Fl sess_in Ar file ++Load TLS session from file. ++The client will attempt to resume a connection from this session. ++.It Fl sess_out Ar file ++Output TLS session to file. ++.It Fl starttls Ar protocol ++Send the protocol-specific messages to switch to TLS for communication. ++.Ar protocol ++is a keyword for the intended protocol. ++Currently, the supported keywords are ++.Qq ftp , ++.Qq imap , ++.Qq smtp , ++.Qq pop3 , ++and ++.Qq xmpp . ++.It Fl state ++Print the SSL session states. ++.It Fl status ++Send a certificate status request to the server (OCSP stapling). ++The server response (if any) is printed out. ++.It Fl timeout ++Enable send/receive timeout on DTLS connections. ++.It Fl tls1_2 | tls1_3 ++Permit only TLS1.2 or 1.3 respectively. ++.It Fl tlsextdebug ++Print a hex dump of any TLS extensions received from the server. ++.It Fl use_srtp Ar profiles ++Offer SRTP key management with a colon-separated profile list. ++.It Fl verify Ar depth ++Turn on server certificate verification, ++with a maximum length of ++.Ar depth . ++Currently the verify operation continues after errors so all the problems ++with a certificate chain can be seen. ++As a side effect the connection will never fail due to a server ++certificate verify failure. ++.It Fl verify_return_error ++Return verification error. ++.It Fl xmpphost Ar hostname ++When used with ++.Fl starttls Ar xmpp , ++specify the host for the "to" attribute of the stream element. ++If this option is not specified then the host specified with ++.Fl connect ++will be used. ++.El ++.Tg s_server ++.Sh S_SERVER ++.Bl -hang -width "openssl s_server" ++.It Nm openssl s_server ++.Bk -words ++.Op Fl accept Ar port ++.Op Fl alpn Ar protocols ++.Op Fl bugs ++.Op Fl CAfile Ar file ++.Op Fl CApath Ar directory ++.Op Fl cert Ar file ++.Op Fl cert2 Ar file ++.Op Fl certform Cm der | pem ++.Op Fl cipher Ar cipherlist ++.Op Fl context Ar id ++.Op Fl crl_check ++.Op Fl crl_check_all ++.Op Fl crlf ++.Op Fl dcert Ar file ++.Op Fl dcertform Cm der | pem ++.Op Fl debug ++.Op Fl dhparam Ar file ++.Op Fl dkey Ar file ++.Op Fl dkeyform Cm der | pem ++.Op Fl dpass Ar arg ++.Op Fl dtls ++.Op Fl dtls1 ++.Op Fl dtls1_2 ++.Op Fl groups Ar list ++.Op Fl HTTP ++.Op Fl id_prefix Ar arg ++.Op Fl key Ar keyfile ++.Op Fl key2 Ar keyfile ++.Op Fl keyform Cm der | pem ++.Op Fl keymatexport Ar label ++.Op Fl keymatexportlen Ar len ++.Op Fl msg ++.Op Fl mtu Ar mtu ++.Op Fl naccept Ar num ++.Op Fl named_curve Ar arg ++.Op Fl nbio ++.Op Fl nbio_test ++.Op Fl no_cache ++.Op Fl no_dhe ++.Op Fl no_ecdhe ++.Op Fl no_ticket ++.Op Fl no_tls1_2 ++.Op Fl no_tls1_3 ++.Op Fl no_tmp_rsa ++.Op Fl nocert ++.Op Fl pass Ar arg ++.Op Fl quiet ++.Op Fl servername Ar name ++.Op Fl servername_fatal ++.Op Fl serverpref ++.Op Fl state ++.Op Fl status ++.Op Fl status_timeout Ar nsec ++.Op Fl status_url Ar url ++.Op Fl status_verbose ++.Op Fl timeout ++.Op Fl tls1_2 ++.Op Fl tls1_3 ++.Op Fl tlsextdebug ++.Op Fl use_srtp Ar profiles ++.Op Fl Verify Ar depth ++.Op Fl verify Ar depth ++.Op Fl verify_return_error ++.Op Fl WWW ++.Op Fl www ++.Ek ++.El ++.Pp ++The ++.Nm s_server ++command implements a generic SSL/TLS server which listens ++for connections on a given port using SSL/TLS. ++.Pp ++If a connection request is established with a client and neither the ++.Fl www ++nor the ++.Fl WWW ++option has been used, then any data received ++from the client is displayed and any key presses are sent to the client. ++Certain single letter commands perform special operations: ++.Pp ++.Bl -tag -width "XXXX" -compact ++.It Ic P ++Send plain text, which should cause the client to disconnect. ++.It Ic Q ++End the current SSL connection and exit. ++.It Ic q ++End the current SSL connection, but still accept new connections. ++.It Ic R ++Renegotiate the SSL session and request a client certificate. ++.It Ic r ++Renegotiate the SSL session. ++.It Ic S ++Print out some session cache status information. ++.El ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl accept Ar port ++Listen on TCP ++.Ar port ++for connections. ++The default is port 4433. ++.It Fl alpn Ar protocols ++Enable the Application-Layer Protocol Negotiation. ++.Ar protocols ++is a comma-separated list of supported protocol names. ++.It Fl bugs ++Enable various workarounds for buggy implementations. ++.It Fl CAfile Ar file ++A ++.Ar file ++containing trusted certificates to use during client authentication ++and to use when attempting to build the server certificate chain. ++The list is also used in the list of acceptable client CAs passed to the ++client when a certificate is requested. ++.It Fl CApath Ar directory ++The ++.Ar directory ++to use for client certificate verification. ++This directory must be in ++.Qq hash format ; ++see ++.Fl verify ++for more information. ++These are also used when building the server certificate chain. ++.It Fl cert Ar file ++The certificate to use: most server's cipher suites require the use of a ++certificate and some require a certificate with a certain public key type. ++For example, the DSS cipher suites require a certificate containing a DSS ++(DSA) key. ++If not specified, the file ++.Pa server.pem ++will be used. ++.It Fl cert2 Ar file ++The certificate to use for servername. ++.It Fl certform Cm der | pem ++The certificate format. ++The default is ++.Cm pem . ++.It Fl cipher Ar cipherlist ++Modify the cipher list used by the server. ++This allows the cipher list used by the server to be modified. ++When the client sends a list of supported ciphers, the first client cipher ++also included in the server list is used. ++Because the client specifies the preference order, the order of the server ++cipherlist is irrelevant. ++See the ++.Nm ciphers ++command for more information. ++.It Fl context Ar id ++Set the SSL context ID. ++It can be given any string value. ++.It Fl crl_check , crl_check_all ++Check the peer certificate has not been revoked by its CA. ++The CRLs are appended to the certificate file. ++.Fl crl_check_all ++checks all CRLs of all CAs in the chain. ++.It Fl crlf ++Translate a line feed from the terminal into CR+LF. ++.It Fl dcert Ar file , Fl dkey Ar file ++Specify an additional certificate and private key; these behave in the ++same manner as the ++.Fl cert ++and ++.Fl key ++options except there is no default if they are not specified ++(no additional certificate or key is used). ++By using RSA and DSS certificates and keys, ++a server can support clients which only support RSA or DSS cipher suites ++by using an appropriate certificate. ++.It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg ++Additional certificate and private key format, and private key password source, ++respectively. ++.It Fl debug ++Print extensive debugging information, including a hex dump of all traffic. ++.It Fl dhparam Ar file ++The DH parameter file to use. ++The ephemeral DH cipher suites generate keys ++using a set of DH parameters. ++If not specified, an attempt is made to ++load the parameters from the server certificate file. ++If this fails, a static set of parameters hard coded into the ++.Nm s_server ++program will be used. ++.It Fl dtls ++Permit any version of DTLS. ++.It Fl dtls1_2 ++Permit only DTLS1.2. ++.It Fl groups Ar list ++Set the supported elliptic curve groups to the colon separated ++.Ar list ++of group NIDs or names as documented in ++.Xr SSL_CTX_set1_groups_list 3 . ++.It Fl HTTP ++Emulate a simple web server. ++Pages are resolved relative to the current directory. ++For example if the URL ++.Pa https://myhost/page.html ++is requested, the file ++.Pa ./page.html ++will be loaded. ++The files loaded are assumed to contain a complete and correct HTTP ++response (lines that are part of the HTTP response line and headers ++must end with CRLF). ++.It Fl id_prefix Ar arg ++Generate SSL/TLS session IDs prefixed by ++.Ar arg . ++This is mostly useful for testing any SSL/TLS code ++that wish to deal with multiple servers, ++when each of which might be generating a unique range of session IDs. ++.It Fl key Ar keyfile ++The private key to use. ++If not specified, the certificate file will be used. ++.It Fl key2 Ar keyfile ++The private key to use for servername. ++.It Fl keyform Cm der | pem ++The private key format. ++The default is ++.Cm pem . ++.It Fl keymatexport Ar label ++Export keying material using label. ++.It Fl keymatexportlen Ar len ++Export len bytes of keying material (default 20). ++.It Fl msg ++Show all protocol messages with hex dump. ++.It Fl mtu Ar mtu ++Set the link layer MTU. ++.It Fl naccept Ar num ++Terminate server after ++.Ar num ++connections. ++.It Fl named_curve Ar arg ++Specify the elliptic curve name to use for ephemeral ECDH keys. ++This option is deprecated; use ++.Fl groups ++instead. ++.It Fl nbio ++Turn on non-blocking I/O. ++.It Fl nbio_test ++Test non-blocking I/O. ++.It Fl no_cache ++Disable session caching. ++.It Fl no_dhe ++Disable ephemeral DH cipher suites. ++.It Fl no_ecdhe ++Disable ephemeral ECDH cipher suites. ++.It Fl no_ticket ++Disable RFC 4507 session ticket support. ++.It Fl no_tls1_2 | no_tls1_3 ++Disable the use of TLS1.2 and 1.3, respectively. ++.It Fl no_tmp_rsa ++Disable temporary RSA key generation. ++.It Fl nocert ++Do not use a certificate. ++This restricts the cipher suites available to the anonymous ones ++(currently just anonymous DH). ++.It Fl pass Ar arg ++The private key password source. ++.It Fl quiet ++Inhibit printing of session and certificate information. ++.It Fl servername Ar name ++Set the TLS Server Name Indication (SNI) extension with ++.Ar name . ++.It Fl servername_fatal ++Send fatal alert if servername does not match. ++The default is warning alert. ++.It Fl serverpref ++Use server's cipher preferences. ++.It Fl state ++Print the SSL session states. ++.It Fl status ++Enables certificate status request support (OCSP stapling). ++.It Fl status_timeout Ar nsec ++Sets the timeout for OCSP response in seconds. ++.It Fl status_url Ar url ++Sets a fallback responder URL to use if no responder URL is present in the ++server certificate. ++Without this option, an error is returned if the server certificate does not ++contain a responder address. ++.It Fl status_verbose ++Enables certificate status request support (OCSP stapling) and gives a verbose ++printout of the OCSP response. ++.It Fl timeout ++Enable send/receive timeout on DTLS connections. ++.It Fl tls1_2 | tls1_3 ++Permit only TLS1.2, or 1.3, respectively. ++.It Fl tlsextdebug ++Print a hex dump of any TLS extensions received from the server. ++.It Fl use_srtp Ar profiles ++Offer SRTP key management with a colon-separated profile list. ++.It Fl verify_return_error ++Return verification error. ++.It Fl WWW ++Emulate a simple web server. ++Pages are resolved relative to the current directory. ++For example if the URL ++.Pa https://myhost/page.html ++is requested, the file ++.Pa ./page.html ++will be loaded. ++.It Fl www ++Send a status message to the client when it connects, ++including information about the ciphers used and various session parameters. ++The output is in HTML format so this option will normally be used with a ++web browser. ++.It Fl Verify Ar depth , Fl verify Ar depth ++Request a certificate chain from the client, ++with a maximum length of ++.Ar depth . ++With ++.Fl Verify , ++the client must supply a certificate or an error occurs; ++with ++.Fl verify , ++a certificate is requested but the client does not have to send one. ++.El ++.Tg s_time ++.Sh S_TIME ++.Bl -hang -width "openssl s_time" ++.It Nm openssl s_time ++.Bk -words ++.Op Fl bugs ++.Op Fl CAfile Ar file ++.Op Fl CApath Ar directory ++.Op Fl cert Ar file ++.Op Fl cipher Ar cipherlist ++.Op Fl connect Ar host Ns Op : Ns Ar port ++.Op Fl key Ar keyfile ++.Op Fl nbio ++.Op Fl new ++.Op Fl no_shutdown ++.Op Fl reuse ++.Op Fl time Ar seconds ++.Op Fl verify Ar depth ++.Op Fl www Ar page ++.Ek ++.El ++.Pp ++The ++.Nm s_time ++command implements a generic SSL/TLS client which connects to a ++remote host using SSL/TLS. ++It can request a page from the server and includes ++the time to transfer the payload data in its timing measurements. ++It measures the number of connections within a given timeframe, ++the amount of data transferred ++.Pq if any , ++and calculates the average time spent for one connection. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl bugs ++Enable various workarounds for buggy implementations. ++.It Fl CAfile Ar file ++A ++.Ar file ++containing trusted certificates to use during server authentication ++and to use when attempting to build the client certificate chain. ++.It Fl CApath Ar directory ++The directory to use for server certificate verification. ++This directory must be in ++.Qq hash format ; ++see ++.Nm verify ++for more information. ++These are also used when building the client certificate chain. ++.It Fl cert Ar file ++The certificate to use, if one is requested by the server. ++The default is not to use a certificate. ++.It Fl cipher Ar cipherlist ++Modify the cipher list sent by the client. ++Although the server determines which cipher suite is used, ++it should take the first supported cipher in the list sent by the client. ++See the ++.Nm ciphers ++command for more information. ++.It Fl connect Ar host Ns Op : Ns Ar port ++The host and port to connect to. ++.It Fl key Ar keyfile ++The private key to use. ++If not specified, the certificate file will be used. ++.It Fl nbio ++Turn on non-blocking I/O. ++.It Fl new ++Perform the timing test using a new session ID for each connection. ++If neither ++.Fl new ++nor ++.Fl reuse ++are specified, ++they are both on by default and executed in sequence. ++.It Fl no_shutdown ++Shut down the connection without sending a ++.Qq close notify ++shutdown alert to the server. ++.It Fl reuse ++Perform the timing test using the same session ID for each connection. ++If neither ++.Fl new ++nor ++.Fl reuse ++are specified, ++they are both on by default and executed in sequence. ++.It Fl time Ar seconds ++Limit ++.Nm s_time ++benchmarks to the number of ++.Ar seconds . ++The default is 30 seconds. ++.It Fl verify Ar depth ++Turn on server certificate verification, ++with a maximum length of ++.Ar depth . ++Currently the verify operation continues after errors, so all the problems ++with a certificate chain can be seen. ++As a side effect, ++the connection will never fail due to a server certificate verify failure. ++.It Fl www Ar page ++The page to GET from the server. ++A value of ++.Sq / ++gets the index.htm[l] page. ++If this parameter is not specified, ++.Nm s_time ++will only perform the handshake to establish SSL connections ++but not transfer any payload data. ++.El ++.Tg sess_id ++.Sh SESS_ID ++.Bl -hang -width "openssl sess_id" ++.It Nm openssl sess_id ++.Bk -words ++.Op Fl cert ++.Op Fl context Ar ID ++.Op Fl in Ar file ++.Op Fl inform Cm der | pem ++.Op Fl noout ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem ++.Op Fl text ++.Ek ++.El ++.Pp ++The ++.Nm sess_id ++program processes the encoded version of the SSL session structure and ++optionally prints out SSL session details ++(for example the SSL session master key) ++in human-readable format. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl cert ++If a certificate is present in the session, ++it will be output using this option; ++if the ++.Fl text ++option is also present, then it will be printed out in text form. ++.It Fl context Ar ID ++Set the session ++.Ar ID . ++The ID can be any string of characters. ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++.It Fl inform Cm der | pem ++The input format. ++.Cm der ++uses an ASN.1 DER-encoded format containing session details. ++The precise format can vary from one version to the next. ++.Cm pem ++is the default format: it consists of the DER ++format base64-encoded with additional header and footer lines. ++.It Fl noout ++Do not output the encoded version of the session. ++.It Fl out Ar file ++The output file to write to, ++or standard output if not specified. ++.It Fl outform Cm der | pem ++The output format. ++.It Fl text ++Print the various public or private key components in plain text, ++in addition to the encoded version. ++.El ++.Pp ++The output of ++.Nm sess_id ++is composed as follows: ++.Pp ++.Bl -tag -width "Verify return code " -offset 3n -compact ++.It Protocol ++The protocol in use. ++.It Cipher ++The actual raw SSL or TLS cipher code. ++.It Session-ID ++The SSL session ID, in hex format. ++.It Session-ID-ctx ++The session ID context, in hex format. ++.It Master-Key ++The SSL session master key. ++.It Key-Arg ++The key argument; this is only used in SSL v2. ++.It Start Time ++The session start time. ++.Ux ++format. ++.It Timeout ++The timeout, in seconds. ++.It Verify return code ++The return code when a certificate is verified. ++.El ++.Pp ++Since the SSL session output contains the master key, it is possible to read ++the contents of an encrypted session using this information. ++Therefore appropriate security precautions ++should be taken if the information is being output by a ++.Qq real ++application. ++This is, however, strongly discouraged and should only be used for ++debugging purposes. ++.Tg smime ++.Sh SMIME ++.Bl -hang -width "openssl smime" ++.It Nm openssl smime ++.Bk -words ++.Oo ++.Fl aes128 | aes192 | aes256 | des | ++.Fl des3 | rc2-40 | rc2-64 | rc2-128 ++.Oc ++.Op Fl binary ++.Op Fl CAfile Ar file ++.Op Fl CApath Ar directory ++.Op Fl certfile Ar file ++.Op Fl check_ss_sig ++.Op Fl content Ar file ++.Op Fl crl_check ++.Op Fl crl_check_all ++.Op Fl decrypt ++.Op Fl encrypt ++.Op Fl extended_crl ++.Op Fl from Ar addr ++.Op Fl ignore_critical ++.Op Fl in Ar file ++.Op Fl indef ++.Op Fl inform Cm der | pem | smime ++.Op Fl inkey Ar file ++.Op Fl issuer_checks ++.Op Fl keyform Cm der | pem ++.Op Fl md Ar digest ++.Op Fl noattr ++.Op Fl nocerts ++.Op Fl nochain ++.Op Fl nodetach ++.Op Fl noindef ++.Op Fl nointern ++.Op Fl nosigs ++.Op Fl nosmimecap ++.Op Fl noverify ++.Op Fl out Ar file ++.Op Fl outform Cm der | pem | smime ++.Op Fl passin Ar arg ++.Op Fl pk7out ++.Op Fl policy_check ++.Op Fl recip Ar file ++.Op Fl resign ++.Op Fl sign ++.Op Fl signer Ar file ++.Op Fl stream ++.Op Fl subject Ar s ++.Op Fl text ++.Op Fl to Ar addr ++.Op Fl verify ++.Op Fl x509_strict ++.Op Ar cert.pem ... ++.Ek ++.El ++.Pp ++The ++.Nm smime ++command handles S/MIME mail. ++It can encrypt, decrypt, sign, and verify S/MIME messages. ++.Pp ++The MIME message must be sent without any blank lines between the ++headers and the output. ++Some mail programs will automatically add a blank line. ++Piping the mail directly to an MTA is one way to ++achieve the correct format. ++.Pp ++The supplied message to be signed or encrypted must include the necessary ++MIME headers or many S/MIME clients won't display it properly (if at all). ++Use the ++.Fl text ++option to automatically add plain text headers. ++.Pp ++A ++.Qq signed and encrypted ++message is one where a signed message is then encrypted. ++This can be produced by encrypting an already signed message. ++.Pp ++There are a number of operations that can be performed, as follows: ++.Bl -tag -width "XXXX" ++.It Fl decrypt ++Decrypt mail using the supplied certificate and private key. ++The input file is an encrypted mail message in MIME format. ++The decrypted mail is written to the output file. ++.It Fl encrypt ++Encrypt mail for the given recipient certificates. ++The input is the message to be encrypted. ++The output file is the encrypted mail, in MIME format. ++.It Fl pk7out ++Take an input message and write out a PEM-encoded PKCS#7 structure. ++.It Fl resign ++Resign a message: take an existing message and one or more new signers. ++.It Fl sign ++Sign mail using the supplied certificate and private key. ++The input file is the message to be signed. ++The signed message, in MIME format, is written to the output file. ++.It Fl verify ++Verify signed mail. ++The input is a signed mail message and the output is the signed data. ++Both clear text and opaque signing is supported. ++.El ++.Pp ++The remaining options are as follows: ++.Bl -tag -width "XXXX" ++.It Xo ++.Fl aes128 | aes192 | aes256 | des | ++.Fl des3 | rc2-40 | rc2-64 | rc2-128 ++.Xc ++The encryption algorithm to use. ++128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits), ++or 40-, 64-, or 128-bit RC2, respectively; ++if not specified, 40-bit RC2 is ++used. ++Only used with ++.Fl encrypt . ++.It Fl binary ++Normally, the input message is converted to ++.Qq canonical ++format which uses CR/LF as end of line, ++as required by the S/MIME specification. ++When this option is present, no translation occurs. ++This is useful when handling binary data which may not be in MIME format. ++.It Fl CAfile Ar file ++A ++.Ar file ++containing trusted CA certificates; only used with ++.Fl verify . ++.It Fl CApath Ar directory ++A ++.Ar directory ++containing trusted CA certificates; only used with ++.Fl verify . ++This directory must be a standard certificate directory: ++that is, a hash of each subject name (using ++.Nm x509 -hash ) ++should be linked to each certificate. ++.It Ar cert.pem ... ++One or more certificates of message recipients: used when encrypting ++a message. ++.It Fl certfile Ar file ++Allows additional certificates to be specified. ++When signing, these will be included with the message. ++When verifying, these will be searched for the signers' certificates. ++The certificates should be in PEM format. ++.It Xo ++.Fl check_ss_sig , ++.Fl crl_check , ++.Fl crl_check_all , ++.Fl extended_crl , ++.Fl ignore_critical , ++.Fl issuer_checks , ++.Fl policy_check , ++.Fl x509_strict ++.Xc ++Set various certificate chain validation options. ++See the ++.Nm verify ++command for details. ++.It Fl content Ar file ++A file containing the detached content. ++This is only useful with the ++.Fl verify ++option, ++and only usable if the PKCS#7 structure is using the detached ++signature form where the content is not included. ++This option will override any content if the input format is S/MIME ++and it uses the multipart/signed MIME content type. ++.It Xo ++.Fl from Ar addr , ++.Fl subject Ar s , ++.Fl to Ar addr ++.Xc ++The relevant mail headers. ++These are included outside the signed ++portion of a message so they may be included manually. ++When signing, many S/MIME ++mail clients check that the signer's certificate email ++address matches the From: address. ++.It Fl in Ar file ++The input file to read from. ++.It Fl indef ++Enable streaming I/O for encoding operations. ++This permits single pass processing of data without ++the need to hold the entire contents in memory, ++potentially supporting very large files. ++Streaming is automatically set for S/MIME signing with detached ++data if the output format is SMIME; ++it is currently off by default for all other operations. ++.It Fl inform Cm der | pem | smime ++The input format. ++.It Fl inkey Ar file ++The private key to use when signing or decrypting, ++which must match the corresponding certificate. ++If this option is not specified, the private key must be included ++in the certificate file specified with ++the ++.Fl recip ++or ++.Fl signer ++file. ++When signing, ++this option can be used multiple times to specify successive keys. ++.It Fl keyform Cm der | pem ++Input private key format. ++The default is ++.Cm pem . ++.It Fl md Ar digest ++The digest algorithm to use when signing or resigning. ++If not present then the default digest algorithm for the signing key is used ++(usually SHA1). ++.It Fl noattr ++Do not include attributes. ++.It Fl nocerts ++Do not include the signer's certificate. ++This will reduce the size of the signed message but the verifier must ++have a copy of the signer's certificate available locally (passed using the ++.Fl certfile ++option, for example). ++.It Fl nochain ++Do not do chain verification of signers' certificates: that is, ++don't use the certificates in the signed message as untrusted CAs. ++.It Fl nodetach ++When signing a message, use opaque signing: this form is more resistant ++to translation by mail relays but it cannot be read by mail agents that ++do not support S/MIME. ++Without this option cleartext signing with the MIME type ++multipart/signed is used. ++.It Fl noindef ++Disable streaming I/O where it would produce an encoding of indefinite length ++(currently has no effect). ++.It Fl nointern ++Only use certificates specified in the ++.Fl certfile . ++The supplied certificates can still be used as untrusted CAs. ++.It Fl nosigs ++Do not try to verify the signatures on the message. ++.It Fl nosmimecap ++Exclude the list of supported algorithms from signed attributes, ++other options such as signing time and content type are still included. ++.It Fl noverify ++Do not verify the signer's certificate of a signed message. ++.It Fl out Ar file ++The output file to write to. ++.It Fl outform Cm der | pem | smime ++The output format. ++The default is smime, which writes an S/MIME format message. ++.Cm pem ++and ++.Cm der ++change this to write PEM and DER format PKCS#7 structures instead. ++This currently only affects the output format of the PKCS#7 ++structure; if no PKCS#7 structure is being output (for example with ++.Fl verify ++or ++.Fl decrypt ) ++this option has no effect. ++.It Fl passin Ar arg ++The key password source. ++.It Fl recip Ar file ++The recipients certificate when decrypting a message. ++This certificate ++must match one of the recipients of the message or an error occurs. ++.It Fl signer Ar file ++A signing certificate when signing or resigning a message; ++this option can be used multiple times if more than one signer is required. ++If a message is being verified, the signer's certificates will be ++written to this file if the verification was successful. ++.It Fl stream ++The same as ++.Fl indef . ++.It Fl text ++Add plain text (text/plain) MIME ++headers to the supplied message if encrypting or signing. ++If decrypting or verifying, it strips off text headers: ++if the decrypted or verified message is not of MIME type text/plain ++then an error occurs. ++.El ++.Pp ++The exit codes for ++.Nm smime ++are as follows: ++.Pp ++.Bl -tag -width "XXXX" -offset 3n -compact ++.It 0 ++The operation was completely successful. ++.It 1 ++An error occurred parsing the command options. ++.It 2 ++One of the input files could not be read. ++.It 3 ++An error occurred creating the file or when reading the message. ++.It 4 ++An error occurred decrypting or verifying the message. ++.It 5 ++An error occurred writing certificates. ++.El ++.Tg speed ++.Sh SPEED ++.Bl -hang -width "openssl speed" ++.It Nm openssl speed ++.Bk -words ++.Op Ar algorithm ++.Op Fl decrypt ++.Op Fl elapsed ++.Op Fl evp Ar algorithm ++.Op Fl mr ++.Op Fl multi Ar number ++.Op Fl unaligned Ar number ++.Ek ++.El ++.Pp ++The ++.Nm speed ++command is used to test the performance of cryptographic algorithms. ++.Bl -tag -width "XXXX" ++.It Ar algorithm ++Perform the test using ++.Ar algorithm . ++The default is to test all algorithms. ++.It Fl decrypt ++Time decryption instead of encryption; ++must be used with ++.Fl evp . ++.It Fl elapsed ++Measure time in real time instead of CPU user time. ++.It Fl evp Ar algorithm ++Perform the test using one of the algorithms accepted by ++.Xr EVP_get_cipherbyname 3 . ++.It Fl mr ++Produce machine readable output. ++.It Fl multi Ar number ++Run ++.Ar number ++benchmarks in parallel. ++.It Fl unaligned Ar number ++Use allocated buffers with an offset of ++.Ar number ++bytes from the alignment provided by ++.Xr malloc 3 . ++.Ar number ++should be between 0 and 16. ++.El ++.Tg ts ++.Sh TS ++.Bk -words ++.Bl -hang -width "openssl ts" ++.It Nm openssl ts ++.Fl query ++.Op Fl md4 | md5 | ripemd160 | sha1 ++.Op Fl cert ++.Op Fl config Ar configfile ++.Op Fl data Ar file_to_hash ++.Op Fl digest Ar digest_bytes ++.Op Fl in Ar request.tsq ++.Op Fl no_nonce ++.Op Fl out Ar request.tsq ++.Op Fl policy Ar object_id ++.Op Fl text ++.It Nm openssl ts ++.Fl reply ++.Op Fl chain Ar certs_file.pem ++.Op Fl config Ar configfile ++.Op Fl in Ar response.tsr ++.Op Fl inkey Ar private.pem ++.Op Fl out Ar response.tsr ++.Op Fl passin Ar arg ++.Op Fl policy Ar object_id ++.Op Fl queryfile Ar request.tsq ++.Op Fl section Ar tsa_section ++.Op Fl signer Ar tsa_cert.pem ++.Op Fl text ++.Op Fl token_in ++.Op Fl token_out ++.It Nm openssl ts ++.Fl verify ++.Op Fl CAfile Ar trusted_certs.pem ++.Op Fl CApath Ar trusted_cert_path ++.Op Fl data Ar file_to_hash ++.Op Fl digest Ar digest_bytes ++.Op Fl in Ar response.tsr ++.Op Fl queryfile Ar request.tsq ++.Op Fl token_in ++.Op Fl untrusted Ar cert_file.pem ++.El ++.Ek ++.Pp ++The ++.Nm ts ++command is a basic Time Stamping Authority (TSA) client and server ++application as specified in RFC 3161 (Time-Stamp Protocol, TSP). ++A TSA can be part of a PKI deployment and its role is to provide long ++term proof of the existence of specific data. ++Here is a brief description of the protocol: ++.Bl -enum ++.It ++The TSA client computes a one-way hash value for a data file and sends ++the hash to the TSA. ++.It ++The TSA attaches the current date and time to the received hash value, ++signs them and sends the time stamp token back to the client. ++By creating this token the TSA certifies the existence of the original ++data file at the time of response generation. ++.It ++The TSA client receives the time stamp token and verifies the ++signature on it. ++It also checks if the token contains the same hash ++value that it had sent to the TSA. ++.El ++.Pp ++There is one DER-encoded protocol data unit defined for transporting a time ++stamp request to the TSA and one for sending the time stamp response ++back to the client. ++The ++.Nm ts ++command has three main functions: ++creating a time stamp request based on a data file; ++creating a time stamp response based on a request; ++and verifying if a response corresponds ++to a particular request or a data file. ++.Pp ++There is no support for sending the requests/responses automatically ++over HTTP or TCP yet as suggested in RFC 3161. ++Users must send the requests either by FTP or email. ++.Pp ++The ++.Fl query ++switch can be used for creating and printing a time stamp ++request with the following options: ++.Bl -tag -width Ds ++.It Fl cert ++Expect the TSA to include its signing certificate in the response. ++.It Fl config Ar configfile ++Specify an alternative configuration file. ++Only the OID section is used. ++.It Fl data Ar file_to_hash ++The data file for which the time stamp request needs to be created. ++The default is standard input. ++.It Fl digest Ar digest_bytes ++Specify the message imprint explicitly without the data file. ++The imprint must be specified in a hexadecimal format, ++two characters per byte, ++the bytes optionally separated by colons. ++The number of bytes must match the message digest algorithm in use. ++.It Fl in Ar request.tsq ++A previously created time stamp request in DER ++format that will be printed into the output file. ++Useful for examining the content of a request in human-readable format. ++.It Fl md4 | md5 | ripemd160 | sha | sha1 ++The message digest to apply to the data file. ++It supports all the message digest algorithms that are supported by the ++.Nm dgst ++command. ++The default is SHA1. ++.It Fl no_nonce ++Specify no nonce in the request. ++The default, to include a 64-bit long pseudo-random nonce, ++is recommended to protect against replay attacks. ++.It Fl out Ar request.tsq ++The output file to write to, ++or standard output if not specified. ++.It Fl policy Ar object_id ++The policy that the client expects the TSA to use for creating the ++time stamp token. ++Either dotted OID notation or OID names defined ++in the config file can be used. ++If no policy is requested, the TSA uses its own default policy. ++.It Fl text ++Output in human-readable text format instead of DER. ++.El ++.Pp ++A time stamp response (TimeStampResp) consists of a response status ++and the time stamp token itself (ContentInfo), ++if the token generation was successful. ++The ++.Fl reply ++command is for creating a time stamp ++response or time stamp token based on a request and printing the ++response/token in human-readable format. ++If ++.Fl token_out ++is not specified the output is always a time stamp response (TimeStampResp), ++otherwise it is a time stamp token (ContentInfo). ++.Bl -tag -width Ds ++.It Fl chain Ar certs_file.pem ++The collection of PEM certificates ++that will be included in the response ++in addition to the signer certificate if the ++.Fl cert ++option was used for the request. ++This file is supposed to contain the certificate chain ++for the signer certificate from its issuer upwards. ++The ++.Fl reply ++command does not build a certificate chain automatically. ++.It Fl config Ar configfile ++Specify an alternative configuration file. ++.It Fl in Ar response.tsr ++Specify a previously created time stamp response (or time stamp token, if ++.Fl token_in ++is also specified) ++in DER format that will be written to the output file. ++This option does not require a request; ++it is useful, for example, ++to examine the content of a response or token ++or to extract the time stamp token from a response. ++If the input is a token and the output is a time stamp response, a default ++.Qq granted ++status info is added to the token. ++.It Fl inkey Ar private.pem ++The signer private key of the TSA in PEM format. ++Overrides the ++.Cm signer_key ++config file option. ++.It Fl out Ar response.tsr ++The response is written to this file. ++The format and content of the file depends on other options (see ++.Fl text ++and ++.Fl token_out ) . ++The default is stdout. ++.It Fl passin Ar arg ++The key password source. ++.It Fl policy Ar object_id ++The default policy to use for the response. ++Either dotted OID notation or OID names defined ++in the config file can be used. ++If no policy is requested, the TSA uses its own default policy. ++.It Fl queryfile Ar request.tsq ++The file containing a DER-encoded time stamp request. ++.It Fl section Ar tsa_section ++The config file section containing the settings for response generation. ++.It Fl signer Ar tsa_cert.pem ++The PEM signer certificate of the TSA. ++The TSA signing certificate must have exactly one extended key usage ++assigned to it: timeStamping. ++The extended key usage must also be critical, ++otherwise the certificate is going to be refused. ++Overrides the ++.Cm signer_cert ++variable of the config file. ++.It Fl text ++Output in human-readable text format instead of DER. ++.It Fl token_in ++The input is a DER-encoded time stamp token (ContentInfo) ++instead of a time stamp response (TimeStampResp). ++.It Fl token_out ++The output is a time stamp token (ContentInfo) ++instead of a time stamp response (TimeStampResp). ++.El ++.Pp ++The ++.Fl verify ++command is for verifying if a time stamp response or time stamp token ++is valid and matches a particular time stamp request or data file. ++The ++.Fl verify ++command does not use the configuration file. ++.Bl -tag -width Ds ++.It Fl CAfile Ar trusted_certs.pem ++The file containing a set of trusted self-signed PEM CA certificates. ++See ++.Nm verify ++for additional details. ++Either this option or ++.Fl CApath ++must be specified. ++.It Fl CApath Ar trusted_cert_path ++The directory containing the trusted CA certificates of the client. ++See ++.Nm verify ++for additional details. ++Either this option or ++.Fl CAfile ++must be specified. ++.It Fl data Ar file_to_hash ++The response or token must be verified against ++.Ar file_to_hash . ++The file is hashed with the message digest algorithm specified in the token. ++The ++.Fl digest ++and ++.Fl queryfile ++options must not be specified with this one. ++.It Fl digest Ar digest_bytes ++The response or token must be verified against the message digest specified ++with this option. ++The number of bytes must match the message digest algorithm ++specified in the token. ++The ++.Fl data ++and ++.Fl queryfile ++options must not be specified with this one. ++.It Fl in Ar response.tsr ++The time stamp response that needs to be verified, in DER format. ++This option in mandatory. ++.It Fl queryfile Ar request.tsq ++The original time stamp request, in DER format. ++The ++.Fl data ++and ++.Fl digest ++options must not be specified with this one. ++.It Fl token_in ++The input is a DER-encoded time stamp token (ContentInfo) ++instead of a time stamp response (TimeStampResp). ++.It Fl untrusted Ar cert_file.pem ++Additional untrusted PEM certificates which may be needed ++when building the certificate chain for the TSA's signing certificate. ++This file must contain the TSA signing certificate and ++all intermediate CA certificates unless the response includes them. ++.El ++.Pp ++Options specified on the command line always override ++the settings in the config file: ++.Bl -tag -width Ds ++.It Cm tsa Ar section , Cm default_tsa ++This is the main section and it specifies the name of another section ++that contains all the options for the ++.Fl reply ++option. ++This section can be overridden with the ++.Fl section ++command line switch. ++.It Cm oid_file ++See ++.Nm ca ++for a description. ++.It Cm oid_section ++See ++.Nm ca ++for a description. ++.It Cm serial ++The file containing the hexadecimal serial number of the ++last time stamp response created. ++This number is incremented by 1 for each response. ++If the file does not exist at the time of response generation, ++a new file is created with serial number 1. ++This parameter is mandatory. ++.It Cm signer_cert ++TSA signing certificate, in PEM format. ++The same as the ++.Fl signer ++command line option. ++.It Cm certs ++A set of PEM-encoded certificates that need to be ++included in the response. ++The same as the ++.Fl chain ++command line option. ++.It Cm signer_key ++The private key of the TSA, in PEM format. ++The same as the ++.Fl inkey ++command line option. ++.It Cm default_policy ++The default policy to use when the request does not mandate any policy. ++The same as the ++.Fl policy ++command line option. ++.It Cm other_policies ++Comma separated list of policies that are also acceptable by the TSA ++and used only if the request explicitly specifies one of them. ++.It Cm digests ++The list of message digest algorithms that the TSA accepts. ++At least one algorithm must be specified. ++This parameter is mandatory. ++.It Cm accuracy ++The accuracy of the time source of the TSA in seconds, milliseconds ++and microseconds. ++For example, secs:1, millisecs:500, microsecs:100. ++If any of the components is missing, ++zero is assumed for that field. ++.It Cm clock_precision_digits ++The maximum number of digits, which represent the fraction of seconds, ++that need to be included in the time field. ++The trailing zeroes must be removed from the time, ++so there might actually be fewer digits ++or no fraction of seconds at all. ++The maximum value is 6; ++the default is 0. ++.It Cm ordering ++If this option is yes, ++the responses generated by this TSA can always be ordered, ++even if the time difference between two responses is less ++than the sum of their accuracies. ++The default is no. ++.It Cm tsa_name ++Set this option to yes if the subject name of the TSA must be included in ++the TSA name field of the response. ++The default is no. ++.It Cm ess_cert_id_chain ++The SignedData objects created by the TSA always contain the ++certificate identifier of the signing certificate in a signed ++attribute (see RFC 2634, Enhanced Security Services). ++If this option is set to yes and either the ++.Cm certs ++variable or the ++.Fl chain ++option is specified then the certificate identifiers of the chain will also ++be included in the SigningCertificate signed attribute. ++If this variable is set to no, ++only the signing certificate identifier is included. ++The default is no. ++.El ++.Tg verify ++.Sh VERIFY ++.Bl -hang -width "openssl verify" ++.It Nm openssl verify ++.Bk -words ++.Op Fl CAfile Ar file ++.Op Fl CApath Ar directory ++.Op Fl check_ss_sig ++.Op Fl CRLfile Ar file ++.Op Fl crl_check ++.Op Fl crl_check_all ++.Op Fl explicit_policy ++.Op Fl extended_crl ++.Op Fl help ++.Op Fl ignore_critical ++.Op Fl inhibit_any ++.Op Fl inhibit_map ++.Op Fl issuer_checks ++.Op Fl legacy_verify ++.Op Fl policy_check ++.Op Fl purpose Ar purpose ++.Op Fl trusted Ar file ++.Op Fl untrusted Ar file ++.Op Fl verbose ++.Op Fl x509_strict ++.Op Ar certificates ++.Ek ++.El ++.Pp ++The ++.Nm verify ++command verifies certificate chains. ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl CAfile Ar file ++A ++.Ar file ++of trusted certificates. ++The ++.Ar file ++should contain multiple certificates in PEM format, concatenated together. ++.It Fl CApath Ar directory ++A ++.Ar directory ++of trusted certificates. ++The certificates, or symbolic links to them, ++should have names of the form ++.Ar hash Ns .0 , ++where ++.Ar hash ++is the hashed certificate subject name ++(see the ++.Fl hash ++option of the ++.Nm x509 ++utility). ++.It Fl check_ss_sig ++Verify the signature on the self-signed root CA. ++This is disabled by default ++because it doesn't add any security. ++.It Fl CRLfile Ar file ++The ++.Ar file ++should contain one or more CRLs in PEM format. ++.It Fl crl_check ++Check end entity certificate validity by attempting to look up a valid CRL. ++If a valid CRL cannot be found, an error occurs. ++.It Fl crl_check_all ++Check the validity of all certificates in the chain by attempting ++to look up valid CRLs. ++.It Fl explicit_policy ++Set policy variable require-explicit-policy (RFC 3280). ++.It Fl extended_crl ++Enable extended CRL features such as indirect CRLs and alternate CRL ++signing keys. ++.It Fl help ++Print a usage message. ++.It Fl ignore_critical ++Ignore critical extensions instead of rejecting the certificate. ++.It Fl inhibit_any ++Set policy variable inhibit-any-policy (RFC 3280). ++.It Fl inhibit_map ++Set policy variable inhibit-policy-mapping (RFC 3280). ++.It Fl issuer_checks ++Print diagnostics relating to searches for the issuer certificate ++of the current certificate ++showing why each candidate issuer certificate was rejected. ++The presence of rejection messages ++does not itself imply that anything is wrong: ++during the normal verify process several rejections may take place. ++.It Fl legacy_verify ++Use the legacy X.509 certificate chain verification code. ++.It Fl policy_check ++Enable certificate policy processing. ++.It Fl purpose Ar purpose ++The intended use for the certificate. ++Without this option no chain verification will be done. ++Currently accepted uses are ++.Cm sslclient , sslserver , ++.Cm nssslserver , smimesign , ++.Cm smimeencrypt , crlsign , ++.Cm any , ++and ++.Cm ocsphelper . ++.It Fl trusted Ar file ++A ++.Ar file ++of trusted certificates. ++The ++.Ar file ++should contain multiple certificates. ++.It Fl untrusted Ar file ++A ++.Ar file ++of untrusted certificates. ++The ++.Ar file ++should contain multiple certificates. ++.It Fl verbose ++Print extra information about the operations being performed. ++.It Fl x509_strict ++Disable workarounds for broken certificates which have to be disabled ++for strict X.509 compliance. ++.It Ar certificates ++One or more PEM ++.Ar certificates ++to verify. ++If no certificate files are included, an attempt is made to read ++a certificate from standard input. ++If the first certificate filename begins with a dash, ++use a lone dash to mark the last option. ++.El ++.Pp ++The ++.Nm verify ++program uses the same functions as the internal SSL and S/MIME verification, ++with one crucial difference: ++wherever possible an attempt is made to continue after an error, ++whereas normally the verify operation would halt on the first error. ++This allows all the problems with a certificate chain to be determined. ++.Pp ++The verify operation consists of a number of separate steps. ++Firstly a certificate chain is built up starting from the supplied certificate ++and ending in the root CA. ++It is an error if the whole chain cannot be built up. ++The chain is built up by looking up the issuer's certificate of the current ++certificate. ++If a certificate is found which is its own issuer, it is assumed ++to be the root CA. ++.Pp ++All certificates whose subject name matches the issuer name ++of the current certificate are subject to further tests. ++The relevant authority key identifier components of the current certificate ++(if present) must match the subject key identifier (if present) ++and issuer and serial number of the candidate issuer; ++in addition the ++.Cm keyUsage ++extension of the candidate issuer (if present) must permit certificate signing. ++.Pp ++The lookup first looks in the list of untrusted certificates and if no match ++is found the remaining lookups are from the trusted certificates. ++The root CA is always looked up in the trusted certificate list: ++if the certificate to verify is a root certificate, ++then an exact match must be found in the trusted list. ++.Pp ++The second operation is to check every untrusted certificate's extensions for ++consistency with the supplied purpose. ++If the ++.Fl purpose ++option is not included, then no checks are done. ++The supplied or ++.Qq leaf ++certificate must have extensions compatible with the supplied purpose ++and all other certificates must also be valid CA certificates. ++The precise extensions required are described in more detail in ++the ++.Nm X509 ++section below. ++.Pp ++The third operation is to check the trust settings on the root CA. ++The root CA should be trusted for the supplied purpose. ++A certificate with no trust settings is considered to be valid for ++all purposes. ++.Pp ++The final operation is to check the validity of the certificate chain. ++The validity period is checked against the current system time and the ++.Cm notBefore ++and ++.Cm notAfter ++dates in the certificate. ++The certificate signatures are also checked at this point. ++.Pp ++If all operations complete successfully, the certificate is considered ++valid. ++If any operation fails then the certificate is not valid. ++When a verify operation fails, the output messages can be somewhat cryptic. ++The general form of the error message is: ++.Bd -literal ++server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit) ++error 24 at 1 depth lookup:invalid CA certificate ++.Ed ++.Pp ++The first line contains the name of the certificate being verified, followed by ++the subject name of the certificate. ++The second line contains the error number as defined by the ++.Dv X509_V_ERR_* ++constants in ++.In openssl/x509_vfy.h , ++the associated error message documented in ++.Xr X509_STORE_CTX_get_error 3 , ++and the depth. ++The depth is the number of the certificate being verified when a ++problem was detected starting with zero for the certificate being verified ++itself, then 1 for the CA that signed the certificate and so on. ++.Tg version ++.Sh VERSION ++.Nm openssl version ++.Op Fl abdfpv ++.Pp ++The ++.Nm version ++command is used to print out version information about ++.Nm openssl . ++.Pp ++The options are as follows: ++.Bl -tag -width Ds ++.It Fl a ++All information: this is the same as setting all the other flags. ++.It Fl b ++The date the current version of ++.Nm openssl ++was built. ++.It Fl d ++.Ev OPENSSLDIR ++setting. ++.It Fl f ++Compilation flags. ++.It Fl p ++Platform setting. ++.It Fl v ++The current ++.Nm openssl ++version. ++.El ++.Tg x509 ++.Sh X509 ++.Bl -hang -width "openssl x509" ++.It Nm openssl x509 ++.Bk -words ++.Op Fl C ++.Op Fl addreject Ar arg ++.Op Fl addtrust Ar arg ++.Op Fl alias ++.Op Fl CA Ar file ++.Op Fl CAcreateserial ++.Op Fl CAform Cm der | pem ++.Op Fl CAkey Ar file ++.Op Fl CAkeyform Cm der | pem ++.Op Fl CAserial Ar file ++.Op Fl certopt Ar option ++.Op Fl checkend Ar arg ++.Op Fl clrext ++.Op Fl clrreject ++.Op Fl clrtrust ++.Op Fl dates ++.Op Fl days Ar arg ++.Op Fl email ++.Op Fl enddate ++.Op Fl extensions Ar section ++.Op Fl extfile Ar file ++.Op Fl fingerprint ++.Op Fl force_pubkey Ar key ++.Op Fl hash ++.Op Fl in Ar file ++.Op Fl inform Cm der | net | pem ++.Op Fl issuer ++.Op Fl issuer_hash ++.Op Fl issuer_hash_old ++.Op Fl keyform Cm der | pem ++.Op Fl md5 | sha1 ++.Op Fl modulus ++.Op Fl multivalue-rdn ++.Op Fl nameopt Ar option ++.Op Fl new ++.Op Fl next_serial ++.Op Fl noout ++.Op Fl ocsp_uri ++.Op Fl ocspid ++.Op Fl out Ar file ++.Op Fl outform Cm der | net | pem ++.Op Fl passin Ar arg ++.Op Fl pubkey ++.Op Fl purpose ++.Op Fl req ++.Op Fl serial ++.Op Fl set_issuer Ar name ++.Op Fl set_serial Ar n ++.Op Fl set_subject Ar name ++.Op Fl setalias Ar arg ++.Op Fl signkey Ar file ++.Op Fl sigopt Ar nm:v ++.Op Fl startdate ++.Op Fl subject ++.Op Fl subject_hash ++.Op Fl subject_hash_old ++.Op Fl text ++.Op Fl trustout ++.Op Fl utf8 ++.Op Fl x509toreq ++.Ek ++.El ++.Pp ++The ++.Nm x509 ++command is a multi-purpose certificate utility. ++It can be used to display certificate information, convert certificates to ++various forms, sign certificate requests like a ++.Qq mini CA , ++or edit certificate trust settings. ++.Pp ++The following are x509 input, output, and general purpose options: ++.Bl -tag -width "XXXX" ++.It Fl in Ar file ++The input file to read from, ++or standard input if not specified. ++This option cannot be used with ++.Fl new . ++.It Fl inform Cm der | net | pem ++The input format. ++Normally, the command will expect an X.509 certificate, ++but this can change if other options such as ++.Fl in ++or ++.Fl req ++are present. ++.It Fl md5 | sha1 ++The digest to use. ++This affects any signing or display option that uses a message digest, ++such as the ++.Fl fingerprint , signkey , ++and ++.Fl CA ++options. ++If not specified, MD5 is used. ++SHA1 is always used with DSA keys. ++.It Fl out Ar file ++The output file to write to, ++or standard output if none is specified. ++.It Fl outform Cm der | net | pem ++The output format. ++.It Fl passin Ar arg ++The key password source. ++.El ++.Pp ++The following are x509 display options: ++.Bl -tag -width "XXXX" ++.It Fl C ++Output the certificate in the form of a C source file. ++.It Fl certopt Ar option ++Customise the output format used with ++.Fl text , ++either using a list of comma-separated options or by specifying ++.Fl certopt ++multiple times. ++The default behaviour is to print all fields. ++The options are as follows: ++.Pp ++.Bl -tag -width "no_extensions" -offset indent -compact ++.It Cm ca_default ++Equivalent to ++.Cm no_issuer , no_pubkey , no_header , ++.Cm no_version , no_sigdump , ++and ++.Cm no_signame . ++.It Cm compatible ++Equivalent to no output options at all. ++.It Cm ext_default ++Print unsupported certificate extensions. ++.It Cm ext_dump ++Hex dump unsupported extensions. ++.It Cm ext_error ++Print an error message for unsupported certificate extensions. ++.It Cm ext_parse ++ASN.1 parse unsupported extensions. ++.It Cm no_aux ++Do not print certificate trust information. ++.It Cm no_extensions ++Do not print X509V3 extensions. ++.It Cm no_header ++Do not print header (Certificate and Data) information. ++.It Cm no_issuer ++Do not print the issuer name. ++.It Cm no_pubkey ++Do not print the public key. ++.It Cm no_serial ++Do not print the serial number. ++.It Cm no_sigdump ++Do not give a hexadecimal dump of the certificate signature. ++.It Cm no_signame ++Do not print the signature algorithm used. ++.It Cm no_subject ++Do not print the subject name. ++.It Cm no_validity ++Do not print the ++.Cm notBefore ++and ++.Cm notAfter ++(validity) fields. ++.It Cm no_version ++Do not print the version number. ++.El ++.It Fl dates ++Print the start and expiry date of a certificate. ++.It Fl email ++Output the email addresses, if any. ++.It Fl enddate ++Print the expiry date of the certificate; that is, the ++.Cm notAfter ++date. ++.It Fl fingerprint ++Print the digest of the DER-encoded version of the whole certificate. ++.It Fl hash ++A synonym for ++.Fl subject_hash . ++.It Fl issuer ++Print the issuer name. ++.It Fl issuer_hash ++Print the hash of the certificate issuer name. ++.It Fl issuer_hash_old ++Print the hash of the certificate issuer name ++using the older algorithm as used by ++.Nm openssl ++versions before 1.0.0. ++.It Fl modulus ++Print the value of the modulus of the public key contained in the certificate. ++.It Fl multivalue-rdn ++This option causes the ++.Fl subj ++argument to be interpreted with full support for multivalued RDNs, ++for example ++.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . ++If ++.Fl multivalue-rdn ++is not used, the UID value is set to ++.Qq "123456+CN=John Doe" . ++.It Fl nameopt Ar option ++Customise how the subject or issuer names are displayed, ++either using a list of comma-separated options or by specifying ++.Fl nameopt ++multiple times. ++The default behaviour is to use the ++.Cm oneline ++format. ++The options, ++which can be preceded by a dash to turn them off, ++are as follows: ++.Bl -tag -width "XXXX" ++.It Cm align ++Align field values for a more readable output. ++Only usable with ++.Ar sep_multiline . ++.It Cm compat ++Use the old format, ++equivalent to specifying no options at all. ++.It Cm dn_rev ++Reverse the fields of the DN, as required by RFC 2253. ++As a side effect, this also reverses the order of multiple AVAs. ++.It Cm dump_all ++Dump all fields. ++When used with ++.Ar dump_der , ++it allows the DER encoding of the structure to be unambiguously determined. ++.It Cm dump_der ++Any fields that need to be hexdumped are ++dumped using the DER encoding of the field. ++Otherwise just the content octets will be displayed. ++Both options use the RFC 2253 #XXXX... format. ++.It Cm dump_nostr ++Dump non-character string types ++(for example OCTET STRING); ++usually, non-character string types are displayed ++as though each content octet represents a single character. ++.It Cm dump_unknown ++Dump any field whose OID is not recognised by ++.Nm openssl . ++.It Cm esc_2253 ++Escape the ++.Qq special ++characters required by RFC 2253 in a field that is ++.Dq \& ,+"<>; . ++Additionally, ++.Sq # ++is escaped at the beginning of a string ++and a space character at the beginning or end of a string. ++.It Cm esc_ctrl ++Escape control characters. ++That is, those with ASCII values less than 0x20 (space) ++and the delete (0x7f) character. ++They are escaped using the RFC 2253 \eXX notation (where XX are two hex ++digits representing the character value). ++.It Cm esc_msb ++Escape characters with the MSB set; that is, with ASCII values larger than ++127. ++.It Cm multiline ++A multiline format. ++Equivalent to ++.Cm esc_ctrl , esc_msb , sep_multiline , ++.Cm space_eq , lname , ++and ++.Cm align . ++.It Cm no_type ++Do not attempt to interpret multibyte characters. ++That is, content octets are merely dumped as though one octet ++represents each character. ++This is useful for diagnostic purposes ++but results in rather odd looking output. ++.It Cm nofname , sname , lname , oid ++Alter how the field name is displayed: ++.Cm nofname ++does not display the field at all; ++.Cm sname ++uses the short name form (CN for ++.Cm commonName , ++for example); ++.Cm lname ++uses the long form. ++.Cm oid ++represents the OID in numerical form and is useful for diagnostic purpose. ++.It Cm oneline ++A one line format which is more readable than ++.Cm RFC2253 . ++Equivalent to ++.Cm esc_2253 , esc_ctrl , esc_msb , utf8 , ++.Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc , ++.Cm space_eq , ++and ++.Cm sname . ++.It Cm RFC2253 ++Displays names compatible with RFC 2253. ++Equivalent to ++.Cm esc_2253 , esc_ctrl , ++.Cm esc_msb , utf8 , dump_nostr , dump_unknown , ++.Cm dump_der , sep_comma_plus , dn_rev , ++and ++.Cm sname . ++.It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline ++Determine the field separators: ++the first character is between RDNs and the second between multiple AVAs ++(multiple AVAs are very rare and their use is discouraged). ++The options ending in ++.Qq space ++additionally place a space after the separator to make it more readable. ++.Cm sep_multiline ++uses a linefeed character for the RDN separator and a spaced ++.Sq + ++for the AVA separator, ++as well as indenting the fields by four characters. ++If no field separator is specified then ++.Cm sep_comma_plus_space ++is used by default. ++.It Cm show_type ++Show the type of the ASN.1 character string. ++The type precedes the field contents. ++For example ++.Qq BMPSTRING: Hello World . ++.It Cm space_eq ++Place spaces round the ++.Sq = ++character which follows the field name. ++.It Cm use_quote ++Escape some characters by surrounding the whole string with ++.Sq \&" ++characters. ++Without the option, all escaping is done with the ++.Sq \e ++character. ++.It Cm utf8 ++Convert all strings to UTF8 format first, as required by RFC 2253. ++On a UTF8 compatible terminal, ++the use of this option (and not setting ++.Cm esc_msb ) ++may result in the correct display of multibyte characters. ++Usually, multibyte characters larger than 0xff ++are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX ++for 32 bits, ++and any UTF8Strings are converted to their character form first. ++.El ++.It Fl next_serial ++Print the next serial number. ++.It Fl noout ++Do not output the encoded version of the request. ++.It Fl ocsp_uri ++Print the OCSP responder addresses, if any. ++.It Fl ocspid ++Print OCSP hash values for the subject name and public key. ++.It Fl pubkey ++Print the public key. ++.It Fl serial ++Print the certificate serial number. ++.It Fl sigopt Ar nm:v ++Pass options to the signature algorithm during sign or certify operations. ++The names and values of these options are algorithm-specific. ++.It Fl startdate ++Print the start date of the certificate; that is, the ++.Cm notBefore ++date. ++.It Fl subject ++Print the subject name. ++.It Fl subject_hash ++Print the hash of the certificate subject name. ++This is used in ++.Nm openssl ++to form an index to allow certificates in a directory to be looked up ++by subject name. ++.It Fl subject_hash_old ++Print the hash of the certificate subject name ++using the older algorithm as used by ++.Nm openssl ++versions before 1.0.0. ++.It Fl text ++Print the full certificate in text form. ++.El ++.Pp ++A trusted certificate is a certificate which has several ++additional pieces of information attached to it such as the permitted ++and prohibited uses of the certificate and an alias. ++When a certificate is being verified, at least one certificate must be trusted. ++By default, a trusted certificate must be stored locally and be a root CA. ++The following are x509 trust settings options: ++.Bl -tag -width "XXXX" ++.It Fl addreject Ar arg ++Add a prohibited use. ++Accepts the same values as the ++.Fl addtrust ++option. ++.It Fl addtrust Ar arg ++Add a trusted certificate use. ++Any object name can be used here, but currently only ++.Cm clientAuth ++(SSL client use), ++.Cm serverAuth ++(SSL server use), ++and ++.Cm emailProtection ++(S/MIME email) are used. ++.It Fl alias ++Output the certificate alias. ++.It Fl clrreject ++Clear all the prohibited or rejected uses of the certificate. ++.It Fl clrtrust ++Clear all the permitted or trusted uses of the certificate. ++.It Fl purpose ++Perform tests on the certificate extensions. ++The same code is used when verifying untrusted certificates in chains, ++so this section is useful if a chain is rejected by the verify code. ++.Pp ++The ++.Cm basicConstraints ++extension CA flag is used to determine whether the ++certificate can be used as a CA. ++If the CA flag is true, it is a CA; ++if the CA flag is false, it is not a CA. ++All CAs should have the CA flag set to true. ++.Pp ++If the ++.Cm basicConstraints ++extension is absent, then the certificate is ++considered to be a possible CA; ++other extensions are checked according to the intended use of the certificate. ++A warning is given in this case because the certificate should really not ++be regarded as a CA. ++However it is allowed to be a CA to work around some broken software. ++.Pp ++If the certificate is a V1 certificate ++(and thus has no extensions) and it is self-signed, ++it is also assumed to be a CA but a warning is again given. ++This is to work around the problem of Verisign roots ++which are V1 self-signed certificates. ++.Pp ++If the ++.Cm keyUsage ++extension is present, then additional restraints are ++made on the uses of the certificate. ++A CA certificate must have the ++.Cm keyCertSign ++bit set if the ++.Cm keyUsage ++extension is present. ++.Pp ++The extended key usage extension places additional restrictions on the ++certificate uses. ++If this extension is present, whether critical or not, ++the key can only be used for the purposes specified. ++.Pp ++A complete description of each test is given below. ++The comments about ++.Cm basicConstraints ++and ++.Cm keyUsage ++and V1 certificates above apply to all CA certificates. ++.Bl -tag -width "XXXX" ++.It SSL Client ++The extended key usage extension must be absent or include the ++web client authentication OID. ++.Cm keyUsage ++must be absent or it must have the ++.Cm digitalSignature ++bit set. ++The Netscape certificate type must be absent ++or it must have the SSL client bit set. ++.It SSL Client CA ++The extended key usage extension must be absent or include the ++web client authentication OID. ++The Netscape certificate type must be absent ++or it must have the SSL CA bit set: ++this is used as a workaround if the ++.Cm basicConstraints ++extension is absent. ++.It SSL Server ++The extended key usage extension must be absent or include the ++web server authentication and/or one of the SGC OIDs. ++.Cm keyUsage ++must be absent or it must have the ++.Cm digitalSignature ++set, the ++.Cm keyEncipherment ++set, or both bits set. ++The Netscape certificate type must be absent or have the SSL server bit set. ++.It SSL Server CA ++The extended key usage extension must be absent or include the ++web server authentication and/or one of the SGC OIDs. ++The Netscape certificate type must be absent or the SSL CA bit must be set: ++this is used as a workaround if the ++.Cm basicConstraints ++extension is absent. ++.It Netscape SSL Server ++For Netscape SSL clients to connect to an SSL server; it must have the ++.Cm keyEncipherment ++bit set if the ++.Cm keyUsage ++extension is present. ++This isn't always valid because some cipher suites use the key for ++digital signing. ++Otherwise it is the same as a normal SSL server. ++.It Common S/MIME Client Tests ++The extended key usage extension must be absent or include the ++email protection OID. ++The Netscape certificate type must be absent or should have the S/MIME bit set. ++If the S/MIME bit is not set in Netscape certificate type, then the SSL ++client bit is tolerated as an alternative but a warning is shown: ++this is because some Verisign certificates don't set the S/MIME bit. ++.It S/MIME Signing ++In addition to the common S/MIME client tests, the ++.Cm digitalSignature ++bit must be set if the ++.Cm keyUsage ++extension is present. ++.It S/MIME Encryption ++In addition to the common S/MIME tests, the ++.Cm keyEncipherment ++bit must be set if the ++.Cm keyUsage ++extension is present. ++.It S/MIME CA ++The extended key usage extension must be absent or include the ++email protection OID. ++The Netscape certificate type must be absent ++or must have the S/MIME CA bit set: ++this is used as a workaround if the ++.Cm basicConstraints ++extension is absent. ++.It CRL Signing ++The ++.Cm keyUsage ++extension must be absent or it must have the CRL signing bit set. ++.It CRL Signing CA ++The normal CA tests apply, except the ++.Cm basicConstraints ++extension must be present. ++.El ++.It Fl setalias Ar arg ++Set the alias of the certificate, ++allowing the certificate to be referred to using a nickname, ++such as ++.Qq Steve's Certificate . ++.It Fl trustout ++Output a trusted certificate ++(the default if any trust settings are modified). ++An ordinary or trusted certificate can be input, but by default an ordinary ++certificate is output and any trust settings are discarded. ++.El ++.Pp ++The ++.Nm x509 ++utility can be used to sign certificates and requests: ++it can thus behave like a mini CA. ++The following are x509 signing options: ++.Bl -tag -width "XXXX" ++.It Fl CA Ar file ++The CA certificate to be used for signing. ++When this option is present, ++.Nm x509 ++behaves like a mini CA. ++The input file is signed by the CA using this option; ++that is, its issuer name is set to the subject name of the CA and it is ++digitally signed using the CA's private key. ++.Pp ++This option is normally combined with the ++.Fl req ++option. ++Without the ++.Fl req ++option, the input is a certificate which must be self-signed. ++.It Fl CAcreateserial ++Create the CA serial number file if it does not exist ++instead of generating an error. ++The file will contain the serial number ++.Sq 02 ++and the certificate being signed will have ++.Sq 1 ++as its serial number. ++.It Fl CAform Cm der | pem ++The format of the CA certificate file. ++The default is ++.Cm pem . ++.It Fl CAkey Ar file ++Set the CA private key to sign a certificate with. ++Otherwise it is assumed that the CA private key is present ++in the CA certificate file. ++.It Fl CAkeyform Cm der | pem ++The format of the CA private key. ++The default is ++.Cm pem . ++.It Fl CAserial Ar file ++Use the serial number in ++.Ar file ++to sign a certificate. ++The file should consist of one line containing an even number of hex digits ++with the serial number to use. ++After each use the serial number is incremented and written out ++to the file again. ++.Pp ++The default filename consists of the CA certificate file base name with ++.Pa .srl ++appended. ++For example, if the CA certificate file is called ++.Pa mycacert.pem , ++it expects to find a serial number file called ++.Pa mycacert.srl . ++.It Fl checkend Ar arg ++Check whether the certificate expires in the next ++.Ar arg ++seconds. ++If so, exit with return value 1; ++otherwise exit with return value 0. ++.It Fl clrext ++Delete any extensions from a certificate. ++This option is used when a certificate is being created from another ++certificate (for example with the ++.Fl signkey ++or the ++.Fl CA ++options). ++Normally, all extensions are retained. ++.It Fl days Ar arg ++The number of days to make a certificate valid for. ++The default is 30 days. ++.It Fl extensions Ar section ++The section to add certificate extensions from. ++If this option is not specified, the extensions should either be ++contained in the unnamed (default) section ++or the default section should contain a variable called ++.Qq extensions ++which contains the section to use. ++.It Fl extfile Ar file ++File containing certificate extensions to use. ++If not specified, no extensions are added to the certificate. ++.It Fl force_pubkey Ar key ++Set the public key of the certificate to the public key contained in ++.Ar key . ++.It Fl keyform Cm der | pem ++The format of the key file used in the ++.Fl force_pubkey ++and ++.Fl signkey ++options. ++.It Fl new ++Generate a new certificate using the subject given by ++.Fl set_subject ++and signed by ++.Fl signkey . ++If no public key is provided with ++.Fl force_pubkey , ++the resulting certificate is self-signed. ++This option cannot be used with ++.Fl in ++or ++.Fl req . ++.It Fl req ++Expect a certificate request on input instead of a certificate. ++This option cannot be used with ++.Fl new . ++.It Fl set_issuer Ar name ++The issuer name to use. ++.Ar name ++must be formatted as /type0=value0/type1=value1/type2=...; ++characters may be escaped by ++.Sq \e ++(backslash); ++no spaces are skipped. ++.It Fl set_serial Ar n ++The serial number to use. ++This option can be used with either the ++.Fl signkey ++or ++.Fl CA ++options. ++If used in conjunction with the ++.Fl CA ++option, the serial number file (as specified by the ++.Fl CAserial ++or ++.Fl CAcreateserial ++options) is not used. ++.Pp ++The serial number can be decimal or hex (if preceded by ++.Sq 0x ) . ++Negative serial numbers can also be specified but their use is not recommended. ++.It Fl set_subject Ar name ++The subject name to use. ++.Ar name ++must be formatted as /type0=value0/type1=value1/type2=...; ++characters may be escaped by ++.Sq \e ++(backslash); ++no spaces are skipped. ++.It Fl signkey Ar file ++Self-sign ++.Ar file ++using the supplied private key. ++.Pp ++If the input file is a certificate, it sets the issuer name to the ++subject name (i.e. makes it self-signed), ++changes the public key to the supplied value, ++and changes the start and end dates. ++The start date is set to the current time and the end date is set to ++a value determined by the ++.Fl days ++option. ++Any certificate extensions are retained unless the ++.Fl clrext ++option is supplied. ++.Pp ++If the input is a certificate request, a self-signed certificate ++is created using the supplied private key using the subject name in ++the request. ++.It Fl utf8 ++Interpret field values read from a terminal or obtained from a configuration ++file as UTF-8 strings. ++By default, they are interpreted as ASCII. ++.It Fl x509toreq ++Convert a certificate into a certificate request. ++The ++.Fl signkey ++option is used to pass the required private key. ++.El ++.Sh COMMON NOTATION ++Several commands share a common syntax, ++as detailed below. ++.Pp ++Password arguments, typically specified using ++.Fl passin ++and ++.Fl passout ++for input and output passwords, ++allow passwords to be obtained from a variety of sources. ++Both of these options take a single argument, described below. ++If no password argument is given and a password is required, ++then the user is prompted to enter one: ++this will typically be read from the current terminal with echoing turned off. ++.Bl -tag -width "pass:password" -offset indent ++.It Cm pass : Ns Ar password ++The actual password is ++.Ar password . ++Since the password is visible to utilities, ++this form should only be used where security is not important. ++.It Cm env : Ns Ar var ++Obtain the password from the environment variable ++.Ar var . ++Since the environment of other processes is visible, ++this option should be used with caution. ++.It Cm file : Ns Ar path ++The first line of ++.Ar path ++is the password. ++If the same ++.Ar path ++argument is supplied to ++.Fl passin ++and ++.Fl passout , ++then the first line will be used for the input password and the next line ++for the output password. ++.Ar path ++need not refer to a regular file: ++it could, for example, refer to a device or named pipe. ++.It Cm fd : Ns Ar number ++Read the password from the file descriptor ++.Ar number . ++This can be used to send the data via a pipe, for example. ++.It Cm stdin ++Read the password from standard input. ++.El ++.Pp ++Input/output formats, ++typically specified using ++.Fl inform ++and ++.Fl outform , ++indicate the format being read from or written to. ++The argument is case insensitive. ++.Pp ++.Bl -tag -width Ds -offset indent -compact ++.It Cm der ++Distinguished Encoding Rules (DER) ++is a binary format. ++.It Cm net ++Insecure legacy format. ++.It Cm pem ++Privacy Enhanced Mail (PEM) ++is base64-encoded. ++.It Cm pvk ++Private Key format. ++.It Cm smime ++An SMIME format message. ++.It Cm txt ++Plain ASCII text. ++.El ++.Sh ENVIRONMENT ++The following environment variables affect the execution of ++.Nm openssl : ++.Bl -tag -width "/etc/pki/tls/libressl.cnf" ++.It Ev OPENSSL_CONF ++The location of the master configuration file. ++.El ++.Sh FILES ++.Bl -tag -width "/etc/pki/tls/libressl.cnf" -compact ++.It Pa /etc/ssl/ ++Default config directory for ++.Nm openssl . ++.It Pa /etc/ssl/lib/ ++Unused. ++.It Pa /etc/ssl/private/ ++Default private key directory. ++.It Pa /etc/ssl/libressl.cnf ++Default configuration file for ++.Nm openssl . ++.It Pa /etc/ssl/x509v3.cnf ++Default configuration file for ++.Nm x509 ++certificates. ++.El ++.Sh SEE ALSO ++.Xr acme-client 1 , ++.Xr nc 1 , ++.Xr libressl.cnf 5 , ++.Xr x509v3.cnf 5 , ++.Xr ssl 8 , ++.Xr starttls 8 ++.Sh STANDARDS ++.Rs ++.%A T. Dierks ++.%A C. Allen ++.%D January 1999 ++.%R RFC 2246 ++.%T The TLS Protocol Version 1.0 ++.Re ++.Pp ++.Rs ++.%A M. Wahl ++.%A S. Killie ++.%A T. Howes ++.%D December 1997 ++.%R RFC 2253 ++.%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names ++.Re ++.Pp ++.Rs ++.%A B. Kaliski ++.%D March 1998 ++.%R RFC 2315 ++.%T PKCS #7: Cryptographic Message Syntax Version 1.5 ++.Re ++.Pp ++.Rs ++.%A R. Housley ++.%A W. Ford ++.%A W. Polk ++.%A D. Solo ++.%D January 1999 ++.%R RFC 2459 ++.%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile ++.Re ++.Pp ++.Rs ++.%A M. Myers ++.%A R. Ankney ++.%A A. Malpani ++.%A S. Galperin ++.%A C. Adams ++.%D June 1999 ++.%R RFC 2560 ++.%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP ++.Re ++.Pp ++.Rs ++.%A R. Housley ++.%D June 1999 ++.%R RFC 2630 ++.%T Cryptographic Message Syntax ++.Re ++.Pp ++.Rs ++.%A P. Chown ++.%D June 2002 ++.%R RFC 3268 ++.%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) ++.Re diff --git a/base/libressl/libressl-rename-config-file.patch b/base/libressl/libressl-rename-config-file.patch index b134c23..4b43b6e 100644 --- a/base/libressl/libressl-rename-config-file.patch +++ b/base/libressl/libressl-rename-config-file.patch @@ -1,66 +1,6 @@ -diff -Naur libressl-3.8.1-orig/Makefile.am libressl-3.8.1/Makefile.am ---- libressl-3.8.1-orig/Makefile.am 2023-08-21 17:00:06.000000000 +0600 -+++ libressl-3.8.1/Makefile.am 2023-10-03 14:13:45.763015193 +0600 -@@ -12,7 +12,7 @@ - - EXTRA_DIST = README.md README.windows VERSION config scripts - EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in FindLibreSSL.cmake LibreSSLConfig.cmake.in --EXTRA_DIST += cert.pem openssl.cnf x509v3.cnf -+EXTRA_DIST += cert.pem libressl.cnf x509v3.cnf - - .PHONY: install_sw - install_sw: install -@@ -24,7 +24,7 @@ - OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ - fi; \ - mkdir -p "$$OPENSSLDIR/certs"; \ -- for i in cert.pem openssl.cnf x509v3.cnf; do \ -+ for i in cert.pem libressl.cnf x509v3.cnf; do \ - if [ ! -f "$$OPENSSLDIR/$i" ]; then \ - $(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \ - else \ -@@ -38,7 +38,7 @@ - else \ - OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ - fi; \ -- for i in cert.pem openssl.cnf x509v3.cnf; do \ -+ for i in cert.pem libressl.cnf x509v3.cnf; do \ - if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \ - rm -f "$$OPENSSLDIR/$$i"; \ - fi \ -diff -Naur libressl-3.8.1-orig/Makefile.in libressl-3.8.1/Makefile.in ---- libressl-3.8.1-orig/Makefile.in 2023-08-31 08:15:32.000000000 +0600 -+++ libressl-3.8.1/Makefile.in 2023-10-03 14:14:15.117827061 +0600 -@@ -374,7 +374,7 @@ - EXTRA_DIST = README.md README.windows VERSION config scripts \ - CMakeLists.txt cmake_export_symbol.cmake \ - cmake_uninstall.cmake.in FindLibreSSL.cmake \ -- LibreSSLConfig.cmake.in cert.pem openssl.cnf x509v3.cnf -+ LibreSSLConfig.cmake.in cert.pem libressl.cnf x509v3.cnf - all: all-recursive - - .SUFFIXES: -@@ -895,7 +895,7 @@ - OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ - fi; \ - mkdir -p "$$OPENSSLDIR/certs"; \ -- for i in cert.pem openssl.cnf x509v3.cnf; do \ -+ for i in cert.pem libressl.cnf x509v3.cnf; do \ - if [ ! -f "$$OPENSSLDIR/$i" ]; then \ - $(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \ - else \ -@@ -909,7 +909,7 @@ - else \ - OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ - fi; \ -- for i in cert.pem openssl.cnf x509v3.cnf; do \ -+ for i in cert.pem libressl.cnf x509v3.cnf; do \ - if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \ - rm -f "$$OPENSSLDIR/$$i"; \ - fi \ -diff -Naur libressl-3.8.1-orig/apps/openssl/apps.c libressl-3.8.1/apps/openssl/apps.c ---- libressl-3.8.1-orig/apps/openssl/apps.c 2023-08-21 16:50:37.000000000 +0600 -+++ libressl-3.8.1/apps/openssl/apps.c 2023-10-03 14:15:00.235537604 +0600 +diff -Naur a/apps/openssl/apps.c b/apps/openssl/apps.c +--- a/apps/openssl/apps.c 2024-09-25 09:30:06.000000000 +0600 ++++ b/apps/openssl/apps.c 2025-01-09 22:24:46.419234126 +0600 @@ -1069,7 +1069,7 @@ const char *t = X509_get_default_cert_area(); char *p; @@ -70,10 +10,22 @@ diff -Naur libressl-3.8.1-orig/apps/openssl/apps.c libressl-3.8.1/apps/openssl/a return NULL; return p; } -diff -Naur libressl-3.8.1-orig/crypto/conf/conf_mod.c libressl-3.8.1/crypto/conf/conf_mod.c ---- libressl-3.8.1-orig/crypto/conf/conf_mod.c 2023-08-21 16:50:37.000000000 +0600 -+++ libressl-3.8.1/crypto/conf/conf_mod.c 2023-10-03 14:15:27.230364281 +0600 -@@ -474,7 +474,7 @@ +diff -Naur a/CMakeLists.txt b/CMakeLists.txt +--- a/CMakeLists.txt 2024-10-08 16:16:19.000000000 +0600 ++++ b/CMakeLists.txt 2025-01-09 22:34:00.078411167 +0600 +@@ -531,7 +531,7 @@ + DESTINATION ${CMAKE_INSTALL_LIBDIR}) + endif() + +- install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR}) ++ install(FILES cert.pem libressl.cnf x509v3.cnf DESTINATION ${CONF_DIR}) + install(DIRECTORY DESTINATION ${CONF_DIR}/certs) + + if(NOT TARGET uninstall) +diff -Naur a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c +--- a/crypto/conf/conf_mod.c 2024-09-25 09:30:06.000000000 +0600 ++++ b/crypto/conf/conf_mod.c 2025-01-09 22:22:06.849337107 +0600 +@@ -485,7 +485,7 @@ { char *file = NULL; @@ -82,9 +34,9 @@ diff -Naur libressl-3.8.1-orig/crypto/conf/conf_mod.c libressl-3.8.1/crypto/conf X509_get_default_cert_area()) == -1) return (NULL); return file; -diff -Naur libressl-3.8.1-orig/libressl.cnf libressl-3.8.1/libressl.cnf ---- libressl-3.8.1-orig/libressl.cnf 1970-01-01 06:00:00.000000000 +0600 -+++ libressl-3.8.1/libressl.cnf 2023-07-05 14:08:27.000000000 +0600 +diff -Naur a/libressl.cnf b/libressl.cnf +--- a/libressl.cnf 1970-01-01 06:00:00.000000000 +0600 ++++ b/libressl.cnf 2023-07-05 14:08:27.000000000 +0600 @@ -0,0 +1,24 @@ +[ req ] +#default_bits = 2048 @@ -110,9 +62,823 @@ diff -Naur libressl-3.8.1-orig/libressl.cnf libressl-3.8.1/libressl.cnf +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 -diff -Naur libressl-3.8.1-orig/openssl.cnf libressl-3.8.1/openssl.cnf ---- libressl-3.8.1-orig/openssl.cnf 2023-07-05 14:08:27.000000000 +0600 -+++ libressl-3.8.1/openssl.cnf 1970-01-01 06:00:00.000000000 +0600 +diff -Naur a/Makefile.am b/Makefile.am +--- a/Makefile.am 2024-05-28 19:25:41.000000000 +0600 ++++ b/Makefile.am 2025-01-09 22:23:13.342877490 +0600 +@@ -12,7 +12,7 @@ + + EXTRA_DIST = README.md README.mingw.md VERSION config scripts + EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in FindLibreSSL.cmake LibreSSLConfig.cmake.in +-EXTRA_DIST += cert.pem openssl.cnf x509v3.cnf ++EXTRA_DIST += cert.pem libressl.cnf x509v3.cnf + + .PHONY: install_sw + install_sw: install +@@ -24,7 +24,7 @@ + OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ + fi; \ + mkdir -p "$$OPENSSLDIR/certs"; \ +- for i in cert.pem openssl.cnf x509v3.cnf; do \ ++ for i in cert.pem libressl.cnf x509v3.cnf; do \ + if [ ! -f "$$OPENSSLDIR/$i" ]; then \ + $(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \ + else \ +@@ -38,7 +38,7 @@ + else \ + OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ + fi; \ +- for i in cert.pem openssl.cnf x509v3.cnf; do \ ++ for i in cert.pem libressl.cnf x509v3.cnf; do \ + if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \ + rm -f "$$OPENSSLDIR/$$i"; \ + fi \ +diff -Naur a/Makefile.in b/Makefile.in +--- a/Makefile.in 2024-10-14 10:53:04.000000000 +0600 ++++ b/Makefile.in 2025-01-09 22:25:23.906975003 +0600 +@@ -374,7 +374,7 @@ + EXTRA_DIST = README.md README.mingw.md VERSION config scripts \ + CMakeLists.txt cmake_export_symbol.cmake \ + cmake_uninstall.cmake.in FindLibreSSL.cmake \ +- LibreSSLConfig.cmake.in cert.pem openssl.cnf x509v3.cnf ++ LibreSSLConfig.cmake.in cert.pem libressl.cnf x509v3.cnf + all: all-recursive + + .SUFFIXES: +@@ -895,7 +895,7 @@ + OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ + fi; \ + mkdir -p "$$OPENSSLDIR/certs"; \ +- for i in cert.pem openssl.cnf x509v3.cnf; do \ ++ for i in cert.pem libressl.cnf x509v3.cnf; do \ + if [ ! -f "$$OPENSSLDIR/$i" ]; then \ + $(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \ + else \ +@@ -909,7 +909,7 @@ + else \ + OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ + fi; \ +- for i in cert.pem openssl.cnf x509v3.cnf; do \ ++ for i in cert.pem libressl.cnf x509v3.cnf; do \ + if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \ + rm -f "$$OPENSSLDIR/$$i"; \ + fi \ +diff -Naur a/man/libressl.cnf.5 b/man/libressl.cnf.5 +--- a/man/libressl.cnf.5 1970-01-01 06:00:00.000000000 +0600 ++++ b/man/libressl.cnf.5 2025-01-09 22:33:23.437663998 +0600 +@@ -0,0 +1,361 @@ ++.\" $OpenBSD: openssl.cnf.5,v 1.11 2024/07/08 15:02:28 jmc Exp $ ++.\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100 ++.\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400 ++.\" ++.\" This file was written by Dr. Stephen Henson . ++.\" Copyright (c) 1999, 2000, 2004, 2013, 2015, 2016, 2017 The OpenSSL Project. ++.\" All rights reserved. ++.\" ++.\" Redistribution and use in source and binary forms, with or without ++.\" modification, are permitted provided that the following conditions ++.\" are met: ++.\" ++.\" 1. Redistributions of source code must retain the above copyright ++.\" notice, this list of conditions and the following disclaimer. ++.\" ++.\" 2. Redistributions in binary form must reproduce the above copyright ++.\" notice, this list of conditions and the following disclaimer in ++.\" the documentation and/or other materials provided with the ++.\" distribution. ++.\" ++.\" 3. All advertising materials mentioning features or use of this ++.\" software must display the following acknowledgment: ++.\" "This product includes software developed by the OpenSSL Project ++.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" ++.\" ++.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to ++.\" endorse or promote products derived from this software without ++.\" prior written permission. For written permission, please contact ++.\" openssl-core@openssl.org. ++.\" ++.\" 5. Products derived from this software may not be called "OpenSSL" ++.\" nor may "OpenSSL" appear in their names without prior written ++.\" permission of the OpenSSL Project. ++.\" ++.\" 6. Redistributions of any form whatsoever must retain the following ++.\" acknowledgment: ++.\" "This product includes software developed by the OpenSSL Project ++.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" ++.\" ++.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY ++.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ++.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ++.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ++.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ++.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ++.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ++.\" OF THE POSSIBILITY OF SUCH DAMAGE. ++.\" ++.Dd $Mdocdate: July 8 2024 $ ++.Dt OPENSSL.CNF 5 ++.Os ++.Sh NAME ++.Nm libressl.cnf ++.Nd OpenSSL configuration files ++.Sh DESCRIPTION ++The OpenSSL CONF library can be used to read configuration files; see ++.Xr CONF_modules_load_file 3 . ++It is used for the OpenSSL master configuration file ++.Pa /etc/pki/tls/libressl.cnf ++and in a few other places such as certificate extension files for the ++.Xr openssl 1 ++.Cm x509 ++utility. ++OpenSSL applications can also use the CONF library for their own ++purposes. ++.Pp ++A configuration file is divided into a number of sections. ++Each section starts with a line ++.Bq Ar section_name ++and ends when a new section is started or the end of the file is reached. ++A section name can consist of alphanumeric characters and underscores. ++.Pp ++The first section of a configuration file is special and is referred to ++as the ++.Dq default section . ++It is usually unnamed and extends from the start of file to the ++first named section. ++When a name is being looked up, it is first looked up in a named ++section (if any) and then in the default section. ++.Pp ++The environment is mapped onto a section called ++.Ic ENV . ++.Pp ++Comments can be included by preceding them with the ++.Ql # ++character. ++.Pp ++Each section in a configuration file consists of a number of name and ++value pairs of the form ++.Ar name Ns = Ns Ar value . ++.Pp ++The ++.Ar name ++string can contain any alphanumeric characters as well as a few ++punctuation symbols such as ++.Ql \&. ++.Ql \&, ++.Ql \&; ++and ++.Ql _ . ++.Pp ++The ++.Ar value ++string consists of the string following the ++.Ql = ++character until the end of the line with any leading and trailing ++whitespace removed. ++.Pp ++The value string undergoes variable expansion. ++This can be done by including substrings of the form ++.Pf $ Ar name ++or ++.Pf $ Brq Ar name : ++this will substitute the value of the named variable in the current ++section. ++It is also possible to substitute a value from another section using the ++syntax ++.Pf $ Ar section Ns :: Ns Ar name ++or ++.Pf $ Brq Ar section Ns :: Ns Ar name . ++By using the form ++.Pf $ Ic ENV Ns :: Ns Ar name , ++environment variables can be substituted. ++It is also possible to assign values to environment variables by using ++the name ++.Ic ENV Ns :: Ns Ar name . ++This will work if the program looks up environment variables using ++the CONF library instead of calling ++.Xr getenv 3 ++directly. ++The value string must not exceed 64k in length after variable expansion or an ++error will occur. ++.Pp ++It is possible to escape certain characters by using any kind of quote ++or the ++.Ql \e ++character. ++By making the last character of a line a ++.Ql \e , ++a ++.Ar value ++string can be spread across multiple lines. ++In addition the sequences ++.Ql \en , ++.Ql \er , ++.Ql \eb , ++and ++.Ql \et ++are recognized. ++.Sh OPENSSL LIBRARY CONFIGURATION ++Applications can automatically configure certain aspects of OpenSSL ++using the master OpenSSL configuration file, or optionally an ++alternative configuration file. ++The ++.Xr openssl 1 ++utility includes this functionality: any sub command uses the master ++OpenSSL configuration file unless an option is used in the sub command ++to use an alternative configuration file. ++.Pp ++To enable library configuration, the default section needs to contain ++an appropriate line which points to the main configuration section. ++The default name is ++.Ic openssl_conf , ++which is used by the ++.Xr openssl 1 ++utility. ++Other applications may use an alternative name such as ++.Sy myapplication_conf . ++All library configuration lines appear in the default section ++at the start of the configuration file. ++.Pp ++The configuration section should consist of a set of name value pairs ++which contain specific module configuration information. ++The ++.Ar name ++represents the name of the configuration module. ++The meaning of the ++.Ar value ++is module specific: it may, for example, represent a further ++configuration section containing configuration module specific ++information. ++For example: ++.Bd -literal -offset indent ++# The following line must be in the default section. ++openssl_conf = openssl_init ++ ++[openssl_init] ++oid_section = new_oids ++ ++[new_oids] ++\&... new oids here ... ++.Ed ++.Pp ++The features of each configuration module are described below. ++.Ss ASN1 Object Configuration Module ++This module has the name ++.Ic oid_section . ++The value of this variable points to a section containing name value ++pairs of OIDs: the name is the OID short and long name, and the value is the ++numerical form of the OID. ++Although some of the ++.Xr openssl 1 ++utility subcommands already have their own ASN1 OBJECT section ++functionality, not all do. ++By using the ASN1 OBJECT configuration module, all the ++.Xr openssl 1 ++utility subcommands can see the new objects as well as any compliant ++applications. ++For example: ++.Bd -literal -offset indent ++[new_oids] ++some_new_oid = 1.2.3.4 ++some_other_oid = 1.2.3.5 ++.Ed ++.Pp ++It is also possible to set the value to the long name followed by a ++comma and the numerical OID form. ++For example: ++.Pp ++.Dl shortName = some object long name, 1.2.3.4 ++.Sh FILES ++.Bl -tag -width /etc/pki/tls/libressl.cnf -compact ++.It Pa /etc/pki/tls/libressl.cnf ++standard configuration file ++.El ++.Sh EXAMPLES ++Here is a sample configuration file using some of the features ++mentioned above: ++.Bd -literal -offset indent ++# This is the default section. ++HOME=/temp ++RANDFILE= ${ENV::HOME}/.rnd ++configdir=$ENV::HOME/config ++ ++[ section_one ] ++# We are now in section one. ++ ++# Quotes permit leading and trailing whitespace ++any = " any variable name " ++ ++other = A string that can \e ++cover several lines \e ++by including \e\e characters ++ ++message = Hello World\en ++ ++[ section_two ] ++greeting = $section_one::message ++.Ed ++.Pp ++This next example shows how to expand environment variables safely. ++.Pp ++Suppose you want a variable called ++.Sy tmpfile ++to refer to a temporary filename. ++The directory it is placed in can determined by the ++.Ev TEMP ++or ++.Ev TMP ++environment variables but they may not be set to any value at all. ++If you just include the environment variable names and the variable ++doesn't exist then this will cause an error when an attempt is made to ++load the configuration file. ++By making use of the default section both values can be looked up with ++.Ev TEMP ++taking priority and ++.Pa /tmp ++used if neither is defined: ++.Bd -literal -offset indent ++TMP=/tmp ++# The above value is used if TMP isn't in the environment ++TEMP=$ENV::TMP ++# The above value is used if TEMP isn't in the environment ++tmpfile=${ENV::TEMP}/tmp.filename ++.Ed ++.Pp ++More complex OpenSSL library configuration. ++Add OID: ++.Bd -literal -offset indent ++# Default appname: should match "appname" parameter (if any) ++# supplied to CONF_modules_load_file et al. ++openssl_conf = openssl_conf_section ++ ++[openssl_conf_section] ++# Configuration module list ++oid_section = new_oids ++ ++[new_oids] ++# New OID, just short name ++newoid1 = 1.2.3.4.1 ++# New OID shortname and long name ++newoid2 = New OID 2 long name, 1.2.3.4.2 ++.Ed ++.Pp ++The above examples can be used with any application supporting library ++configuration if "openssl_conf" is modified to match the appropriate ++"appname". ++.Pp ++For example if the second sample file above is saved to "example.cnf" ++then the command line: ++.Pp ++.Dl OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1 ++.Pp ++will output: ++.Dl 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 ++.Pp ++showing that the OID "newoid1" has been added as "1.2.3.4.1". ++.Sh SEE ALSO ++.Xr openssl 1 , ++.Xr CONF_modules_load_file 3 , ++.Xr OPENSSL_config 3 , ++.Xr x509v3.cnf 5 ++.Sh CAVEATS ++If a configuration file attempts to expand a variable that doesn't ++exist, then an error is flagged and the file will not load. ++This can also happen if an attempt is made to expand an environment ++variable that doesn't exist. ++For example, in a previous version of OpenSSL the default OpenSSL ++master configuration file used the value of ++.Ev HOME ++which may not be defined on non Unix systems and would cause an error. ++.Pp ++This can be worked around by including a default section to provide ++a default value: then if the environment lookup fails, the default ++value will be used instead. ++For this to work properly, the default value must be defined earlier ++in the configuration file than the expansion. ++See the ++.Sx EXAMPLES ++section for an example of how to do this. ++.Pp ++If the same variable is defined more than once in the same section, ++then all but the last value will be silently ignored. ++In certain circumstances such as with DNs, the same field may occur ++multiple times. ++This is usually worked around by ignoring any characters before an ++initial ++.Ql \&. , ++for example: ++.Bd -literal -offset indent ++1.OU="My first OU" ++2.OU="My Second OU" ++.Ed ++.Sh BUGS ++Currently there is no way to include characters using the octal ++.Pf \e Ar nnn ++form. ++Strings are all NUL terminated, so NUL bytes cannot form part of ++the value. ++.Pp ++The escaping isn't quite right: if you want to use sequences like ++.Ql \en , ++you can't use any quote escaping on the same line. ++.Pp ++Files are loaded in a single pass. ++This means that a variable expansion will only work if the variables ++referenced are defined earlier in the file. +diff -Naur a/man/Makefile.am b/man/Makefile.am +--- a/man/Makefile.am 2024-10-14 10:52:54.000000000 +0600 ++++ b/man/Makefile.am 2025-01-09 22:30:29.135866729 +0600 +@@ -561,7 +561,7 @@ + dist_man3_MANS += tls_load_file.3 + dist_man3_MANS += tls_ocsp_process_response.3 + dist_man3_MANS += tls_read.3 +-dist_man5_MANS += openssl.cnf.5 ++dist_man5_MANS += libressl.cnf.5 + dist_man5_MANS += x509v3.cnf.5 + install-data-hook: + ln -sf "ACCESS_DESCRIPTION_new.3" "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3" +diff -Naur a/man/Makefile.in b/man/Makefile.in +--- a/man/Makefile.in 2024-10-14 10:53:07.000000000 +0600 ++++ b/man/Makefile.in 2025-01-09 22:30:39.821792993 +0600 +@@ -686,7 +686,7 @@ + @ENABLE_LIBTLS_ONLY_FALSE@ tls_init.3 tls_load_file.3 \ + @ENABLE_LIBTLS_ONLY_FALSE@ tls_ocsp_process_response.3 \ + @ENABLE_LIBTLS_ONLY_FALSE@ tls_read.3 +-@ENABLE_LIBTLS_ONLY_FALSE@dist_man5_MANS = openssl.cnf.5 x509v3.cnf.5 ++@ENABLE_LIBTLS_ONLY_FALSE@dist_man5_MANS = libressl.cnf.5 x509v3.cnf.5 + all: all-am + + .SUFFIXES: +diff -Naur a/man/openssl.cnf.5 b/man/openssl.cnf.5 +--- a/man/openssl.cnf.5 2024-09-25 09:30:06.000000000 +0600 ++++ b/man/openssl.cnf.5 1970-01-01 06:00:00.000000000 +0600 +@@ -1,361 +0,0 @@ +-.\" $OpenBSD: openssl.cnf.5,v 1.11 2024/07/08 15:02:28 jmc Exp $ +-.\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100 +-.\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400 +-.\" +-.\" This file was written by Dr. Stephen Henson . +-.\" Copyright (c) 1999, 2000, 2004, 2013, 2015, 2016, 2017 The OpenSSL Project. +-.\" All rights reserved. +-.\" +-.\" Redistribution and use in source and binary forms, with or without +-.\" modification, are permitted provided that the following conditions +-.\" are met: +-.\" +-.\" 1. Redistributions of source code must retain the above copyright +-.\" notice, this list of conditions and the following disclaimer. +-.\" +-.\" 2. Redistributions in binary form must reproduce the above copyright +-.\" notice, this list of conditions and the following disclaimer in +-.\" the documentation and/or other materials provided with the +-.\" distribution. +-.\" +-.\" 3. All advertising materials mentioning features or use of this +-.\" software must display the following acknowledgment: +-.\" "This product includes software developed by the OpenSSL Project +-.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +-.\" +-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +-.\" endorse or promote products derived from this software without +-.\" prior written permission. For written permission, please contact +-.\" openssl-core@openssl.org. +-.\" +-.\" 5. Products derived from this software may not be called "OpenSSL" +-.\" nor may "OpenSSL" appear in their names without prior written +-.\" permission of the OpenSSL Project. +-.\" +-.\" 6. Redistributions of any form whatsoever must retain the following +-.\" acknowledgment: +-.\" "This product includes software developed by the OpenSSL Project +-.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +-.\" +-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +-.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +-.\" OF THE POSSIBILITY OF SUCH DAMAGE. +-.\" +-.Dd $Mdocdate: July 8 2024 $ +-.Dt OPENSSL.CNF 5 +-.Os +-.Sh NAME +-.Nm openssl.cnf +-.Nd OpenSSL configuration files +-.Sh DESCRIPTION +-The OpenSSL CONF library can be used to read configuration files; see +-.Xr CONF_modules_load_file 3 . +-It is used for the OpenSSL master configuration file +-.Pa /etc/ssl/openssl.cnf +-and in a few other places such as certificate extension files for the +-.Xr openssl 1 +-.Cm x509 +-utility. +-OpenSSL applications can also use the CONF library for their own +-purposes. +-.Pp +-A configuration file is divided into a number of sections. +-Each section starts with a line +-.Bq Ar section_name +-and ends when a new section is started or the end of the file is reached. +-A section name can consist of alphanumeric characters and underscores. +-.Pp +-The first section of a configuration file is special and is referred to +-as the +-.Dq default section . +-It is usually unnamed and extends from the start of file to the +-first named section. +-When a name is being looked up, it is first looked up in a named +-section (if any) and then in the default section. +-.Pp +-The environment is mapped onto a section called +-.Ic ENV . +-.Pp +-Comments can be included by preceding them with the +-.Ql # +-character. +-.Pp +-Each section in a configuration file consists of a number of name and +-value pairs of the form +-.Ar name Ns = Ns Ar value . +-.Pp +-The +-.Ar name +-string can contain any alphanumeric characters as well as a few +-punctuation symbols such as +-.Ql \&. +-.Ql \&, +-.Ql \&; +-and +-.Ql _ . +-.Pp +-The +-.Ar value +-string consists of the string following the +-.Ql = +-character until the end of the line with any leading and trailing +-whitespace removed. +-.Pp +-The value string undergoes variable expansion. +-This can be done by including substrings of the form +-.Pf $ Ar name +-or +-.Pf $ Brq Ar name : +-this will substitute the value of the named variable in the current +-section. +-It is also possible to substitute a value from another section using the +-syntax +-.Pf $ Ar section Ns :: Ns Ar name +-or +-.Pf $ Brq Ar section Ns :: Ns Ar name . +-By using the form +-.Pf $ Ic ENV Ns :: Ns Ar name , +-environment variables can be substituted. +-It is also possible to assign values to environment variables by using +-the name +-.Ic ENV Ns :: Ns Ar name . +-This will work if the program looks up environment variables using +-the CONF library instead of calling +-.Xr getenv 3 +-directly. +-The value string must not exceed 64k in length after variable expansion or an +-error will occur. +-.Pp +-It is possible to escape certain characters by using any kind of quote +-or the +-.Ql \e +-character. +-By making the last character of a line a +-.Ql \e , +-a +-.Ar value +-string can be spread across multiple lines. +-In addition the sequences +-.Ql \en , +-.Ql \er , +-.Ql \eb , +-and +-.Ql \et +-are recognized. +-.Sh OPENSSL LIBRARY CONFIGURATION +-Applications can automatically configure certain aspects of OpenSSL +-using the master OpenSSL configuration file, or optionally an +-alternative configuration file. +-The +-.Xr openssl 1 +-utility includes this functionality: any sub command uses the master +-OpenSSL configuration file unless an option is used in the sub command +-to use an alternative configuration file. +-.Pp +-To enable library configuration, the default section needs to contain +-an appropriate line which points to the main configuration section. +-The default name is +-.Ic openssl_conf , +-which is used by the +-.Xr openssl 1 +-utility. +-Other applications may use an alternative name such as +-.Sy myapplication_conf . +-All library configuration lines appear in the default section +-at the start of the configuration file. +-.Pp +-The configuration section should consist of a set of name value pairs +-which contain specific module configuration information. +-The +-.Ar name +-represents the name of the configuration module. +-The meaning of the +-.Ar value +-is module specific: it may, for example, represent a further +-configuration section containing configuration module specific +-information. +-For example: +-.Bd -literal -offset indent +-# The following line must be in the default section. +-openssl_conf = openssl_init +- +-[openssl_init] +-oid_section = new_oids +- +-[new_oids] +-\&... new oids here ... +-.Ed +-.Pp +-The features of each configuration module are described below. +-.Ss ASN1 Object Configuration Module +-This module has the name +-.Ic oid_section . +-The value of this variable points to a section containing name value +-pairs of OIDs: the name is the OID short and long name, and the value is the +-numerical form of the OID. +-Although some of the +-.Xr openssl 1 +-utility subcommands already have their own ASN1 OBJECT section +-functionality, not all do. +-By using the ASN1 OBJECT configuration module, all the +-.Xr openssl 1 +-utility subcommands can see the new objects as well as any compliant +-applications. +-For example: +-.Bd -literal -offset indent +-[new_oids] +-some_new_oid = 1.2.3.4 +-some_other_oid = 1.2.3.5 +-.Ed +-.Pp +-It is also possible to set the value to the long name followed by a +-comma and the numerical OID form. +-For example: +-.Pp +-.Dl shortName = some object long name, 1.2.3.4 +-.Sh FILES +-.Bl -tag -width /etc/ssl/openssl.cnf -compact +-.It Pa /etc/ssl/openssl.cnf +-standard configuration file +-.El +-.Sh EXAMPLES +-Here is a sample configuration file using some of the features +-mentioned above: +-.Bd -literal -offset indent +-# This is the default section. +-HOME=/temp +-RANDFILE= ${ENV::HOME}/.rnd +-configdir=$ENV::HOME/config +- +-[ section_one ] +-# We are now in section one. +- +-# Quotes permit leading and trailing whitespace +-any = " any variable name " +- +-other = A string that can \e +-cover several lines \e +-by including \e\e characters +- +-message = Hello World\en +- +-[ section_two ] +-greeting = $section_one::message +-.Ed +-.Pp +-This next example shows how to expand environment variables safely. +-.Pp +-Suppose you want a variable called +-.Sy tmpfile +-to refer to a temporary filename. +-The directory it is placed in can determined by the +-.Ev TEMP +-or +-.Ev TMP +-environment variables but they may not be set to any value at all. +-If you just include the environment variable names and the variable +-doesn't exist then this will cause an error when an attempt is made to +-load the configuration file. +-By making use of the default section both values can be looked up with +-.Ev TEMP +-taking priority and +-.Pa /tmp +-used if neither is defined: +-.Bd -literal -offset indent +-TMP=/tmp +-# The above value is used if TMP isn't in the environment +-TEMP=$ENV::TMP +-# The above value is used if TEMP isn't in the environment +-tmpfile=${ENV::TEMP}/tmp.filename +-.Ed +-.Pp +-More complex OpenSSL library configuration. +-Add OID: +-.Bd -literal -offset indent +-# Default appname: should match "appname" parameter (if any) +-# supplied to CONF_modules_load_file et al. +-openssl_conf = openssl_conf_section +- +-[openssl_conf_section] +-# Configuration module list +-oid_section = new_oids +- +-[new_oids] +-# New OID, just short name +-newoid1 = 1.2.3.4.1 +-# New OID shortname and long name +-newoid2 = New OID 2 long name, 1.2.3.4.2 +-.Ed +-.Pp +-The above examples can be used with any application supporting library +-configuration if "openssl_conf" is modified to match the appropriate +-"appname". +-.Pp +-For example if the second sample file above is saved to "example.cnf" +-then the command line: +-.Pp +-.Dl OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1 +-.Pp +-will output: +-.Dl 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 +-.Pp +-showing that the OID "newoid1" has been added as "1.2.3.4.1". +-.Sh SEE ALSO +-.Xr openssl 1 , +-.Xr CONF_modules_load_file 3 , +-.Xr OPENSSL_config 3 , +-.Xr x509v3.cnf 5 +-.Sh CAVEATS +-If a configuration file attempts to expand a variable that doesn't +-exist, then an error is flagged and the file will not load. +-This can also happen if an attempt is made to expand an environment +-variable that doesn't exist. +-For example, in a previous version of OpenSSL the default OpenSSL +-master configuration file used the value of +-.Ev HOME +-which may not be defined on non Unix systems and would cause an error. +-.Pp +-This can be worked around by including a default section to provide +-a default value: then if the environment lookup fails, the default +-value will be used instead. +-For this to work properly, the default value must be defined earlier +-in the configuration file than the expansion. +-See the +-.Sx EXAMPLES +-section for an example of how to do this. +-.Pp +-If the same variable is defined more than once in the same section, +-then all but the last value will be silently ignored. +-In certain circumstances such as with DNs, the same field may occur +-multiple times. +-This is usually worked around by ignoring any characters before an +-initial +-.Ql \&. , +-for example: +-.Bd -literal -offset indent +-1.OU="My first OU" +-2.OU="My Second OU" +-.Ed +-.Sh BUGS +-Currently there is no way to include characters using the octal +-.Pf \e Ar nnn +-form. +-Strings are all NUL terminated, so NUL bytes cannot form part of +-the value. +-.Pp +-The escaping isn't quite right: if you want to use sequences like +-.Ql \en , +-you can't use any quote escaping on the same line. +-.Pp +-Files are loaded in a single pass. +-This means that a variable expansion will only work if the variables +-referenced are defined earlier in the file. +diff -Naur a/openssl.cnf b/openssl.cnf +--- a/openssl.cnf 2023-07-05 14:08:27.000000000 +0600 ++++ b/openssl.cnf 1970-01-01 06:00:00.000000000 +0600 @@ -1,24 +0,0 @@ -[ req ] -#default_bits = 2048 diff --git a/base/libressl/libressl.spec b/base/libressl/libressl.spec index 4690f56..95fcd5d 100644 --- a/base/libressl/libressl.spec +++ b/base/libressl/libressl.spec @@ -20,7 +20,7 @@ %global _hardened_build 1 Name: libressl -Version: 3.8.4 +Version: 4.0.0 Release: 1%{dist} Summary: An SSL/TLS protocol implementation License: OpenSSL @@ -29,6 +29,7 @@ Url: http://libressl.org/ Source: http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/%{name}-%{version}.tar.gz Patch1: libressl-rename-config-file.patch +Patch2: libressl-cmake-rename-binaries.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?rhel} == 7 @@ -36,13 +37,7 @@ BuildRequires: devtoolset-8-gcc devtoolset-8-gcc-c++ devtoolset-8-build devtool %else BuildRequires: gcc gcc-c++ %endif -%if %{?rhel} < 7 -BuildRequires: autoconf2.69 -%else -BuildRequires: autoconf -%endif -BuildRequires: automake -BuildRequires: libtool +BuildRequires: cmake BuildRequires: pkgconfig Requires: %{name}-libs = %{version}-%{release} @@ -86,9 +81,7 @@ applications that want to make use of libressl. %prep -%setup -q -n %{name}-%{version} -%patch1 -p1 -b .config - +%autosetup -p1 -n %{name}-%{version} %build %if 0%{?rhel} == 7 @@ -96,22 +89,17 @@ applications that want to make use of libressl. %enable_devtoolset8 %endif -autoreconf -vfi +%cmake \ + -DCMAKE_INSTALL_LIBDIR=%{_libdir}/libressl \ + -DCMAKE_INSTALL_INCLUDEDIR=%{_includedir}/libressl \ + -DOPENSSLDIR=%{_ssldir} \ + -DLIBRESSL_TESTS=OFF \ + -DENABLE_NC=ON -# Some smart people broke disable-static -%configure \ - --with-openssldir=%{_ssldir} \ - --libdir=%{_libdir}/libressl \ - --includedir=%{_includedir}/libressl \ - --program-suffix "-libre" - -sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool - - -make %{?_smp_mflags} +%cmake_build %install -%make_install +%cmake_install rm -f %{buildroot}/etc/pki/tls/cert.pem rm -f %{buildroot}/%{_libdir}/libressl/*.a @@ -121,10 +109,12 @@ echo '%{_libdir}/libressl' > %{buildroot}/%{_sysconfdir}/ld.so.conf.d/libressl.c find %{buildroot}/%{_libdir} -type f \( -name '*.so' -o -name '*.so.*' \) -exec chmod 755 {} + mv %{buildroot}%{_libdir}/libressl/pkgconfig %{buildroot}%{_libdir}/pkgconfig +mv %{buildroot}%{_libdir}/libressl/cmake %{buildroot}%{_libdir}/ pushd %{buildroot}%{_libdir}/libressl for lib in ssl tls crypto do ln -sf %{_libdir}/libressl/$(readlink lib${lib}.so) %{buildroot}%{_libdir}/lib${lib}.so + rm -f %{buildroot}/%{_libdir}/libressl/lib${lib}.so done @@ -135,7 +125,6 @@ done %files %defattr(-,root,root) -%config %{_sysconfdir}/ld.so.conf.d/libressl.conf %{_bindir}/*-libre %{_mandir}/man1/*.1* %{_mandir}/man5/*.* @@ -143,9 +132,10 @@ done %doc COPYING VERSION README.md %files libs +%config %{_sysconfdir}/ld.so.conf.d/libressl.conf %attr(0644,root,root) %config(noreplace) %{_ssldir}/libressl.cnf %attr(0644,root,root) %config(noreplace) %{_ssldir}/x509v3.cnf -%{_libdir}/libressl/lib*.so* +%{_libdir}/libressl/lib*.so.* %doc COPYING VERSION %files devel @@ -155,9 +145,13 @@ done %{_libdir}/libssl.so %{_libdir}/libtls.so %{_libdir}/pkgconfig/*.pc +%{_libdir}/cmake/LibreSSL/*.cmake %{_mandir}/man3/* %changelog +* Mon Jan 6 2025 Raven - 4.0.0-1 +- update to 4.0.0 + * Thu Mar 28 2024 Raven - 3.8.4-1 - update to 3.8.4