raven/base/libressl/libressl-cmake-rename-binaries.patch

diff -Naur a/apps/nc/CMakeLists.txt b/apps/nc/CMakeLists.txt
--- a/apps/nc/CMakeLists.txt	2024-10-01 15:00:46.000000000 +0600
+++ b/apps/nc/CMakeLists.txt	2025-01-09 23:19:23.219620732 +0600
@@ -31,8 +31,8 @@
 
 add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
 
-add_executable(nc ${NC_SRC})
-target_include_directories(nc
+add_executable(nc-libre ${NC_SRC})
+target_include_directories(nc-libre
 	PRIVATE
 		.
 		./compat
@@ -40,12 +40,12 @@
 	PUBLIC
 		../../include
 		${CMAKE_BINARY_DIR}/include)
-target_link_libraries(nc ${LIBTLS_LIBS} compat_obj)
+target_link_libraries(nc-libre ${LIBTLS_LIBS} compat_obj)
 
 if(ENABLE_NC)
 	if(ENABLE_LIBRESSL_INSTALL)
-		install(TARGETS nc DESTINATION ${CMAKE_INSTALL_BINDIR})
-		install(FILES nc.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
+		install(TARGETS nc-libre DESTINATION ${CMAKE_INSTALL_BINDIR})
+		install(FILES nc-libre.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
 	endif(ENABLE_LIBRESSL_INSTALL)
 endif()
 
diff -Naur a/apps/nc/nc.1 b/apps/nc/nc.1
--- a/apps/nc/nc.1	2024-05-21 08:01:04.000000000 +0600
+++ b/apps/nc/nc.1	1970-01-01 06:00:00.000000000 +0600
@@ -1,589 +0,0 @@
-.\"     $OpenBSD: nc.1,v 1.98 2024/04/01 12:40:18 deraadt Exp $
-.\"
-.\" Copyright (c) 1996 David Sacerdote
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. The name of the author may not be used to endorse or promote products
-.\"    derived from this software without specific prior written permission
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: April 1 2024 $
-.Dt NC 1
-.Os
-.Sh NAME
-.Nm nc
-.Nd arbitrary TCP and UDP connections and listens
-.Sh SYNOPSIS
-.Nm nc
-.Op Fl 46cDdFhklNnrStUuvz
-.Op Fl C Ar certfile
-.Op Fl e Ar name
-.Op Fl H Ar hash
-.Op Fl I Ar length
-.Op Fl i Ar interval
-.Op Fl K Ar keyfile
-.Op Fl M Ar ttl
-.Op Fl m Ar minttl
-.Op Fl O Ar length
-.Op Fl o Ar staplefile
-.Op Fl P Ar proxy_username
-.Op Fl p Ar source_port
-.Op Fl R Ar CAfile
-.Op Fl s Ar sourceaddr
-.Op Fl T Ar keyword
-.Op Fl V Ar rtable
-.Op Fl W Ar recvlimit
-.Op Fl w Ar timeout
-.Op Fl X Ar proxy_protocol
-.Op Fl x Ar proxy_address Ns Op : Ns Ar port
-.Op Fl Z Ar peercertfile
-.Op Ar destination
-.Op Ar port
-.Sh DESCRIPTION
-The
-.Nm
-(or
-.Nm netcat )
-utility is used for just about anything under the sun involving TCP,
-UDP, or
-.Ux Ns -domain
-sockets.
-It can open TCP connections, send UDP packets, listen on arbitrary
-TCP and UDP ports, do port scanning, and deal with both IPv4 and
-IPv6.
-Unlike
-.Xr telnet 1 ,
-.Nm
-scripts nicely, and separates error messages onto standard error instead
-of sending them to standard output, as
-.Xr telnet 1
-does with some.
-.Pp
-Common uses include:
-.Pp
-.Bl -bullet -offset indent -compact
-.It
-simple TCP proxies
-.It
-shell-script based HTTP clients and servers
-.It
-network daemon testing
-.It
-a SOCKS or HTTP ProxyCommand for
-.Xr ssh 1
-.It
-and much, much more
-.El
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl 4
-Use IPv4 addresses only.
-.It Fl 6
-Use IPv6 addresses only.
-.It Fl C Ar certfile
-Load the public key part of the TLS peer certificate from
-.Ar certfile ,
-in PEM format.
-Requires
-.Fl c .
-.It Fl c
-Use TLS to connect or listen.
-Cannot be used together with any of the options
-.Fl FuU .
-.It Fl D
-Enable debugging on the socket.
-.It Fl d
-Do not attempt to read from stdin.
-.It Fl e Ar name
-Only accept the TLS peer certificate if it contains the
-.Ar name .
-Requires
-.Fl c .
-If not specified,
-.Ar destination
-is used.
-.It Fl F
-Pass the first connected socket using
-.Xr sendmsg 2
-to stdout and exit.
-This is useful in conjunction with
-.Fl X
-to have
-.Nm
-perform connection setup with a proxy but then leave the rest of the
-connection to another program (e.g.\&
-.Xr ssh 1
-using the
-.Xr ssh_config 5
-.Cm ProxyUseFdpass
-option).
-Cannot be used with
-.Fl c
-or
-.Fl U .
-.It Fl H Ar hash
-Only accept the TLS peer certificate if its hash returned from
-.Xr tls_peer_cert_hash 3
-matches
-.Ar hash .
-Requires
-.Fl c
-and cannot be used with
-.Fl T Cm noverify .
-.It Fl h
-Print out the
-.Nm
-help text and exit.
-.It Fl I Ar length
-Specify the size of the TCP receive buffer.
-.It Fl i Ar interval
-Sleep for
-.Ar interval
-seconds between lines of text sent and received.
-Also causes a delay time between connections to multiple ports.
-.It Fl K Ar keyfile
-Load the TLS private key from
-.Ar keyfile ,
-in PEM format.
-Requires
-.Fl c .
-.It Fl k
-When a connection is completed, listen for another one.
-Requires
-.Fl l .
-When used together with the
-.Fl u
-option, the server socket is not connected and it can receive UDP datagrams from
-multiple hosts.
-.It Fl l
-Listen for an incoming connection rather than initiating a
-connection to a remote host.
-Cannot be used together with any of the options
-.Fl psxz .
-Additionally, any timeouts specified with the
-.Fl w
-option are ignored.
-.It Fl M Ar ttl
-Set the TTL / hop limit of outgoing packets.
-.It Fl m Ar minttl
-Ask the kernel to drop incoming packets whose TTL / hop limit is under
-.Ar minttl .
-.It Fl N
-.Xr shutdown 2
-the network socket after EOF on the input.
-Some servers require this to finish their work.
-.It Fl n
-Do not perform domain name resolution.
-If a name cannot be resolved without DNS, an error will be reported.
-.It Fl O Ar length
-Specify the size of the TCP send buffer.
-.It Fl o Ar staplefile
-During the TLS handshake, load data to be stapled from
-.Ar staplefile ,
-which is expected to contain an OCSP response from an OCSP server in
-DER format.
-Requires
-.Fl c
-and
-.Fl C .
-.It Fl P Ar proxy_username
-Specifies a username to present to a proxy server that requires authentication.
-If no username is specified then authentication will not be attempted.
-Proxy authentication is only supported for HTTP CONNECT proxies at present.
-.It Fl p Ar source_port
-Specify the source port
-.Nm
-should use, subject to privilege restrictions and availability.
-Cannot be used together with
-.Fl l .
-.It Fl R Ar CAfile
-Load the root CA bundle for TLS certificate verification from
-.Ar CAfile ,
-in PEM format, instead of
-.Pa /etc/ssl/cert.pem .
-Requires
-.Fl c .
-.It Fl r
-Choose source and/or destination ports randomly
-instead of sequentially within a range or in the order that the system
-assigns them.
-.It Fl S
-Enable the RFC 2385 TCP MD5 signature option.
-.It Fl s Ar sourceaddr
-Set the source address to send packets from,
-which is useful on machines with multiple interfaces.
-For
-.Ux Ns -domain
-datagram sockets, specifies the local temporary socket file
-to create and use so that datagrams can be received.
-Cannot be used together with
-.Fl l
-or
-.Fl x .
-.It Fl T Ar keyword
-Change the IPv4 TOS/IPv6 traffic class value or the TLS options.
-.Pp
-For TLS options,
-.Ar keyword
-may be one of:
-.Cm noverify ,
-which disables certificate verification;
-.Cm noname ,
-which disables certificate name checking;
-.Cm clientcert ,
-which requires a client certificate on incoming connections; or
-.Cm muststaple ,
-which requires the peer to provide a valid stapled OCSP response
-with the handshake.
-The following TLS options specify a value in the form of a
-.Ar key Ns = Ns Ar value
-pair:
-.Cm ciphers ,
-which allows the supported TLS ciphers to be specified (see
-.Xr tls_config_set_ciphers 3
-for further details);
-.Cm protocols ,
-which allows the supported TLS protocols to be specified (see
-.Xr tls_config_parse_protocols 3
-for further details).
-Specifying TLS options requires
-.Fl c .
-.Pp
-For the IPv4 TOS/IPv6 traffic class value,
-.Ar keyword
-may be one of
-.Cm critical ,
-.Cm inetcontrol ,
-.Cm lowdelay ,
-.Cm netcontrol ,
-.Cm throughput ,
-.Cm reliability ,
-or one of the DiffServ Code Points:
-.Cm ef ,
-.Cm af11 No ... Cm af43 ,
-.Cm cs0 No ... Cm cs7 ;
-or a number in either hex or decimal.
-.It Fl t
-Send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests.
-This makes it possible to use
-.Nm
-to script telnet sessions.
-.It Fl U
-Use
-.Ux Ns -domain
-sockets.
-Cannot be used together with any of the options
-.Fl cFx .
-.It Fl u
-Use UDP instead of TCP.
-Cannot be used together with
-.Fl c
-or
-.Fl x .
-For
-.Ux Ns -domain
-sockets, use a datagram socket instead of a stream socket.
-If a
-.Ux Ns -domain
-socket is used, a temporary receiving socket is created in
-.Pa /tmp
-unless the
-.Fl s
-flag is given.
-.It Fl V Ar rtable
-Set the routing table to be used.
-.It Fl v
-Produce more verbose output.
-.It Fl W Ar recvlimit
-Terminate after receiving
-.Ar recvlimit
-packets from the network.
-.It Fl w Ar timeout
-Connections which cannot be established or are idle timeout after
-.Ar timeout
-seconds.
-The
-.Fl w
-flag has no effect on the
-.Fl l
-option, i.e.\&
-.Nm
-will listen forever for a connection, with or without the
-.Fl w
-flag.
-The default is no timeout.
-.It Fl X Ar proxy_protocol
-Use
-.Ar proxy_protocol
-when talking to the proxy server.
-Supported protocols are
-.Cm 4
-(SOCKS v.4),
-.Cm 5
-(SOCKS v.5)
-and
-.Cm connect
-(HTTPS proxy).
-If the protocol is not specified, SOCKS version 5 is used.
-.It Fl x Ar proxy_address Ns Op : Ns Ar port
-Connect to
-.Ar destination
-using a proxy at
-.Ar proxy_address
-and
-.Ar port .
-If
-.Ar port
-is not specified, the well-known port for the proxy protocol is used (1080
-for SOCKS, 3128 for HTTPS).
-An IPv6 address can be specified unambiguously by enclosing
-.Ar proxy_address
-in square brackets.
-A proxy cannot be used with any of the options
-.Fl lsuU .
-.It Fl Z Ar peercertfile
-Save the peer certificates to
-.Ar peercertfile ,
-in PEM format.
-Requires
-.Fl c .
-.It Fl z
-Only scan for listening daemons, without sending any data to them.
-Cannot be used together with
-.Fl l .
-.El
-.Pp
-.Ar destination
-can be a numerical IP address or a symbolic hostname
-(unless the
-.Fl n
-option is given).
-In general, a destination must be specified,
-unless the
-.Fl l
-option is given
-(in which case the local host is used).
-For
-.Ux Ns -domain
-sockets, a destination is required and is the socket path to connect to
-(or listen on if the
-.Fl l
-option is given).
-.Pp
-.Ar port
-can be specified as a numeric port number or as a service name.
-Port ranges may be specified as numeric port numbers of the form
-.Ar nn Ns - Ns Ar mm .
-In general,
-a destination port must be specified,
-unless the
-.Fl U
-option is given.
-For some options, the value 0 requests that the system choose a port number.
-.Sh CLIENT/SERVER MODEL
-It is quite simple to build a very basic client/server model using
-.Nm .
-On one console, start
-.Nm
-listening on a specific port for a connection.
-For example:
-.Pp
-.Dl $ nc -l 1234
-.Pp
-.Nm
-is now listening on port 1234 for a connection.
-On a second console
-.Pq or a second machine ,
-connect to the machine and port being listened on:
-.Pp
-.Dl $ nc -N 127.0.0.1 1234
-.Pp
-There should now be a connection between the ports.
-Anything typed at the second console will be concatenated to the first,
-and vice-versa.
-After the connection has been set up,
-.Nm
-does not really care which side is being used as a
-.Sq server
-and which side is being used as a
-.Sq client .
-The connection may be terminated using an
-.Dv EOF
-.Pq Sq ^D ,
-as the
-.Fl N
-flag was given.
-.Sh DATA TRANSFER
-The example in the previous section can be expanded to build a
-basic data transfer model.
-Any information input into one end of the connection will be output
-to the other end, and input and output can be easily captured in order to
-emulate file transfer.
-.Pp
-Start by using
-.Nm
-to listen on a specific port, with output captured into a file:
-.Pp
-.Dl $ nc -l 1234 > filename.out
-.Pp
-Using a second machine, connect to the listening
-.Nm
-process, feeding it the file which is to be transferred:
-.Pp
-.Dl $ nc -N host.example.com 1234 < filename.in
-.Pp
-After the file has been transferred, the connection will close automatically.
-.Sh TALKING TO SERVERS
-It is sometimes useful to talk to servers
-.Dq by hand
-rather than through a user interface.
-It can aid in troubleshooting,
-when it might be necessary to verify what data a server is sending
-in response to commands issued by the client.
-For example, to retrieve the home page of a web site:
-.Bd -literal -offset indent
-$ printf "GET / HTTP/1.0\er\en\er\en" | nc host.example.com 80
-.Ed
-.Pp
-Note that this also displays the headers sent by the web server.
-They can be filtered, using a tool such as
-.Xr sed 1 ,
-if necessary.
-.Pp
-More complicated examples can be built up when the user knows the format
-of requests required by the server.
-As another example, an email may be submitted to an SMTP server using:
-.Bd -literal -offset indent
-$ nc localhost 25 << EOF
-HELO host.example.com
-MAIL FROM:<user@host.example.com>
-RCPT TO:<user2@host.example.com>
-DATA
-Body of email.
-\&.
-QUIT
-EOF
-.Ed
-.Sh PORT SCANNING
-It may be useful to know which ports are open and running services on
-a target machine.
-The
-.Fl z
-flag can be used to tell
-.Nm
-to report open ports,
-rather than initiate a connection.
-For example:
-.Bd -literal -offset indent
-$ nc -z host.example.com 20-30
-Connection to host.example.com 22 port [tcp/ssh] succeeded!
-Connection to host.example.com 25 port [tcp/smtp] succeeded!
-.Ed
-.Pp
-The port range was specified to limit the search to ports 20 \- 30.
-.Pp
-Alternatively, it might be useful to know which server software
-is running, and which versions.
-This information is often contained within the greeting banners.
-In order to retrieve these, it is necessary to first make a connection,
-and then break the connection when the banner has been retrieved.
-This can be accomplished by specifying a small timeout with the
-.Fl w
-flag, or perhaps by issuing a
-.Qq Dv QUIT
-command to the server:
-.Bd -literal -offset indent
-$ echo "QUIT" | nc host.example.com 20-30
-SSH-1.99-OpenSSH_3.6.1p2
-Protocol mismatch.
-220 host.example.com IMS SMTP Receiver Version 0.84 Ready
-.Ed
-.Sh EXAMPLES
-Open a TCP connection to port 42 of host.example.com, using port 31337 as
-the source port, with a timeout of 5 seconds:
-.Pp
-.Dl $ nc -p 31337 -w 5 host.example.com 42
-.Pp
-Open a TCP connection to port 443 of www.example.com, and negotiate TLS with
-any supported TLS protocol version and "compat" ciphers:
-.Pp
-.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443
-.Pp
-Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
-Check for a different name in the certificate for validation:
-.Pp
-.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443
-.Pp
-Open a UDP connection to port 53 of host.example.com:
-.Pp
-.Dl $ nc -u host.example.com 53
-.Pp
-Open a TCP connection to port 42 of host.example.com using 10.1.2.3 as the
-IP for the local end of the connection:
-.Pp
-.Dl $ nc -s 10.1.2.3 host.example.com 42
-.Pp
-Create and listen on a
-.Ux Ns -domain
-stream socket:
-.Pp
-.Dl $ nc -lU /var/tmp/dsocket
-.Pp
-Connect to port 42 of host.example.com via an HTTP proxy at 10.2.3.4,
-port 8080.
-This example could also be used by
-.Xr ssh 1 ;
-see the
-.Cm ProxyCommand
-directive in
-.Xr ssh_config 5
-for more information.
-.Pp
-.Dl $ nc -x10.2.3.4:8080 -Xconnect host.example.com 42
-.Pp
-The same example again, this time enabling proxy authentication with username
-.Dq ruser
-if the proxy requires it:
-.Pp
-.Dl $ nc -x10.2.3.4:8080 -Xconnect -Pruser host.example.com 42
-.Sh SEE ALSO
-.Xr cat 1 ,
-.Xr ssh 1
-.Sh AUTHORS
-Original implementation by
-.An *Hobbit* Aq Mt hobbit@avian.org .
-.br
-Rewritten with IPv6 support by
-.An Eric Jackson Aq Mt ericj@monkey.org .
-.Sh CAVEATS
-UDP port scans using the
-.Fl uz
-combination of flags will always report success irrespective of
-the target machine's state.
-However,
-in conjunction with a traffic sniffer either on the target machine
-or an intermediary device,
-the
-.Fl uz
-combination could be useful for communications diagnostics.
-Note that the amount of UDP traffic generated may be limited either
-due to hardware resources and/or configuration settings.
diff -Naur a/apps/nc/nc-libre.1 b/apps/nc/nc-libre.1
--- a/apps/nc/nc-libre.1	1970-01-01 06:00:00.000000000 +0600
+++ b/apps/nc/nc-libre.1	2024-05-21 08:01:04.000000000 +0600
@@ -0,0 +1,589 @@
+.\"     $OpenBSD: nc.1,v 1.98 2024/04/01 12:40:18 deraadt Exp $
+.\"
+.\" Copyright (c) 1996 David Sacerdote
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The name of the author may not be used to endorse or promote products
+.\"    derived from this software without specific prior written permission
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: April 1 2024 $
+.Dt NC 1
+.Os
+.Sh NAME
+.Nm nc
+.Nd arbitrary TCP and UDP connections and listens
+.Sh SYNOPSIS
+.Nm nc
+.Op Fl 46cDdFhklNnrStUuvz
+.Op Fl C Ar certfile
+.Op Fl e Ar name
+.Op Fl H Ar hash
+.Op Fl I Ar length
+.Op Fl i Ar interval
+.Op Fl K Ar keyfile
+.Op Fl M Ar ttl
+.Op Fl m Ar minttl
+.Op Fl O Ar length
+.Op Fl o Ar staplefile
+.Op Fl P Ar proxy_username
+.Op Fl p Ar source_port
+.Op Fl R Ar CAfile
+.Op Fl s Ar sourceaddr
+.Op Fl T Ar keyword
+.Op Fl V Ar rtable
+.Op Fl W Ar recvlimit
+.Op Fl w Ar timeout
+.Op Fl X Ar proxy_protocol
+.Op Fl x Ar proxy_address Ns Op : Ns Ar port
+.Op Fl Z Ar peercertfile
+.Op Ar destination
+.Op Ar port
+.Sh DESCRIPTION
+The
+.Nm
+(or
+.Nm netcat )
+utility is used for just about anything under the sun involving TCP,
+UDP, or
+.Ux Ns -domain
+sockets.
+It can open TCP connections, send UDP packets, listen on arbitrary
+TCP and UDP ports, do port scanning, and deal with both IPv4 and
+IPv6.
+Unlike
+.Xr telnet 1 ,
+.Nm
+scripts nicely, and separates error messages onto standard error instead
+of sending them to standard output, as
+.Xr telnet 1
+does with some.
+.Pp
+Common uses include:
+.Pp
+.Bl -bullet -offset indent -compact
+.It
+simple TCP proxies
+.It
+shell-script based HTTP clients and servers
+.It
+network daemon testing
+.It
+a SOCKS or HTTP ProxyCommand for
+.Xr ssh 1
+.It
+and much, much more
+.El
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl 4
+Use IPv4 addresses only.
+.It Fl 6
+Use IPv6 addresses only.
+.It Fl C Ar certfile
+Load the public key part of the TLS peer certificate from
+.Ar certfile ,
+in PEM format.
+Requires
+.Fl c .
+.It Fl c
+Use TLS to connect or listen.
+Cannot be used together with any of the options
+.Fl FuU .
+.It Fl D
+Enable debugging on the socket.
+.It Fl d
+Do not attempt to read from stdin.
+.It Fl e Ar name
+Only accept the TLS peer certificate if it contains the
+.Ar name .
+Requires
+.Fl c .
+If not specified,
+.Ar destination
+is used.
+.It Fl F
+Pass the first connected socket using
+.Xr sendmsg 2
+to stdout and exit.
+This is useful in conjunction with
+.Fl X
+to have
+.Nm
+perform connection setup with a proxy but then leave the rest of the
+connection to another program (e.g.\&
+.Xr ssh 1
+using the
+.Xr ssh_config 5
+.Cm ProxyUseFdpass
+option).
+Cannot be used with
+.Fl c
+or
+.Fl U .
+.It Fl H Ar hash
+Only accept the TLS peer certificate if its hash returned from
+.Xr tls_peer_cert_hash 3
+matches
+.Ar hash .
+Requires
+.Fl c
+and cannot be used with
+.Fl T Cm noverify .
+.It Fl h
+Print out the
+.Nm
+help text and exit.
+.It Fl I Ar length
+Specify the size of the TCP receive buffer.
+.It Fl i Ar interval
+Sleep for
+.Ar interval
+seconds between lines of text sent and received.
+Also causes a delay time between connections to multiple ports.
+.It Fl K Ar keyfile
+Load the TLS private key from
+.Ar keyfile ,
+in PEM format.
+Requires
+.Fl c .
+.It Fl k
+When a connection is completed, listen for another one.
+Requires
+.Fl l .
+When used together with the
+.Fl u
+option, the server socket is not connected and it can receive UDP datagrams from
+multiple hosts.
+.It Fl l
+Listen for an incoming connection rather than initiating a
+connection to a remote host.
+Cannot be used together with any of the options
+.Fl psxz .
+Additionally, any timeouts specified with the
+.Fl w
+option are ignored.
+.It Fl M Ar ttl
+Set the TTL / hop limit of outgoing packets.
+.It Fl m Ar minttl
+Ask the kernel to drop incoming packets whose TTL / hop limit is under
+.Ar minttl .
+.It Fl N
+.Xr shutdown 2
+the network socket after EOF on the input.
+Some servers require this to finish their work.
+.It Fl n
+Do not perform domain name resolution.
+If a name cannot be resolved without DNS, an error will be reported.
+.It Fl O Ar length
+Specify the size of the TCP send buffer.
+.It Fl o Ar staplefile
+During the TLS handshake, load data to be stapled from
+.Ar staplefile ,
+which is expected to contain an OCSP response from an OCSP server in
+DER format.
+Requires
+.Fl c
+and
+.Fl C .
+.It Fl P Ar proxy_username
+Specifies a username to present to a proxy server that requires authentication.
+If no username is specified then authentication will not be attempted.
+Proxy authentication is only supported for HTTP CONNECT proxies at present.
+.It Fl p Ar source_port
+Specify the source port
+.Nm
+should use, subject to privilege restrictions and availability.
+Cannot be used together with
+.Fl l .
+.It Fl R Ar CAfile
+Load the root CA bundle for TLS certificate verification from
+.Ar CAfile ,
+in PEM format, instead of
+.Pa /etc/ssl/cert.pem .
+Requires
+.Fl c .
+.It Fl r
+Choose source and/or destination ports randomly
+instead of sequentially within a range or in the order that the system
+assigns them.
+.It Fl S
+Enable the RFC 2385 TCP MD5 signature option.
+.It Fl s Ar sourceaddr
+Set the source address to send packets from,
+which is useful on machines with multiple interfaces.
+For
+.Ux Ns -domain
+datagram sockets, specifies the local temporary socket file
+to create and use so that datagrams can be received.
+Cannot be used together with
+.Fl l
+or
+.Fl x .
+.It Fl T Ar keyword
+Change the IPv4 TOS/IPv6 traffic class value or the TLS options.
+.Pp
+For TLS options,
+.Ar keyword
+may be one of:
+.Cm noverify ,
+which disables certificate verification;
+.Cm noname ,
+which disables certificate name checking;
+.Cm clientcert ,
+which requires a client certificate on incoming connections; or
+.Cm muststaple ,
+which requires the peer to provide a valid stapled OCSP response
+with the handshake.
+The following TLS options specify a value in the form of a
+.Ar key Ns = Ns Ar value
+pair:
+.Cm ciphers ,
+which allows the supported TLS ciphers to be specified (see
+.Xr tls_config_set_ciphers 3
+for further details);
+.Cm protocols ,
+which allows the supported TLS protocols to be specified (see
+.Xr tls_config_parse_protocols 3
+for further details).
+Specifying TLS options requires
+.Fl c .
+.Pp
+For the IPv4 TOS/IPv6 traffic class value,
+.Ar keyword
+may be one of
+.Cm critical ,
+.Cm inetcontrol ,
+.Cm lowdelay ,
+.Cm netcontrol ,
+.Cm throughput ,
+.Cm reliability ,
+or one of the DiffServ Code Points:
+.Cm ef ,
+.Cm af11 No ... Cm af43 ,
+.Cm cs0 No ... Cm cs7 ;
+or a number in either hex or decimal.
+.It Fl t
+Send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests.
+This makes it possible to use
+.Nm
+to script telnet sessions.
+.It Fl U
+Use
+.Ux Ns -domain
+sockets.
+Cannot be used together with any of the options
+.Fl cFx .
+.It Fl u
+Use UDP instead of TCP.
+Cannot be used together with
+.Fl c
+or
+.Fl x .
+For
+.Ux Ns -domain
+sockets, use a datagram socket instead of a stream socket.
+If a
+.Ux Ns -domain
+socket is used, a temporary receiving socket is created in
+.Pa /tmp
+unless the
+.Fl s
+flag is given.
+.It Fl V Ar rtable
+Set the routing table to be used.
+.It Fl v
+Produce more verbose output.
+.It Fl W Ar recvlimit
+Terminate after receiving
+.Ar recvlimit
+packets from the network.
+.It Fl w Ar timeout
+Connections which cannot be established or are idle timeout after
+.Ar timeout
+seconds.
+The
+.Fl w
+flag has no effect on the
+.Fl l
+option, i.e.\&
+.Nm
+will listen forever for a connection, with or without the
+.Fl w
+flag.
+The default is no timeout.
+.It Fl X Ar proxy_protocol
+Use
+.Ar proxy_protocol
+when talking to the proxy server.
+Supported protocols are
+.Cm 4
+(SOCKS v.4),
+.Cm 5
+(SOCKS v.5)
+and
+.Cm connect
+(HTTPS proxy).
+If the protocol is not specified, SOCKS version 5 is used.
+.It Fl x Ar proxy_address Ns Op : Ns Ar port
+Connect to
+.Ar destination
+using a proxy at
+.Ar proxy_address
+and
+.Ar port .
+If
+.Ar port
+is not specified, the well-known port for the proxy protocol is used (1080
+for SOCKS, 3128 for HTTPS).
+An IPv6 address can be specified unambiguously by enclosing
+.Ar proxy_address
+in square brackets.
+A proxy cannot be used with any of the options
+.Fl lsuU .
+.It Fl Z Ar peercertfile
+Save the peer certificates to
+.Ar peercertfile ,
+in PEM format.
+Requires
+.Fl c .
+.It Fl z
+Only scan for listening daemons, without sending any data to them.
+Cannot be used together with
+.Fl l .
+.El
+.Pp
+.Ar destination
+can be a numerical IP address or a symbolic hostname
+(unless the
+.Fl n
+option is given).
+In general, a destination must be specified,
+unless the
+.Fl l
+option is given
+(in which case the local host is used).
+For
+.Ux Ns -domain
+sockets, a destination is required and is the socket path to connect to
+(or listen on if the
+.Fl l
+option is given).
+.Pp
+.Ar port
+can be specified as a numeric port number or as a service name.
+Port ranges may be specified as numeric port numbers of the form
+.Ar nn Ns - Ns Ar mm .
+In general,
+a destination port must be specified,
+unless the
+.Fl U
+option is given.
+For some options, the value 0 requests that the system choose a port number.
+.Sh CLIENT/SERVER MODEL
+It is quite simple to build a very basic client/server model using
+.Nm .
+On one console, start
+.Nm
+listening on a specific port for a connection.
+For example:
+.Pp
+.Dl $ nc -l 1234
+.Pp
+.Nm
+is now listening on port 1234 for a connection.
+On a second console
+.Pq or a second machine ,
+connect to the machine and port being listened on:
+.Pp
+.Dl $ nc -N 127.0.0.1 1234
+.Pp
+There should now be a connection between the ports.
+Anything typed at the second console will be concatenated to the first,
+and vice-versa.
+After the connection has been set up,
+.Nm
+does not really care which side is being used as a
+.Sq server
+and which side is being used as a
+.Sq client .
+The connection may be terminated using an
+.Dv EOF
+.Pq Sq ^D ,
+as the
+.Fl N
+flag was given.
+.Sh DATA TRANSFER
+The example in the previous section can be expanded to build a
+basic data transfer model.
+Any information input into one end of the connection will be output
+to the other end, and input and output can be easily captured in order to
+emulate file transfer.
+.Pp
+Start by using
+.Nm
+to listen on a specific port, with output captured into a file:
+.Pp
+.Dl $ nc -l 1234 > filename.out
+.Pp
+Using a second machine, connect to the listening
+.Nm
+process, feeding it the file which is to be transferred:
+.Pp
+.Dl $ nc -N host.example.com 1234 < filename.in
+.Pp
+After the file has been transferred, the connection will close automatically.
+.Sh TALKING TO SERVERS
+It is sometimes useful to talk to servers
+.Dq by hand
+rather than through a user interface.
+It can aid in troubleshooting,
+when it might be necessary to verify what data a server is sending
+in response to commands issued by the client.
+For example, to retrieve the home page of a web site:
+.Bd -literal -offset indent
+$ printf "GET / HTTP/1.0\er\en\er\en" | nc host.example.com 80
+.Ed
+.Pp
+Note that this also displays the headers sent by the web server.
+They can be filtered, using a tool such as
+.Xr sed 1 ,
+if necessary.
+.Pp
+More complicated examples can be built up when the user knows the format
+of requests required by the server.
+As another example, an email may be submitted to an SMTP server using:
+.Bd -literal -offset indent
+$ nc localhost 25 << EOF
+HELO host.example.com
+MAIL FROM:<user@host.example.com>
+RCPT TO:<user2@host.example.com>
+DATA
+Body of email.
+\&.
+QUIT
+EOF
+.Ed
+.Sh PORT SCANNING
+It may be useful to know which ports are open and running services on
+a target machine.
+The
+.Fl z
+flag can be used to tell
+.Nm
+to report open ports,
+rather than initiate a connection.
+For example:
+.Bd -literal -offset indent
+$ nc -z host.example.com 20-30
+Connection to host.example.com 22 port [tcp/ssh] succeeded!
+Connection to host.example.com 25 port [tcp/smtp] succeeded!
+.Ed
+.Pp
+The port range was specified to limit the search to ports 20 \- 30.
+.Pp
+Alternatively, it might be useful to know which server software
+is running, and which versions.
+This information is often contained within the greeting banners.
+In order to retrieve these, it is necessary to first make a connection,
+and then break the connection when the banner has been retrieved.
+This can be accomplished by specifying a small timeout with the
+.Fl w
+flag, or perhaps by issuing a
+.Qq Dv QUIT
+command to the server:
+.Bd -literal -offset indent
+$ echo "QUIT" | nc host.example.com 20-30
+SSH-1.99-OpenSSH_3.6.1p2
+Protocol mismatch.
+220 host.example.com IMS SMTP Receiver Version 0.84 Ready
+.Ed
+.Sh EXAMPLES
+Open a TCP connection to port 42 of host.example.com, using port 31337 as
+the source port, with a timeout of 5 seconds:
+.Pp
+.Dl $ nc -p 31337 -w 5 host.example.com 42
+.Pp
+Open a TCP connection to port 443 of www.example.com, and negotiate TLS with
+any supported TLS protocol version and "compat" ciphers:
+.Pp
+.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443
+.Pp
+Open a TCP connection to port 443 of www.google.ca, and negotiate TLS.
+Check for a different name in the certificate for validation:
+.Pp
+.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443
+.Pp
+Open a UDP connection to port 53 of host.example.com:
+.Pp
+.Dl $ nc -u host.example.com 53
+.Pp
+Open a TCP connection to port 42 of host.example.com using 10.1.2.3 as the
+IP for the local end of the connection:
+.Pp
+.Dl $ nc -s 10.1.2.3 host.example.com 42
+.Pp
+Create and listen on a
+.Ux Ns -domain
+stream socket:
+.Pp
+.Dl $ nc -lU /var/tmp/dsocket
+.Pp
+Connect to port 42 of host.example.com via an HTTP proxy at 10.2.3.4,
+port 8080.
+This example could also be used by
+.Xr ssh 1 ;
+see the
+.Cm ProxyCommand
+directive in
+.Xr ssh_config 5
+for more information.
+.Pp
+.Dl $ nc -x10.2.3.4:8080 -Xconnect host.example.com 42
+.Pp
+The same example again, this time enabling proxy authentication with username
+.Dq ruser
+if the proxy requires it:
+.Pp
+.Dl $ nc -x10.2.3.4:8080 -Xconnect -Pruser host.example.com 42
+.Sh SEE ALSO
+.Xr cat 1 ,
+.Xr ssh 1
+.Sh AUTHORS
+Original implementation by
+.An *Hobbit* Aq Mt hobbit@avian.org .
+.br
+Rewritten with IPv6 support by
+.An Eric Jackson Aq Mt ericj@monkey.org .
+.Sh CAVEATS
+UDP port scans using the
+.Fl uz
+combination of flags will always report success irrespective of
+the target machine's state.
+However,
+in conjunction with a traffic sniffer either on the target machine
+or an intermediary device,
+the
+.Fl uz
+combination could be useful for communications diagnostics.
+Note that the amount of UDP traffic generated may be limited either
+due to hardware resources and/or configuration settings.
diff -Naur a/apps/ocspcheck/CMakeLists.txt b/apps/ocspcheck/CMakeLists.txt
--- a/apps/ocspcheck/CMakeLists.txt	2024-04-09 07:28:30.000000000 +0600
+++ b/apps/ocspcheck/CMakeLists.txt	2025-01-09 23:18:56.061808128 +0600
@@ -13,17 +13,17 @@
 
 add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
 
-add_executable(ocspcheck ${OCSPCHECK_SRC})
-target_include_directories(ocspcheck
+add_executable(ocspcheck-libre ${OCSPCHECK_SRC})
+target_include_directories(ocspcheck-libre
 	PRIVATE
 		../../include/compat
 	PUBLIC
 		../../include
 		${CMAKE_BINARY_DIR}/include)
-target_link_libraries(ocspcheck tls ${OPENSSL_LIBS} compat_obj tls_compat_obj)
+target_link_libraries(ocspcheck-libre tls ${OPENSSL_LIBS} compat_obj tls_compat_obj)
 
 if(ENABLE_LIBRESSL_INSTALL)
-	install(TARGETS ocspcheck DESTINATION ${CMAKE_INSTALL_BINDIR})
-	install(FILES ocspcheck.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8)
+	install(TARGETS ocspcheck-libre DESTINATION ${CMAKE_INSTALL_BINDIR})
+	install(FILES ocspcheck-libre.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8)
 
 endif(ENABLE_LIBRESSL_INSTALL)
diff -Naur a/apps/ocspcheck/ocspcheck.8 b/apps/ocspcheck/ocspcheck.8
--- a/apps/ocspcheck/ocspcheck.8	2023-07-05 14:08:29.000000000 +0600
+++ b/apps/ocspcheck/ocspcheck.8	1970-01-01 06:00:00.000000000 +0600
@@ -1,111 +0,0 @@
-.\"	$OpenBSD: ocspcheck.8,v 1.9 2017/11/29 21:15:45 jmc Exp $
-.\"
-.\" Copyright (c) 2017 Bob Beck <beck@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: November 29 2017 $
-.Dt OCSPCHECK 8
-.Os
-.Sh NAME
-.Nm ocspcheck
-.Nd check a certificate for validity against its OCSP responder
-.Sh SYNOPSIS
-.Nm
-.Op Fl Nv
-.Op Fl C Ar CAfile
-.Op Fl i Ar staplefile
-.Op Fl o Ar staplefile
-.Ar file
-.Sh DESCRIPTION
-The
-.Nm
-utility validates a PEM format certificate against the OCSP responder
-encoded in the certificate specified by the
-.Ar file
-argument.
-Normally it should be used for checking server certificates
-and maintaining saved OCSP responses to be used for OCSP stapling.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl C Ar CAfile
-Specify a PEM format root certificate bundle to use for the validation of
-requests.
-By default no certificates are used beyond those in the
-certificate chain provided by the
-.Ar file
-argument.
-.It Fl i Ar staplefile
-Specify an input filename from which a DER-encoded OCSP response
-will be read instead of fetching it from the OCSP server.
-A filename
-of
-.Sq -
-will read the response from standard input.
-.It Fl N
-Do not use a nonce value in the OCSP request, or validate that the
-nonce was returned in the OCSP response.
-By default a nonce is always used and validated when retrieving
-a response from an OCSP server.
-The use of this flag is a security risk as it will allow OCSP
-responses to be replayed.
-It should not be used unless the OCSP server does not support the
-use of OCSP nonces.
-.It Fl o Ar staplefile
-Specify an output filename where the DER encoded response from the
-OCSP server will be written, if the OCSP response validates.
-A filename
-of
-.Sq -
-will write the response to standard output.
-By default the response is not saved.
-.It Fl v
-Increase verbosity.
-This flag may be specified multiple times to get more verbose output.
-The default behaviour is to be silent unless something goes wrong.
-.El
-.Sh EXIT STATUS
-The
-.Nm
-utility exits 0 if the OCSP response validates for the certificate in
-.Ar file
-and all output is successfully written out.
-.Nm
-exits >0 if an error occurs or the OCSP response fails to validate.
-.Sh SEE ALSO
-.Xr nc 1 ,
-.Xr tls_config_set_ocsp_staple_file 3 ,
-.Xr tls_config_set_ocsp_staple_mem 3 ,
-.Xr httpd 8
-.Sh HISTORY
-The
-.Nm
-utility first appeared in
-.Ox 6.1 .
-.Sh AUTHORS
-.Nm
-was written by
-.An Bob Beck .
-.Sh CAVEATS
-While
-.Nm
-could possibly be used in scripts to query responders for server
-certificates seen on client connections, this is almost always a bad
-idea.
-God kills a kitten every time you make an OCSP query from the
-client side of a TLS connection.
-.Sh BUGS
-.Nm
-will create the output file if it does not exist.
-On failure a newly created output file will not be removed.
diff -Naur a/apps/ocspcheck/ocspcheck-libre.8 b/apps/ocspcheck/ocspcheck-libre.8
--- a/apps/ocspcheck/ocspcheck-libre.8	1970-01-01 06:00:00.000000000 +0600
+++ b/apps/ocspcheck/ocspcheck-libre.8	2023-07-05 14:08:29.000000000 +0600
@@ -0,0 +1,111 @@
+.\"	$OpenBSD: ocspcheck.8,v 1.9 2017/11/29 21:15:45 jmc Exp $
+.\"
+.\" Copyright (c) 2017 Bob Beck <beck@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: November 29 2017 $
+.Dt OCSPCHECK 8
+.Os
+.Sh NAME
+.Nm ocspcheck
+.Nd check a certificate for validity against its OCSP responder
+.Sh SYNOPSIS
+.Nm
+.Op Fl Nv
+.Op Fl C Ar CAfile
+.Op Fl i Ar staplefile
+.Op Fl o Ar staplefile
+.Ar file
+.Sh DESCRIPTION
+The
+.Nm
+utility validates a PEM format certificate against the OCSP responder
+encoded in the certificate specified by the
+.Ar file
+argument.
+Normally it should be used for checking server certificates
+and maintaining saved OCSP responses to be used for OCSP stapling.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl C Ar CAfile
+Specify a PEM format root certificate bundle to use for the validation of
+requests.
+By default no certificates are used beyond those in the
+certificate chain provided by the
+.Ar file
+argument.
+.It Fl i Ar staplefile
+Specify an input filename from which a DER-encoded OCSP response
+will be read instead of fetching it from the OCSP server.
+A filename
+of
+.Sq -
+will read the response from standard input.
+.It Fl N
+Do not use a nonce value in the OCSP request, or validate that the
+nonce was returned in the OCSP response.
+By default a nonce is always used and validated when retrieving
+a response from an OCSP server.
+The use of this flag is a security risk as it will allow OCSP
+responses to be replayed.
+It should not be used unless the OCSP server does not support the
+use of OCSP nonces.
+.It Fl o Ar staplefile
+Specify an output filename where the DER encoded response from the
+OCSP server will be written, if the OCSP response validates.
+A filename
+of
+.Sq -
+will write the response to standard output.
+By default the response is not saved.
+.It Fl v
+Increase verbosity.
+This flag may be specified multiple times to get more verbose output.
+The default behaviour is to be silent unless something goes wrong.
+.El
+.Sh EXIT STATUS
+The
+.Nm
+utility exits 0 if the OCSP response validates for the certificate in
+.Ar file
+and all output is successfully written out.
+.Nm
+exits >0 if an error occurs or the OCSP response fails to validate.
+.Sh SEE ALSO
+.Xr nc 1 ,
+.Xr tls_config_set_ocsp_staple_file 3 ,
+.Xr tls_config_set_ocsp_staple_mem 3 ,
+.Xr httpd 8
+.Sh HISTORY
+The
+.Nm
+utility first appeared in
+.Ox 6.1 .
+.Sh AUTHORS
+.Nm
+was written by
+.An Bob Beck .
+.Sh CAVEATS
+While
+.Nm
+could possibly be used in scripts to query responders for server
+certificates seen on client connections, this is almost always a bad
+idea.
+God kills a kitten every time you make an OCSP query from the
+client side of a TLS connection.
+.Sh BUGS
+.Nm
+will create the output file if it does not exist.
+On failure a newly created output file will not be removed.
diff -Naur a/apps/openssl/CMakeLists.txt b/apps/openssl/CMakeLists.txt
--- a/apps/openssl/CMakeLists.txt	2024-09-25 09:27:29.000000000 +0600
+++ b/apps/openssl/CMakeLists.txt	2025-01-09 23:19:42.325488896 +0600
@@ -66,17 +66,17 @@
 	endif()
 endif()
 
-add_executable(openssl ${OPENSSL_SRC})
-target_include_directories(openssl
+add_executable(openssl-libre ${OPENSSL_SRC})
+target_include_directories(openssl-libre
 	PRIVATE
 		.
 		../../include/compat
 	PUBLIC
 		../../include
 		${CMAKE_BINARY_DIR}/include)
-target_link_libraries(openssl ${OPENSSL_LIBS} compat_obj)
+target_link_libraries(openssl-libre ${OPENSSL_LIBS} compat_obj)
 
 if(ENABLE_LIBRESSL_INSTALL)
-	install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR})
-	install(FILES openssl.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
+	install(TARGETS openssl-libre DESTINATION ${CMAKE_INSTALL_BINDIR})
+	install(FILES openssl-libre.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
 endif(ENABLE_LIBRESSL_INSTALL)
diff -Naur a/apps/openssl/openssl.1 b/apps/openssl/openssl.1
--- a/apps/openssl/openssl.1	2024-09-25 09:30:06.000000000 +0600
+++ b/apps/openssl/openssl.1	1970-01-01 06:00:00.000000000 +0600
@@ -1,6865 +0,0 @@
-.\" $OpenBSD: openssl.1,v 1.161 2024/08/30 06:05:10 jmc Exp $
-.\" ====================================================================
-.\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This product includes cryptographic software written by Eric Young
-.\" (eay@cryptsoft.com).  This product includes software written by Tim
-.\" Hudson (tjh@cryptsoft.com).
-.\"
-.\"
-.\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
-.\" All rights reserved.
-.\"
-.\" This package is an SSL implementation written
-.\" by Eric Young (eay@cryptsoft.com).
-.\" The implementation was written so as to conform with Netscapes SSL.
-.\"
-.\" This library is free for commercial and non-commercial use as long as
-.\" the following conditions are aheared to.  The following conditions
-.\" apply to all code found in this distribution, be it the RC4, RSA,
-.\" lhash, DES, etc., code; not just the SSL code.  The SSL documentation
-.\" included with this distribution is covered by the same copyright terms
-.\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
-.\"
-.\" Copyright remains Eric Young's, and as such any Copyright notices in
-.\" the code are not to be removed.
-.\" If this package is used in a product, Eric Young should be given attribution
-.\" as the author of the parts of the library used.
-.\" This can be in the form of a textual message at program startup or
-.\" in documentation (online or textual) provided with the package.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"    "This product includes cryptographic software written by
-.\"     Eric Young (eay@cryptsoft.com)"
-.\"    The word 'cryptographic' can be left out if the rouines from the library
-.\"    being used are not cryptographic related :-).
-.\" 4. If you include any Windows specific code (or a derivative thereof) from
-.\"    the apps directory (application code) you must include an
-.\"    acknowledgement:
-.\"    "This product includes software written by Tim Hudson
-.\"     (tjh@cryptsoft.com)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" The licence and distribution terms for any publically available version or
-.\" derivative of this code cannot be changed.  i.e. this code cannot simply be
-.\" copied and put under another distribution licence
-.\" [including the GNU Public Licence.]
-.\"
-.Dd $Mdocdate: August 30 2024 $
-.Dt OPENSSL 1
-.Os
-.Sh NAME
-.Nm openssl
-.Nd OpenSSL command line tool
-.Sh SYNOPSIS
-.Nm
-.Ar command
-.Op Ar command_opt ...
-.Op Ar command_arg ...
-.Pp
-.Nm
-.Cm list-standard-commands |
-.Cm list-message-digest-commands |
-.Cm list-cipher-commands |
-.Cm list-cipher-algorithms |
-.Cm list-message-digest-algorithms |
-.Cm list-public-key-algorithms
-.Pp
-.Nm
-.Cm no- Ns Ar command
-.Sh DESCRIPTION
-.Nm OpenSSL
-is a cryptography toolkit implementing the
-Transport Layer Security
-.Pq TLS
-network protocol,
-as well as related cryptography standards.
-.Pp
-The
-.Nm
-program is a command line tool for using the various
-cryptography functions of
-.Nm openssl Ns 's
-crypto library from the shell.
-.Pp
-The pseudo-commands
-.Cm list-standard-commands , list-message-digest-commands ,
-and
-.Cm list-cipher-commands
-output a list
-.Pq one entry per line
-of the names of all standard commands, message digest commands,
-or cipher commands, respectively, that are available in the present
-.Nm
-utility.
-.Pp
-The pseudo-commands
-.Cm list-cipher-algorithms
-and
-.Cm list-message-digest-algorithms
-list all cipher and message digest names,
-one entry per line.
-Aliases are listed as:
-.Pp
-.D1 from => to
-.Pp
-The pseudo-command
-.Cm list-public-key-algorithms
-lists all supported public key algorithms.
-.Pp
-The pseudo-command
-.Cm no- Ns Ar command
-tests whether a command of the
-specified name is available.
-If
-.Ar command
-does not exist,
-it returns 0
-and prints
-.Cm no- Ns Ar command ;
-otherwise it returns 1 and prints
-.Ar command .
-In both cases, the output goes to stdout and nothing is printed to stderr.
-Additional command line arguments are always ignored.
-Since for each cipher there is a command of the same name,
-this provides an easy way for shell scripts to test for the
-availability of ciphers in the
-.Nm
-program.
-.Pp
-.Sy Note :
-.Cm no- Ns Ar command
-is not able to detect pseudo-commands such as
-.Cm quit ,
-.Cm list- Ns Ar ... Ns Cm -commands ,
-or
-.Cm no- Ns Ar command
-itself.
-.Tg asn1parse
-.Sh ASN1PARSE
-.Bl -hang -width "openssl asn1parse"
-.It Nm openssl asn1parse
-.Bk -words
-.Op Fl i
-.Op Fl dlimit Ar number
-.Op Fl dump
-.Op Fl genconf Ar file
-.Op Fl genstr Ar str
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem | txt
-.Op Fl length Ar number
-.Op Fl noout
-.Op Fl offset Ar number
-.Op Fl oid Ar file
-.Op Fl out Ar file
-.Op Fl strparse Ar offset
-.Ek
-.El
-.Pp
-The
-.Nm asn1parse
-command is a diagnostic utility that can parse ASN.1 structures.
-It can also be used to extract data from ASN.1 formatted data.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl dlimit Ar number
-Dump the first
-.Ar number
-bytes of unknown data in hex form.
-.It Fl dump
-Dump unknown data in hex form.
-.It Fl genconf Ar file , Fl genstr Ar str
-Generate encoded data based on string
-.Ar str ,
-file
-.Ar file ,
-or both, using the format described in
-.Xr ASN1_generate_nconf 3 .
-If only
-.Ar file
-is present then the string is obtained from the default section
-using the name
-.Dq asn1 .
-The encoded data is passed through the ASN.1 parser and printed out as
-though it came from a file;
-the contents can thus be examined and written to a file using the
-.Fl out
-option.
-.It Fl i
-Indent the output according to the
-.Qq depth
-of the structures.
-.It Fl in Ar file
-The input file to read from, or standard input if not specified.
-.It Fl inform Cm der | pem | txt
-The input format.
-.It Fl length Ar number
-Number of bytes to parse; the default is until end of file.
-.It Fl noout
-Do not output the parsed version of the input file.
-.It Fl offset Ar number
-Starting offset to begin parsing; the default is start of file.
-.It Fl oid Ar file
-A file containing additional object identifiers
-.Pq OIDs .
-If an OID
-.Pq object identifier
-is not part of
-.Nm openssl Ns 's
-internal table, it will be represented in
-numerical form
-.Pq for example 1.2.3.4 .
-.Pp
-Each line consists of three columns:
-the first column is the OID in numerical format and should be followed by
-whitespace.
-The second column is the
-.Qq short name ,
-which is a single word followed by whitespace.
-The final column is the rest of the line and is the
-.Qq long name .
-.Nm asn1parse
-displays the long name.
-.It Fl out Ar file
-The DER-encoded output file; the default is no encoded output
-(useful when combined with
-.Fl strparse ) .
-.It Fl strparse Ar offset
-Parse the content octets of the ASN.1 object starting at
-.Ar offset .
-This option can be used multiple times to
-.Qq drill down
-into a nested structure.
-.El
-.Tg ca
-.Sh CA
-.Bl -hang -width "openssl ca"
-.It Nm openssl ca
-.Bk -words
-.Op Fl batch
-.Op Fl cert Ar file
-.Op Fl config Ar file
-.Op Fl create_serial
-.Op Fl crl_CA_compromise Ar time
-.Op Fl crl_compromise Ar time
-.Op Fl crl_hold Ar instruction
-.Op Fl crl_reason Ar reason
-.Op Fl crldays Ar days
-.Op Fl crlexts Ar section
-.Op Fl crlhours Ar hours
-.Op Fl crlsec Ar seconds
-.Op Fl days Ar arg
-.Op Fl enddate Ar date
-.Op Fl extensions Ar section
-.Op Fl extfile Ar file
-.Op Fl gencrl
-.Op Fl in Ar file
-.Op Fl infiles
-.Op Fl key Ar password
-.Op Fl keyfile Ar file
-.Op Fl keyform Cm pem | der
-.Op Fl md Ar alg
-.Op Fl msie_hack
-.Op Fl multivalue-rdn
-.Op Fl name Ar section
-.Op Fl noemailDN
-.Op Fl notext
-.Op Fl out Ar file
-.Op Fl outdir Ar directory
-.Op Fl passin Ar arg
-.Op Fl policy Ar arg
-.Op Fl preserveDN
-.Op Fl revoke Ar file
-.Op Fl selfsign
-.Op Fl sigopt Ar nm:v
-.Op Fl ss_cert Ar file
-.Op Fl startdate Ar date
-.Op Fl status Ar serial
-.Op Fl subj Ar arg
-.Op Fl updatedb
-.Op Fl utf8
-.Op Fl verbose
-.Ek
-.El
-.Pp
-The
-.Nm ca
-command is a minimal certificate authority (CA) application.
-It can be used to sign certificate requests in a variety of forms
-and generate certificate revocation lists (CRLs).
-It also maintains a text database of issued certificates and their status.
-.Pp
-The options relevant to CAs are as follows:
-.Bl -tag -width "XXXX"
-.It Fl batch
-Batch mode.
-In this mode no questions will be asked
-and all certificates will be certified automatically.
-.It Fl cert Ar file
-The CA certificate file.
-.It Fl config Ar file
-Specify an alternative configuration file.
-.It Fl create_serial
-If reading the serial from the text file as specified in the
-configuration fails, create a new random serial to be used as the
-next serial number.
-.It Fl days Ar arg
-The number of days to certify the certificate for.
-.It Fl enddate Ar date
-Set the expiry date.
-The format of the date is [YY]YYMMDDHHMMSSZ,
-with all four year digits required for dates from 2050 onwards.
-.It Fl extensions Ar section
-The section of the configuration file containing certificate extensions
-to be added when a certificate is issued (defaults to
-.Cm x509_extensions
-unless the
-.Fl extfile
-option is used).
-If no extension section is present, a V1 certificate is created.
-If the extension section is present
-.Pq even if it is empty ,
-then a V3 certificate is created.
-See the
-.Xr x509v3.cnf 5
-manual page for details of the extension section format.
-.It Fl extfile Ar file
-An additional configuration
-.Ar file
-to read certificate extensions from
-(using the default section unless the
-.Fl extensions
-option is also used).
-.It Fl in Ar file
-An input
-.Ar file
-containing a single certificate request to be signed by the CA.
-.It Fl infiles
-If present, this should be the last option; all subsequent arguments
-are assumed to be the names of files containing certificate requests.
-.It Fl key Ar password
-The
-.Fa password
-used to encrypt the private key.
-Since on some systems the command line arguments are visible,
-this option should be used with caution.
-.It Fl keyfile Ar file
-The private key to sign requests with.
-.It Fl keyform Cm pem | der
-Private key file format.
-The default is
-.Cm pem .
-.It Fl md Ar alg
-The message digest to use.
-Possible values include
-.Ar md5
-and
-.Ar sha1 .
-This option also applies to CRLs.
-.It Fl msie_hack
-This is a legacy option to make
-.Nm ca
-work with very old versions of the IE certificate enrollment control
-.Qq certenr3 .
-It used UniversalStrings for almost everything.
-Since the old control has various security bugs,
-its use is strongly discouraged.
-The newer control
-.Qq Xenroll
-does not need this option.
-.It Fl multivalue-rdn
-This option causes the
-.Fl subj
-argument to be interpreted with full support for multivalued RDNs,
-for example
-.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
-If
-.Fl multivalue-rdn
-is not used, the UID value is set to
-.Qq "123456+CN=John Doe" .
-.It Fl name Ar section
-Specifies the configuration file
-.Ar section
-to use (overrides
-.Cm default_ca
-in the
-.Cm ca
-section).
-.It Fl noemailDN
-The DN of a certificate can contain the EMAIL field if present in the
-request DN, however it is good policy just having the email set into
-the
-.Cm altName
-extension of the certificate.
-When this option is set, the EMAIL field is removed from the certificate's
-subject and set only in the, eventually present, extensions.
-The
-.Ar email_in_dn
-keyword can be used in the configuration file to enable this behaviour.
-.It Fl notext
-Don't output the text form of a certificate to the output file.
-.It Fl out Ar file
-The output file to output certificates to.
-The default is standard output.
-The certificate details will also be printed out to this file in
-PEM format.
-.It Fl outdir Ar directory
-The
-.Ar directory
-to output certificates to.
-The certificate will be written to a file consisting of the
-serial number in hex with
-.Qq .pem
-appended.
-.It Fl passin Ar arg
-The key password source.
-.It Fl policy Ar arg
-Define the CA
-.Qq policy
-to use.
-The policy section in the configuration file
-consists of a set of variables corresponding to certificate DN fields.
-The values may be one of
-.Qq match
-(the value must match the same field in the CA certificate),
-.Qq supplied
-(the value must be present), or
-.Qq optional
-(the value may be present).
-Any fields not mentioned in the policy section
-are silently deleted, unless the
-.Fl preserveDN
-option is set,
-but this can be regarded more of a quirk than intended behaviour.
-.It Fl preserveDN
-Normally, the DN order of a certificate is the same as the order of the
-fields in the relevant policy section.
-When this option is set, the order is the same as the request.
-This is largely for compatibility with the older IE enrollment control
-which would only accept certificates if their DNs matched the order of the
-request.
-This is not needed for Xenroll.
-.It Fl selfsign
-Indicates the issued certificates are to be signed with the key the
-certificate requests were signed with, given with
-.Fl keyfile .
-Certificate requests signed with a different key are ignored.
-If
-.Fl gencrl
-or
-.Fl ss_cert
-are given,
-.Fl selfsign
-is ignored.
-.Pp
-A consequence of using
-.Fl selfsign
-is that the self-signed certificate appears among the entries in
-the certificate database (see the configuration option
-.Cm database )
-and uses the same serial number counter as all other certificates
-signed with the self-signed certificate.
-.It Fl sigopt Ar nm:v
-Pass options to the signature algorithm during sign or certify operations.
-The names and values of these options are algorithm-specific.
-.It Fl ss_cert Ar file
-A single self-signed certificate to be signed by the CA.
-.It Fl startdate Ar date
-Set the start date.
-The format of the date is [YY]YYMMDDHHMMSSZ,
-with all four year digits required for dates from 2050 onwards.
-.It Fl subj Ar arg
-Supersedes the subject name given in the request.
-The
-.Ar arg
-must be formatted as
-.Sm off
-.Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
-.Ar type2 Ns = Ar ... ;
-.Sm on
-characters may be escaped by
-.Sq \e
-.Pq backslash ,
-no spaces are skipped.
-.It Fl utf8
-Interpret field values read from a terminal or obtained from a
-configuration file as UTF-8 strings.
-By default, they are interpreted as ASCII.
-.It Fl verbose
-Print extra details about the operations being performed.
-.El
-.Pp
-The options relevant to CRLs are as follows:
-.Bl -tag -width "XXXX"
-.It Fl crl_CA_compromise Ar time
-This is the same as
-.Fl crl_compromise ,
-except the revocation reason is set to CACompromise.
-.It Fl crl_compromise Ar time
-Set the revocation reason to keyCompromise and the compromise time to
-.Ar time .
-.Ar time
-should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
-.It Fl crl_hold Ar instruction
-Set the CRL revocation reason code to certificateHold and the hold
-instruction to
-.Ar instruction
-which must be an OID.
-Although any OID can be used, only holdInstructionNone
-(the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
-holdInstructionReject will normally be used.
-.It Fl crl_reason Ar reason
-Revocation reason, where
-.Ar reason
-is one of:
-unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
-cessationOfOperation, certificateHold or removeFromCRL.
-The matching of
-.Ar reason
-is case insensitive.
-Setting any revocation reason will make the CRL v2.
-In practice, removeFromCRL is not particularly useful because it is only used
-in delta CRLs which are not currently implemented.
-.It Fl crldays Ar days
-The number of days before the next CRL is due.
-This is the days from now to place in the CRL
-.Cm nextUpdate
-field.
-.It Fl crlexts Ar section
-The
-.Ar section
-of the configuration file containing CRL extensions to include.
-If no CRL extension section is present then a V1 CRL is created;
-if the CRL extension section is present
-(even if it is empty)
-then a V2 CRL is created.
-The CRL extensions specified are CRL extensions and not CRL entry extensions.
-It should be noted that some software can't handle V2 CRLs.
-See the
-.Xr x509v3.cnf 5
-manual page for details of the extension section format.
-.It Fl crlhours Ar hours
-The number of hours before the next CRL is due.
-.It Fl crlsec Ar seconds
-The number of seconds before the next CRL is due.
-.It Fl gencrl
-Generate a CRL based on information in the index file.
-.It Fl revoke Ar file
-A
-.Ar file
-containing a certificate to revoke.
-.It Fl status Ar serial
-Show the status of the certificate with serial number
-.Ar serial .
-.It Fl updatedb
-Update the database index to purge expired certificates.
-.El
-.Pp
-Many of the options can be set in the
-.Cm ca
-section of the configuration file
-(or in the default section of the configuration file),
-specified using
-.Cm default_ca
-or
-.Fl name .
-The options
-.Cm preserve
-and
-.Cm msie_hack
-are read directly from the
-.Cm ca
-section.
-.Pp
-Many of the configuration file options are identical to command line
-options.
-Where the option is present in the configuration file and the command line,
-the command line value is used.
-Where an option is described as mandatory, then it must be present in
-the configuration file or the command line equivalent
-.Pq if any
-used.
-.Bl -tag -width "XXXX"
-.It Cm certificate
-The same as
-.Fl cert .
-It gives the file containing the CA certificate.
-Mandatory.
-.It Cm copy_extensions
-Determines how extensions in certificate requests should be handled.
-If set to
-.Cm none
-or this option is not present, then extensions are
-ignored and not copied to the certificate.
-If set to
-.Cm copy ,
-then any extensions present in the request that are not already present
-are copied to the certificate.
-If set to
-.Cm copyall ,
-then all extensions in the request are copied to the certificate:
-if the extension is already present in the certificate it is deleted first.
-.Pp
-The
-.Cm copy_extensions
-option should be used with caution.
-If care is not taken, it can be a security risk.
-For example, if a certificate request contains a
-.Cm basicConstraints
-extension with CA:TRUE and the
-.Cm copy_extensions
-value is set to
-.Cm copyall
-and the user does not spot
-this when the certificate is displayed, then this will hand the requester
-a valid CA certificate.
-.Pp
-This situation can be avoided by setting
-.Cm copy_extensions
-to
-.Cm copy
-and including
-.Cm basicConstraints
-with CA:FALSE in the configuration file.
-Then if the request contains a
-.Cm basicConstraints
-extension, it will be ignored.
-.Pp
-The main use of this option is to allow a certificate request to supply
-values for certain extensions such as
-.Cm subjectAltName .
-.It Cm crl_extensions
-The same as
-.Fl crlexts .
-.It Cm crlnumber
-A text file containing the next CRL number to use in hex.
-The CRL number will be inserted in the CRLs only if this file exists.
-If this file is present, it must contain a valid CRL number.
-.It Cm database
-The text database file to use.
-Mandatory.
-This file must be present, though initially it will be empty.
-.It Cm default_crl_hours , default_crl_days
-The same as the
-.Fl crlhours
-and
-.Fl crldays
-options.
-These will only be used if neither command line option is present.
-At least one of these must be present to generate a CRL.
-.It Cm default_days
-The same as the
-.Fl days
-option.
-The number of days to certify a certificate for.
-.It Cm default_enddate
-The same as the
-.Fl enddate
-option.
-Either this option or
-.Cm default_days
-.Pq or the command line equivalents
-must be present.
-.It Cm default_md
-The same as the
-.Fl md
-option.
-The message digest to use.
-Mandatory.
-.It Cm default_startdate
-The same as the
-.Fl startdate
-option.
-The start date to certify a certificate for.
-If not set, the current time is used.
-.It Cm email_in_dn
-The same as
-.Fl noemailDN .
-If the EMAIL field is to be removed from the DN of the certificate,
-simply set this to
-.Qq no .
-If not present, the default is to allow for the EMAIL field in the
-certificate's DN.
-.It Cm msie_hack
-The same as
-.Fl msie_hack .
-.It Cm name_opt , cert_opt
-These options allow the format used to display the certificate details
-when asking the user to confirm signing.
-All the options supported by the
-.Nm x509
-utilities'
-.Fl nameopt
-and
-.Fl certopt
-switches can be used here, except that
-.Cm no_signame
-and
-.Cm no_sigdump
-are permanently set and cannot be disabled
-(this is because the certificate signature cannot be displayed because
-the certificate has not been signed at this point).
-.Pp
-For convenience, the value
-.Cm ca_default
-is accepted by both to produce a reasonable output.
-.Pp
-If neither option is present, the format used in earlier versions of
-.Nm openssl
-is used.
-Use of the old format is strongly discouraged
-because it only displays fields mentioned in the
-.Cm policy
-section,
-mishandles multicharacter string types and does not display extensions.
-.It Cm new_certs_dir
-The same as the
-.Fl outdir
-command line option.
-It specifies the directory where new certificates will be placed.
-Mandatory.
-.It Cm oid_file
-This specifies a file containing additional object identifiers.
-Each line of the file should consist of the numerical form of the
-object identifier followed by whitespace, then the short name followed
-by whitespace and finally the long name.
-.It Cm oid_section
-This specifies a section in the configuration file containing extra
-object identifiers.
-Each line should consist of the short name of the object identifier
-followed by
-.Sq =
-and the numerical form.
-The short and long names are the same when this option is used.
-.It Cm policy
-The same as
-.Fl policy .
-Mandatory.
-.It Cm preserve
-The same as
-.Fl preserveDN .
-.It Cm private_key
-Same as the
-.Fl keyfile
-option.
-The file containing the CA private key.
-Mandatory.
-.It Cm serial
-A text file containing the next serial number to use in hex.
-Mandatory.
-This file must be present and contain a valid serial number.
-.It Cm unique_subject
-If the value
-.Cm yes
-is given, the valid certificate entries in the
-database must have unique subjects.
-If the value
-.Cm no
-is given,
-several valid certificate entries may have the exact same subject.
-The default value is
-.Cm yes .
-.Pp
-Note that it is valid in some circumstances for certificates to be created
-without any subject.
-In cases where there are multiple certificates without
-subjects this does not count as a duplicate.
-.It Cm x509_extensions
-The same as
-.Fl extensions .
-.El
-.Tg certhash
-.Sh CERTHASH
-.Bl -hang -width "openssl certhash"
-.It Nm openssl certhash
-.Bk -words
-.Op Fl nv
-.Ar dir ...
-.Ek
-.El
-.Pp
-The
-.Nm certhash
-command calculates a hash value of
-.Qq .pem
-file in the specified directory list and creates symbolic links for each file,
-where the name of the link is the hash value.
-See the
-.Xr SSL_CTX_load_verify_locations 3
-manual page for how hash links are used.
-.Pp
-The links created are of the form
-.Qq HHHHHHHH.D ,
-where each
-.Sq H
-is a hexadecimal character and
-.Sq D
-is a single decimal digit.
-The hashes for CRLs look similar, except the letter
-.Sq r
-appears after the period, like this:
-.Qq HHHHHHHH.rD .
-When processing a directory,
-.Nm certhash
-will first remove all links that have a name in that syntax and invalid
-reference.
-.Pp
-Multiple objects may have the same hash; they will be indicated by
-incrementing the
-.Sq D
-value.
-Duplicates are found by comparing the full SHA256 fingerprint.
-A warning will be displayed if a duplicate is found.
-.Pp
-A warning will also be displayed if there are files that cannot be parsed as
-either a certificate or a CRL.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl n
-Perform a dry-run, and do not make any changes.
-.It Fl v
-Print extra details about the processing.
-.It Ar dir ...
-Specify the directories to process.
-.El
-.Tg ciphers
-.Sh CIPHERS
-.Nm openssl ciphers
-.Op Fl hsVv
-.Op Fl tls1_2
-.Op Fl tls1_3
-.Op Ar control
-.Pp
-The
-.Nm ciphers
-command converts the
-.Ar control
-string from the format documented in
-.Xr SSL_CTX_set_cipher_list 3
-into an ordered SSL cipher suite preference list.
-If no
-.Ar control
-string is specified, the
-.Cm DEFAULT
-list is printed.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl h , \&?
-Print a brief usage message.
-.It Fl s
-Only list ciphers that are supported by the TLS method.
-.It Fl tls1_2 | tls1_3
-In combination with the
-.Fl s
-option, list the ciphers which could be used
-if the specified protocol version were negotiated.
-.It Fl V
-Verbose.
-List ciphers with cipher suite code in hex format,
-cipher name, and a complete description of protocol version,
-key exchange, authentication, encryption, and mac algorithms.
-.It Fl v
-Like
-.Fl V ,
-but without cipher suite codes.
-.El
-.Tg cms
-.Sh CMS
-.Bl -hang -width "openssl cms"
-.It Nm openssl cms
-.Bk -words
-.Oo
-.Fl aes128 | aes192 | aes256 | camellia128 |
-.Fl camellia192 | camellia256 | des | des3 |
-.Fl rc2-40 | rc2-64 | rc2-128
-.Oc
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl CRLfile Ar file
-.Op Fl binary
-.Op Fl certfile Ar file
-.Op Fl certsout Ar file
-.Op Fl cmsout
-.Op Fl compress
-.Op Fl content Ar file
-.Op Fl crlfeol
-.Op Fl data_create
-.Op Fl data_out
-.Op Fl debug_decrypt
-.Op Fl decrypt
-.Op Fl digest_create
-.Op Fl digest_verify
-.Op Fl econtent_type Ar type
-.Op Fl encrypt
-.Op Fl EncryptedData_decrypt
-.Op Fl EncryptedData_encrypt
-.Op Fl from Ar addr
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem | smime
-.Op Fl inkey Ar file
-.Op Fl keyform Cm der | pem
-.Op Fl keyid
-.Op Fl keyopt Ar nm:v
-.Op Fl md Ar digest
-.Op Fl no_attr_verify
-.Op Fl no_content_verify
-.Op Fl no_signer_cert_verify
-.Op Fl noattr
-.Op Fl nocerts
-.Op Fl nodetach
-.Op Fl nointern
-.Op Fl nooldmime
-.Op Fl noout
-.Op Fl nosigs
-.Op Fl nosmimecap
-.Op Fl noverify
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem | smime
-.Op Fl passin Ar src
-.Op Fl print
-.Op Fl pwri_password Ar arg
-.Op Fl rctform Cm der | pem | smime
-.Op Fl receipt_request_all | receipt_request_first
-.Op Fl receipt_request_from Ar addr
-.Op Fl receipt_request_print
-.Op Fl receipt_request_to Ar addr
-.Op Fl recip Ar file
-.Op Fl resign
-.Op Fl secretkey Ar key
-.Op Fl secretkeyid Ar id
-.Op Fl sign
-.Op Fl sign_receipt
-.Op Fl signer Ar file
-.Op Fl stream | indef | noindef
-.Op Fl subject Ar s
-.Op Fl text
-.Op Fl to Ar addr
-.Op Fl uncompress
-.Op Fl verify
-.Op Fl verify_receipt Ar file
-.Op Fl verify_retcode
-.Op Ar cert.pem ...
-.Ek
-.El
-.Pp
-The
-.Nm cms
-command handles S/MIME v3.1 mail.
-It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME
-messages.
-.Pp
-The MIME message must be sent without any blank lines between the headers and
-the output.
-Some mail programs will automatically add a blank line.
-Piping the mail directly to sendmail is one way to achieve the correct format.
-.Pp
-The supplied message to be signed or encrypted must include the necessary MIME
-headers or many S/MIME clients won't display it properly (if at all).
-You can use the
-.Fl text
-option to automatically add plain text headers.
-.Pp
-A "signed and encrypted" message is one where a signed message is then
-encrypted.
-This can be produced by encrypting an already signed message.
-.Pp
-There are various operation options that set the type of operation to be
-performed.
-The meaning of the other options varies according to the operation type.
-.Bl -tag -width "XXXX"
-.It Fl encrypt
-Encrypt mail for the given recipient certificates.
-Input file is the message to be encrypted.
-The output file is the encrypted mail in MIME format.
-The actual CMS type is EnvelopedData.
-Note that no revocation check is done for the recipient cert, so if that
-key has been compromised, others may be able to decrypt the text.
-.It Fl decrypt
-Decrypt mail using the supplied certificate and private key.
-Expects an encrypted mail message in MIME format for the input file.
-The decrypted mail is written to the output file.
-.It Fl sign
-Sign mail using the supplied certificate and private key.
-Input file is the message to be signed.
-The signed message in MIME format is written to the output file.
-.It Fl verify
-Verify signed mail.
-Expects a signed mail message on input and outputs the signed data.
-Both clear text and opaque signing are supported.
-.It Fl cmsout
-Take an input message and write out a PEM encoded CMS structure.
-.It Fl resign
-Resign a message.
-Take an existing message and one or more new signers.
-This operation uses an existing message digest when adding a new signer.
-This means that attributes must be present in at least one existing
-signer using the same message digest or this operation will fail.
-.It Fl data_create
-Create a CMS Data type.
-.It Fl data_out
-Output a content from the input CMS Data type.
-.It Fl digest_create
-Create a CMS DigestedData type.
-.It Fl digest_verify
-Verify a CMS DigestedData type and output the content.
-.It Fl compress
-Create a CMS CompressedData type.
-Must be compiled with zlib support for this option to work.
-.It Fl uncompress
-Uncompress a CMS CompressedData type and output the content.
-Must be compiled with zlib support for this option to work.
-.It Fl EncryptedData_encrypt
-Encrypt a content using supplied symmetric key and algorithm using a
-CMS EncryptedData type.
-.It Fl EncryptedData_decrypt
-Decrypt a CMS EncryptedData type using supplied symmetric key.
-.It Fl sign_receipt
-Generate and output a signed receipt for the supplied message.
-The input message must contain a signed receipt request.
-Functionality is otherwise similar to the
-.Fl sign
-operation.
-.It Xo
-.Fl verify_receipt Ar file
-.Xc
-Verify a signed receipt in file.
-The input message must contain the original receipt request.
-Functionality is otherwise similar to the
-.Fl verify
-operation.
-.El
-.Pp
-The remaining options are as follows:
-.Bl -tag -width "XXXX"
-.It Xo
-.Fl aes128 | aes192 | aes256 | camellia128 |
-.Fl camellia192 | camellia256 | des | des3 |
-.Fl rc2-40 | rc2-64 | rc2-128
-.Xc
-The encryption algorithm to use.
-128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA,
-DES (56 bits), triple DES (168 bits),
-or 40-, 64-, or 128-bit RC2, respectively;
-if not specified, triple DES is
-used.
-Only used with
-.Fl encrypt
-and
-.Fl EncryptedData_encrypt
-commands.
-.It Fl binary
-Normally the input message is converted to "canonical" format which is
-effectively using CR/LF as end of line, as required by the S/MIME specification.
-When this option is present, no translation occurs.
-This is useful when handling binary data which may not be in MIME format.
-.It Fl CAfile Ar file
-A file containing trusted CA certificates, used with
-.Fl verify
-and
-.Fl verify_receipt .
-.It Fl CApath Ar directory
-A directory containing trusted CA certificates, used with
-.Fl verify
-and
-.Fl verify_receipt .
-This directory must be a standard certificate directory: that is a hash
-of each subject name (using
-.Nm x509 Fl hash )
-should be linked to each certificate.
-.It Fl CRLfile Ar file
-Allows additional certificate revocation lists to be specified for verification.
-The CRLs should be in PEM format.
-.It Ar cert.pem ...
-One or more certificates of message recipients: used when encrypting a message.
-.It Fl certfile Ar file
-Allows additional certificates to be specified.
-When signing, these will be included with the message.
-When verifying, these will be searched for the signer's certificates.
-The certificates should be in PEM format.
-.It Fl certsout Ar file
-A file that any certificates contained in the message are written to.
-.It Xo
-.Fl check_ss_sig ,
-.Fl crl_check ,
-.Fl crl_check_all ,
-.Fl extended_crl ,
-.Fl ignore_critical ,
-.Fl issuer_checks ,
-.Fl policy ,
-.Fl policy_check ,
-.Fl purpose ,
-.Fl x509_strict
-.Xc
-Set various certificate chain validation options.
-See the
-.Nm verify
-command for details.
-.It Fl content Ar file
-A file containing the detached content.
-This is only useful with the
-.Fl verify
-command.
-This is only usable if the CMS structure is using the detached signature
-form where the content is not included.
-This option will override any content if the input format is S/MIME and
-it uses the multipart/signed MIME content type.
-.It Fl crlfeol
-Output a S/MIME message with CR/LF end of line.
-.It Fl debug_decrypt
-Set the CMS_DEBUG_DECRYPT flag when decrypting.
-This option should be used with caution, since this can be used to disable
-the MMA attack protection and return an error if no recipient can be found.
-See the
-.Xr CMS_decrypt 3
-manual page for details of the flag.
-.It Xo
-.Fl from Ar addr ,
-.Fl subject Ar s ,
-.Fl to Ar addr
-.Xc
-The relevant mail headers.
-These are included outside the signed portion of a message so they may
-be included manually.
-If signing then many S/MIME mail clients check the signer's certificate's
-email address matches that specified in the From: address.
-.It Fl econtent_type Ar type
-Set the encapsulated content type, used with
-.Fl sign .
-If not supplied, the Data type is used.
-The type argument can be any valid OID name in either text or numerical format.
-.It Fl in Ar file
-The input message to be encrypted or signed or the message to be decrypted or
-verified.
-.It Fl inform Cm der | pem | smime
-The input format for the CMS structure.
-The default is
-.Cm smime ,
-which reads an S/MIME format message.
-.Cm pem
-and
-.Cm der
-format change this to expect PEM and DER format CMS structures instead.
-This currently only affects the input format of the CMS structure; if no
-CMS structure is being input (for example with
-.Fl encrypt
-or
-.Fl sign )
-this option has no effect.
-.It Fl inkey Ar file
-The private key to use when signing or decrypting.
-This must match the corresponding certificate.
-If this option is not specified then the private key must be included in
-the certificate file specified with the
-.Fl recip
-or
-.Fl signer
-file.
-When signing, this option can be used multiple times to specify successive keys.
-.It Fl keyform Cm der | pem
-Input private key format.
-The default is
-.Cm pem .
-.It Fl keyid
-Use subject key identifier to identify certificates instead of issuer
-name and serial number.
-The supplied certificate must include a subject key identifier extension.
-Supported by
-.Fl sign
-and
-.Fl encrypt
-operations.
-.It Fl keyopt Ar nm:v
-Set customised parameters for the preceding key or certificate
-for encryption and signing.
-It can currently be used to set RSA-PSS for signing, RSA-OAEP for
-encryption or to modify default parameters for ECDH.
-This option can be used multiple times.
-.It Fl md Ar digest
-The digest algorithm to use when signing or resigning.
-If not present then the default digest algorithm for the signing key
-will be used (usually SHA1).
-.It Fl no_attr_verify
-Do not verify the signer's attribute of a signature.
-.It Fl no_content_verify
-Do not verify the content of a signed message.
-.It Fl no_signer_cert_verify
-Do not verify the signer's certificate of a signed message.
-.It Fl noattr
-Do not include attributes.
-Normally when a message is signed a set of attributes are included which
-include the signing time and supported symmetric algorithms.
-With this option they are not included.
-.It Fl nocerts
-Do not include the signer's certificate.
-This will reduce the size of the signed message but the verifier must
-have a copy of the signer's certificate available locally (passed using
-the
-.Fl certfile
-option for example).
-.It Fl nodetach
-When signing a message, use opaque signing.
-This form is more resistant to translation by mail relays but it cannot be
-read by mail agents that do not support S/MIME.
-Without this option cleartext signing with the MIME type multipart/signed is
-used.
-.It Fl nointern
-Only the certificates specified in the
-.Fl certfile
-option are used.
-When verifying a message, normally certificates (if any) included in the
-message are searched for the signing certificate.
-The supplied certificates can still be used as untrusted CAs however.
-.It Fl nooldmime
-Output an old S/MIME content type like "application/x-pkcs7-".
-.It Fl noout
-Do not output the parsed CMS structure for the
-.Fl cmsout
-operation.
-This is useful when combined with the
-.Fl print
-option or if the syntax of the CMS structure is being checked.
-.It Fl nosigs
-Do not try to verify the signatures on the message.
-.It Fl nosmimecap
-Exclude the list of supported algorithms from signed attributes; other
-options such as signing time and content type are still included.
-.It Fl noverify
-Do not verify the signer's certificate of a signed message.
-.It Fl out Ar file
-The message text that has been decrypted or verified or the output MIME
-format message that has been signed or verified.
-.It Fl outform Cm der | pem | smime
-This specifies the output format for the CMS structure.
-The default is
-.Cm smime ,
-which writes an S/MIME format message.
-.Cm pem
-and
-.Cm der
-format change this to write PEM and DER format CMS structures instead.
-This currently only affects the output format of the CMS structure; if
-no CMS structure is being output (for example with
-.Fl verify
-or
-.Fl decrypt )
-this option has no effect.
-.It Fl passin Ar src
-The private key password source.
-.It Fl print
-Print out all fields of the CMS structure for the
-.Fl cmsout
-operation.
-This is mainly useful for testing purposes.
-.It Fl pwri_password Ar arg
-Specify PasswordRecipientInfo (PWRI) password to use.
-Supported by the
-.Fl encrypt
-and
-.Fl decrypt
-operations.
-.It Fl rctform Cm der | pem | smime
-Specify the format for a signed receipt for use with the
-.Fl receipt_verify
-operation.
-The default is
-.Cm smime .
-.It Fl receipt_request_all | receipt_request_first
-Indicate requests should be provided by all recipient or first tier
-recipients (those mailed directly and not from a mailing list), for the
-.Fl sign
-operation to include a signed receipt request.
-Ignored if
-.Fl receipt_request_from
-is included.
-.It Fl receipt_request_from Ar addr
-Add an explicit email address where receipts should be supplied.
-.It Fl receipt_request_print
-Print out the contents of any signed receipt requests for the
-.Fl verify
-operation.
-.It Fl receipt_request_to Ar addr
-Add an explicit email address where signed receipts should be sent to.
-This option must be supplied if a signed receipt is requested.
-.It Fl recip Ar file
-When decrypting a message, this specifies the recipient's certificate.
-The certificate must match one of the recipients of the message or an
-error occurs.
-When encrypting a message, this option may be used multiple times to
-specify each recipient.
-This form must be used if customised parameters are required (for example to
-specify RSA-OAEP).
-Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
-by this option.
-.It Fl secretkey Ar key
-Specify symmetric key to use.
-The key must be supplied in hex format and be consistent with the
-algorithm used.
-Supported by the
-.Fl EncryptedData_encrypt ,
-.Fl EncryptedData_decrypt ,
-.Fl encrypt
-and
-.Fl decrypt
-operations.
-When used with
-.Fl encrypt
-or
-.Fl decrypt ,
-the supplied key is used to wrap or unwrap the content encryption key
-using an AES key in the KEKRecipientInfo type.
-.It Fl secretkeyid Ar id
-The key identifier for the supplied symmetric key for KEKRecipientInfo type.
-This option must be present if the
-.Fl secretkey
-option is used with
-.Fl encrypt .
-With
-.Fl decrypt
-operations the id is used to locate the relevant key; if it is not supplied
-then an attempt is used to decrypt any KEKRecipientInfo structures.
-.It Fl signer Ar file
-A signing certificate when signing or resigning a message; this option
-can be used multiple times if more than one signer is required.
-If a message is being verified then the signers certificates will be
-written to this file if the verification was successful.
-.It Xo
-.Fl stream |
-.Fl indef |
-.Fl noindef
-.Xc
-The
-.Fl stream
-and
-.Fl indef
-options are equivalent and enable streaming I/O for encoding operations.
-This permits single pass processing of data without the need to hold the
-entire contents in memory, potentially supporting very large files.
-Streaming is automatically set for S/MIME signing with detached data if
-the output format is
-.Cm smime ;
-it is currently off by default for all other operations.
-.Fl noindef
-disable streaming I/O where it would produce an indefinite length
-constructed encoding.
-This option currently has no effect.
-.It Fl text
-Add plain text (text/plain) MIME headers to the supplied message if
-encrypting or signing.
-If decrypting or verifying, it strips off text headers: if the decrypted
-or verified message is not of MIME type text/plain then an error occurs.
-.It Fl verify_retcode
-Set verification error code to exit code to indicate what verification error
-has occurred.
-Supported by
-.Fl verify
-operation only.
-Exit code value minus 32 shows verification error code.
-See
-.Nm verify
-command for the list of verification error code.
-.El
-.Pp
-The exit codes for
-.Nm cms
-are as follows:
-.Pp
-.Bl -tag -width "XXXX" -offset 3n -compact
-.It 0
-The operation was completely successful.
-.It 1
-An error occurred parsing the command options.
-.It 2
-One of the input files could not be read.
-.It 3
-An error occurred creating the CMS file or when reading the MIME message.
-.It 4
-An error occurred decrypting or verifying the message.
-.It 5
-The message was verified correctly but an error occurred writing out the
-signer's certificates.
-.It 6
-An error occurred writing the output file.
-.It 32+
-A verify error occurred while
-.Fl verify_retcode
-is specified.
-.El
-.Tg crl
-.Sh CRL
-.Bl -hang -width "openssl crl"
-.It Nm openssl crl
-.Bk -words
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar dir
-.Op Fl crlnumber
-.Op Fl fingerprint
-.Op Fl hash
-.Op Fl hash_old
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl issuer
-.Op Fl lastupdate
-.Op Fl nameopt Ar option
-.Op Fl nextupdate
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl text
-.Op Fl verify
-.Ek
-.El
-.Pp
-The
-.Nm crl
-command processes CRL files in DER or PEM format.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl CAfile Ar file
-Verify the signature on a CRL by looking up the issuing certificate in
-.Ar file .
-.It Fl CApath Ar directory
-Verify the signature on a CRL by looking up the issuing certificate in
-.Ar dir .
-This directory must be a standard certificate directory,
-i.e. a hash of each subject name (using
-.Cm x509 Fl hash )
-should be linked to each certificate.
-.It Fl crlnumber
-Print the CRL number.
-.It Fl fingerprint
-Print the CRL fingerprint.
-.It Fl hash
-Output a hash of the issuer name.
-This can be used to look up CRLs in a directory by issuer name.
-.It Fl hash_old
-Output an old-style (MD5) hash of the issuer name.
-.It Fl in Ar file
-The input file to read from, or standard input if not specified.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl issuer
-Output the issuer name.
-.It Fl lastupdate
-Output the
-.Cm thisUpdate
-field.
-This option is misnamed for historical reasons.
-.It Fl nameopt Ar option
-Specify certificate name options.
-.It Fl nextupdate
-Output the
-.Cm nextUpdate
-field.
-.It Fl noout
-Do not output the encoded version of the CRL.
-.It Fl out Ar file
-The output file to write to, or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl text
-Print the CRL in plain text.
-.It Fl verify
-Verify the signature on the CRL.
-.El
-.Tg crl2pkcs7
-.Sh CRL2PKCS7
-.Bl -hang -width "openssl crl2pkcs7"
-.It Nm openssl crl2pkcs7
-.Bk -words
-.Op Fl certfile Ar file
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl nocrl
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Ek
-.El
-.Pp
-The
-.Nm crl2pkcs7
-command takes an optional CRL and one or more
-certificates and converts them into a PKCS#7 degenerate
-.Qq certificates only
-structure.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl certfile Ar file
-Add the certificates in PEM
-.Ar file
-to the PKCS#7 structure.
-This option can be used more than once
-to read certificates from multiple files.
-.It Fl in Ar file
-Read the CRL from
-.Ar file ,
-or standard input if not specified.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl nocrl
-Normally, a CRL is included in the output file.
-With this option, no CRL is
-included in the output file and a CRL is not read from the input file.
-.It Fl out Ar file
-Write the PKCS#7 structure to
-.Ar file ,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.El
-.Tg dgst
-.Sh DGST
-.Bl -hang -width "openssl dgst"
-.It Nm openssl dgst
-.Bk -words
-.Op Fl cdr
-.Op Fl binary
-.Op Fl Ar digest
-.Op Fl hex
-.Op Fl hmac Ar key
-.Op Fl keyform Cm pem
-.Op Fl mac Ar algorithm
-.Op Fl macopt Ar nm : Ns Ar v
-.Op Fl out Ar file
-.Op Fl passin Ar arg
-.Op Fl prverify Ar file
-.Op Fl sign Ar file
-.Op Fl signature Ar file
-.Op Fl sigopt Ar nm : Ns Ar v
-.Op Fl verify Ar file
-.Op Ar
-.Ek
-.El
-.Pp
-The digest functions output the message digest of a supplied
-.Ar file
-or
-.Ar files
-in hexadecimal form.
-They can also be used for digital signing and verification.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl binary
-Output the digest or signature in binary form.
-.It Fl c
-Print the digest in two-digit groups separated by colons.
-.It Fl d
-Print BIO debugging information.
-.It Fl Ar digest
-Use the specified message
-.Ar digest .
-The default is SHA256.
-The available digests can be displayed using
-.Nm openssl
-.Cm list-message-digest-commands .
-The following are equivalent:
-.Nm openssl dgst
-.Fl sha256
-and
-.Nm openssl
-.Cm sha256 .
-.It Fl hex
-Digest is to be output as a hex dump.
-This is the default case for a
-.Qq normal
-digest as opposed to a digital signature.
-.It Fl hmac Ar key
-Create a hashed MAC using
-.Ar key .
-.It Fl keyform Cm pem
-Specifies the key format to sign the digest with.
-.It Fl mac Ar algorithm
-Create a keyed Message Authentication Code (MAC).
-The most popular MAC algorithm is HMAC (hash-based MAC),
-but there are other MAC algorithms which are not based on hash.
-MAC keys and other options should be set via the
-.Fl macopt
-parameter.
-.It Fl macopt Ar nm : Ns Ar v
-Passes options to the MAC algorithm, specified by
-.Fl mac .
-The following options are supported by HMAC:
-.Bl -tag -width Ds
-.It Cm key : Ns Ar string
-Specifies the MAC key as an alphanumeric string
-(use if the key contain printable characters only).
-String length must conform to any restrictions of the MAC algorithm.
-.It Cm hexkey : Ns Ar string
-Specifies the MAC key in hexadecimal form (two hex digits per byte).
-Key length must conform to any restrictions of the MAC algorithm.
-.El
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passin Ar arg
-The key password source.
-.It Fl prverify Ar file
-Verify the signature using the private key in
-.Ar file .
-The output is either
-.Qq Verification OK
-or
-.Qq Verification Failure .
-.It Fl r
-Print the digest in coreutils format.
-.It Fl sign Ar file
-Digitally sign the digest using the private key in
-.Ar file .
-.It Fl signature Ar file
-The actual signature to verify.
-.It Fl sigopt Ar nm : Ns Ar v
-Pass options to the signature algorithm during sign or verify operations.
-The names and values of these options are algorithm-specific.
-.It Fl verify Ar file
-Verify the signature using the public key in
-.Ar file .
-The output is either
-.Qq Verification OK
-or
-.Qq Verification Failure .
-.It Ar
-File or files to digest.
-If no files are specified then standard input is used.
-.El
-.Tg dhparam
-.Sh DHPARAM
-.Bl -hang -width "openssl dhparam"
-.It Nm openssl dhparam
-.Bk -words
-.Op Fl 2 | 5
-.Op Fl C
-.Op Fl check
-.Op Fl dsaparam
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl text
-.Op Ar numbits
-.Ek
-.El
-.Pp
-The
-.Nm dhparam
-command is used to manipulate DH parameter files.
-Only the older PKCS#3 DH is supported,
-not the newer X9.42 DH.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl 2 , 5
-The generator to use;
-2 is the default.
-If present, the input file is ignored and parameters are generated instead.
-.It Fl C
-Convert the parameters into C code.
-The parameters can then be loaded by calling the
-.No get_dh Ns Ar numbits
-function.
-.It Fl check
-Check the DH parameters.
-.It Fl dsaparam
-Read or create DSA parameters,
-converted to DH format on output.
-Otherwise,
-.Qq strong
-primes
-.Pq such that (p-1)/2 is also prime
-will be used for DH parameter generation.
-.Pp
-DH parameter generation with the
-.Fl dsaparam
-option is much faster,
-and the recommended exponent length is shorter,
-which makes DH key exchange more efficient.
-Beware that with such DSA-style DH parameters,
-a fresh DH key should be created for each use to
-avoid small-subgroup attacks that may be possible otherwise.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl noout
-Do not output the encoded version of the parameters.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl text
-Print the DH parameters in plain text.
-.It Ar numbits
-Generate a parameter set of size
-.Ar numbits .
-It must be the last option.
-If not present, a value of 2048 is used.
-If this value is present, the input file is ignored and
-parameters are generated instead.
-.El
-.Tg dsa
-.Sh DSA
-.Bl -hang -width "openssl dsa"
-.It Nm openssl dsa
-.Bk -words
-.Oo
-.Fl aes128 | aes192 | aes256 |
-.Fl des | des3
-.Oc
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem | pvk
-.Op Fl modulus
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem | pvk
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl pubin
-.Op Fl pubout
-.Op Fl pvk-none | pvk-strong | pvk-weak
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm dsa
-command processes DSA keys.
-They can be converted between various forms and their components printed out.
-.Pp
-.Sy Note :
-This command uses the traditional
-.Nm SSLeay
-compatible format for private key encryption:
-newer applications should use the more secure PKCS#8 format using the
-.Nm pkcs8
-command.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Xo
-.Fl aes128 | aes192 | aes256 |
-.Fl des | des3
-.Xc
-Encrypt the private key with the AES, DES, or the triple DES
-ciphers, respectively, before outputting it.
-A pass phrase is prompted for.
-If none of these options are specified, the key is written in plain text.
-This means that using the
-.Nm dsa
-utility to read an encrypted key with no encryption option can be used to
-remove the pass phrase from a key,
-or by setting the encryption options it can be used to add or change
-the pass phrase.
-These options can only be used with PEM format output files.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-If the key is encrypted, a pass phrase will be prompted for.
-.It Fl inform Cm der | pem | pvk
-The input format.
-.It Fl modulus
-Print the value of the public key component of the key.
-.It Fl noout
-Do not output the encoded version of the key.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-If any encryption options are set then a pass phrase will be
-prompted for.
-.It Fl outform Cm der | pem | pvk
-The output format.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl pubin
-Read in a public key, not a private key.
-.It Fl pubout
-Output a public key, not a private key.
-Automatically set if the input is a public key.
-.It Xo
-.Fl pvk-none | pvk-strong | pvk-weak
-.Xc
-Enable or disable PVK encoding.
-The default is
-.Fl pvk-strong .
-.It Fl text
-Print the public/private key in plain text.
-.El
-.Tg dsaparam
-.Sh DSAPARAM
-.Bl -hang -width "openssl dsaparam"
-.It Nm openssl dsaparam
-.Bk -words
-.Op Fl C
-.Op Fl genkey
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl text
-.Op Ar numbits
-.Ek
-.El
-.Pp
-The
-.Nm dsaparam
-command is used to manipulate or generate DSA parameter files.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl C
-Convert the parameters into C code.
-The parameters can then be loaded by calling the
-.No get_dsa Ns Ar XXX
-function.
-.It Fl genkey
-Generate a DSA key either using the specified or generated
-parameters.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-If the
-.Ar numbits
-parameter is included, then this option is ignored.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl noout
-Do not output the encoded version of the parameters.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl text
-Print the DSA parameters in plain text.
-.It Ar numbits
-Generate a parameter set of size
-.Ar numbits .
-If this option is included, the input file is ignored.
-.El
-.Tg ec
-.Sh EC
-.Bl -hang -width "openssl ec"
-.It Nm openssl ec
-.Bk -words
-.Op Fl conv_form Ar arg
-.Op Fl des
-.Op Fl des3
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl param_enc Ar arg
-.Op Fl param_out
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl pubin
-.Op Fl pubout
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm ec
-command processes EC keys.
-They can be converted between various
-forms and their components printed out.
-.Nm openssl
-uses the private key format specified in
-.Dq SEC 1: Elliptic Curve Cryptography
-.Pq Lk https://www.secg.org/ .
-To convert an
-EC private key into the PKCS#8 private key format use the
-.Nm pkcs8
-command.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl conv_form Ar arg
-Specify how the points on the elliptic curve are converted
-into octet strings.
-Possible values are:
-.Cm compressed ,
-.Cm uncompressed
-(the default),
-and
-.Cm hybrid .
-For more information regarding
-the point conversion forms see the X9.62 standard.
-Note:
-Due to patent issues the
-.Cm compressed
-option is disabled by default for binary curves
-and can be enabled by defining the preprocessor macro
-.Dv OPENSSL_EC_BIN_PT_COMP
-at compile time.
-.It Fl des | des3
-Encrypt the private key with DES, triple DES, or
-any other cipher supported by
-.Nm openssl .
-A pass phrase is prompted for.
-If none of these options are specified, the key is written in plain text.
-This means that using the
-.Nm ec
-utility to read in an encrypted key with no
-encryption option can be used to remove the pass phrase from a key,
-or by setting the encryption options
-it can be used to add or change the pass phrase.
-These options can only be used with PEM format output files.
-.It Fl in Ar file
-The input file to read a key from,
-or standard input if not specified.
-If the key is encrypted, a pass phrase will be prompted for.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl noout
-Do not output the encoded version of the key.
-.It Fl out Ar file
-The output filename to write to,
-or standard output if not specified.
-If any encryption options are set then a pass phrase will be prompted for.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl param_enc Ar arg
-Specify how the elliptic curve parameters are encoded.
-Possible value are:
-.Cm named_curve ,
-i.e. the EC parameters are specified by an OID; or
-.Cm explicit ,
-where the EC parameters are explicitly given
-(see RFC 3279 for the definition of the EC parameter structures).
-The default value is
-.Cm named_curve .
-Note: the
-.Cm implicitlyCA
-alternative,
-as specified in RFC 3279,
-is currently not implemented.
-.It Fl param_out
-Print the elliptic curve parameters.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl pubin
-Read in a public key, not a private key.
-.It Fl pubout
-Output a public key, not a private key.
-Automatically set if the input is a public key.
-.It Fl text
-Print the public/private key in plain text.
-.El
-.Tg ecparam
-.Sh ECPARAM
-.Bl -hang -width "openssl ecparam"
-.It Nm openssl ecparam
-.Bk -words
-.Op Fl C
-.Op Fl check
-.Op Fl conv_form Ar arg
-.Op Fl genkey
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl list_curves
-.Op Fl name Ar arg
-.Op Fl no_seed
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl param_enc Ar arg
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm ecparam
-command is used to manipulate or generate EC parameter files.
-.Nm openssl
-is not able to generate new groups so
-.Nm ecparam
-can only create EC parameters from known (named) curves.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl C
-Convert the EC parameters into C code.
-The parameters can then be loaded by calling the
-.No get_ec_group_ Ns Ar XXX
-function.
-.It Fl check
-Validate the elliptic curve parameters.
-.It Fl conv_form Ar arg
-Specify how the points on the elliptic curve are converted
-into octet strings.
-Possible values are:
-.Cm compressed ,
-.Cm uncompressed
-(the default),
-and
-.Cm hybrid .
-For more information regarding
-the point conversion forms see the X9.62 standard.
-Note:
-Due to patent issues the
-.Cm compressed
-option is disabled by default for binary curves
-and can be enabled by defining the preprocessor macro
-.Dv OPENSSL_EC_BIN_PT_COMP
-at compile time.
-.It Fl genkey
-Generate an EC private key using the specified parameters.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl list_curves
-Print a list of all
-currently implemented EC parameter names and exit.
-.It Fl name Ar arg
-Use the EC parameters with the specified "short" name.
-.It Fl no_seed
-Do not include the seed for the parameter generation
-in the ECParameters structure (see RFC 3279).
-.It Fl noout
-Do not output the encoded version of the parameters.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl param_enc Ar arg
-Specify how the elliptic curve parameters are encoded.
-Possible value are:
-.Cm named_curve ,
-i.e. the EC parameters are specified by an OID, or
-.Cm explicit ,
-where the EC parameters are explicitly given
-(see RFC 3279 for the definition of the EC parameter structures).
-The default value is
-.Cm named_curve .
-Note: the
-.Cm implicitlyCA
-alternative, as specified in RFC 3279,
-is currently not implemented.
-.It Fl text
-Print the EC parameters in plain text.
-.El
-.Tg enc
-.Sh ENC
-.Bl -hang -width "openssl enc"
-.It Nm openssl enc
-.Bk -words
-.Fl ciphername
-.Op Fl AadePpv
-.Op Fl base64
-.Op Fl bufsize Ar number
-.Op Fl debug
-.Op Fl in Ar file
-.Op Fl iter Ar iterations
-.Op Fl iv Ar IV
-.Op Fl K Ar key
-.Op Fl k Ar password
-.Op Fl kfile Ar file
-.Op Fl md Ar digest
-.Op Fl none
-.Op Fl nopad
-.Op Fl nosalt
-.Op Fl out Ar file
-.Op Fl pass Ar arg
-.Op Fl pbkdf2
-.Op Fl S Ar salt
-.Op Fl salt
-.Ek
-.El
-.Pp
-The symmetric cipher commands allow data to be encrypted or decrypted
-using various block and stream ciphers using keys based on passwords
-or explicitly provided.
-Base64 encoding or decoding can also be performed either by itself
-or in addition to the encryption or decryption.
-The program can be called either as
-.Nm openssl Ar ciphername
-or
-.Nm openssl enc - Ns Ar ciphername .
-.Pp
-Some of the ciphers do not have large keys and others have security
-implications if not used correctly.
-All the block ciphers normally use PKCS#5 padding,
-also known as standard block padding.
-If padding is disabled, the input data must be a multiple of the cipher
-block length.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl A
-If the
-.Fl a
-option is set, then base64 process the data on one line.
-.It Fl a , base64
-Base64 process the data.
-This means that if encryption is taking place, the data is base64-encoded
-after encryption.
-If decryption is set, the input data is base64-decoded before
-being decrypted.
-.It Fl bufsize Ar number
-Set the buffer size for I/O.
-.It Fl d
-Decrypt the input data.
-.It Fl debug
-Debug the BIOs used for I/O.
-.It Fl e
-Encrypt the input data.
-This is the default.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl iter Ar iterations
-Use the pbkdf2 key derivation function, with
-.Ar iterations
-as the number of iterations.
-.It Fl iv Ar IV
-The actual
-.Ar IV
-.Pq initialisation vector
-to use:
-this must be represented as a string comprised only of hex digits.
-When only the
-.Ar key
-is specified using the
-.Fl K
-option,
-the IV must explicitly be defined.
-When a password is being specified using one of the other options,
-the IV is generated from this password.
-.It Fl K Ar key
-The actual
-.Ar key
-to use:
-this must be represented as a string comprised only of hex digits.
-If only the key is specified,
-the IV must also be specified using the
-.Fl iv
-option.
-When both a
-.Ar key
-and a
-.Ar password
-are specified, the
-.Ar key
-given with the
-.Fl K
-option will be used and the IV generated from the password will be taken.
-It probably does not make much sense to specify both
-.Ar key
-and
-.Ar password .
-.It Fl k Ar password
-The
-.Ar password
-to derive the key from.
-Superseded by the
-.Fl pass
-option.
-.It Fl kfile Ar file
-Read the password to derive the key from the first line of
-.Ar file .
-Superseded by the
-.Fl pass
-option.
-.It Fl md Ar digest
-Use
-.Ar digest
-to create a key from a pass phrase.
-Currently, the default value is
-.Cm sha256 .
-.It Fl none
-Use NULL cipher (no encryption or decryption of input).
-.It Fl nopad
-Disable standard block padding.
-.It Fl nosalt
-Don't use a salt in the key derivation routines.
-This option should never be used
-since it makes it possible to perform efficient dictionary
-attacks on the password and to attack stream cipher encrypted data.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl P
-Print out the salt, key, and IV used, then immediately exit;
-don't do any encryption or decryption.
-.It Fl p
-Print out the salt, key, and IV used.
-.It Fl pass Ar arg
-The password source.
-.It Fl pbkdf2
-Use the pbkdf2 key derivation function, with
-the default of 10000 iterations.
-.It Fl S Ar salt
-The actual
-.Ar salt
-to use:
-this must be represented as a string comprised only of hex digits.
-.It Fl salt
-Use a salt in the key derivation routines (the default).
-When the salt is being used,
-the first eight bytes of the encrypted data are reserved for the salt:
-it is randomly generated when encrypting a file and read from the
-encrypted file when it is decrypted.
-.It Fl v
-Print extra details about the processing.
-.El
-.Tg errstr
-.Sh ERRSTR
-.Nm openssl errstr
-.Ar errno ...
-.Pp
-The
-.Nm errstr
-command performs error number to error string conversion,
-generating a human-readable string representing the error code
-.Ar errno .
-The string is obtained through the
-.Xr ERR_error_string_n 3
-function and has the following format:
-.Pp
-.Dl error:[error code]:[library name]:[function name]:[reason string]
-.Pp
-.Bq error code
-is an 8-digit hexadecimal number.
-The remaining fields
-.Bq library name ,
-.Bq function name ,
-and
-.Bq reason string
-are all ASCII text.
-.Tg gendsa
-.Sh GENDSA
-.Bl -hang -width "openssl gendsa"
-.It Nm openssl gendsa
-.Bk -words
-.Oo
-.Fl aes128 | aes192 | aes256 | camellia128 |
-.Fl camellia192 | camellia256 | des | des3 | idea
-.Oc
-.Op Fl out Ar file
-.Op Fl passout Ar arg
-.Ar paramfile
-.Ek
-.El
-.Pp
-The
-.Nm gendsa
-command generates a DSA private key from a DSA parameter file
-(typically generated by the
-.Nm openssl dsaparam
-command).
-DSA key generation is little more than random number generation so it is
-much quicker than,
-for example,
-RSA key generation.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Xo
-.Fl aes128 | aes192 | aes256 |
-.Fl camellia128 | camellia192 | camellia256 |
-.Fl des | des3 |
-.Fl idea
-.Xc
-Encrypt the private key with the AES, CAMELLIA, DES, triple DES
-or the IDEA ciphers, respectively, before outputting it.
-A pass phrase is prompted for.
-If none of these options are specified, no encryption is used.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passout Ar arg
-The output file password source.
-.It Ar paramfile
-Specify the DSA parameter file to use.
-The parameters in this file determine the size of the private key.
-.El
-.Tg genpkey
-.Sh GENPKEY
-.Bl -hang -width "openssl genpkey"
-.It Nm openssl genpkey
-.Bk -words
-.Op Fl algorithm Ar alg
-.Op Ar cipher
-.Op Fl genparam
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl paramfile Ar file
-.Op Fl pass Ar arg
-.Op Fl pkeyopt Ar opt : Ns Ar value
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm genpkey
-command generates private keys.
-The use of this
-program is encouraged over the algorithm specific utilities
-because additional algorithm options can be used.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl algorithm Ar alg
-The public key algorithm to use,
-such as RSA, DSA, or DH.
-This option must precede any
-.Fl pkeyopt
-options.
-The options
-.Fl paramfile
-and
-.Fl algorithm
-are mutually exclusive.
-.It Ar cipher
-Encrypt the private key with the supplied cipher.
-Any algorithm name accepted by
-.Xr EVP_get_cipherbyname 3
-is acceptable.
-.It Fl genparam
-Generate a set of parameters instead of a private key.
-This option must precede any
-.Fl algorithm ,
-.Fl paramfile ,
-or
-.Fl pkeyopt
-options.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl paramfile Ar file
-Some public key algorithms generate a private key based on a set of parameters,
-which can be supplied using this option.
-If this option is used, the public key
-algorithm used is determined by the parameters.
-This option must precede any
-.Fl pkeyopt
-options.
-The options
-.Fl paramfile
-and
-.Fl algorithm
-are mutually exclusive.
-.It Fl pass Ar arg
-The output file password source.
-.It Fl pkeyopt Ar opt : Ns Ar value
-Set the public key algorithm option
-.Ar opt
-to
-.Ar value ,
-as follows:
-.Bl -tag -width Ds -offset indent
-.It rsa_keygen_bits : Ns Ar numbits
-(RSA)
-The number of bits in the generated key.
-The default is 2048.
-.It rsa_keygen_pubexp : Ns Ar value
-(RSA)
-The RSA public exponent value.
-This can be a large decimal or hexadecimal value if preceded by 0x.
-The default is 65537.
-.It dsa_paramgen_bits : Ns Ar numbits
-(DSA)
-The number of bits in the generated parameters.
-The default is 1024.
-.It dh_paramgen_prime_len : Ns Ar numbits
-(DH)
-The number of bits in the prime parameter
-.Ar p .
-.It dh_paramgen_generator : Ns Ar value
-(DH)
-The value to use for the generator
-.Ar g .
-.It ec_paramgen_curve : Ns Ar curve
-(EC)
-The elliptic curve to use.
-.El
-.It Fl text
-Print the private/public key in plain text.
-.El
-.Tg genrsa
-.Sh GENRSA
-.Bl -hang -width "openssl genrsa"
-.It Nm openssl genrsa
-.Bk -words
-.Op Fl 3 | f4
-.Oo
-.Fl aes128 | aes192 | aes256 | camellia128 |
-.Fl camellia192 | camellia256 | des | des3 | idea
-.Oc
-.Op Fl out Ar file
-.Op Fl passout Ar arg
-.Op Ar numbits
-.Ek
-.El
-.Pp
-The
-.Nm genrsa
-command generates an RSA private key,
-which essentially involves the generation of two prime numbers.
-When generating the key,
-various symbols will be output to indicate the progress of the generation.
-A
-.Sq \&.
-represents each number which has passed an initial sieve test;
-.Sq +
-means a number has passed a single round of the Miller-Rabin primality test;
-.Sq *
-means the number has failed primality testing
-and needs to be generated afresh.
-A newline means that the number has passed all the prime tests
-(the actual number depends on the key size).
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl 3 | f4
-The public exponent to use, either 3 or 65537.
-The default is 65537.
-.It Xo
-.Fl aes128 | aes192 | aes256 |
-.Fl camellia128 | camellia192 | camellia256 |
-.Fl des | des3 |
-.Fl idea
-.Xc
-Encrypt the private key with the AES, CAMELLIA, DES, triple DES
-or the IDEA ciphers, respectively, before outputting it.
-If none of these options are specified, no encryption is used.
-If encryption is used, a pass phrase is prompted for,
-if it is not supplied via the
-.Fl passout
-option.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passout Ar arg
-The output file password source.
-.It Ar numbits
-The size of the private key to generate in bits.
-This must be the last option specified.
-The default is 2048.
-.El
-.Tg ocsp
-.Sh OCSP
-.Bl -hang -width "openssl ocsp"
-.It Nm openssl ocsp
-.Bk -words
-.Op Fl CA Ar file
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl cert Ar file
-.Op Fl dgst Ar alg
-.Op Fl header Ar name value
-.Op Fl host Ar hostname : Ns Ar port
-.Op Fl ignore_err
-.Op Fl index Ar indexfile
-.Op Fl issuer Ar file
-.Op Fl ndays Ar days
-.Op Fl nmin Ar minutes
-.Op Fl no_cert_checks
-.Op Fl no_cert_verify
-.Op Fl no_certs
-.Op Fl no_chain
-.Op Fl no_explicit
-.Op Fl no_intern
-.Op Fl no_nonce
-.Op Fl no_signature_verify
-.Op Fl nonce
-.Op Fl noverify
-.Op Fl nrequest Ar number
-.Op Fl out Ar file
-.Op Fl path Ar path
-.Op Fl port Ar portnum
-.Op Fl req_text
-.Op Fl reqin Ar file
-.Op Fl reqout Ar file
-.Op Fl resp_key_id
-.Op Fl resp_no_certs
-.Op Fl resp_text
-.Op Fl respin Ar file
-.Op Fl respout Ar file
-.Op Fl rkey Ar file
-.Op Fl rother Ar file
-.Op Fl rsigner Ar file
-.Op Fl serial Ar num
-.Op Fl sign_other Ar file
-.Op Fl signer Ar file
-.Op Fl signkey Ar file
-.Op Fl status_age Ar age
-.Op Fl text
-.Op Fl timeout Ar seconds
-.Op Fl trust_other
-.Op Fl url Ar responder_url
-.Op Fl VAfile Ar file
-.Op Fl validity_period Ar nsec
-.Op Fl verify_other Ar file
-.Ek
-.El
-.Pp
-The Online Certificate Status Protocol (OCSP)
-enables applications to determine the (revocation) state
-of an identified certificate (RFC 2560).
-.Pp
-The
-.Nm ocsp
-command performs many common OCSP tasks.
-It can be used to print out requests and responses,
-create requests and send queries to an OCSP responder,
-and behave like a mini OCSP server itself.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl CAfile Ar file , Fl CApath Ar directory
-A file or path containing trusted CA certificates,
-used to verify the signature on the OCSP response.
-.It Fl cert Ar file
-Add the certificate
-.Ar file
-to the request.
-The issuer certificate is taken from the previous
-.Fl issuer
-option, or an error occurs if no issuer certificate is specified.
-.It Fl dgst Ar alg
-Use the digest algorithm
-.Ar alg
-for certificate identification in the OCSP request.
-By default SHA1 is used.
-.It Xo
-.Fl host Ar hostname : Ns Ar port ,
-.Fl path Ar path
-.Xc
-Send
-the OCSP request to
-.Ar hostname
-on
-.Ar port .
-.Fl path
-specifies the HTTP path name to use, or
-.Pa /
-by default.
-.It Fl header Ar name value
-Add the header name with the specified value to the OCSP request that is sent
-to the responder.
-This may be repeated.
-.It Fl issuer Ar file
-The current issuer certificate, in PEM format.
-Can be used multiple times and must come before any
-.Fl cert
-options.
-.It Fl no_cert_checks
-Don't perform any additional checks on the OCSP response signer's certificate.
-That is, do not make any checks to see if the signer's certificate is
-authorised to provide the necessary status information:
-as a result this option should only be used for testing purposes.
-.It Fl no_cert_verify
-Don't verify the OCSP response signer's certificate at all.
-Since this option allows the OCSP response to be signed by any certificate,
-it should only be used for testing purposes.
-.It Fl no_certs
-Don't include any certificates in the signed request.
-.It Fl no_chain
-Do not use certificates in the response as additional untrusted CA
-certificates.
-.It Fl no_explicit
-Don't check the explicit trust for OCSP signing in the root CA certificate.
-.It Fl no_intern
-Ignore certificates contained in the OCSP response
-when searching for the signer's certificate.
-The signer's certificate must be specified with either the
-.Fl verify_other
-or
-.Fl VAfile
-options.
-.It Fl no_signature_verify
-Don't check the signature on the OCSP response.
-Since this option tolerates invalid signatures on OCSP responses,
-it will normally only be used for testing purposes.
-.It Fl nonce , no_nonce
-Add an OCSP nonce extension to a request,
-or disable an OCSP nonce addition.
-Normally, if an OCSP request is input using the
-.Fl respin
-option no nonce is added:
-using the
-.Fl nonce
-option will force the addition of a nonce.
-If an OCSP request is being created (using the
-.Fl cert
-and
-.Fl serial
-options),
-a nonce is automatically added; specifying
-.Fl no_nonce
-overrides this.
-.It Fl noverify
-Don't attempt to verify the OCSP response signature or the nonce values.
-This is normally only be used for debugging
-since it disables all verification of the responder's certificate.
-.It Fl out Ar file
-Specify the output file to write to,
-or standard output if not specified.
-.It Fl req_text , resp_text , text
-Print out the text form of the OCSP request, response, or both, respectively.
-.It Fl reqin Ar file , Fl respin Ar file
-Read an OCSP request or response file from
-.Ar file .
-These options are ignored
-if an OCSP request or response creation is implied by other options
-(for example with the
-.Fl serial , cert ,
-and
-.Fl host
-options).
-.It Fl reqout Ar file , Fl respout Ar file
-Write out the DER-encoded certificate request or response to
-.Ar file .
-.It Fl serial Ar num
-Same as the
-.Fl cert
-option except the certificate with serial number
-.Ar num
-is added to the request.
-The serial number is interpreted as a decimal integer unless preceded by
-.Sq 0x .
-Negative integers can also be specified
-by preceding the value with a minus sign.
-.It Fl sign_other Ar file
-Additional certificates to include in the signed request.
-.It Fl signer Ar file , Fl signkey Ar file
-Sign the OCSP request using the certificate specified in the
-.Fl signer
-option and the private key specified by the
-.Fl signkey
-option.
-If the
-.Fl signkey
-option is not present, then the private key is read from the same file
-as the certificate.
-If neither option is specified, the OCSP request is not signed.
-.It Fl timeout Ar seconds
-Connection timeout to the OCSP responder in seconds.
-.It Fl trust_other
-The certificates specified by the
-.Fl verify_other
-option should be explicitly trusted and no additional checks will be
-performed on them.
-This is useful when the complete responder certificate chain is not available
-or trusting a root CA is not appropriate.
-.It Fl url Ar responder_url
-Specify the responder URL.
-Both HTTP and HTTPS
-.Pq SSL/TLS
-URLs can be specified.
-.It Fl VAfile Ar file
-A file containing explicitly trusted responder certificates.
-Equivalent to the
-.Fl verify_other
-and
-.Fl trust_other
-options.
-.It Fl validity_period Ar nsec , Fl status_age Ar age
-The range of times, in seconds, which will be tolerated in an OCSP response.
-Each certificate status response includes a notBefore time
-and an optional notAfter time.
-The current time should fall between these two values,
-but the interval between the two times may be only a few seconds.
-In practice the OCSP responder and clients' clocks may not be precisely
-synchronised and so such a check may fail.
-To avoid this the
-.Fl validity_period
-option can be used to specify an acceptable error range in seconds,
-the default value being 5 minutes.
-.Pp
-If the notAfter time is omitted from a response,
-it means that new status information is immediately available.
-In this case the age of the notBefore field is checked
-to see it is not older than
-.Ar age
-seconds old.
-By default, this additional check is not performed.
-.It Fl verify_other Ar file
-A file containing additional certificates to search
-when attempting to locate the OCSP response signing certificate.
-Some responders omit the actual signer's certificate from the response,
-so this can be used to supply the necessary certificate.
-.El
-.Pp
-The options for the OCSP server are as follows:
-.Bl -tag -width "XXXX"
-.It Fl CA Ar file
-CA certificate corresponding to the revocation information in
-.Ar indexfile .
-.It Fl ignore_err
-Ignore the invalid response.
-.It Fl index Ar indexfile
-.Ar indexfile
-is a text index file in ca format
-containing certificate revocation information.
-.Pp
-If this option is specified,
-.Nm ocsp
-is in responder mode, otherwise it is in client mode.
-The requests the responder processes can be either specified on
-the command line (using the
-.Fl issuer
-and
-.Fl serial
-options), supplied in a file (using the
-.Fl respin
-option), or via external OCSP clients (if
-.Ar port
-or
-.Ar url
-is specified).
-.Pp
-If this option is present, then the
-.Fl CA
-and
-.Fl rsigner
-options must also be present.
-.It Fl nmin Ar minutes , Fl ndays Ar days
-Number of
-.Ar minutes
-or
-.Ar days
-when fresh revocation information is available:
-used in the nextUpdate field.
-If neither option is present,
-the nextUpdate field is omitted,
-meaning fresh revocation information is immediately available.
-.It Fl nrequest Ar number
-Exit after receiving
-.Ar number
-requests (the default is unlimited).
-.It Fl port Ar portnum
-Port to listen for OCSP requests on.
-May also be specified using the
-.Fl url
-option.
-.It Fl resp_key_id
-Identify the signer certificate using the key ID;
-the default is to use the subject name.
-.It Fl resp_no_certs
-Don't include any certificates in the OCSP response.
-.It Fl rkey Ar file
-The private key to sign OCSP responses with;
-if not present, the file specified in the
-.Fl rsigner
-option is used.
-.It Fl rother Ar file
-Additional certificates to include in the OCSP response.
-.It Fl rsigner Ar file
-The certificate to sign OCSP responses with.
-.El
-.Pp
-Initially the OCSP responder certificate is located and the signature on
-the OCSP request checked using the responder certificate's public key.
-Then a normal certificate verify is performed on the OCSP responder certificate
-building up a certificate chain in the process.
-The locations of the trusted certificates used to build the chain can be
-specified by the
-.Fl CAfile
-and
-.Fl CApath
-options or they will be looked for in the standard
-.Nm openssl
-certificates directory.
-.Pp
-If the initial verify fails, the OCSP verify process halts with an error.
-Otherwise the issuing CA certificate in the request is compared to the OCSP
-responder certificate: if there is a match then the OCSP verify succeeds.
-.Pp
-Otherwise the OCSP responder certificate's CA is checked against the issuing
-CA certificate in the request.
-If there is a match and the OCSPSigning extended key usage is present
-in the OCSP responder certificate, then the OCSP verify succeeds.
-.Pp
-Otherwise the root CA of the OCSP responder's CA is checked to see if it
-is trusted for OCSP signing.
-If it is, the OCSP verify succeeds.
-.Pp
-If none of these checks is successful, the OCSP verify fails.
-What this effectively means is that if the OCSP responder certificate is
-authorised directly by the CA it is issuing revocation information about
-(and it is correctly configured),
-then verification will succeed.
-.Pp
-If the OCSP responder is a global responder,
-which can give details about multiple CAs
-and has its own separate certificate chain,
-then its root CA can be trusted for OCSP signing.
-Alternatively, the responder certificate itself can be explicitly trusted
-with the
-.Fl VAfile
-option.
-.Tg passwd
-.Sh PASSWD
-.Bl -hang -width "openssl passwd"
-.It Nm openssl passwd
-.Bk -words
-.Op Fl 1 | apr1 | crypt
-.Op Fl in Ar file
-.Op Fl noverify
-.Op Fl quiet
-.Op Fl reverse
-.Op Fl salt Ar string
-.Op Fl stdin
-.Op Fl table
-.Op Ar password
-.Ek
-.El
-.Pp
-The
-.Nm passwd
-command computes the hash of a password.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl 1
-Use the MD5 based
-.Bx
-password algorithm
-.Qq 1 .
-.It Fl apr1
-Use the
-.Qq apr1
-algorithm
-.Po
-Apache variant of the
-.Bx
-algorithm
-.Pc .
-.It Fl crypt
-Use the
-.Qq crypt
-algorithm (the default).
-.It Fl in Ar file
-Read passwords from
-.Ar file .
-.It Fl noverify
-Don't verify when reading a password from the terminal.
-.It Fl quiet
-Don't output warnings when passwords given on the command line are truncated.
-.It Fl reverse
-Switch table columns.
-This only makes sense in conjunction with the
-.Fl table
-option.
-.It Fl salt Ar string
-Use the salt specified by
-.Ar string .
-When reading a password from the terminal, this implies
-.Fl noverify .
-.It Fl stdin
-Read passwords from standard input.
-.It Fl table
-In the output list, prepend the cleartext password and a TAB character
-to each password hash.
-.El
-.Tg pkcs7
-.Sh PKCS7
-.Bl -hang -width "openssl pkcs7"
-.It Nm openssl pkcs7
-.Bk -words
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl print
-.Op Fl print_certs
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm pkcs7
-command processes PKCS#7 files in DER or PEM format.
-The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl noout
-Don't output the encoded version of the PKCS#7 structure
-(or certificates if
-.Fl print_certs
-is set).
-.It Fl out Ar file
-The output to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl print
-Print the ASN.1 representation of PKCS#7 structure.
-.It Fl print_certs
-Print any certificates or CRLs contained in the file,
-preceded by their subject and issuer names in a one-line format.
-.It Fl text
-Print certificate details in full rather than just subject and issuer names.
-.El
-.Tg pkcs8
-.Sh PKCS8
-.Bl -hang -width "openssl pkcs8"
-.It Nm openssl pkcs8
-.Bk -words
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl nocrypt
-.Op Fl noiter
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl topk8
-.Op Fl v1 Ar alg
-.Op Fl v2 Ar alg
-.Ek
-.El
-.Pp
-The
-.Nm pkcs8
-command processes private keys
-(both encrypted and unencrypted)
-in PKCS#8 format
-with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
-The default encryption is only 56 bits;
-keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
-are more secure.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-If the key is encrypted, a pass phrase will be prompted for.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl nocrypt
-Generate an unencrypted PrivateKeyInfo structure.
-This option does not encrypt private keys at all
-and should only be used when absolutely necessary.
-.It Fl noiter
-Use an iteration count of 1.
-See the
-.Sx PKCS12
-section below for a detailed explanation of this option.
-.It Fl out Ar file
-The output file to write to,
-or standard output if none is specified.
-If any encryption options are set, a pass phrase will be prompted for.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl topk8
-Read a traditional format private key and write a PKCS#8 format key.
-.It Fl v1 Ar alg
-Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
-.Pp
-.Bl -tag -width "XXXX" -compact
-.It PBE-MD5-DES
-56-bit DES.
-.It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
-64-bit RC2 or 56-bit DES.
-.It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
-.It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
-PKCS#12 password-based encryption algorithm,
-which allow strong encryption algorithms like triple DES or 128-bit RC2.
-.El
-.It Fl v2 Ar alg
-Use PKCS#5 v2.0 algorithms.
-Supports algorithms such as 168-bit triple DES or 128-bit RC2,
-however not many implementations support PKCS#5 v2.0 yet
-(if using private keys with
-.Nm openssl
-this doesn't matter).
-.Pp
-.Ar alg
-is the encryption algorithm to use;
-valid values include des, des3, and rc2.
-It is recommended that des3 is used.
-.El
-.Tg pkcs12
-.Sh PKCS12
-.Bl -hang -width "openssl pkcs12"
-.It Nm openssl pkcs12
-.Bk -words
-.Oo
-.Fl aes128 | aes192 | aes256 | camellia128 |
-.Fl camellia192 | camellia256 | des | des3 | idea
-.Oc
-.Op Fl cacerts
-.Op Fl CAfile Ar file
-.Op Fl caname Ar name
-.Op Fl CApath Ar directory
-.Op Fl certfile Ar file
-.Op Fl certpbe Ar alg
-.Op Fl chain
-.Op Fl clcerts
-.Op Fl descert
-.Op Fl export
-.Op Fl in Ar file
-.Op Fl info
-.Op Fl inkey Ar file
-.Op Fl keyex
-.Op Fl keypbe Ar alg
-.Op Fl keysig
-.Op Fl macalg Ar alg
-.Op Fl maciter
-.Op Fl name Ar name
-.Op Fl nocerts
-.Op Fl nodes
-.Op Fl noiter
-.Op Fl nokeys
-.Op Fl nomac
-.Op Fl nomaciter
-.Op Fl nomacver
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl password Ar arg
-.Op Fl twopass
-.Ek
-.El
-.Pp
-The
-.Nm pkcs12
-command allows PKCS#12 files
-.Pq sometimes referred to as PFX files
-to be created and parsed.
-By default, a PKCS#12 file is parsed;
-a PKCS#12 file can be created by using the
-.Fl export
-option.
-.Pp
-The options for parsing a PKCS12 file are as follows:
-.Bl -tag -width "XXXX"
-.It Xo
-.Fl aes128 | aes192 | aes256 |
-.Fl camellia128 | camellia192 | camellia256 |
-.Fl des | des3 |
-.Fl idea
-.Xc
-Encrypt private keys using AES, CAMELLIA, DES, triple DES
-or the IDEA ciphers, respectively.
-The default is triple DES.
-.It Fl cacerts
-Only output CA certificates
-.Pq not client certificates .
-.It Fl clcerts
-Only output client certificates
-.Pq not CA certificates .
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl info
-Output additional information about the PKCS#12 file structure,
-algorithms used, and iteration counts.
-.It Fl nocerts
-Do not output certificates.
-.It Fl nodes
-Do not encrypt private keys.
-.It Fl nokeys
-Do not output private keys.
-.It Fl nomacver
-Do not attempt to verify the integrity MAC before reading the file.
-.It Fl noout
-Do not output the keys and certificates to the output file
-version of the PKCS#12 file.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl twopass
-Prompt for separate integrity and encryption passwords: most software
-always assumes these are the same so this option will render such
-PKCS#12 files unreadable.
-.El
-.Pp
-The options for PKCS12 file creation are as follows:
-.Bl -tag -width "XXXX"
-.It Fl CAfile Ar file
-CA storage as a file.
-.It Fl CApath Ar directory
-CA storage as a directory.
-The directory must be a standard certificate directory:
-that is, a hash of each subject name (using
-.Nm x509 Fl hash )
-should be linked to each certificate.
-.It Fl caname Ar name
-Specify the
-.Qq friendly name
-for other certificates.
-May be used multiple times to specify names for all certificates
-in the order they appear.
-.It Fl certfile Ar file
-A file to read additional certificates from.
-.It Fl certpbe Ar alg , Fl keypbe Ar alg
-Specify the algorithm used to encrypt the private key and
-certificates to be selected.
-Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
-If a cipher name
-(as output by the
-.Cm list-cipher-algorithms
-command) is specified then it
-is used with PKCS#5 v2.0.
-For interoperability reasons it is advisable to only use PKCS#12 algorithms.
-.It Fl chain
-Include the entire certificate chain of the user certificate.
-The standard CA store is used for this search.
-If the search fails, it is considered a fatal error.
-.It Fl descert
-Encrypt the certificate using triple DES; this may render the PKCS#12
-file unreadable by some
-.Qq export grade
-software.
-By default, the private key is encrypted using triple DES and the
-certificate using 40-bit RC2.
-.It Fl export
-Create a PKCS#12 file (rather than parsing one).
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-The order doesn't matter but one private key and its corresponding
-certificate should be present.
-If additional certificates are present, they will also be included
-in the PKCS#12 file.
-.It Fl inkey Ar file
-File to read a private key from.
-If not present, a private key must be present in the input file.
-.It Fl keyex | keysig
-Specify whether the private key is to be used for key exchange or just signing.
-Normally,
-.Qq export grade
-software will only allow 512-bit RSA keys to be
-used for encryption purposes, but arbitrary length keys for signing.
-The
-.Fl keysig
-option marks the key for signing only.
-Signing only keys can be used for S/MIME signing, authenticode
-(ActiveX control signing)
-and SSL client authentication.
-.It Fl macalg Ar alg
-Specify the MAC digest algorithm.
-The default is SHA1.
-.It Fl maciter
-Included for compatibility only:
-it used to be needed to use MAC iterations counts
-but they are now used by default.
-.It Fl name Ar name
-Specify the
-.Qq friendly name
-for the certificate and private key.
-This name is typically displayed in list boxes by software importing the file.
-.It Fl nomac
-Don't attempt to provide the MAC integrity.
-.It Fl nomaciter , noiter
-Affect the iteration counts on the MAC and key algorithms.
-.Pp
-To discourage attacks by using large dictionaries of common passwords,
-the algorithm that derives keys from passwords can have an iteration count
-applied to it: this causes a certain part of the algorithm to be repeated
-and slows it down.
-The MAC is used to check the file integrity but since it will normally
-have the same password as the keys and certificates it could also be attacked.
-By default, both MAC and encryption iteration counts are set to 2048;
-using these options the MAC and encryption iteration counts can be set to 1.
-Since this reduces the file security, you should not use these options
-unless you really have to.
-Most software supports both MAC and key iteration counts.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl password Ar arg
-With
-.Fl export ,
-.Fl password
-is equivalent to
-.Fl passout .
-Otherwise,
-.Fl password
-is equivalent to
-.Fl passin .
-.El
-.Tg pkey
-.Sh PKEY
-.Bl -hang -width "openssl pkey"
-.It Nm openssl pkey
-.Bk -words
-.Op Ar cipher
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl pubin
-.Op Fl pubout
-.Op Fl text
-.Op Fl text_pub
-.Ek
-.El
-.Pp
-The
-.Nm pkey
-command processes public or private keys.
-They can be converted between various forms
-and their components printed out.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Ar cipher
-Encrypt the private key with the specified cipher.
-Any algorithm name accepted by
-.Xr EVP_get_cipherbyname 3
-is acceptable, such as
-.Cm des3 .
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-If the key is encrypted, a pass phrase will be prompted for.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl noout
-Do not output the encoded version of the key.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-If any encryption options are set then a pass phrase
-will be prompted for.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl pubin
-Read in a public key, not a private key.
-.It Fl pubout
-Output a public key, not a private key.
-Automatically set if the input is a public key.
-.It Fl text
-Print the public/private key in plain text.
-.It Fl text_pub
-Print out only public key components
-even if a private key is being processed.
-.El
-.Tg pkeyparam
-.Sh PKEYPARAM
-.Cm openssl pkeyparam
-.Op Fl in Ar file
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl text
-.Pp
-The
-.Nm pkeyparam
-command processes public or private keys.
-The key type is determined by the PEM headers.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl noout
-Do not output the encoded version of the parameters.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl text
-Print the parameters in plain text.
-.El
-.Tg pkeyutl
-.Sh PKEYUTL
-.Bl -hang -width "openssl pkeyutl"
-.It Nm openssl pkeyutl
-.Bk -words
-.Op Fl asn1parse
-.Op Fl certin
-.Op Fl decrypt
-.Op Fl derive
-.Op Fl encrypt
-.Op Fl hexdump
-.Op Fl in Ar file
-.Op Fl inkey Ar file
-.Op Fl keyform Cm der | pem
-.Op Fl out Ar file
-.Op Fl passin Ar arg
-.Op Fl peerform Cm der | pem
-.Op Fl peerkey Ar file
-.Op Fl pkeyopt Ar opt : Ns Ar value
-.Op Fl pubin
-.Op Fl rev
-.Op Fl sigfile Ar file
-.Op Fl sign
-.Op Fl verify
-.Op Fl verifyrecover
-.Ek
-.El
-.Pp
-The
-.Nm pkeyutl
-command can be used to perform public key operations using
-any supported algorithm.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl asn1parse
-ASN.1 parse the output data.
-This is useful when combined with the
-.Fl verifyrecover
-option when an ASN.1 structure is signed.
-.It Fl certin
-The input is a certificate containing a public key.
-.It Fl decrypt
-Decrypt the input data using a private key.
-.It Fl derive
-Derive a shared secret using the peer key.
-.It Fl encrypt
-Encrypt the input data using a public key.
-.It Fl hexdump
-Hex dump the output data.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl inkey Ar file
-The input key file.
-By default it should be a private key.
-.It Fl keyform Cm der | pem
-The key format.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passin Ar arg
-The key password source.
-.It Fl peerform Cm der | pem
-The peer key format.
-.It Fl peerkey Ar file
-The peer key file, used by key derivation (agreement) operations.
-.It Fl pkeyopt Ar opt : Ns Ar value
-Set the public key algorithm option
-.Ar opt
-to
-.Ar value .
-Unless otherwise mentioned, all algorithms support the format
-.Ar digest : Ns Ar alg ,
-which specifies the digest to use
-for sign, verify, and verifyrecover operations.
-The value
-.Ar alg
-should represent a digest name as used in the
-.Xr EVP_get_digestbyname 3
-function.
-.Pp
-The RSA algorithm supports the
-encrypt, decrypt, sign, verify, and verifyrecover operations in general.
-Some padding modes only support some of these
-operations however.
-.Bl -tag -width Ds
-.It rsa_padding_mode : Ns Ar mode
-This sets the RSA padding mode.
-Acceptable values for
-.Ar mode
-are
-.Cm pkcs1
-for PKCS#1 padding;
-.Cm none
-for no padding;
-.Cm oaep
-for OAEP mode;
-.Cm x931
-for X9.31 mode;
-and
-.Cm pss
-for PSS.
-.Pp
-In PKCS#1 padding if the message digest is not set then the supplied data is
-signed or verified directly instead of using a DigestInfo structure.
-If a digest is set then a DigestInfo
-structure is used and its length
-must correspond to the digest type.
-For oeap mode only encryption and decryption is supported.
-For x931 if the digest type is set it is used to format the block data;
-otherwise the first byte is used to specify the X9.31 digest ID.
-Sign, verify, and verifyrecover can be performed in this mode.
-For pss mode only sign and verify are supported and the digest type must be
-specified.
-.It rsa_pss_saltlen : Ns Ar len
-For pss
-mode only this option specifies the salt length.
-Two special values are supported:
--1 sets the salt length to the digest length.
-When signing, -2 sets the salt length to the maximum permissible value.
-When verifying, -2 causes the salt length to be automatically determined
-based on the PSS block structure.
-.El
-.Pp
-The DSA algorithm supports the sign and verify operations.
-Currently there are no additional options other than
-.Ar digest .
-Only the SHA1 digest can be used and this digest is assumed by default.
-.Pp
-The DH algorithm supports the derive operation
-and no additional options.
-.Pp
-The EC algorithm supports the sign, verify, and derive operations.
-The sign and verify operations use ECDSA and derive uses ECDH.
-Currently there are no additional options other than
-.Ar digest .
-Only the SHA1 digest can be used and this digest is assumed by default.
-.It Fl pubin
-The input file is a public key.
-.It Fl rev
-Reverse the order of the input buffer.
-.It Fl sigfile Ar file
-Signature file (verify operation only).
-.It Fl sign
-Sign the input data and output the signed result.
-This requires a private key.
-.It Fl verify
-Verify the input data against the signature file and indicate if the
-verification succeeded or failed.
-.It Fl verifyrecover
-Verify the input data and output the recovered data.
-.El
-.Tg prime
-.Sh PRIME
-.Cm openssl prime
-.Op Fl bits Ar n
-.Op Fl checks Ar n
-.Op Fl generate
-.Op Fl hex
-.Op Fl safe
-.Ar p
-.Pp
-The
-.Nm prime
-command is used to generate prime numbers,
-or to check numbers for primality.
-Results are probabilistic:
-they have an exceedingly high likelihood of being correct,
-but are not guaranteed.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl bits Ar n
-Specify the number of bits in the generated prime number.
-Must be used in conjunction with
-.Fl generate .
-.It Fl checks Ar n
-Perform a Miller-Rabin probabilistic primality test with
-.Ar n
-iterations.
-The default is 20.
-.It Fl generate
-Generate a pseudo-random prime number.
-Must be used in conjunction with
-.Fl bits .
-.It Fl hex
-Output in hex format.
-.It Fl safe
-Generate only
-.Qq safe
-prime numbers
-(i.e. a prime p so that (p-1)/2 is also prime).
-.It Ar p
-Test if number
-.Ar p
-is prime.
-.El
-.Tg rand
-.Sh RAND
-.Bl -hang -width "openssl rand"
-.It Nm openssl rand
-.Bk -words
-.Op Fl base64
-.Op Fl hex
-.Op Fl out Ar file
-.Ar num
-.Ek
-.El
-.Pp
-The
-.Nm rand
-command outputs
-.Ar num
-pseudo-random bytes.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl base64
-Perform base64 encoding on the output.
-.It Fl hex
-Specify hexadecimal output.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.El
-.Tg req
-.Sh REQ
-.Bl -hang -width "openssl req"
-.It Nm openssl req
-.Bk -words
-.Op Fl addext Ar ext
-.Op Fl batch
-.Op Fl config Ar file
-.Op Fl days Ar n
-.Op Fl extensions Ar section
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl key Ar keyfile
-.Op Fl keyform Cm der | pem
-.Op Fl keyout Ar file
-.Op Fl md4 | md5 | sha1
-.Op Fl modulus
-.Op Fl multivalue-rdn
-.Op Fl nameopt Ar option
-.Op Fl new
-.Op Fl newhdr
-.Op Fl newkey Ar arg
-.Op Fl nodes
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl pkeyopt Ar opt:value
-.Op Fl pubkey
-.Op Fl reqexts Ar section
-.Op Fl reqopt Ar option
-.Op Fl set_serial Ar n
-.Op Fl sigopt Ar nm:v
-.Op Fl subj Ar arg
-.Op Fl subject
-.Op Fl text
-.Op Fl utf8
-.Op Fl verbose
-.Op Fl verify
-.Op Fl x509
-.Ek
-.El
-.Pp
-The
-.Nm req
-command primarily creates and processes certificate requests
-in PKCS#10 format.
-It can additionally create self-signed certificates,
-for use as root CAs, for example.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl addext Ar ext
-Add a specific extension to the certificate (if the
-.Fl x509
-option is present) or certificate request.
-The argument must have the form of a key=value pair as it would appear in a
-config file.
-This option can be given multiple times.
-.It Fl batch
-Non-interactive mode.
-.It Fl config Ar file
-Specify an alternative configuration file.
-.It Fl days Ar n
-Specify the number of days to certify the certificate for.
-The default is 30 days.
-Used with the
-.Fl x509
-option.
-.It Fl extensions Ar section , Fl reqexts Ar section
-Specify alternative sections to include certificate
-extensions (with
-.Fl x509 )
-or certificate request extensions,
-allowing several different sections to be used in the same configuration file.
-.It Fl in Ar file
-The input file to read a request from,
-or standard input if not specified.
-A request is only read if the creation options
-.Fl new
-and
-.Fl newkey
-are not specified.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl key Ar keyfile
-The file to read the private key from.
-It also accepts PKCS#8 format private keys for PEM format files.
-.It Fl keyform Cm der | pem
-The format of the private key file specified in the
-.Fl key
-argument.
-The default is
-.Cm pem .
-.It Fl keyout Ar file
-The file to write the newly created private key to.
-If this option is not specified,
-the filename present in the configuration file is used.
-.It Fl md5 | sha1 | sha256
-The message digest to sign the request with.
-This overrides the digest algorithm specified in the configuration file.
-.Pp
-Some public key algorithms may override this choice.
-For instance, DSA signatures always use SHA1.
-.It Fl modulus
-Print the value of the modulus of the public key contained in the request.
-.It Fl multivalue-rdn
-This option causes the
-.Fl subj
-argument to be interpreted with full support for multivalued RDNs,
-for example
-.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
-If
-.Fl multivalue-rdn
-is not used, the UID value is set to
-.Qq "123456+CN=John Doe" .
-.It Fl nameopt Ar option , Fl reqopt Ar option
-Determine how the subject or issuer names are displayed.
-.Ar option
-can be a single option or multiple options separated by commas.
-Alternatively, these options may be used more than once to set multiple options.
-See the
-.Sx X509
-section below for details.
-.It Fl new
-Generate a new certificate request.
-The user is prompted for the relevant field values.
-The actual fields prompted for and their maximum and minimum sizes
-are specified in the configuration file and any requested extensions.
-.Pp
-If the
-.Fl key
-option is not used, it will generate a new RSA private
-key using information specified in the configuration file.
-.It Fl newhdr
-Add the word NEW to the PEM file header and footer lines
-on the outputted request.
-Some software and CAs need this.
-.It Fl newkey Ar arg
-Create a new certificate request and a new private key.
-The argument takes one of several forms.
-.Pp
-.No rsa : Ns Ar nbits
-generates an RSA key
-.Ar nbits
-in size.
-If
-.Ar nbits
-is omitted,
-the default key size is used.
-.Pp
-.No dsa : Ns Ar file
-generates a DSA key using the parameters in
-.Ar file .
-.Pp
-.No param : Ns Ar file
-generates a key using the parameters or certificate in
-.Ar file .
-.Pp
-All other algorithms support the form
-.Ar algorithm : Ns Ar file ,
-where file may be an algorithm parameter file,
-created by the
-.Cm genpkey -genparam
-command or an X.509 certificate for a key with appropriate algorithm.
-.Ar file
-can be omitted,
-in which case any parameters can be specified via the
-.Fl pkeyopt
-option.
-.It Fl nodes
-Do not encrypt the private key.
-.It Fl noout
-Do not output the encoded version of the request.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl pkeyopt Ar opt:value
-Set the public key algorithm option
-.Ar opt
-to
-.Ar value .
-.It Fl pubkey
-Output the public key.
-.It Fl reqopt Ar option
-Customise the output format used with
-.Fl text .
-The
-.Ar option
-argument can be a single option or multiple options separated by commas.
-See also the discussion of
-.Fl certopt
-in the
-.Nm x509
-command.
-.It Fl set_serial Ar n
-Serial number to use when outputting a self-signed certificate.
-This may be specified as a decimal value or a hex value if preceded by
-.Sq 0x .
-It is possible to use negative serial numbers but this is not recommended.
-.It Fl sigopt Ar nm:v
-Pass options to the signature algorithm during sign operation.
-The names and values of these options are algorithm-specific.
-.It Fl subj Ar arg
-Replaces the subject field of an input request
-with the specified data and output the modified request.
-.Ar arg
-must be formatted as /type0=value0/type1=value1/type2=...;
-characters may be escaped by
-.Sq \e
-(backslash);
-no spaces are skipped.
-.It Fl subject
-Print the request subject (or certificate subject if
-.Fl x509
-is specified).
-.It Fl text
-Print the certificate request in plain text.
-.It Fl utf8
-Interpret field values as UTF8 strings, not ASCII.
-.It Fl verbose
-Print extra details about the operations being performed.
-.It Fl verify
-Verify the signature on the request.
-.It Fl x509
-Output a self-signed certificate instead of a certificate request.
-This is typically used to generate a test certificate or a self-signed root CA.
-The extensions added to the certificate (if any)
-are specified in the configuration file.
-Unless specified using the
-.Fl set_serial
-option, 0 is used for the serial number.
-.El
-.Pp
-The configuration options are specified in the
-.Qq req
-section of the configuration file.
-The options available are as follows:
-.Bl -tag -width "XXXX"
-.It Cm attributes
-The section containing any request attributes: its format
-is the same as
-.Cm distinguished_name .
-Typically these may contain the challengePassword or unstructuredName types.
-They are currently ignored by the
-.Nm openssl
-request signing utilities, but some CAs might want them.
-.It Cm default_bits
-The default key size, in bits.
-The default is 2048.
-It is used if the
-.Fl new
-option is used and can be overridden by using the
-.Fl newkey
-option.
-.It Cm default_keyfile
-The default file to write a private key to,
-or standard output if not specified.
-It can be overridden by the
-.Fl keyout
-option.
-.It Cm default_md
-The digest algorithm to use.
-Possible values include
-.Cm md5 ,
-.Cm sha1
-and
-.Cm sha256
-(the default).
-It can be overridden on the command line.
-.It Cm distinguished_name
-The section containing the distinguished name fields to
-prompt for when generating a certificate or certificate request.
-The format is described below.
-.It Cm encrypt_key
-If set to
-.Qq no
-and a private key is generated, it is not encrypted.
-It is equivalent to the
-.Fl nodes
-option.
-For compatibility,
-.Cm encrypt_rsa_key
-is an equivalent option.
-.It Cm input_password | output_password
-The passwords for the input private key file (if present)
-and the output private key file (if one will be created).
-The command line options
-.Fl passin
-and
-.Fl passout
-override the configuration file values.
-.It Cm oid_file
-A file containing additional OBJECT IDENTIFIERS.
-Each line of the file should consist of the numerical form of the
-object identifier, followed by whitespace, then the short name followed
-by whitespace and finally the long name.
-.It Cm oid_section
-Specify a section in the configuration file containing extra
-object identifiers.
-Each line should consist of the short name of the
-object identifier followed by
-.Sq =
-and the numerical form.
-The short and long names are the same when this option is used.
-.It Cm prompt
-If set to
-.Qq no ,
-it disables prompting of certificate fields
-and just takes values from the config file directly.
-It also changes the expected format of the
-.Cm distinguished_name
-and
-.Cm attributes
-sections.
-.It Cm req_extensions
-The configuration file section containing a list of
-extensions to add to the certificate request.
-It can be overridden by the
-.Fl reqexts
-option.
-.It Cm string_mask
-Limit the string types for encoding certain fields.
-The following values may be used, limiting strings to the indicated types:
-.Bl -tag -width "MASK:number"
-.It Cm utf8only
-UTF8String.
-This is the default, as recommended by PKIX in RFC 2459.
-.It Cm default
-PrintableString, IA5String, T61String, BMPString, UTF8String.
-.It Cm pkix
-PrintableString, IA5String, BMPString, UTF8String.
-Inspired by the PKIX recommendation in RFC 2459 for certificates
-generated before 2004, but differs by also permitting IA5String.
-.It Cm nombstr
-PrintableString, IA5String, T61String, UniversalString.
-A workaround for some ancient software that had problems
-with the variable-sized BMPString and UTF8String types.
-.It Cm MASK : Ns Ar number
-An explicit bitmask of permitted types, where
-.Ar number
-is a C-style hex, decimal, or octal number that's a bit-wise OR of
-.Dv B_ASN1_*
-values from
-.In openssl/asn1.h .
-.El
-.It Cm utf8
-If set to
-.Qq yes ,
-field values are interpreted as UTF8 strings.
-.It Cm x509_extensions
-The configuration file section containing a list of
-extensions to add to a certificate generated when the
-.Fl x509
-switch is used.
-It can be overridden by the
-.Fl extensions
-command line switch.
-.El
-.Pp
-There are two separate formats for the distinguished name and attribute
-sections.
-If the
-.Fl prompt
-option is set to
-.Qq no ,
-then these sections just consist of field names and values.
-If the
-.Fl prompt
-option is absent or not set to
-.Qq no ,
-then the file contains field prompting information of the form:
-.Bd -unfilled -offset indent
-fieldName="prompt"
-fieldName_default="default field value"
-fieldName_min= 2
-fieldName_max= 4
-.Ed
-.Pp
-.Qq fieldName
-is the field name being used, for example
-.Cm commonName
-(or CN).
-The
-.Qq prompt
-string is used to ask the user to enter the relevant details.
-If the user enters nothing, the default value is used;
-if no default value is present, the field is omitted.
-A field can still be omitted if a default value is present,
-if the user just enters the
-.Sq \&.
-character.
-.Pp
-The number of characters entered must be between the
-fieldName_min and fieldName_max limits:
-there may be additional restrictions based on the field being used
-(for example
-.Cm countryName
-can only ever be two characters long and must fit in a
-.Cm PrintableString ) .
-.Pp
-Some fields (such as
-.Cm organizationName )
-can be used more than once in a DN.
-This presents a problem because configuration files will
-not recognize the same name occurring twice.
-To avoid this problem, if the
-.Cm fieldName
-contains some characters followed by a full stop, they will be ignored.
-So, for example, a second
-.Cm organizationName
-can be input by calling it
-.Qq 1.organizationName .
-.Pp
-The actual permitted field names are any object identifier short or
-long names.
-These are compiled into
-.Nm openssl
-and include the usual values such as
-.Cm commonName , countryName , localityName , organizationName ,
-.Cm organizationalUnitName , stateOrProvinceName .
-Additionally,
-.Cm emailAddress
-is included as well as
-.Cm name , surname , givenName , initials
-and
-.Cm dnQualifier .
-.Pp
-Additional object identifiers can be defined with the
-.Cm oid_file
-or
-.Cm oid_section
-options in the configuration file.
-Any additional fields will be treated as though they were a
-.Cm DirectoryString .
-.Tg rsa
-.Sh RSA
-.Bl -hang -width "openssl rsa"
-.It Nm openssl rsa
-.Bk -words
-.Op Fl aes128 | aes192 | aes256 | des | des3
-.Op Fl check
-.Op Fl in Ar file
-.Op Fl inform Cm der | net | pem | pvk
-.Op Fl modulus
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | net | pem | pvk
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl pubin
-.Op Fl pubout
-.Op Fl pvk-none | pvk-strong | pvk-weak
-.Op Fl RSAPublicKey_in
-.Op Fl RSAPublicKey_out
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm rsa
-command processes RSA keys.
-They can be converted between various forms and their components printed out.
-.Nm rsa
-uses the traditional
-.Nm SSLeay
-compatible format for private key encryption:
-newer applications should use the more secure PKCS#8 format using the
-.Nm pkcs8
-utility.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl aes128 | aes192 | aes256 | des | des3
-Encrypt the private key with the AES, DES,
-or the triple DES ciphers, respectively, before outputting it.
-A pass phrase is prompted for.
-If none of these options are specified, the key is written in plain text.
-This means that using the
-.Nm rsa
-utility to read in an encrypted key with no encryption option can be used
-to remove the pass phrase from a key, or by setting the encryption options
-it can be used to add or change the pass phrase.
-These options can only be used with PEM format output files.
-.It Fl check
-Check the consistency of an RSA private key.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-If the key is encrypted, a pass phrase will be prompted for.
-.It Fl inform Cm der | net | pem | pvk
-The input format.
-.It Fl noout
-Do not output the encoded version of the key.
-.It Fl modulus
-Print the value of the modulus of the key.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | net | pem | pvk
-The output format.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl pubin
-Read in a public key,
-not a private key.
-.It Fl pubout
-Output a public key,
-not a private key.
-Automatically set if the input is a public key.
-.It Xo
-.Fl pvk-none | pvk-strong | pvk-weak
-.Xc
-Enable or disable PVK encoding.
-The default is
-.Fl pvk-strong .
-.It Fl RSAPublicKey_in , RSAPublicKey_out
-Same as
-.Fl pubin
-and
-.Fl pubout
-except
-.Cm RSAPublicKey
-format is used instead.
-.It Fl text
-Print the public/private key components in plain text.
-.El
-.Tg rsautl
-.Sh RSAUTL
-.Bl -hang -width "openssl rsautl"
-.It Nm openssl rsautl
-.Bk -words
-.Op Fl asn1parse
-.Op Fl certin
-.Op Fl decrypt
-.Op Fl encrypt
-.Op Fl hexdump
-.Op Fl in Ar file
-.Op Fl inkey Ar file
-.Op Fl keyform Cm der | pem
-.Op Fl oaep | pkcs | raw | x931
-.Op Fl out Ar file
-.Op Fl passin Ar arg
-.Op Fl pubin
-.Op Fl rev
-.Op Fl sign
-.Op Fl verify
-.Ek
-.El
-.Pp
-The
-.Nm rsautl
-command can be used to sign, verify, encrypt and decrypt
-data using the RSA algorithm.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl asn1parse
-Asn1parse the output data; this is useful when combined with the
-.Fl verify
-option.
-.It Fl certin
-The input is a certificate containing an RSA public key.
-.It Fl decrypt
-Decrypt the input data using an RSA private key.
-.It Fl encrypt
-Encrypt the input data using an RSA public key.
-.It Fl hexdump
-Hex dump the output data.
-.It Fl in Ar file
-The input to read from,
-or standard input if not specified.
-.It Fl inkey Ar file
-The input key file; by default an RSA private key.
-.It Fl keyform Cm der | pem
-The private key format.
-The default is
-.Cm pem .
-.It Fl oaep | pkcs | raw | x931
-The padding to use:
-PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
-respectively.
-For signatures, only
-.Fl pkcs
-and
-.Fl raw
-can be used.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passin Ar arg
-The key password source.
-.It Fl pubin
-The input file is an RSA public key.
-.It Fl rev
-Reverse the order of the input buffer.
-.It Fl sign
-Sign the input data and output the signed result.
-This requires an RSA private key.
-.It Fl verify
-Verify the input data and output the recovered data.
-.El
-.Tg s_client
-.Sh S_CLIENT
-.Bl -hang -width "openssl s_client"
-.It Nm openssl s_client
-.Bk -words
-.Op Fl 4 | 6
-.Op Fl alpn Ar protocols
-.Op Fl bugs
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl cert Ar file
-.Op Fl certform Cm der | pem
-.Op Fl check_ss_sig
-.Op Fl cipher Ar cipherlist
-.Op Fl connect Ar host Ns Op : Ns Ar port
-.Op Fl crl_check
-.Op Fl crl_check_all
-.Op Fl crlf
-.Op Fl debug
-.Op Fl dtls
-.Op Fl dtls1_2
-.Op Fl extended_crl
-.Op Fl groups Ar list
-.Op Fl host Ar host
-.Op Fl ign_eof
-.Op Fl ignore_critical
-.Op Fl issuer_checks
-.Op Fl key Ar keyfile
-.Op Fl keyform Cm der | pem
-.Op Fl keymatexport Ar label
-.Op Fl keymatexportlen Ar len
-.Op Fl legacy_server_connect
-.Op Fl msg
-.Op Fl mtu Ar mtu
-.Op Fl nbio
-.Op Fl nbio_test
-.Op Fl no_comp
-.Op Fl no_ign_eof
-.Op Fl no_legacy_server_connect
-.Op Fl no_ticket
-.Op Fl no_tls1_2
-.Op Fl no_tls1_3
-.Op Fl pass Ar arg
-.Op Fl policy_check
-.Op Fl port Ar port
-.Op Fl prexit
-.Op Fl proxy Ar host : Ns Ar port
-.Op Fl quiet
-.Op Fl reconnect
-.Op Fl servername Ar name
-.Op Fl serverpref
-.Op Fl sess_in Ar file
-.Op Fl sess_out Ar file
-.Op Fl showcerts
-.Op Fl starttls Ar protocol
-.Op Fl state
-.Op Fl status
-.Op Fl timeout
-.Op Fl tls1_2
-.Op Fl tls1_3
-.Op Fl tlsextdebug
-.Op Fl use_srtp Ar profiles
-.Op Fl verify Ar depth
-.Op Fl verify_return_error
-.Op Fl x509_strict
-.Op Fl xmpphost Ar host
-.Ek
-.El
-.Pp
-The
-.Nm s_client
-command implements a generic SSL/TLS client which connects
-to a remote host using SSL/TLS.
-.Pp
-If a connection is established with an SSL server, any data received
-from the server is displayed and any key presses will be sent to the
-server.
-When used interactively (which means neither
-.Fl quiet
-nor
-.Fl ign_eof
-have been given), the session will be renegotiated if the line begins with an
-.Cm R ;
-if the line begins with a
-.Cm Q
-or if end of file is reached, the connection will be closed down.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl 4
-Attempt connections using IPv4 only.
-.It Fl 6
-Attempt connections using IPv6 only.
-.It Fl alpn Ar protocols
-Enable the Application-Layer Protocol Negotiation.
-.Ar protocols
-is a comma-separated list of protocol names that the client should advertise
-support for.
-.It Fl bugs
-Enable various workarounds for buggy implementations.
-.It Fl CAfile Ar file
-A
-.Ar file
-containing trusted certificates to use during server authentication
-and to use when attempting to build the client certificate chain.
-.It Fl CApath Ar directory
-The
-.Ar directory
-to use for server certificate verification.
-This directory must be in
-.Qq hash format ;
-see
-.Fl verify
-for more information.
-These are also used when building the client certificate chain.
-.It Fl cert Ar file
-The certificate to use, if one is requested by the server.
-The default is not to use a certificate.
-.It Fl certform Cm der | pem
-The certificate format.
-The default is
-.Cm pem .
-.It Xo
-.Fl check_ss_sig ,
-.Fl crl_check ,
-.Fl crl_check_all ,
-.Fl extended_crl ,
-.Fl ignore_critical ,
-.Fl issuer_checks ,
-.Fl policy_check ,
-.Fl x509_strict
-.Xc
-Set various certificate chain validation options.
-See the
-.Nm verify
-command for details.
-.It Fl cipher Ar cipherlist
-Modify the cipher list sent by the client.
-Although the server determines which cipher suite is used, it should take
-the first supported cipher in the list sent by the client.
-See the
-.Nm ciphers
-command for more information.
-.It Fl connect Ar host Ns Op : Ns Ar port
-The
-.Ar host
-and
-.Ar port
-to connect to.
-If not specified, an attempt is made to connect to the local host
-on port 4433.
-Alternatively, the host and port pair may be separated using a forward-slash
-character,
-which is useful for numeric IPv6 addresses.
-.It Fl crlf
-Translate a line feed from the terminal into CR+LF,
-as required by some servers.
-.It Fl debug
-Print extensive debugging information, including a hex dump of all traffic.
-.It Fl dtls
-Permit any version of DTLS.
-.It Fl dtls1_2
-Permit only DTLS1.2.
-.It Fl groups Ar list
-Set the supported elliptic curve groups to the colon separated
-.Ar list
-of group NIDs or names as documented in
-.Xr SSL_CTX_set1_groups_list 3 .
-.It Fl host Ar host
-The
-.Ar host
-to connect to.
-The default is localhost.
-.It Fl ign_eof
-Inhibit shutting down the connection when end of file is reached in the input.
-.It Fl key Ar keyfile
-The private key to use.
-If not specified, the certificate file will be used.
-.It Fl keyform Cm der | pem
-The private key format.
-The default is
-.Cm pem .
-.It Fl keymatexport Ar label
-Export keying material using label.
-.It Fl keymatexportlen Ar len
-Export len bytes of keying material (default 20).
-.It Fl legacy_server_connect , no_legacy_server_connect
-Allow or disallow initial connection to servers that don't support RI.
-.It Fl msg
-Show all protocol messages with hex dump.
-.It Fl mtu Ar mtu
-Set the link layer MTU.
-.It Fl nbio
-Turn on non-blocking I/O.
-.It Fl nbio_test
-Test non-blocking I/O.
-.It Fl no_ign_eof
-Shut down the connection when end of file is reached in the input.
-Can be used to override the implicit
-.Fl ign_eof
-after
-.Fl quiet .
-.It Fl no_tls1_2 | no_tls1_3
-Disable the use of TLS1.2 and 1.3, respectively.
-.It Fl no_ticket
-Disable RFC 4507 session ticket support.
-.It Fl pass Ar arg
-The private key password source.
-.It Fl port Ar port
-The
-.Ar port
-to connect to.
-The default is 4433.
-.It Fl prexit
-Print session information when the program exits.
-This will always attempt
-to print out information even if the connection fails.
-Normally, information will only be printed out once if the connection succeeds.
-This option is useful because the cipher in use may be renegotiated
-or the connection may fail because a client certificate is required or is
-requested only after an attempt is made to access a certain URL.
-Note that the output produced by this option is not always accurate
-because a connection might never have been established.
-.It Fl proxy Ar host : Ns Ar port
-Use the HTTP proxy at
-.Ar host
-and
-.Ar port .
-The connection to the proxy is done in cleartext and the
-.Fl connect
-argument is given to the proxy.
-If not specified, localhost is used as final destination.
-After that, switch the connection through the proxy to the destination
-to TLS.
-.It Fl quiet
-Inhibit printing of session and certificate information.
-This implicitly turns on
-.Fl ign_eof
-as well.
-.It Fl reconnect
-Reconnect to the same server 5 times using the same session ID; this can
-be used as a test that session caching is working.
-.It Fl servername Ar name
-Include the TLS Server Name Indication (SNI) extension in the ClientHello
-message, using the specified server
-.Ar name .
-.It Fl showcerts
-Display the whole server certificate chain: normally only the server
-certificate itself is displayed.
-.It Fl serverpref
-Use the server's cipher preferences.
-.It Fl sess_in Ar file
-Load TLS session from file.
-The client will attempt to resume a connection from this session.
-.It Fl sess_out Ar file
-Output TLS session to file.
-.It Fl starttls Ar protocol
-Send the protocol-specific messages to switch to TLS for communication.
-.Ar protocol
-is a keyword for the intended protocol.
-Currently, the supported keywords are
-.Qq ftp ,
-.Qq imap ,
-.Qq smtp ,
-.Qq pop3 ,
-and
-.Qq xmpp .
-.It Fl state
-Print the SSL session states.
-.It Fl status
-Send a certificate status request to the server (OCSP stapling).
-The server response (if any) is printed out.
-.It Fl timeout
-Enable send/receive timeout on DTLS connections.
-.It Fl tls1_2 | tls1_3
-Permit only TLS1.2 or 1.3 respectively.
-.It Fl tlsextdebug
-Print a hex dump of any TLS extensions received from the server.
-.It Fl use_srtp Ar profiles
-Offer SRTP key management with a colon-separated profile list.
-.It Fl verify Ar depth
-Turn on server certificate verification,
-with a maximum length of
-.Ar depth .
-Currently the verify operation continues after errors so all the problems
-with a certificate chain can be seen.
-As a side effect the connection will never fail due to a server
-certificate verify failure.
-.It Fl verify_return_error
-Return verification error.
-.It Fl xmpphost Ar hostname
-When used with
-.Fl starttls Ar xmpp ,
-specify the host for the "to" attribute of the stream element.
-If this option is not specified then the host specified with
-.Fl connect
-will be used.
-.El
-.Tg s_server
-.Sh S_SERVER
-.Bl -hang -width "openssl s_server"
-.It Nm openssl s_server
-.Bk -words
-.Op Fl accept Ar port
-.Op Fl alpn Ar protocols
-.Op Fl bugs
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl cert Ar file
-.Op Fl cert2 Ar file
-.Op Fl certform Cm der | pem
-.Op Fl cipher Ar cipherlist
-.Op Fl context Ar id
-.Op Fl crl_check
-.Op Fl crl_check_all
-.Op Fl crlf
-.Op Fl dcert Ar file
-.Op Fl dcertform Cm der | pem
-.Op Fl debug
-.Op Fl dhparam Ar file
-.Op Fl dkey Ar file
-.Op Fl dkeyform Cm der | pem
-.Op Fl dpass Ar arg
-.Op Fl dtls
-.Op Fl dtls1
-.Op Fl dtls1_2
-.Op Fl groups Ar list
-.Op Fl HTTP
-.Op Fl id_prefix Ar arg
-.Op Fl key Ar keyfile
-.Op Fl key2 Ar keyfile
-.Op Fl keyform Cm der | pem
-.Op Fl keymatexport Ar label
-.Op Fl keymatexportlen Ar len
-.Op Fl msg
-.Op Fl mtu Ar mtu
-.Op Fl naccept Ar num
-.Op Fl named_curve Ar arg
-.Op Fl nbio
-.Op Fl nbio_test
-.Op Fl no_cache
-.Op Fl no_dhe
-.Op Fl no_ecdhe
-.Op Fl no_ticket
-.Op Fl no_tls1_2
-.Op Fl no_tls1_3
-.Op Fl no_tmp_rsa
-.Op Fl nocert
-.Op Fl pass Ar arg
-.Op Fl quiet
-.Op Fl servername Ar name
-.Op Fl servername_fatal
-.Op Fl serverpref
-.Op Fl state
-.Op Fl status
-.Op Fl status_timeout Ar nsec
-.Op Fl status_url Ar url
-.Op Fl status_verbose
-.Op Fl timeout
-.Op Fl tls1_2
-.Op Fl tls1_3
-.Op Fl tlsextdebug
-.Op Fl use_srtp Ar profiles
-.Op Fl Verify Ar depth
-.Op Fl verify Ar depth
-.Op Fl verify_return_error
-.Op Fl WWW
-.Op Fl www
-.Ek
-.El
-.Pp
-The
-.Nm s_server
-command implements a generic SSL/TLS server which listens
-for connections on a given port using SSL/TLS.
-.Pp
-If a connection request is established with a client and neither the
-.Fl www
-nor the
-.Fl WWW
-option has been used, then any data received
-from the client is displayed and any key presses are sent to the client.
-Certain single letter commands perform special operations:
-.Pp
-.Bl -tag -width "XXXX" -compact
-.It Ic P
-Send plain text, which should cause the client to disconnect.
-.It Ic Q
-End the current SSL connection and exit.
-.It Ic q
-End the current SSL connection, but still accept new connections.
-.It Ic R
-Renegotiate the SSL session and request a client certificate.
-.It Ic r
-Renegotiate the SSL session.
-.It Ic S
-Print out some session cache status information.
-.El
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl accept Ar port
-Listen on TCP
-.Ar port
-for connections.
-The default is port 4433.
-.It Fl alpn Ar protocols
-Enable the Application-Layer Protocol Negotiation.
-.Ar protocols
-is a comma-separated list of supported protocol names.
-.It Fl bugs
-Enable various workarounds for buggy implementations.
-.It Fl CAfile Ar file
-A
-.Ar file
-containing trusted certificates to use during client authentication
-and to use when attempting to build the server certificate chain.
-The list is also used in the list of acceptable client CAs passed to the
-client when a certificate is requested.
-.It Fl CApath Ar directory
-The
-.Ar directory
-to use for client certificate verification.
-This directory must be in
-.Qq hash format ;
-see
-.Fl verify
-for more information.
-These are also used when building the server certificate chain.
-.It Fl cert Ar file
-The certificate to use: most server's cipher suites require the use of a
-certificate and some require a certificate with a certain public key type.
-For example, the DSS cipher suites require a certificate containing a DSS
-(DSA) key.
-If not specified, the file
-.Pa server.pem
-will be used.
-.It Fl cert2 Ar file
-The certificate to use for servername.
-.It Fl certform Cm der | pem
-The certificate format.
-The default is
-.Cm pem .
-.It Fl cipher Ar cipherlist
-Modify the cipher list used by the server.
-This allows the cipher list used by the server to be modified.
-When the client sends a list of supported ciphers, the first client cipher
-also included in the server list is used.
-Because the client specifies the preference order, the order of the server
-cipherlist is irrelevant.
-See the
-.Nm ciphers
-command for more information.
-.It Fl context Ar id
-Set the SSL context ID.
-It can be given any string value.
-.It Fl crl_check , crl_check_all
-Check the peer certificate has not been revoked by its CA.
-The CRLs are appended to the certificate file.
-.Fl crl_check_all
-checks all CRLs of all CAs in the chain.
-.It Fl crlf
-Translate a line feed from the terminal into CR+LF.
-.It Fl dcert Ar file , Fl dkey Ar file
-Specify an additional certificate and private key; these behave in the
-same manner as the
-.Fl cert
-and
-.Fl key
-options except there is no default if they are not specified
-(no additional certificate or key is used).
-By using RSA and DSS certificates and keys,
-a server can support clients which only support RSA or DSS cipher suites
-by using an appropriate certificate.
-.It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg
-Additional certificate and private key format, and private key password source,
-respectively.
-.It Fl debug
-Print extensive debugging information, including a hex dump of all traffic.
-.It Fl dhparam Ar file
-The DH parameter file to use.
-The ephemeral DH cipher suites generate keys
-using a set of DH parameters.
-If not specified, an attempt is made to
-load the parameters from the server certificate file.
-If this fails, a static set of parameters hard coded into the
-.Nm s_server
-program will be used.
-.It Fl dtls
-Permit any version of DTLS.
-.It Fl dtls1_2
-Permit only DTLS1.2.
-.It Fl groups Ar list
-Set the supported elliptic curve groups to the colon separated
-.Ar list
-of group NIDs or names as documented in
-.Xr SSL_CTX_set1_groups_list 3 .
-.It Fl HTTP
-Emulate a simple web server.
-Pages are resolved relative to the current directory.
-For example if the URL
-.Pa https://myhost/page.html
-is requested, the file
-.Pa ./page.html
-will be loaded.
-The files loaded are assumed to contain a complete and correct HTTP
-response (lines that are part of the HTTP response line and headers
-must end with CRLF).
-.It Fl id_prefix Ar arg
-Generate SSL/TLS session IDs prefixed by
-.Ar arg .
-This is mostly useful for testing any SSL/TLS code
-that wish to deal with multiple servers,
-when each of which might be generating a unique range of session IDs.
-.It Fl key Ar keyfile
-The private key to use.
-If not specified, the certificate file will be used.
-.It Fl key2 Ar keyfile
-The private key to use for servername.
-.It Fl keyform Cm der | pem
-The private key format.
-The default is
-.Cm pem .
-.It Fl keymatexport Ar label
-Export keying material using label.
-.It Fl keymatexportlen Ar len
-Export len bytes of keying material (default 20).
-.It Fl msg
-Show all protocol messages with hex dump.
-.It Fl mtu Ar mtu
-Set the link layer MTU.
-.It Fl naccept Ar num
-Terminate server after
-.Ar num
-connections.
-.It Fl named_curve Ar arg
-Specify the elliptic curve name to use for ephemeral ECDH keys.
-This option is deprecated; use
-.Fl groups
-instead.
-.It Fl nbio
-Turn on non-blocking I/O.
-.It Fl nbio_test
-Test non-blocking I/O.
-.It Fl no_cache
-Disable session caching.
-.It Fl no_dhe
-Disable ephemeral DH cipher suites.
-.It Fl no_ecdhe
-Disable ephemeral ECDH cipher suites.
-.It Fl no_ticket
-Disable RFC 4507 session ticket support.
-.It Fl no_tls1_2 | no_tls1_3
-Disable the use of TLS1.2 and 1.3, respectively.
-.It Fl no_tmp_rsa
-Disable temporary RSA key generation.
-.It Fl nocert
-Do not use a certificate.
-This restricts the cipher suites available to the anonymous ones
-(currently just anonymous DH).
-.It Fl pass Ar arg
-The private key password source.
-.It Fl quiet
-Inhibit printing of session and certificate information.
-.It Fl servername Ar name
-Set the TLS Server Name Indication (SNI) extension with
-.Ar name .
-.It Fl servername_fatal
-Send fatal alert if servername does not match.
-The default is warning alert.
-.It Fl serverpref
-Use server's cipher preferences.
-.It Fl state
-Print the SSL session states.
-.It Fl status
-Enables certificate status request support (OCSP stapling).
-.It Fl status_timeout Ar nsec
-Sets the timeout for OCSP response in seconds.
-.It Fl status_url Ar url
-Sets a fallback responder URL to use if no responder URL is present in the
-server certificate.
-Without this option, an error is returned if the server certificate does not
-contain a responder address.
-.It Fl status_verbose
-Enables certificate status request support (OCSP stapling) and gives a verbose
-printout of the OCSP response.
-.It Fl timeout
-Enable send/receive timeout on DTLS connections.
-.It Fl tls1_2 | tls1_3
-Permit only TLS1.2, or 1.3, respectively.
-.It Fl tlsextdebug
-Print a hex dump of any TLS extensions received from the server.
-.It Fl use_srtp Ar profiles
-Offer SRTP key management with a colon-separated profile list.
-.It Fl verify_return_error
-Return verification error.
-.It Fl WWW
-Emulate a simple web server.
-Pages are resolved relative to the current directory.
-For example if the URL
-.Pa https://myhost/page.html
-is requested, the file
-.Pa ./page.html
-will be loaded.
-.It Fl www
-Send a status message to the client when it connects,
-including information about the ciphers used and various session parameters.
-The output is in HTML format so this option will normally be used with a
-web browser.
-.It Fl Verify Ar depth , Fl verify Ar depth
-Request a certificate chain from the client,
-with a maximum length of
-.Ar depth .
-With
-.Fl Verify ,
-the client must supply a certificate or an error occurs;
-with
-.Fl verify ,
-a certificate is requested but the client does not have to send one.
-.El
-.Tg s_time
-.Sh S_TIME
-.Bl -hang -width "openssl s_time"
-.It Nm openssl s_time
-.Bk -words
-.Op Fl bugs
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl cert Ar file
-.Op Fl cipher Ar cipherlist
-.Op Fl connect Ar host Ns Op : Ns Ar port
-.Op Fl key Ar keyfile
-.Op Fl nbio
-.Op Fl new
-.Op Fl no_shutdown
-.Op Fl reuse
-.Op Fl time Ar seconds
-.Op Fl verify Ar depth
-.Op Fl www Ar page
-.Ek
-.El
-.Pp
-The
-.Nm s_time
-command implements a generic SSL/TLS client which connects to a
-remote host using SSL/TLS.
-It can request a page from the server and includes
-the time to transfer the payload data in its timing measurements.
-It measures the number of connections within a given timeframe,
-the amount of data transferred
-.Pq if any ,
-and calculates the average time spent for one connection.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl bugs
-Enable various workarounds for buggy implementations.
-.It Fl CAfile Ar file
-A
-.Ar file
-containing trusted certificates to use during server authentication
-and to use when attempting to build the client certificate chain.
-.It Fl CApath Ar directory
-The directory to use for server certificate verification.
-This directory must be in
-.Qq hash format ;
-see
-.Nm verify
-for more information.
-These are also used when building the client certificate chain.
-.It Fl cert Ar file
-The certificate to use, if one is requested by the server.
-The default is not to use a certificate.
-.It Fl cipher Ar cipherlist
-Modify the cipher list sent by the client.
-Although the server determines which cipher suite is used,
-it should take the first supported cipher in the list sent by the client.
-See the
-.Nm ciphers
-command for more information.
-.It Fl connect Ar host Ns Op : Ns Ar port
-The host and port to connect to.
-.It Fl key Ar keyfile
-The private key to use.
-If not specified, the certificate file will be used.
-.It Fl nbio
-Turn on non-blocking I/O.
-.It Fl new
-Perform the timing test using a new session ID for each connection.
-If neither
-.Fl new
-nor
-.Fl reuse
-are specified,
-they are both on by default and executed in sequence.
-.It Fl no_shutdown
-Shut down the connection without sending a
-.Qq close notify
-shutdown alert to the server.
-.It Fl reuse
-Perform the timing test using the same session ID for each connection.
-If neither
-.Fl new
-nor
-.Fl reuse
-are specified,
-they are both on by default and executed in sequence.
-.It Fl time Ar seconds
-Limit
-.Nm s_time
-benchmarks to the number of
-.Ar seconds .
-The default is 30 seconds.
-.It Fl verify Ar depth
-Turn on server certificate verification,
-with a maximum length of
-.Ar depth .
-Currently the verify operation continues after errors, so all the problems
-with a certificate chain can be seen.
-As a side effect,
-the connection will never fail due to a server certificate verify failure.
-.It Fl www Ar page
-The page to GET from the server.
-A value of
-.Sq /
-gets the index.htm[l] page.
-If this parameter is not specified,
-.Nm s_time
-will only perform the handshake to establish SSL connections
-but not transfer any payload data.
-.El
-.Tg sess_id
-.Sh SESS_ID
-.Bl -hang -width "openssl sess_id"
-.It Nm openssl sess_id
-.Bk -words
-.Op Fl cert
-.Op Fl context Ar ID
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm sess_id
-program processes the encoded version of the SSL session structure and
-optionally prints out SSL session details
-(for example the SSL session master key)
-in human-readable format.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl cert
-If a certificate is present in the session,
-it will be output using this option;
-if the
-.Fl text
-option is also present, then it will be printed out in text form.
-.It Fl context Ar ID
-Set the session
-.Ar ID .
-The ID can be any string of characters.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl inform Cm der | pem
-The input format.
-.Cm der
-uses an ASN.1 DER-encoded format containing session details.
-The precise format can vary from one version to the next.
-.Cm pem
-is the default format: it consists of the DER
-format base64-encoded with additional header and footer lines.
-.It Fl noout
-Do not output the encoded version of the session.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl text
-Print the various public or private key components in plain text,
-in addition to the encoded version.
-.El
-.Pp
-The output of
-.Nm sess_id
-is composed as follows:
-.Pp
-.Bl -tag -width "Verify return code " -offset 3n -compact
-.It Protocol
-The protocol in use.
-.It Cipher
-The actual raw SSL or TLS cipher code.
-.It Session-ID
-The SSL session ID, in hex format.
-.It Session-ID-ctx
-The session ID context, in hex format.
-.It Master-Key
-The SSL session master key.
-.It Key-Arg
-The key argument; this is only used in SSL v2.
-.It Start Time
-The session start time.
-.Ux
-format.
-.It Timeout
-The timeout, in seconds.
-.It Verify return code
-The return code when a certificate is verified.
-.El
-.Pp
-Since the SSL session output contains the master key, it is possible to read
-the contents of an encrypted session using this information.
-Therefore appropriate security precautions
-should be taken if the information is being output by a
-.Qq real
-application.
-This is, however, strongly discouraged and should only be used for
-debugging purposes.
-.Tg smime
-.Sh SMIME
-.Bl -hang -width "openssl smime"
-.It Nm openssl smime
-.Bk -words
-.Oo
-.Fl aes128 | aes192 | aes256 | des |
-.Fl des3 | rc2-40 | rc2-64 | rc2-128
-.Oc
-.Op Fl binary
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl certfile Ar file
-.Op Fl check_ss_sig
-.Op Fl content Ar file
-.Op Fl crl_check
-.Op Fl crl_check_all
-.Op Fl decrypt
-.Op Fl encrypt
-.Op Fl extended_crl
-.Op Fl from Ar addr
-.Op Fl ignore_critical
-.Op Fl in Ar file
-.Op Fl indef
-.Op Fl inform Cm der | pem | smime
-.Op Fl inkey Ar file
-.Op Fl issuer_checks
-.Op Fl keyform Cm der | pem
-.Op Fl md Ar digest
-.Op Fl noattr
-.Op Fl nocerts
-.Op Fl nochain
-.Op Fl nodetach
-.Op Fl noindef
-.Op Fl nointern
-.Op Fl nosigs
-.Op Fl nosmimecap
-.Op Fl noverify
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem | smime
-.Op Fl passin Ar arg
-.Op Fl pk7out
-.Op Fl policy_check
-.Op Fl recip Ar file
-.Op Fl resign
-.Op Fl sign
-.Op Fl signer Ar file
-.Op Fl stream
-.Op Fl subject Ar s
-.Op Fl text
-.Op Fl to Ar addr
-.Op Fl verify
-.Op Fl x509_strict
-.Op Ar cert.pem ...
-.Ek
-.El
-.Pp
-The
-.Nm smime
-command handles S/MIME mail.
-It can encrypt, decrypt, sign, and verify S/MIME messages.
-.Pp
-The MIME message must be sent without any blank lines between the
-headers and the output.
-Some mail programs will automatically add a blank line.
-Piping the mail directly to an MTA is one way to
-achieve the correct format.
-.Pp
-The supplied message to be signed or encrypted must include the necessary
-MIME headers or many S/MIME clients won't display it properly (if at all).
-Use the
-.Fl text
-option to automatically add plain text headers.
-.Pp
-A
-.Qq signed and encrypted
-message is one where a signed message is then encrypted.
-This can be produced by encrypting an already signed message.
-.Pp
-There are a number of operations that can be performed, as follows:
-.Bl -tag -width "XXXX"
-.It Fl decrypt
-Decrypt mail using the supplied certificate and private key.
-The input file is an encrypted mail message in MIME format.
-The decrypted mail is written to the output file.
-.It Fl encrypt
-Encrypt mail for the given recipient certificates.
-The input is the message to be encrypted.
-The output file is the encrypted mail, in MIME format.
-.It Fl pk7out
-Take an input message and write out a PEM-encoded PKCS#7 structure.
-.It Fl resign
-Resign a message: take an existing message and one or more new signers.
-.It Fl sign
-Sign mail using the supplied certificate and private key.
-The input file is the message to be signed.
-The signed message, in MIME format, is written to the output file.
-.It Fl verify
-Verify signed mail.
-The input is a signed mail message and the output is the signed data.
-Both clear text and opaque signing is supported.
-.El
-.Pp
-The remaining options are as follows:
-.Bl -tag -width "XXXX"
-.It Xo
-.Fl aes128 | aes192 | aes256 | des |
-.Fl des3 | rc2-40 | rc2-64 | rc2-128
-.Xc
-The encryption algorithm to use.
-128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
-or 40-, 64-, or 128-bit RC2, respectively;
-if not specified, 40-bit RC2 is
-used.
-Only used with
-.Fl encrypt .
-.It Fl binary
-Normally, the input message is converted to
-.Qq canonical
-format which uses CR/LF as end of line,
-as required by the S/MIME specification.
-When this option is present, no translation occurs.
-This is useful when handling binary data which may not be in MIME format.
-.It Fl CAfile Ar file
-A
-.Ar file
-containing trusted CA certificates; only used with
-.Fl verify .
-.It Fl CApath Ar directory
-A
-.Ar directory
-containing trusted CA certificates; only used with
-.Fl verify .
-This directory must be a standard certificate directory:
-that is, a hash of each subject name (using
-.Nm x509 -hash )
-should be linked to each certificate.
-.It Ar cert.pem ...
-One or more certificates of message recipients: used when encrypting
-a message.
-.It Fl certfile Ar file
-Allows additional certificates to be specified.
-When signing, these will be included with the message.
-When verifying, these will be searched for the signers' certificates.
-The certificates should be in PEM format.
-.It Xo
-.Fl check_ss_sig ,
-.Fl crl_check ,
-.Fl crl_check_all ,
-.Fl extended_crl ,
-.Fl ignore_critical ,
-.Fl issuer_checks ,
-.Fl policy_check ,
-.Fl x509_strict
-.Xc
-Set various certificate chain validation options.
-See the
-.Nm verify
-command for details.
-.It Fl content Ar file
-A file containing the detached content.
-This is only useful with the
-.Fl verify
-option,
-and only usable if the PKCS#7 structure is using the detached
-signature form where the content is not included.
-This option will override any content if the input format is S/MIME
-and it uses the multipart/signed MIME content type.
-.It Xo
-.Fl from Ar addr ,
-.Fl subject Ar s ,
-.Fl to Ar addr
-.Xc
-The relevant mail headers.
-These are included outside the signed
-portion of a message so they may be included manually.
-When signing, many S/MIME
-mail clients check that the signer's certificate email
-address matches the From: address.
-.It Fl in Ar file
-The input file to read from.
-.It Fl indef
-Enable streaming I/O for encoding operations.
-This permits single pass processing of data without
-the need to hold the entire contents in memory,
-potentially supporting very large files.
-Streaming is automatically set for S/MIME signing with detached
-data if the output format is SMIME;
-it is currently off by default for all other operations.
-.It Fl inform Cm der | pem | smime
-The input format.
-.It Fl inkey Ar file
-The private key to use when signing or decrypting,
-which must match the corresponding certificate.
-If this option is not specified, the private key must be included
-in the certificate file specified with
-the
-.Fl recip
-or
-.Fl signer
-file.
-When signing,
-this option can be used multiple times to specify successive keys.
-.It Fl keyform Cm der | pem
-Input private key format.
-The default is
-.Cm pem .
-.It Fl md Ar digest
-The digest algorithm to use when signing or resigning.
-If not present then the default digest algorithm for the signing key is used
-(usually SHA1).
-.It Fl noattr
-Do not include attributes.
-.It Fl nocerts
-Do not include the signer's certificate.
-This will reduce the size of the signed message but the verifier must
-have a copy of the signer's certificate available locally (passed using the
-.Fl certfile
-option, for example).
-.It Fl nochain
-Do not do chain verification of signers' certificates: that is,
-don't use the certificates in the signed message as untrusted CAs.
-.It Fl nodetach
-When signing a message, use opaque signing: this form is more resistant
-to translation by mail relays but it cannot be read by mail agents that
-do not support S/MIME.
-Without this option cleartext signing with the MIME type
-multipart/signed is used.
-.It Fl noindef
-Disable streaming I/O where it would produce an encoding of indefinite length
-(currently has no effect).
-.It Fl nointern
-Only use certificates specified in the
-.Fl certfile .
-The supplied certificates can still be used as untrusted CAs.
-.It Fl nosigs
-Do not try to verify the signatures on the message.
-.It Fl nosmimecap
-Exclude the list of supported algorithms from signed attributes,
-other options such as signing time and content type are still included.
-.It Fl noverify
-Do not verify the signer's certificate of a signed message.
-.It Fl out Ar file
-The output file to write to.
-.It Fl outform Cm der | pem | smime
-The output format.
-The default is smime, which writes an S/MIME format message.
-.Cm pem
-and
-.Cm der
-change this to write PEM and DER format PKCS#7 structures instead.
-This currently only affects the output format of the PKCS#7
-structure; if no PKCS#7 structure is being output (for example with
-.Fl verify
-or
-.Fl decrypt )
-this option has no effect.
-.It Fl passin Ar arg
-The key password source.
-.It Fl recip Ar file
-The recipients certificate when decrypting a message.
-This certificate
-must match one of the recipients of the message or an error occurs.
-.It Fl signer Ar file
-A signing certificate when signing or resigning a message;
-this option can be used multiple times if more than one signer is required.
-If a message is being verified, the signer's certificates will be
-written to this file if the verification was successful.
-.It Fl stream
-The same as
-.Fl indef .
-.It Fl text
-Add plain text (text/plain) MIME
-headers to the supplied message if encrypting or signing.
-If decrypting or verifying, it strips off text headers:
-if the decrypted or verified message is not of MIME type text/plain
-then an error occurs.
-.El
-.Pp
-The exit codes for
-.Nm smime
-are as follows:
-.Pp
-.Bl -tag -width "XXXX" -offset 3n -compact
-.It 0
-The operation was completely successful.
-.It 1
-An error occurred parsing the command options.
-.It 2
-One of the input files could not be read.
-.It 3
-An error occurred creating the file or when reading the message.
-.It 4
-An error occurred decrypting or verifying the message.
-.It 5
-An error occurred writing certificates.
-.El
-.Tg speed
-.Sh SPEED
-.Bl -hang -width "openssl speed"
-.It Nm openssl speed
-.Bk -words
-.Op Ar algorithm
-.Op Fl decrypt
-.Op Fl elapsed
-.Op Fl evp Ar algorithm
-.Op Fl mr
-.Op Fl multi Ar number
-.Op Fl unaligned Ar number
-.Ek
-.El
-.Pp
-The
-.Nm speed
-command is used to test the performance of cryptographic algorithms.
-.Bl -tag -width "XXXX"
-.It Ar algorithm
-Perform the test using
-.Ar algorithm .
-The default is to test all algorithms.
-.It Fl decrypt
-Time decryption instead of encryption;
-must be used with
-.Fl evp .
-.It Fl elapsed
-Measure time in real time instead of CPU user time.
-.It Fl evp Ar algorithm
-Perform the test using one of the algorithms accepted by
-.Xr EVP_get_cipherbyname 3 .
-.It Fl mr
-Produce machine readable output.
-.It Fl multi Ar number
-Run
-.Ar number
-benchmarks in parallel.
-.It Fl unaligned Ar number
-Use allocated buffers with an offset of
-.Ar number
-bytes from the alignment provided by
-.Xr malloc 3 .
-.Ar number
-should be between 0 and 16.
-.El
-.Tg ts
-.Sh TS
-.Bk -words
-.Bl -hang -width "openssl ts"
-.It Nm openssl ts
-.Fl query
-.Op Fl md4 | md5 | ripemd160 | sha1
-.Op Fl cert
-.Op Fl config Ar configfile
-.Op Fl data Ar file_to_hash
-.Op Fl digest Ar digest_bytes
-.Op Fl in Ar request.tsq
-.Op Fl no_nonce
-.Op Fl out Ar request.tsq
-.Op Fl policy Ar object_id
-.Op Fl text
-.It Nm openssl ts
-.Fl reply
-.Op Fl chain Ar certs_file.pem
-.Op Fl config Ar configfile
-.Op Fl in Ar response.tsr
-.Op Fl inkey Ar private.pem
-.Op Fl out Ar response.tsr
-.Op Fl passin Ar arg
-.Op Fl policy Ar object_id
-.Op Fl queryfile Ar request.tsq
-.Op Fl section Ar tsa_section
-.Op Fl signer Ar tsa_cert.pem
-.Op Fl text
-.Op Fl token_in
-.Op Fl token_out
-.It Nm openssl ts
-.Fl verify
-.Op Fl CAfile Ar trusted_certs.pem
-.Op Fl CApath Ar trusted_cert_path
-.Op Fl data Ar file_to_hash
-.Op Fl digest Ar digest_bytes
-.Op Fl in Ar response.tsr
-.Op Fl queryfile Ar request.tsq
-.Op Fl token_in
-.Op Fl untrusted Ar cert_file.pem
-.El
-.Ek
-.Pp
-The
-.Nm ts
-command is a basic Time Stamping Authority (TSA) client and server
-application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
-A TSA can be part of a PKI deployment and its role is to provide long
-term proof of the existence of specific data.
-Here is a brief description of the protocol:
-.Bl -enum
-.It
-The TSA client computes a one-way hash value for a data file and sends
-the hash to the TSA.
-.It
-The TSA attaches the current date and time to the received hash value,
-signs them and sends the time stamp token back to the client.
-By creating this token the TSA certifies the existence of the original
-data file at the time of response generation.
-.It
-The TSA client receives the time stamp token and verifies the
-signature on it.
-It also checks if the token contains the same hash
-value that it had sent to the TSA.
-.El
-.Pp
-There is one DER-encoded protocol data unit defined for transporting a time
-stamp request to the TSA and one for sending the time stamp response
-back to the client.
-The
-.Nm ts
-command has three main functions:
-creating a time stamp request based on a data file;
-creating a time stamp response based on a request;
-and verifying if a response corresponds
-to a particular request or a data file.
-.Pp
-There is no support for sending the requests/responses automatically
-over HTTP or TCP yet as suggested in RFC 3161.
-Users must send the requests either by FTP or email.
-.Pp
-The
-.Fl query
-switch can be used for creating and printing a time stamp
-request with the following options:
-.Bl -tag -width Ds
-.It Fl cert
-Expect the TSA to include its signing certificate in the response.
-.It Fl config Ar configfile
-Specify an alternative configuration file.
-Only the OID section is used.
-.It Fl data Ar file_to_hash
-The data file for which the time stamp request needs to be created.
-The default is standard input.
-.It Fl digest Ar digest_bytes
-Specify the message imprint explicitly without the data file.
-The imprint must be specified in a hexadecimal format,
-two characters per byte,
-the bytes optionally separated by colons.
-The number of bytes must match the message digest algorithm in use.
-.It Fl in Ar request.tsq
-A previously created time stamp request in DER
-format that will be printed into the output file.
-Useful for examining the content of a request in human-readable format.
-.It Fl md4 | md5 | ripemd160 | sha | sha1
-The message digest to apply to the data file.
-It supports all the message digest algorithms that are supported by the
-.Nm dgst
-command.
-The default is SHA1.
-.It Fl no_nonce
-Specify no nonce in the request.
-The default, to include a 64-bit long pseudo-random nonce,
-is recommended to protect against replay attacks.
-.It Fl out Ar request.tsq
-The output file to write to,
-or standard output if not specified.
-.It Fl policy Ar object_id
-The policy that the client expects the TSA to use for creating the
-time stamp token.
-Either dotted OID notation or OID names defined
-in the config file can be used.
-If no policy is requested, the TSA uses its own default policy.
-.It Fl text
-Output in human-readable text format instead of DER.
-.El
-.Pp
-A time stamp response (TimeStampResp) consists of a response status
-and the time stamp token itself (ContentInfo),
-if the token generation was successful.
-The
-.Fl reply
-command is for creating a time stamp
-response or time stamp token based on a request and printing the
-response/token in human-readable format.
-If
-.Fl token_out
-is not specified the output is always a time stamp response (TimeStampResp),
-otherwise it is a time stamp token (ContentInfo).
-.Bl -tag -width Ds
-.It Fl chain Ar certs_file.pem
-The collection of PEM certificates
-that will be included in the response
-in addition to the signer certificate if the
-.Fl cert
-option was used for the request.
-This file is supposed to contain the certificate chain
-for the signer certificate from its issuer upwards.
-The
-.Fl reply
-command does not build a certificate chain automatically.
-.It Fl config Ar configfile
-Specify an alternative configuration file.
-.It Fl in Ar response.tsr
-Specify a previously created time stamp response (or time stamp token, if
-.Fl token_in
-is also specified)
-in DER format that will be written to the output file.
-This option does not require a request;
-it is useful, for example,
-to examine the content of a response or token
-or to extract the time stamp token from a response.
-If the input is a token and the output is a time stamp response, a default
-.Qq granted
-status info is added to the token.
-.It Fl inkey Ar private.pem
-The signer private key of the TSA in PEM format.
-Overrides the
-.Cm signer_key
-config file option.
-.It Fl out Ar response.tsr
-The response is written to this file.
-The format and content of the file depends on other options (see
-.Fl text
-and
-.Fl token_out ) .
-The default is stdout.
-.It Fl passin Ar arg
-The key password source.
-.It Fl policy Ar object_id
-The default policy to use for the response.
-Either dotted OID notation or OID names defined
-in the config file can be used.
-If no policy is requested, the TSA uses its own default policy.
-.It Fl queryfile Ar request.tsq
-The file containing a DER-encoded time stamp request.
-.It Fl section Ar tsa_section
-The config file section containing the settings for response generation.
-.It Fl signer Ar tsa_cert.pem
-The PEM signer certificate of the TSA.
-The TSA signing certificate must have exactly one extended key usage
-assigned to it: timeStamping.
-The extended key usage must also be critical,
-otherwise the certificate is going to be refused.
-Overrides the
-.Cm signer_cert
-variable of the config file.
-.It Fl text
-Output in human-readable text format instead of DER.
-.It Fl token_in
-The input is a DER-encoded time stamp token (ContentInfo)
-instead of a time stamp response (TimeStampResp).
-.It Fl token_out
-The output is a time stamp token (ContentInfo)
-instead of a time stamp response (TimeStampResp).
-.El
-.Pp
-The
-.Fl verify
-command is for verifying if a time stamp response or time stamp token
-is valid and matches a particular time stamp request or data file.
-The
-.Fl verify
-command does not use the configuration file.
-.Bl -tag -width Ds
-.It Fl CAfile Ar trusted_certs.pem
-The file containing a set of trusted self-signed PEM CA certificates.
-See
-.Nm verify
-for additional details.
-Either this option or
-.Fl CApath
-must be specified.
-.It Fl CApath Ar trusted_cert_path
-The directory containing the trusted CA certificates of the client.
-See
-.Nm verify
-for additional details.
-Either this option or
-.Fl CAfile
-must be specified.
-.It Fl data Ar file_to_hash
-The response or token must be verified against
-.Ar file_to_hash .
-The file is hashed with the message digest algorithm specified in the token.
-The
-.Fl digest
-and
-.Fl queryfile
-options must not be specified with this one.
-.It Fl digest Ar digest_bytes
-The response or token must be verified against the message digest specified
-with this option.
-The number of bytes must match the message digest algorithm
-specified in the token.
-The
-.Fl data
-and
-.Fl queryfile
-options must not be specified with this one.
-.It Fl in Ar response.tsr
-The time stamp response that needs to be verified, in DER format.
-This option in mandatory.
-.It Fl queryfile Ar request.tsq
-The original time stamp request, in DER format.
-The
-.Fl data
-and
-.Fl digest
-options must not be specified with this one.
-.It Fl token_in
-The input is a DER-encoded time stamp token (ContentInfo)
-instead of a time stamp response (TimeStampResp).
-.It Fl untrusted Ar cert_file.pem
-Additional untrusted PEM certificates which may be needed
-when building the certificate chain for the TSA's signing certificate.
-This file must contain the TSA signing certificate and
-all intermediate CA certificates unless the response includes them.
-.El
-.Pp
-Options specified on the command line always override
-the settings in the config file:
-.Bl -tag -width Ds
-.It Cm tsa Ar section , Cm default_tsa
-This is the main section and it specifies the name of another section
-that contains all the options for the
-.Fl reply
-option.
-This section can be overridden with the
-.Fl section
-command line switch.
-.It Cm oid_file
-See
-.Nm ca
-for a description.
-.It Cm oid_section
-See
-.Nm ca
-for a description.
-.It Cm serial
-The file containing the hexadecimal serial number of the
-last time stamp response created.
-This number is incremented by 1 for each response.
-If the file does not exist at the time of response generation,
-a new file is created with serial number 1.
-This parameter is mandatory.
-.It Cm signer_cert
-TSA signing certificate, in PEM format.
-The same as the
-.Fl signer
-command line option.
-.It Cm certs
-A set of PEM-encoded certificates that need to be
-included in the response.
-The same as the
-.Fl chain
-command line option.
-.It Cm signer_key
-The private key of the TSA, in PEM format.
-The same as the
-.Fl inkey
-command line option.
-.It Cm default_policy
-The default policy to use when the request does not mandate any policy.
-The same as the
-.Fl policy
-command line option.
-.It Cm other_policies
-Comma separated list of policies that are also acceptable by the TSA
-and used only if the request explicitly specifies one of them.
-.It Cm digests
-The list of message digest algorithms that the TSA accepts.
-At least one algorithm must be specified.
-This parameter is mandatory.
-.It Cm accuracy
-The accuracy of the time source of the TSA in seconds, milliseconds
-and microseconds.
-For example, secs:1, millisecs:500, microsecs:100.
-If any of the components is missing,
-zero is assumed for that field.
-.It Cm clock_precision_digits
-The maximum number of digits, which represent the fraction of seconds,
-that need to be included in the time field.
-The trailing zeroes must be removed from the time,
-so there might actually be fewer digits
-or no fraction of seconds at all.
-The maximum value is 6;
-the default is 0.
-.It Cm ordering
-If this option is yes,
-the responses generated by this TSA can always be ordered,
-even if the time difference between two responses is less
-than the sum of their accuracies.
-The default is no.
-.It Cm tsa_name
-Set this option to yes if the subject name of the TSA must be included in
-the TSA name field of the response.
-The default is no.
-.It Cm ess_cert_id_chain
-The SignedData objects created by the TSA always contain the
-certificate identifier of the signing certificate in a signed
-attribute (see RFC 2634, Enhanced Security Services).
-If this option is set to yes and either the
-.Cm certs
-variable or the
-.Fl chain
-option is specified then the certificate identifiers of the chain will also
-be included in the SigningCertificate signed attribute.
-If this variable is set to no,
-only the signing certificate identifier is included.
-The default is no.
-.El
-.Tg verify
-.Sh VERIFY
-.Bl -hang -width "openssl verify"
-.It Nm openssl verify
-.Bk -words
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl check_ss_sig
-.Op Fl CRLfile Ar file
-.Op Fl crl_check
-.Op Fl crl_check_all
-.Op Fl explicit_policy
-.Op Fl extended_crl
-.Op Fl help
-.Op Fl ignore_critical
-.Op Fl inhibit_any
-.Op Fl inhibit_map
-.Op Fl issuer_checks
-.Op Fl legacy_verify
-.Op Fl policy_check
-.Op Fl purpose Ar purpose
-.Op Fl trusted Ar file
-.Op Fl untrusted Ar file
-.Op Fl verbose
-.Op Fl x509_strict
-.Op Ar certificates
-.Ek
-.El
-.Pp
-The
-.Nm verify
-command verifies certificate chains.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl CAfile Ar file
-A
-.Ar file
-of trusted certificates.
-The
-.Ar file
-should contain multiple certificates in PEM format, concatenated together.
-.It Fl CApath Ar directory
-A
-.Ar directory
-of trusted certificates.
-The certificates, or symbolic links to them,
-should have names of the form
-.Ar hash Ns .0 ,
-where
-.Ar hash
-is the hashed certificate subject name
-(see the
-.Fl hash
-option of the
-.Nm x509
-utility).
-.It Fl check_ss_sig
-Verify the signature on the self-signed root CA.
-This is disabled by default
-because it doesn't add any security.
-.It Fl CRLfile Ar file
-The
-.Ar file
-should contain one or more CRLs in PEM format.
-.It Fl crl_check
-Check end entity certificate validity by attempting to look up a valid CRL.
-If a valid CRL cannot be found, an error occurs.
-.It Fl crl_check_all
-Check the validity of all certificates in the chain by attempting
-to look up valid CRLs.
-.It Fl explicit_policy
-Set policy variable require-explicit-policy (RFC 3280).
-.It Fl extended_crl
-Enable extended CRL features such as indirect CRLs and alternate CRL
-signing keys.
-.It Fl help
-Print a usage message.
-.It Fl ignore_critical
-Ignore critical extensions instead of rejecting the certificate.
-.It Fl inhibit_any
-Set policy variable inhibit-any-policy (RFC 3280).
-.It Fl inhibit_map
-Set policy variable inhibit-policy-mapping (RFC 3280).
-.It Fl issuer_checks
-Print diagnostics relating to searches for the issuer certificate
-of the current certificate
-showing why each candidate issuer certificate was rejected.
-The presence of rejection messages
-does not itself imply that anything is wrong:
-during the normal verify process several rejections may take place.
-.It Fl legacy_verify
-Use the legacy X.509 certificate chain verification code.
-.It Fl policy_check
-Enable certificate policy processing.
-.It Fl purpose Ar purpose
-The intended use for the certificate.
-Without this option no chain verification will be done.
-Currently accepted uses are
-.Cm sslclient , sslserver ,
-.Cm nssslserver , smimesign ,
-.Cm smimeencrypt , crlsign ,
-.Cm any ,
-and
-.Cm ocsphelper .
-.It Fl trusted Ar file
-A
-.Ar file
-of trusted certificates.
-The
-.Ar file
-should contain multiple certificates.
-.It Fl untrusted Ar file
-A
-.Ar file
-of untrusted certificates.
-The
-.Ar file
-should contain multiple certificates.
-.It Fl verbose
-Print extra information about the operations being performed.
-.It Fl x509_strict
-Disable workarounds for broken certificates which have to be disabled
-for strict X.509 compliance.
-.It Ar certificates
-One or more PEM
-.Ar certificates
-to verify.
-If no certificate files are included, an attempt is made to read
-a certificate from standard input.
-If the first certificate filename begins with a dash,
-use a lone dash to mark the last option.
-.El
-.Pp
-The
-.Nm verify
-program uses the same functions as the internal SSL and S/MIME verification,
-with one crucial difference:
-wherever possible an attempt is made to continue after an error,
-whereas normally the verify operation would halt on the first error.
-This allows all the problems with a certificate chain to be determined.
-.Pp
-The verify operation consists of a number of separate steps.
-Firstly a certificate chain is built up starting from the supplied certificate
-and ending in the root CA.
-It is an error if the whole chain cannot be built up.
-The chain is built up by looking up the issuer's certificate of the current
-certificate.
-If a certificate is found which is its own issuer, it is assumed
-to be the root CA.
-.Pp
-All certificates whose subject name matches the issuer name
-of the current certificate are subject to further tests.
-The relevant authority key identifier components of the current certificate
-(if present) must match the subject key identifier (if present)
-and issuer and serial number of the candidate issuer;
-in addition the
-.Cm keyUsage
-extension of the candidate issuer (if present) must permit certificate signing.
-.Pp
-The lookup first looks in the list of untrusted certificates and if no match
-is found the remaining lookups are from the trusted certificates.
-The root CA is always looked up in the trusted certificate list:
-if the certificate to verify is a root certificate,
-then an exact match must be found in the trusted list.
-.Pp
-The second operation is to check every untrusted certificate's extensions for
-consistency with the supplied purpose.
-If the
-.Fl purpose
-option is not included, then no checks are done.
-The supplied or
-.Qq leaf
-certificate must have extensions compatible with the supplied purpose
-and all other certificates must also be valid CA certificates.
-The precise extensions required are described in more detail in
-the
-.Nm X509
-section below.
-.Pp
-The third operation is to check the trust settings on the root CA.
-The root CA should be trusted for the supplied purpose.
-A certificate with no trust settings is considered to be valid for
-all purposes.
-.Pp
-The final operation is to check the validity of the certificate chain.
-The validity period is checked against the current system time and the
-.Cm notBefore
-and
-.Cm notAfter
-dates in the certificate.
-The certificate signatures are also checked at this point.
-.Pp
-If all operations complete successfully, the certificate is considered
-valid.
-If any operation fails then the certificate is not valid.
-When a verify operation fails, the output messages can be somewhat cryptic.
-The general form of the error message is:
-.Bd -literal
-server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
-error 24 at 1 depth lookup:invalid CA certificate
-.Ed
-.Pp
-The first line contains the name of the certificate being verified, followed by
-the subject name of the certificate.
-The second line contains the error number as defined by the
-.Dv X509_V_ERR_*
-constants in
-.In openssl/x509_vfy.h ,
-the associated error message documented in
-.Xr X509_STORE_CTX_get_error 3 ,
-and the depth.
-The depth is the number of the certificate being verified when a
-problem was detected starting with zero for the certificate being verified
-itself, then 1 for the CA that signed the certificate and so on.
-.Tg version
-.Sh VERSION
-.Nm openssl version
-.Op Fl abdfpv
-.Pp
-The
-.Nm version
-command is used to print out version information about
-.Nm openssl .
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl a
-All information: this is the same as setting all the other flags.
-.It Fl b
-The date the current version of
-.Nm openssl
-was built.
-.It Fl d
-.Ev OPENSSLDIR
-setting.
-.It Fl f
-Compilation flags.
-.It Fl p
-Platform setting.
-.It Fl v
-The current
-.Nm openssl
-version.
-.El
-.Tg x509
-.Sh X509
-.Bl -hang -width "openssl x509"
-.It Nm openssl x509
-.Bk -words
-.Op Fl C
-.Op Fl addreject Ar arg
-.Op Fl addtrust Ar arg
-.Op Fl alias
-.Op Fl CA Ar file
-.Op Fl CAcreateserial
-.Op Fl CAform Cm der | pem
-.Op Fl CAkey Ar file
-.Op Fl CAkeyform Cm der | pem
-.Op Fl CAserial Ar file
-.Op Fl certopt Ar option
-.Op Fl checkend Ar arg
-.Op Fl clrext
-.Op Fl clrreject
-.Op Fl clrtrust
-.Op Fl dates
-.Op Fl days Ar arg
-.Op Fl email
-.Op Fl enddate
-.Op Fl extensions Ar section
-.Op Fl extfile Ar file
-.Op Fl fingerprint
-.Op Fl force_pubkey Ar key
-.Op Fl hash
-.Op Fl in Ar file
-.Op Fl inform Cm der | net | pem
-.Op Fl issuer
-.Op Fl issuer_hash
-.Op Fl issuer_hash_old
-.Op Fl keyform Cm der | pem
-.Op Fl md5 | sha1
-.Op Fl modulus
-.Op Fl multivalue-rdn
-.Op Fl nameopt Ar option
-.Op Fl new
-.Op Fl next_serial
-.Op Fl noout
-.Op Fl ocsp_uri
-.Op Fl ocspid
-.Op Fl out Ar file
-.Op Fl outform Cm der | net | pem
-.Op Fl passin Ar arg
-.Op Fl pubkey
-.Op Fl purpose
-.Op Fl req
-.Op Fl serial
-.Op Fl set_issuer Ar name
-.Op Fl set_serial Ar n
-.Op Fl set_subject Ar name
-.Op Fl setalias Ar arg
-.Op Fl signkey Ar file
-.Op Fl sigopt Ar nm:v
-.Op Fl startdate
-.Op Fl subject
-.Op Fl subject_hash
-.Op Fl subject_hash_old
-.Op Fl text
-.Op Fl trustout
-.Op Fl utf8
-.Op Fl x509toreq
-.Ek
-.El
-.Pp
-The
-.Nm x509
-command is a multi-purpose certificate utility.
-It can be used to display certificate information, convert certificates to
-various forms, sign certificate requests like a
-.Qq mini CA ,
-or edit certificate trust settings.
-.Pp
-The following are x509 input, output, and general purpose options:
-.Bl -tag -width "XXXX"
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-This option cannot be used with
-.Fl new .
-.It Fl inform Cm der | net | pem
-The input format.
-Normally, the command will expect an X.509 certificate,
-but this can change if other options such as
-.Fl in
-or
-.Fl req
-are present.
-.It Fl md5 | sha1
-The digest to use.
-This affects any signing or display option that uses a message digest,
-such as the
-.Fl fingerprint , signkey ,
-and
-.Fl CA
-options.
-If not specified, MD5 is used.
-SHA1 is always used with DSA keys.
-.It Fl out Ar file
-The output file to write to,
-or standard output if none is specified.
-.It Fl outform Cm der | net | pem
-The output format.
-.It Fl passin Ar arg
-The key password source.
-.El
-.Pp
-The following are x509 display options:
-.Bl -tag -width "XXXX"
-.It Fl C
-Output the certificate in the form of a C source file.
-.It Fl certopt Ar option
-Customise the output format used with
-.Fl text ,
-either using a list of comma-separated options or by specifying
-.Fl certopt
-multiple times.
-The default behaviour is to print all fields.
-The options are as follows:
-.Pp
-.Bl -tag -width "no_extensions" -offset indent -compact
-.It Cm ca_default
-Equivalent to
-.Cm no_issuer , no_pubkey , no_header ,
-.Cm no_version , no_sigdump ,
-and
-.Cm no_signame .
-.It Cm compatible
-Equivalent to no output options at all.
-.It Cm ext_default
-Print unsupported certificate extensions.
-.It Cm ext_dump
-Hex dump unsupported extensions.
-.It Cm ext_error
-Print an error message for unsupported certificate extensions.
-.It Cm ext_parse
-ASN.1 parse unsupported extensions.
-.It Cm no_aux
-Do not print certificate trust information.
-.It Cm no_extensions
-Do not print X509V3 extensions.
-.It Cm no_header
-Do not print header (Certificate and Data) information.
-.It Cm no_issuer
-Do not print the issuer name.
-.It Cm no_pubkey
-Do not print the public key.
-.It Cm no_serial
-Do not print the serial number.
-.It Cm no_sigdump
-Do not give a hexadecimal dump of the certificate signature.
-.It Cm no_signame
-Do not print the signature algorithm used.
-.It Cm no_subject
-Do not print the subject name.
-.It Cm no_validity
-Do not print the
-.Cm notBefore
-and
-.Cm notAfter
-(validity) fields.
-.It Cm no_version
-Do not print the version number.
-.El
-.It Fl dates
-Print the start and expiry date of a certificate.
-.It Fl email
-Output the email addresses, if any.
-.It Fl enddate
-Print the expiry date of the certificate; that is, the
-.Cm notAfter
-date.
-.It Fl fingerprint
-Print the digest of the DER-encoded version of the whole certificate.
-.It Fl hash
-A synonym for
-.Fl subject_hash .
-.It Fl issuer
-Print the issuer name.
-.It Fl issuer_hash
-Print the hash of the certificate issuer name.
-.It Fl issuer_hash_old
-Print the hash of the certificate issuer name
-using the older algorithm as used by
-.Nm openssl
-versions before 1.0.0.
-.It Fl modulus
-Print the value of the modulus of the public key contained in the certificate.
-.It Fl multivalue-rdn
-This option causes the
-.Fl subj
-argument to be interpreted with full support for multivalued RDNs,
-for example
-.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
-If
-.Fl multivalue-rdn
-is not used, the UID value is set to
-.Qq "123456+CN=John Doe" .
-.It Fl nameopt Ar option
-Customise how the subject or issuer names are displayed,
-either using a list of comma-separated options or by specifying
-.Fl nameopt
-multiple times.
-The default behaviour is to use the
-.Cm oneline
-format.
-The options,
-which can be preceded by a dash to turn them off,
-are as follows:
-.Bl -tag -width "XXXX"
-.It Cm align
-Align field values for a more readable output.
-Only usable with
-.Ar sep_multiline .
-.It Cm compat
-Use the old format,
-equivalent to specifying no options at all.
-.It Cm dn_rev
-Reverse the fields of the DN, as required by RFC 2253.
-As a side effect, this also reverses the order of multiple AVAs.
-.It Cm dump_all
-Dump all fields.
-When used with
-.Ar dump_der ,
-it allows the DER encoding of the structure to be unambiguously determined.
-.It Cm dump_der
-Any fields that need to be hexdumped are
-dumped using the DER encoding of the field.
-Otherwise just the content octets will be displayed.
-Both options use the RFC 2253 #XXXX... format.
-.It Cm dump_nostr
-Dump non-character string types
-(for example OCTET STRING);
-usually, non-character string types are displayed
-as though each content octet represents a single character.
-.It Cm dump_unknown
-Dump any field whose OID is not recognised by
-.Nm openssl .
-.It Cm esc_2253
-Escape the
-.Qq special
-characters required by RFC 2253 in a field that is
-.Dq \& ,+"<>; .
-Additionally,
-.Sq #
-is escaped at the beginning of a string
-and a space character at the beginning or end of a string.
-.It Cm esc_ctrl
-Escape control characters.
-That is, those with ASCII values less than 0x20 (space)
-and the delete (0x7f) character.
-They are escaped using the RFC 2253 \eXX notation (where XX are two hex
-digits representing the character value).
-.It Cm esc_msb
-Escape characters with the MSB set; that is, with ASCII values larger than
-127.
-.It Cm multiline
-A multiline format.
-Equivalent to
-.Cm esc_ctrl , esc_msb , sep_multiline ,
-.Cm space_eq , lname ,
-and
-.Cm align .
-.It Cm no_type
-Do not attempt to interpret multibyte characters.
-That is, content octets are merely dumped as though one octet
-represents each character.
-This is useful for diagnostic purposes
-but results in rather odd looking output.
-.It Cm nofname , sname , lname , oid
-Alter how the field name is displayed:
-.Cm nofname
-does not display the field at all;
-.Cm sname
-uses the short name form (CN for
-.Cm commonName ,
-for example);
-.Cm lname
-uses the long form.
-.Cm oid
-represents the OID in numerical form and is useful for diagnostic purpose.
-.It Cm oneline
-A one line format which is more readable than
-.Cm RFC2253 .
-Equivalent to
-.Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
-.Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
-.Cm space_eq ,
-and
-.Cm sname .
-.It Cm RFC2253
-Displays names compatible with RFC 2253.
-Equivalent to
-.Cm esc_2253 , esc_ctrl ,
-.Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
-.Cm dump_der , sep_comma_plus , dn_rev ,
-and
-.Cm sname .
-.It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
-Determine the field separators:
-the first character is between RDNs and the second between multiple AVAs
-(multiple AVAs are very rare and their use is discouraged).
-The options ending in
-.Qq space
-additionally place a space after the separator to make it more readable.
-.Cm sep_multiline
-uses a linefeed character for the RDN separator and a spaced
-.Sq +
-for the AVA separator,
-as well as indenting the fields by four characters.
-If no field separator is specified then
-.Cm sep_comma_plus_space
-is used by default.
-.It Cm show_type
-Show the type of the ASN.1 character string.
-The type precedes the field contents.
-For example
-.Qq BMPSTRING: Hello World .
-.It Cm space_eq
-Place spaces round the
-.Sq =
-character which follows the field name.
-.It Cm use_quote
-Escape some characters by surrounding the whole string with
-.Sq \&"
-characters.
-Without the option, all escaping is done with the
-.Sq \e
-character.
-.It Cm utf8
-Convert all strings to UTF8 format first, as required by RFC 2253.
-On a UTF8 compatible terminal,
-the use of this option (and not setting
-.Cm esc_msb )
-may result in the correct display of multibyte characters.
-Usually, multibyte characters larger than 0xff
-are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
-for 32 bits,
-and any UTF8Strings are converted to their character form first.
-.El
-.It Fl next_serial
-Print the next serial number.
-.It Fl noout
-Do not output the encoded version of the request.
-.It Fl ocsp_uri
-Print the OCSP responder addresses, if any.
-.It Fl ocspid
-Print OCSP hash values for the subject name and public key.
-.It Fl pubkey
-Print the public key.
-.It Fl serial
-Print the certificate serial number.
-.It Fl sigopt Ar nm:v
-Pass options to the signature algorithm during sign or certify operations.
-The names and values of these options are algorithm-specific.
-.It Fl startdate
-Print the start date of the certificate; that is, the
-.Cm notBefore
-date.
-.It Fl subject
-Print the subject name.
-.It Fl subject_hash
-Print the hash of the certificate subject name.
-This is used in
-.Nm openssl
-to form an index to allow certificates in a directory to be looked up
-by subject name.
-.It Fl subject_hash_old
-Print the hash of the certificate subject name
-using the older algorithm as used by
-.Nm openssl
-versions before 1.0.0.
-.It Fl text
-Print the full certificate in text form.
-.El
-.Pp
-A trusted certificate is a certificate which has several
-additional pieces of information attached to it such as the permitted
-and prohibited uses of the certificate and an alias.
-When a certificate is being verified, at least one certificate must be trusted.
-By default, a trusted certificate must be stored locally and be a root CA.
-The following are x509 trust settings options:
-.Bl -tag -width "XXXX"
-.It Fl addreject Ar arg
-Add a prohibited use.
-Accepts the same values as the
-.Fl addtrust
-option.
-.It Fl addtrust Ar arg
-Add a trusted certificate use.
-Any object name can be used here, but currently only
-.Cm clientAuth
-(SSL client use),
-.Cm serverAuth
-(SSL server use),
-and
-.Cm emailProtection
-(S/MIME email) are used.
-.It Fl alias
-Output the certificate alias.
-.It Fl clrreject
-Clear all the prohibited or rejected uses of the certificate.
-.It Fl clrtrust
-Clear all the permitted or trusted uses of the certificate.
-.It Fl purpose
-Perform tests on the certificate extensions.
-The same code is used when verifying untrusted certificates in chains,
-so this section is useful if a chain is rejected by the verify code.
-.Pp
-The
-.Cm basicConstraints
-extension CA flag is used to determine whether the
-certificate can be used as a CA.
-If the CA flag is true, it is a CA;
-if the CA flag is false, it is not a CA.
-All CAs should have the CA flag set to true.
-.Pp
-If the
-.Cm basicConstraints
-extension is absent, then the certificate is
-considered to be a possible CA;
-other extensions are checked according to the intended use of the certificate.
-A warning is given in this case because the certificate should really not
-be regarded as a CA.
-However it is allowed to be a CA to work around some broken software.
-.Pp
-If the certificate is a V1 certificate
-(and thus has no extensions) and it is self-signed,
-it is also assumed to be a CA but a warning is again given.
-This is to work around the problem of Verisign roots
-which are V1 self-signed certificates.
-.Pp
-If the
-.Cm keyUsage
-extension is present, then additional restraints are
-made on the uses of the certificate.
-A CA certificate must have the
-.Cm keyCertSign
-bit set if the
-.Cm keyUsage
-extension is present.
-.Pp
-The extended key usage extension places additional restrictions on the
-certificate uses.
-If this extension is present, whether critical or not,
-the key can only be used for the purposes specified.
-.Pp
-A complete description of each test is given below.
-The comments about
-.Cm basicConstraints
-and
-.Cm keyUsage
-and V1 certificates above apply to all CA certificates.
-.Bl -tag -width "XXXX"
-.It SSL Client
-The extended key usage extension must be absent or include the
-web client authentication OID.
-.Cm keyUsage
-must be absent or it must have the
-.Cm digitalSignature
-bit set.
-The Netscape certificate type must be absent
-or it must have the SSL client bit set.
-.It SSL Client CA
-The extended key usage extension must be absent or include the
-web client authentication OID.
-The Netscape certificate type must be absent
-or it must have the SSL CA bit set:
-this is used as a workaround if the
-.Cm basicConstraints
-extension is absent.
-.It SSL Server
-The extended key usage extension must be absent or include the
-web server authentication and/or one of the SGC OIDs.
-.Cm keyUsage
-must be absent or it must have the
-.Cm digitalSignature
-set, the
-.Cm keyEncipherment
-set, or both bits set.
-The Netscape certificate type must be absent or have the SSL server bit set.
-.It SSL Server CA
-The extended key usage extension must be absent or include the
-web server authentication and/or one of the SGC OIDs.
-The Netscape certificate type must be absent or the SSL CA bit must be set:
-this is used as a workaround if the
-.Cm basicConstraints
-extension is absent.
-.It Netscape SSL Server
-For Netscape SSL clients to connect to an SSL server; it must have the
-.Cm keyEncipherment
-bit set if the
-.Cm keyUsage
-extension is present.
-This isn't always valid because some cipher suites use the key for
-digital signing.
-Otherwise it is the same as a normal SSL server.
-.It Common S/MIME Client Tests
-The extended key usage extension must be absent or include the
-email protection OID.
-The Netscape certificate type must be absent or should have the S/MIME bit set.
-If the S/MIME bit is not set in Netscape certificate type, then the SSL
-client bit is tolerated as an alternative but a warning is shown:
-this is because some Verisign certificates don't set the S/MIME bit.
-.It S/MIME Signing
-In addition to the common S/MIME client tests, the
-.Cm digitalSignature
-bit must be set if the
-.Cm keyUsage
-extension is present.
-.It S/MIME Encryption
-In addition to the common S/MIME tests, the
-.Cm keyEncipherment
-bit must be set if the
-.Cm keyUsage
-extension is present.
-.It S/MIME CA
-The extended key usage extension must be absent or include the
-email protection OID.
-The Netscape certificate type must be absent
-or must have the S/MIME CA bit set:
-this is used as a workaround if the
-.Cm basicConstraints
-extension is absent.
-.It CRL Signing
-The
-.Cm keyUsage
-extension must be absent or it must have the CRL signing bit set.
-.It CRL Signing CA
-The normal CA tests apply, except the
-.Cm basicConstraints
-extension must be present.
-.El
-.It Fl setalias Ar arg
-Set the alias of the certificate,
-allowing the certificate to be referred to using a nickname,
-such as
-.Qq Steve's Certificate .
-.It Fl trustout
-Output a trusted certificate
-(the default if any trust settings are modified).
-An ordinary or trusted certificate can be input, but by default an ordinary
-certificate is output and any trust settings are discarded.
-.El
-.Pp
-The
-.Nm x509
-utility can be used to sign certificates and requests:
-it can thus behave like a mini CA.
-The following are x509 signing options:
-.Bl -tag -width "XXXX"
-.It Fl CA Ar file
-The CA certificate to be used for signing.
-When this option is present,
-.Nm x509
-behaves like a mini CA.
-The input file is signed by the CA using this option;
-that is, its issuer name is set to the subject name of the CA and it is
-digitally signed using the CA's private key.
-.Pp
-This option is normally combined with the
-.Fl req
-option.
-Without the
-.Fl req
-option, the input is a certificate which must be self-signed.
-.It Fl CAcreateserial
-Create the CA serial number file if it does not exist
-instead of generating an error.
-The file will contain the serial number
-.Sq 02
-and the certificate being signed will have
-.Sq 1
-as its serial number.
-.It Fl CAform Cm der | pem
-The format of the CA certificate file.
-The default is
-.Cm pem .
-.It Fl CAkey Ar file
-Set the CA private key to sign a certificate with.
-Otherwise it is assumed that the CA private key is present
-in the CA certificate file.
-.It Fl CAkeyform Cm der | pem
-The format of the CA private key.
-The default is
-.Cm pem .
-.It Fl CAserial Ar file
-Use the serial number in
-.Ar file
-to sign a certificate.
-The file should consist of one line containing an even number of hex digits
-with the serial number to use.
-After each use the serial number is incremented and written out
-to the file again.
-.Pp
-The default filename consists of the CA certificate file base name with
-.Pa .srl
-appended.
-For example, if the CA certificate file is called
-.Pa mycacert.pem ,
-it expects to find a serial number file called
-.Pa mycacert.srl .
-.It Fl checkend Ar arg
-Check whether the certificate expires in the next
-.Ar arg
-seconds.
-If so, exit with return value 1;
-otherwise exit with return value 0.
-.It Fl clrext
-Delete any extensions from a certificate.
-This option is used when a certificate is being created from another
-certificate (for example with the
-.Fl signkey
-or the
-.Fl CA
-options).
-Normally, all extensions are retained.
-.It Fl days Ar arg
-The number of days to make a certificate valid for.
-The default is 30 days.
-.It Fl extensions Ar section
-The section to add certificate extensions from.
-If this option is not specified, the extensions should either be
-contained in the unnamed (default) section
-or the default section should contain a variable called
-.Qq extensions
-which contains the section to use.
-.It Fl extfile Ar file
-File containing certificate extensions to use.
-If not specified, no extensions are added to the certificate.
-.It Fl force_pubkey Ar key
-Set the public key of the certificate to the public key contained in
-.Ar key .
-.It Fl keyform Cm der | pem
-The format of the key file used in the
-.Fl force_pubkey
-and
-.Fl signkey
-options.
-.It Fl new
-Generate a new certificate using the subject given by
-.Fl set_subject
-and signed by
-.Fl signkey .
-If no public key is provided with
-.Fl force_pubkey ,
-the resulting certificate is self-signed.
-This option cannot be used with
-.Fl in
-or
-.Fl req .
-.It Fl req
-Expect a certificate request on input instead of a certificate.
-This option cannot be used with
-.Fl new .
-.It Fl set_issuer Ar name
-The issuer name to use.
-.Ar name
-must be formatted as /type0=value0/type1=value1/type2=...;
-characters may be escaped by
-.Sq \e
-(backslash);
-no spaces are skipped.
-.It Fl set_serial Ar n
-The serial number to use.
-This option can be used with either the
-.Fl signkey
-or
-.Fl CA
-options.
-If used in conjunction with the
-.Fl CA
-option, the serial number file (as specified by the
-.Fl CAserial
-or
-.Fl CAcreateserial
-options) is not used.
-.Pp
-The serial number can be decimal or hex (if preceded by
-.Sq 0x ) .
-Negative serial numbers can also be specified but their use is not recommended.
-.It Fl set_subject Ar name
-The subject name to use.
-.Ar name
-must be formatted as /type0=value0/type1=value1/type2=...;
-characters may be escaped by
-.Sq \e
-(backslash);
-no spaces are skipped.
-.It Fl signkey Ar file
-Self-sign
-.Ar file
-using the supplied private key.
-.Pp
-If the input file is a certificate, it sets the issuer name to the
-subject name (i.e. makes it self-signed),
-changes the public key to the supplied value,
-and changes the start and end dates.
-The start date is set to the current time and the end date is set to
-a value determined by the
-.Fl days
-option.
-Any certificate extensions are retained unless the
-.Fl clrext
-option is supplied.
-.Pp
-If the input is a certificate request, a self-signed certificate
-is created using the supplied private key using the subject name in
-the request.
-.It Fl utf8
-Interpret field values read from a terminal or obtained from a configuration
-file as UTF-8 strings.
-By default, they are interpreted as ASCII.
-.It Fl x509toreq
-Convert a certificate into a certificate request.
-The
-.Fl signkey
-option is used to pass the required private key.
-.El
-.Sh COMMON NOTATION
-Several commands share a common syntax,
-as detailed below.
-.Pp
-Password arguments, typically specified using
-.Fl passin
-and
-.Fl passout
-for input and output passwords,
-allow passwords to be obtained from a variety of sources.
-Both of these options take a single argument, described below.
-If no password argument is given and a password is required,
-then the user is prompted to enter one:
-this will typically be read from the current terminal with echoing turned off.
-.Bl -tag -width "pass:password" -offset indent
-.It Cm pass : Ns Ar password
-The actual password is
-.Ar password .
-Since the password is visible to utilities,
-this form should only be used where security is not important.
-.It Cm env : Ns Ar var
-Obtain the password from the environment variable
-.Ar var .
-Since the environment of other processes is visible,
-this option should be used with caution.
-.It Cm file : Ns Ar path
-The first line of
-.Ar path
-is the password.
-If the same
-.Ar path
-argument is supplied to
-.Fl passin
-and
-.Fl passout ,
-then the first line will be used for the input password and the next line
-for the output password.
-.Ar path
-need not refer to a regular file:
-it could, for example, refer to a device or named pipe.
-.It Cm fd : Ns Ar number
-Read the password from the file descriptor
-.Ar number .
-This can be used to send the data via a pipe, for example.
-.It Cm stdin
-Read the password from standard input.
-.El
-.Pp
-Input/output formats,
-typically specified using
-.Fl inform
-and
-.Fl outform ,
-indicate the format being read from or written to.
-The argument is case insensitive.
-.Pp
-.Bl -tag -width Ds -offset indent -compact
-.It Cm der
-Distinguished Encoding Rules (DER)
-is a binary format.
-.It Cm net
-Insecure legacy format.
-.It Cm pem
-Privacy Enhanced Mail (PEM)
-is base64-encoded.
-.It Cm pvk
-Private Key format.
-.It Cm smime
-An SMIME format message.
-.It Cm txt
-Plain ASCII text.
-.El
-.Sh ENVIRONMENT
-The following environment variables affect the execution of
-.Nm openssl :
-.Bl -tag -width "/etc/ssl/openssl.cnf"
-.It Ev OPENSSL_CONF
-The location of the master configuration file.
-.El
-.Sh FILES
-.Bl -tag -width "/etc/ssl/openssl.cnf" -compact
-.It Pa /etc/ssl/
-Default config directory for
-.Nm openssl .
-.It Pa /etc/ssl/lib/
-Unused.
-.It Pa /etc/ssl/private/
-Default private key directory.
-.It Pa /etc/ssl/openssl.cnf
-Default configuration file for
-.Nm openssl .
-.It Pa /etc/ssl/x509v3.cnf
-Default configuration file for
-.Nm x509
-certificates.
-.El
-.Sh SEE ALSO
-.Xr acme-client 1 ,
-.Xr nc 1 ,
-.Xr openssl.cnf 5 ,
-.Xr x509v3.cnf 5 ,
-.Xr ssl 8 ,
-.Xr starttls 8
-.Sh STANDARDS
-.Rs
-.%A T. Dierks
-.%A C. Allen
-.%D January 1999
-.%R RFC 2246
-.%T The TLS Protocol Version 1.0
-.Re
-.Pp
-.Rs
-.%A M. Wahl
-.%A S. Killie
-.%A T. Howes
-.%D December 1997
-.%R RFC 2253
-.%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
-.Re
-.Pp
-.Rs
-.%A B. Kaliski
-.%D March 1998
-.%R RFC 2315
-.%T PKCS #7: Cryptographic Message Syntax Version 1.5
-.Re
-.Pp
-.Rs
-.%A R. Housley
-.%A W. Ford
-.%A W. Polk
-.%A D. Solo
-.%D January 1999
-.%R RFC 2459
-.%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
-.Re
-.Pp
-.Rs
-.%A M. Myers
-.%A R. Ankney
-.%A A. Malpani
-.%A S. Galperin
-.%A C. Adams
-.%D June 1999
-.%R RFC 2560
-.%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
-.Re
-.Pp
-.Rs
-.%A R. Housley
-.%D June 1999
-.%R RFC 2630
-.%T Cryptographic Message Syntax
-.Re
-.Pp
-.Rs
-.%A P. Chown
-.%D June 2002
-.%R RFC 3268
-.%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
-.Re
diff -Naur a/apps/openssl/openssl-libre.1 b/apps/openssl/openssl-libre.1
--- a/apps/openssl/openssl-libre.1	1970-01-01 06:00:00.000000000 +0600
+++ b/apps/openssl/openssl-libre.1	2025-01-09 23:29:16.599526244 +0600
@@ -0,0 +1,6865 @@
+.\" $OpenBSD: openssl.1,v 1.161 2024/08/30 06:05:10 jmc Exp $
+.\" ====================================================================
+.\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\" ====================================================================
+.\"
+.\" This product includes cryptographic software written by Eric Young
+.\" (eay@cryptsoft.com).  This product includes software written by Tim
+.\" Hudson (tjh@cryptsoft.com).
+.\"
+.\"
+.\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+.\" All rights reserved.
+.\"
+.\" This package is an SSL implementation written
+.\" by Eric Young (eay@cryptsoft.com).
+.\" The implementation was written so as to conform with Netscapes SSL.
+.\"
+.\" This library is free for commercial and non-commercial use as long as
+.\" the following conditions are aheared to.  The following conditions
+.\" apply to all code found in this distribution, be it the RC4, RSA,
+.\" lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+.\" included with this distribution is covered by the same copyright terms
+.\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
+.\"
+.\" Copyright remains Eric Young's, and as such any Copyright notices in
+.\" the code are not to be removed.
+.\" If this package is used in a product, Eric Young should be given attribution
+.\" as the author of the parts of the library used.
+.\" This can be in the form of a textual message at program startup or
+.\" in documentation (online or textual) provided with the package.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"    "This product includes cryptographic software written by
+.\"     Eric Young (eay@cryptsoft.com)"
+.\"    The word 'cryptographic' can be left out if the rouines from the library
+.\"    being used are not cryptographic related :-).
+.\" 4. If you include any Windows specific code (or a derivative thereof) from
+.\"    the apps directory (application code) you must include an
+.\"    acknowledgement:
+.\"    "This product includes software written by Tim Hudson
+.\"     (tjh@cryptsoft.com)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" The licence and distribution terms for any publically available version or
+.\" derivative of this code cannot be changed.  i.e. this code cannot simply be
+.\" copied and put under another distribution licence
+.\" [including the GNU Public Licence.]
+.\"
+.Dd $Mdocdate: August 30 2024 $
+.Dt OPENSSL 1
+.Os
+.Sh NAME
+.Nm openssl
+.Nd OpenSSL command line tool
+.Sh SYNOPSIS
+.Nm
+.Ar command
+.Op Ar command_opt ...
+.Op Ar command_arg ...
+.Pp
+.Nm
+.Cm list-standard-commands |
+.Cm list-message-digest-commands |
+.Cm list-cipher-commands |
+.Cm list-cipher-algorithms |
+.Cm list-message-digest-algorithms |
+.Cm list-public-key-algorithms
+.Pp
+.Nm
+.Cm no- Ns Ar command
+.Sh DESCRIPTION
+.Nm OpenSSL
+is a cryptography toolkit implementing the
+Transport Layer Security
+.Pq TLS
+network protocol,
+as well as related cryptography standards.
+.Pp
+The
+.Nm
+program is a command line tool for using the various
+cryptography functions of
+.Nm openssl Ns 's
+crypto library from the shell.
+.Pp
+The pseudo-commands
+.Cm list-standard-commands , list-message-digest-commands ,
+and
+.Cm list-cipher-commands
+output a list
+.Pq one entry per line
+of the names of all standard commands, message digest commands,
+or cipher commands, respectively, that are available in the present
+.Nm
+utility.
+.Pp
+The pseudo-commands
+.Cm list-cipher-algorithms
+and
+.Cm list-message-digest-algorithms
+list all cipher and message digest names,
+one entry per line.
+Aliases are listed as:
+.Pp
+.D1 from => to
+.Pp
+The pseudo-command
+.Cm list-public-key-algorithms
+lists all supported public key algorithms.
+.Pp
+The pseudo-command
+.Cm no- Ns Ar command
+tests whether a command of the
+specified name is available.
+If
+.Ar command
+does not exist,
+it returns 0
+and prints
+.Cm no- Ns Ar command ;
+otherwise it returns 1 and prints
+.Ar command .
+In both cases, the output goes to stdout and nothing is printed to stderr.
+Additional command line arguments are always ignored.
+Since for each cipher there is a command of the same name,
+this provides an easy way for shell scripts to test for the
+availability of ciphers in the
+.Nm
+program.
+.Pp
+.Sy Note :
+.Cm no- Ns Ar command
+is not able to detect pseudo-commands such as
+.Cm quit ,
+.Cm list- Ns Ar ... Ns Cm -commands ,
+or
+.Cm no- Ns Ar command
+itself.
+.Tg asn1parse
+.Sh ASN1PARSE
+.Bl -hang -width "openssl asn1parse"
+.It Nm openssl asn1parse
+.Bk -words
+.Op Fl i
+.Op Fl dlimit Ar number
+.Op Fl dump
+.Op Fl genconf Ar file
+.Op Fl genstr Ar str
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem | txt
+.Op Fl length Ar number
+.Op Fl noout
+.Op Fl offset Ar number
+.Op Fl oid Ar file
+.Op Fl out Ar file
+.Op Fl strparse Ar offset
+.Ek
+.El
+.Pp
+The
+.Nm asn1parse
+command is a diagnostic utility that can parse ASN.1 structures.
+It can also be used to extract data from ASN.1 formatted data.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl dlimit Ar number
+Dump the first
+.Ar number
+bytes of unknown data in hex form.
+.It Fl dump
+Dump unknown data in hex form.
+.It Fl genconf Ar file , Fl genstr Ar str
+Generate encoded data based on string
+.Ar str ,
+file
+.Ar file ,
+or both, using the format described in
+.Xr ASN1_generate_nconf 3 .
+If only
+.Ar file
+is present then the string is obtained from the default section
+using the name
+.Dq asn1 .
+The encoded data is passed through the ASN.1 parser and printed out as
+though it came from a file;
+the contents can thus be examined and written to a file using the
+.Fl out
+option.
+.It Fl i
+Indent the output according to the
+.Qq depth
+of the structures.
+.It Fl in Ar file
+The input file to read from, or standard input if not specified.
+.It Fl inform Cm der | pem | txt
+The input format.
+.It Fl length Ar number
+Number of bytes to parse; the default is until end of file.
+.It Fl noout
+Do not output the parsed version of the input file.
+.It Fl offset Ar number
+Starting offset to begin parsing; the default is start of file.
+.It Fl oid Ar file
+A file containing additional object identifiers
+.Pq OIDs .
+If an OID
+.Pq object identifier
+is not part of
+.Nm openssl Ns 's
+internal table, it will be represented in
+numerical form
+.Pq for example 1.2.3.4 .
+.Pp
+Each line consists of three columns:
+the first column is the OID in numerical format and should be followed by
+whitespace.
+The second column is the
+.Qq short name ,
+which is a single word followed by whitespace.
+The final column is the rest of the line and is the
+.Qq long name .
+.Nm asn1parse
+displays the long name.
+.It Fl out Ar file
+The DER-encoded output file; the default is no encoded output
+(useful when combined with
+.Fl strparse ) .
+.It Fl strparse Ar offset
+Parse the content octets of the ASN.1 object starting at
+.Ar offset .
+This option can be used multiple times to
+.Qq drill down
+into a nested structure.
+.El
+.Tg ca
+.Sh CA
+.Bl -hang -width "openssl ca"
+.It Nm openssl ca
+.Bk -words
+.Op Fl batch
+.Op Fl cert Ar file
+.Op Fl config Ar file
+.Op Fl create_serial
+.Op Fl crl_CA_compromise Ar time
+.Op Fl crl_compromise Ar time
+.Op Fl crl_hold Ar instruction
+.Op Fl crl_reason Ar reason
+.Op Fl crldays Ar days
+.Op Fl crlexts Ar section
+.Op Fl crlhours Ar hours
+.Op Fl crlsec Ar seconds
+.Op Fl days Ar arg
+.Op Fl enddate Ar date
+.Op Fl extensions Ar section
+.Op Fl extfile Ar file
+.Op Fl gencrl
+.Op Fl in Ar file
+.Op Fl infiles
+.Op Fl key Ar password
+.Op Fl keyfile Ar file
+.Op Fl keyform Cm pem | der
+.Op Fl md Ar alg
+.Op Fl msie_hack
+.Op Fl multivalue-rdn
+.Op Fl name Ar section
+.Op Fl noemailDN
+.Op Fl notext
+.Op Fl out Ar file
+.Op Fl outdir Ar directory
+.Op Fl passin Ar arg
+.Op Fl policy Ar arg
+.Op Fl preserveDN
+.Op Fl revoke Ar file
+.Op Fl selfsign
+.Op Fl sigopt Ar nm:v
+.Op Fl ss_cert Ar file
+.Op Fl startdate Ar date
+.Op Fl status Ar serial
+.Op Fl subj Ar arg
+.Op Fl updatedb
+.Op Fl utf8
+.Op Fl verbose
+.Ek
+.El
+.Pp
+The
+.Nm ca
+command is a minimal certificate authority (CA) application.
+It can be used to sign certificate requests in a variety of forms
+and generate certificate revocation lists (CRLs).
+It also maintains a text database of issued certificates and their status.
+.Pp
+The options relevant to CAs are as follows:
+.Bl -tag -width "XXXX"
+.It Fl batch
+Batch mode.
+In this mode no questions will be asked
+and all certificates will be certified automatically.
+.It Fl cert Ar file
+The CA certificate file.
+.It Fl config Ar file
+Specify an alternative configuration file.
+.It Fl create_serial
+If reading the serial from the text file as specified in the
+configuration fails, create a new random serial to be used as the
+next serial number.
+.It Fl days Ar arg
+The number of days to certify the certificate for.
+.It Fl enddate Ar date
+Set the expiry date.
+The format of the date is [YY]YYMMDDHHMMSSZ,
+with all four year digits required for dates from 2050 onwards.
+.It Fl extensions Ar section
+The section of the configuration file containing certificate extensions
+to be added when a certificate is issued (defaults to
+.Cm x509_extensions
+unless the
+.Fl extfile
+option is used).
+If no extension section is present, a V1 certificate is created.
+If the extension section is present
+.Pq even if it is empty ,
+then a V3 certificate is created.
+See the
+.Xr x509v3.cnf 5
+manual page for details of the extension section format.
+.It Fl extfile Ar file
+An additional configuration
+.Ar file
+to read certificate extensions from
+(using the default section unless the
+.Fl extensions
+option is also used).
+.It Fl in Ar file
+An input
+.Ar file
+containing a single certificate request to be signed by the CA.
+.It Fl infiles
+If present, this should be the last option; all subsequent arguments
+are assumed to be the names of files containing certificate requests.
+.It Fl key Ar password
+The
+.Fa password
+used to encrypt the private key.
+Since on some systems the command line arguments are visible,
+this option should be used with caution.
+.It Fl keyfile Ar file
+The private key to sign requests with.
+.It Fl keyform Cm pem | der
+Private key file format.
+The default is
+.Cm pem .
+.It Fl md Ar alg
+The message digest to use.
+Possible values include
+.Ar md5
+and
+.Ar sha1 .
+This option also applies to CRLs.
+.It Fl msie_hack
+This is a legacy option to make
+.Nm ca
+work with very old versions of the IE certificate enrollment control
+.Qq certenr3 .
+It used UniversalStrings for almost everything.
+Since the old control has various security bugs,
+its use is strongly discouraged.
+The newer control
+.Qq Xenroll
+does not need this option.
+.It Fl multivalue-rdn
+This option causes the
+.Fl subj
+argument to be interpreted with full support for multivalued RDNs,
+for example
+.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
+If
+.Fl multivalue-rdn
+is not used, the UID value is set to
+.Qq "123456+CN=John Doe" .
+.It Fl name Ar section
+Specifies the configuration file
+.Ar section
+to use (overrides
+.Cm default_ca
+in the
+.Cm ca
+section).
+.It Fl noemailDN
+The DN of a certificate can contain the EMAIL field if present in the
+request DN, however it is good policy just having the email set into
+the
+.Cm altName
+extension of the certificate.
+When this option is set, the EMAIL field is removed from the certificate's
+subject and set only in the, eventually present, extensions.
+The
+.Ar email_in_dn
+keyword can be used in the configuration file to enable this behaviour.
+.It Fl notext
+Don't output the text form of a certificate to the output file.
+.It Fl out Ar file
+The output file to output certificates to.
+The default is standard output.
+The certificate details will also be printed out to this file in
+PEM format.
+.It Fl outdir Ar directory
+The
+.Ar directory
+to output certificates to.
+The certificate will be written to a file consisting of the
+serial number in hex with
+.Qq .pem
+appended.
+.It Fl passin Ar arg
+The key password source.
+.It Fl policy Ar arg
+Define the CA
+.Qq policy
+to use.
+The policy section in the configuration file
+consists of a set of variables corresponding to certificate DN fields.
+The values may be one of
+.Qq match
+(the value must match the same field in the CA certificate),
+.Qq supplied
+(the value must be present), or
+.Qq optional
+(the value may be present).
+Any fields not mentioned in the policy section
+are silently deleted, unless the
+.Fl preserveDN
+option is set,
+but this can be regarded more of a quirk than intended behaviour.
+.It Fl preserveDN
+Normally, the DN order of a certificate is the same as the order of the
+fields in the relevant policy section.
+When this option is set, the order is the same as the request.
+This is largely for compatibility with the older IE enrollment control
+which would only accept certificates if their DNs matched the order of the
+request.
+This is not needed for Xenroll.
+.It Fl selfsign
+Indicates the issued certificates are to be signed with the key the
+certificate requests were signed with, given with
+.Fl keyfile .
+Certificate requests signed with a different key are ignored.
+If
+.Fl gencrl
+or
+.Fl ss_cert
+are given,
+.Fl selfsign
+is ignored.
+.Pp
+A consequence of using
+.Fl selfsign
+is that the self-signed certificate appears among the entries in
+the certificate database (see the configuration option
+.Cm database )
+and uses the same serial number counter as all other certificates
+signed with the self-signed certificate.
+.It Fl sigopt Ar nm:v
+Pass options to the signature algorithm during sign or certify operations.
+The names and values of these options are algorithm-specific.
+.It Fl ss_cert Ar file
+A single self-signed certificate to be signed by the CA.
+.It Fl startdate Ar date
+Set the start date.
+The format of the date is [YY]YYMMDDHHMMSSZ,
+with all four year digits required for dates from 2050 onwards.
+.It Fl subj Ar arg
+Supersedes the subject name given in the request.
+The
+.Ar arg
+must be formatted as
+.Sm off
+.Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
+.Ar type2 Ns = Ar ... ;
+.Sm on
+characters may be escaped by
+.Sq \e
+.Pq backslash ,
+no spaces are skipped.
+.It Fl utf8
+Interpret field values read from a terminal or obtained from a
+configuration file as UTF-8 strings.
+By default, they are interpreted as ASCII.
+.It Fl verbose
+Print extra details about the operations being performed.
+.El
+.Pp
+The options relevant to CRLs are as follows:
+.Bl -tag -width "XXXX"
+.It Fl crl_CA_compromise Ar time
+This is the same as
+.Fl crl_compromise ,
+except the revocation reason is set to CACompromise.
+.It Fl crl_compromise Ar time
+Set the revocation reason to keyCompromise and the compromise time to
+.Ar time .
+.Ar time
+should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
+.It Fl crl_hold Ar instruction
+Set the CRL revocation reason code to certificateHold and the hold
+instruction to
+.Ar instruction
+which must be an OID.
+Although any OID can be used, only holdInstructionNone
+(the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
+holdInstructionReject will normally be used.
+.It Fl crl_reason Ar reason
+Revocation reason, where
+.Ar reason
+is one of:
+unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
+cessationOfOperation, certificateHold or removeFromCRL.
+The matching of
+.Ar reason
+is case insensitive.
+Setting any revocation reason will make the CRL v2.
+In practice, removeFromCRL is not particularly useful because it is only used
+in delta CRLs which are not currently implemented.
+.It Fl crldays Ar days
+The number of days before the next CRL is due.
+This is the days from now to place in the CRL
+.Cm nextUpdate
+field.
+.It Fl crlexts Ar section
+The
+.Ar section
+of the configuration file containing CRL extensions to include.
+If no CRL extension section is present then a V1 CRL is created;
+if the CRL extension section is present
+(even if it is empty)
+then a V2 CRL is created.
+The CRL extensions specified are CRL extensions and not CRL entry extensions.
+It should be noted that some software can't handle V2 CRLs.
+See the
+.Xr x509v3.cnf 5
+manual page for details of the extension section format.
+.It Fl crlhours Ar hours
+The number of hours before the next CRL is due.
+.It Fl crlsec Ar seconds
+The number of seconds before the next CRL is due.
+.It Fl gencrl
+Generate a CRL based on information in the index file.
+.It Fl revoke Ar file
+A
+.Ar file
+containing a certificate to revoke.
+.It Fl status Ar serial
+Show the status of the certificate with serial number
+.Ar serial .
+.It Fl updatedb
+Update the database index to purge expired certificates.
+.El
+.Pp
+Many of the options can be set in the
+.Cm ca
+section of the configuration file
+(or in the default section of the configuration file),
+specified using
+.Cm default_ca
+or
+.Fl name .
+The options
+.Cm preserve
+and
+.Cm msie_hack
+are read directly from the
+.Cm ca
+section.
+.Pp
+Many of the configuration file options are identical to command line
+options.
+Where the option is present in the configuration file and the command line,
+the command line value is used.
+Where an option is described as mandatory, then it must be present in
+the configuration file or the command line equivalent
+.Pq if any
+used.
+.Bl -tag -width "XXXX"
+.It Cm certificate
+The same as
+.Fl cert .
+It gives the file containing the CA certificate.
+Mandatory.
+.It Cm copy_extensions
+Determines how extensions in certificate requests should be handled.
+If set to
+.Cm none
+or this option is not present, then extensions are
+ignored and not copied to the certificate.
+If set to
+.Cm copy ,
+then any extensions present in the request that are not already present
+are copied to the certificate.
+If set to
+.Cm copyall ,
+then all extensions in the request are copied to the certificate:
+if the extension is already present in the certificate it is deleted first.
+.Pp
+The
+.Cm copy_extensions
+option should be used with caution.
+If care is not taken, it can be a security risk.
+For example, if a certificate request contains a
+.Cm basicConstraints
+extension with CA:TRUE and the
+.Cm copy_extensions
+value is set to
+.Cm copyall
+and the user does not spot
+this when the certificate is displayed, then this will hand the requester
+a valid CA certificate.
+.Pp
+This situation can be avoided by setting
+.Cm copy_extensions
+to
+.Cm copy
+and including
+.Cm basicConstraints
+with CA:FALSE in the configuration file.
+Then if the request contains a
+.Cm basicConstraints
+extension, it will be ignored.
+.Pp
+The main use of this option is to allow a certificate request to supply
+values for certain extensions such as
+.Cm subjectAltName .
+.It Cm crl_extensions
+The same as
+.Fl crlexts .
+.It Cm crlnumber
+A text file containing the next CRL number to use in hex.
+The CRL number will be inserted in the CRLs only if this file exists.
+If this file is present, it must contain a valid CRL number.
+.It Cm database
+The text database file to use.
+Mandatory.
+This file must be present, though initially it will be empty.
+.It Cm default_crl_hours , default_crl_days
+The same as the
+.Fl crlhours
+and
+.Fl crldays
+options.
+These will only be used if neither command line option is present.
+At least one of these must be present to generate a CRL.
+.It Cm default_days
+The same as the
+.Fl days
+option.
+The number of days to certify a certificate for.
+.It Cm default_enddate
+The same as the
+.Fl enddate
+option.
+Either this option or
+.Cm default_days
+.Pq or the command line equivalents
+must be present.
+.It Cm default_md
+The same as the
+.Fl md
+option.
+The message digest to use.
+Mandatory.
+.It Cm default_startdate
+The same as the
+.Fl startdate
+option.
+The start date to certify a certificate for.
+If not set, the current time is used.
+.It Cm email_in_dn
+The same as
+.Fl noemailDN .
+If the EMAIL field is to be removed from the DN of the certificate,
+simply set this to
+.Qq no .
+If not present, the default is to allow for the EMAIL field in the
+certificate's DN.
+.It Cm msie_hack
+The same as
+.Fl msie_hack .
+.It Cm name_opt , cert_opt
+These options allow the format used to display the certificate details
+when asking the user to confirm signing.
+All the options supported by the
+.Nm x509
+utilities'
+.Fl nameopt
+and
+.Fl certopt
+switches can be used here, except that
+.Cm no_signame
+and
+.Cm no_sigdump
+are permanently set and cannot be disabled
+(this is because the certificate signature cannot be displayed because
+the certificate has not been signed at this point).
+.Pp
+For convenience, the value
+.Cm ca_default
+is accepted by both to produce a reasonable output.
+.Pp
+If neither option is present, the format used in earlier versions of
+.Nm openssl
+is used.
+Use of the old format is strongly discouraged
+because it only displays fields mentioned in the
+.Cm policy
+section,
+mishandles multicharacter string types and does not display extensions.
+.It Cm new_certs_dir
+The same as the
+.Fl outdir
+command line option.
+It specifies the directory where new certificates will be placed.
+Mandatory.
+.It Cm oid_file
+This specifies a file containing additional object identifiers.
+Each line of the file should consist of the numerical form of the
+object identifier followed by whitespace, then the short name followed
+by whitespace and finally the long name.
+.It Cm oid_section
+This specifies a section in the configuration file containing extra
+object identifiers.
+Each line should consist of the short name of the object identifier
+followed by
+.Sq =
+and the numerical form.
+The short and long names are the same when this option is used.
+.It Cm policy
+The same as
+.Fl policy .
+Mandatory.
+.It Cm preserve
+The same as
+.Fl preserveDN .
+.It Cm private_key
+Same as the
+.Fl keyfile
+option.
+The file containing the CA private key.
+Mandatory.
+.It Cm serial
+A text file containing the next serial number to use in hex.
+Mandatory.
+This file must be present and contain a valid serial number.
+.It Cm unique_subject
+If the value
+.Cm yes
+is given, the valid certificate entries in the
+database must have unique subjects.
+If the value
+.Cm no
+is given,
+several valid certificate entries may have the exact same subject.
+The default value is
+.Cm yes .
+.Pp
+Note that it is valid in some circumstances for certificates to be created
+without any subject.
+In cases where there are multiple certificates without
+subjects this does not count as a duplicate.
+.It Cm x509_extensions
+The same as
+.Fl extensions .
+.El
+.Tg certhash
+.Sh CERTHASH
+.Bl -hang -width "openssl certhash"
+.It Nm openssl certhash
+.Bk -words
+.Op Fl nv
+.Ar dir ...
+.Ek
+.El
+.Pp
+The
+.Nm certhash
+command calculates a hash value of
+.Qq .pem
+file in the specified directory list and creates symbolic links for each file,
+where the name of the link is the hash value.
+See the
+.Xr SSL_CTX_load_verify_locations 3
+manual page for how hash links are used.
+.Pp
+The links created are of the form
+.Qq HHHHHHHH.D ,
+where each
+.Sq H
+is a hexadecimal character and
+.Sq D
+is a single decimal digit.
+The hashes for CRLs look similar, except the letter
+.Sq r
+appears after the period, like this:
+.Qq HHHHHHHH.rD .
+When processing a directory,
+.Nm certhash
+will first remove all links that have a name in that syntax and invalid
+reference.
+.Pp
+Multiple objects may have the same hash; they will be indicated by
+incrementing the
+.Sq D
+value.
+Duplicates are found by comparing the full SHA256 fingerprint.
+A warning will be displayed if a duplicate is found.
+.Pp
+A warning will also be displayed if there are files that cannot be parsed as
+either a certificate or a CRL.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl n
+Perform a dry-run, and do not make any changes.
+.It Fl v
+Print extra details about the processing.
+.It Ar dir ...
+Specify the directories to process.
+.El
+.Tg ciphers
+.Sh CIPHERS
+.Nm openssl ciphers
+.Op Fl hsVv
+.Op Fl tls1_2
+.Op Fl tls1_3
+.Op Ar control
+.Pp
+The
+.Nm ciphers
+command converts the
+.Ar control
+string from the format documented in
+.Xr SSL_CTX_set_cipher_list 3
+into an ordered SSL cipher suite preference list.
+If no
+.Ar control
+string is specified, the
+.Cm DEFAULT
+list is printed.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl h , \&?
+Print a brief usage message.
+.It Fl s
+Only list ciphers that are supported by the TLS method.
+.It Fl tls1_2 | tls1_3
+In combination with the
+.Fl s
+option, list the ciphers which could be used
+if the specified protocol version were negotiated.
+.It Fl V
+Verbose.
+List ciphers with cipher suite code in hex format,
+cipher name, and a complete description of protocol version,
+key exchange, authentication, encryption, and mac algorithms.
+.It Fl v
+Like
+.Fl V ,
+but without cipher suite codes.
+.El
+.Tg cms
+.Sh CMS
+.Bl -hang -width "openssl cms"
+.It Nm openssl cms
+.Bk -words
+.Oo
+.Fl aes128 | aes192 | aes256 | camellia128 |
+.Fl camellia192 | camellia256 | des | des3 |
+.Fl rc2-40 | rc2-64 | rc2-128
+.Oc
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl CRLfile Ar file
+.Op Fl binary
+.Op Fl certfile Ar file
+.Op Fl certsout Ar file
+.Op Fl cmsout
+.Op Fl compress
+.Op Fl content Ar file
+.Op Fl crlfeol
+.Op Fl data_create
+.Op Fl data_out
+.Op Fl debug_decrypt
+.Op Fl decrypt
+.Op Fl digest_create
+.Op Fl digest_verify
+.Op Fl econtent_type Ar type
+.Op Fl encrypt
+.Op Fl EncryptedData_decrypt
+.Op Fl EncryptedData_encrypt
+.Op Fl from Ar addr
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem | smime
+.Op Fl inkey Ar file
+.Op Fl keyform Cm der | pem
+.Op Fl keyid
+.Op Fl keyopt Ar nm:v
+.Op Fl md Ar digest
+.Op Fl no_attr_verify
+.Op Fl no_content_verify
+.Op Fl no_signer_cert_verify
+.Op Fl noattr
+.Op Fl nocerts
+.Op Fl nodetach
+.Op Fl nointern
+.Op Fl nooldmime
+.Op Fl noout
+.Op Fl nosigs
+.Op Fl nosmimecap
+.Op Fl noverify
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem | smime
+.Op Fl passin Ar src
+.Op Fl print
+.Op Fl pwri_password Ar arg
+.Op Fl rctform Cm der | pem | smime
+.Op Fl receipt_request_all | receipt_request_first
+.Op Fl receipt_request_from Ar addr
+.Op Fl receipt_request_print
+.Op Fl receipt_request_to Ar addr
+.Op Fl recip Ar file
+.Op Fl resign
+.Op Fl secretkey Ar key
+.Op Fl secretkeyid Ar id
+.Op Fl sign
+.Op Fl sign_receipt
+.Op Fl signer Ar file
+.Op Fl stream | indef | noindef
+.Op Fl subject Ar s
+.Op Fl text
+.Op Fl to Ar addr
+.Op Fl uncompress
+.Op Fl verify
+.Op Fl verify_receipt Ar file
+.Op Fl verify_retcode
+.Op Ar cert.pem ...
+.Ek
+.El
+.Pp
+The
+.Nm cms
+command handles S/MIME v3.1 mail.
+It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME
+messages.
+.Pp
+The MIME message must be sent without any blank lines between the headers and
+the output.
+Some mail programs will automatically add a blank line.
+Piping the mail directly to sendmail is one way to achieve the correct format.
+.Pp
+The supplied message to be signed or encrypted must include the necessary MIME
+headers or many S/MIME clients won't display it properly (if at all).
+You can use the
+.Fl text
+option to automatically add plain text headers.
+.Pp
+A "signed and encrypted" message is one where a signed message is then
+encrypted.
+This can be produced by encrypting an already signed message.
+.Pp
+There are various operation options that set the type of operation to be
+performed.
+The meaning of the other options varies according to the operation type.
+.Bl -tag -width "XXXX"
+.It Fl encrypt
+Encrypt mail for the given recipient certificates.
+Input file is the message to be encrypted.
+The output file is the encrypted mail in MIME format.
+The actual CMS type is EnvelopedData.
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+.It Fl decrypt
+Decrypt mail using the supplied certificate and private key.
+Expects an encrypted mail message in MIME format for the input file.
+The decrypted mail is written to the output file.
+.It Fl sign
+Sign mail using the supplied certificate and private key.
+Input file is the message to be signed.
+The signed message in MIME format is written to the output file.
+.It Fl verify
+Verify signed mail.
+Expects a signed mail message on input and outputs the signed data.
+Both clear text and opaque signing are supported.
+.It Fl cmsout
+Take an input message and write out a PEM encoded CMS structure.
+.It Fl resign
+Resign a message.
+Take an existing message and one or more new signers.
+This operation uses an existing message digest when adding a new signer.
+This means that attributes must be present in at least one existing
+signer using the same message digest or this operation will fail.
+.It Fl data_create
+Create a CMS Data type.
+.It Fl data_out
+Output a content from the input CMS Data type.
+.It Fl digest_create
+Create a CMS DigestedData type.
+.It Fl digest_verify
+Verify a CMS DigestedData type and output the content.
+.It Fl compress
+Create a CMS CompressedData type.
+Must be compiled with zlib support for this option to work.
+.It Fl uncompress
+Uncompress a CMS CompressedData type and output the content.
+Must be compiled with zlib support for this option to work.
+.It Fl EncryptedData_encrypt
+Encrypt a content using supplied symmetric key and algorithm using a
+CMS EncryptedData type.
+.It Fl EncryptedData_decrypt
+Decrypt a CMS EncryptedData type using supplied symmetric key.
+.It Fl sign_receipt
+Generate and output a signed receipt for the supplied message.
+The input message must contain a signed receipt request.
+Functionality is otherwise similar to the
+.Fl sign
+operation.
+.It Xo
+.Fl verify_receipt Ar file
+.Xc
+Verify a signed receipt in file.
+The input message must contain the original receipt request.
+Functionality is otherwise similar to the
+.Fl verify
+operation.
+.El
+.Pp
+The remaining options are as follows:
+.Bl -tag -width "XXXX"
+.It Xo
+.Fl aes128 | aes192 | aes256 | camellia128 |
+.Fl camellia192 | camellia256 | des | des3 |
+.Fl rc2-40 | rc2-64 | rc2-128
+.Xc
+The encryption algorithm to use.
+128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA,
+DES (56 bits), triple DES (168 bits),
+or 40-, 64-, or 128-bit RC2, respectively;
+if not specified, triple DES is
+used.
+Only used with
+.Fl encrypt
+and
+.Fl EncryptedData_encrypt
+commands.
+.It Fl binary
+Normally the input message is converted to "canonical" format which is
+effectively using CR/LF as end of line, as required by the S/MIME specification.
+When this option is present, no translation occurs.
+This is useful when handling binary data which may not be in MIME format.
+.It Fl CAfile Ar file
+A file containing trusted CA certificates, used with
+.Fl verify
+and
+.Fl verify_receipt .
+.It Fl CApath Ar directory
+A directory containing trusted CA certificates, used with
+.Fl verify
+and
+.Fl verify_receipt .
+This directory must be a standard certificate directory: that is a hash
+of each subject name (using
+.Nm x509 Fl hash )
+should be linked to each certificate.
+.It Fl CRLfile Ar file
+Allows additional certificate revocation lists to be specified for verification.
+The CRLs should be in PEM format.
+.It Ar cert.pem ...
+One or more certificates of message recipients: used when encrypting a message.
+.It Fl certfile Ar file
+Allows additional certificates to be specified.
+When signing, these will be included with the message.
+When verifying, these will be searched for the signer's certificates.
+The certificates should be in PEM format.
+.It Fl certsout Ar file
+A file that any certificates contained in the message are written to.
+.It Xo
+.Fl check_ss_sig ,
+.Fl crl_check ,
+.Fl crl_check_all ,
+.Fl extended_crl ,
+.Fl ignore_critical ,
+.Fl issuer_checks ,
+.Fl policy ,
+.Fl policy_check ,
+.Fl purpose ,
+.Fl x509_strict
+.Xc
+Set various certificate chain validation options.
+See the
+.Nm verify
+command for details.
+.It Fl content Ar file
+A file containing the detached content.
+This is only useful with the
+.Fl verify
+command.
+This is only usable if the CMS structure is using the detached signature
+form where the content is not included.
+This option will override any content if the input format is S/MIME and
+it uses the multipart/signed MIME content type.
+.It Fl crlfeol
+Output a S/MIME message with CR/LF end of line.
+.It Fl debug_decrypt
+Set the CMS_DEBUG_DECRYPT flag when decrypting.
+This option should be used with caution, since this can be used to disable
+the MMA attack protection and return an error if no recipient can be found.
+See the
+.Xr CMS_decrypt 3
+manual page for details of the flag.
+.It Xo
+.Fl from Ar addr ,
+.Fl subject Ar s ,
+.Fl to Ar addr
+.Xc
+The relevant mail headers.
+These are included outside the signed portion of a message so they may
+be included manually.
+If signing then many S/MIME mail clients check the signer's certificate's
+email address matches that specified in the From: address.
+.It Fl econtent_type Ar type
+Set the encapsulated content type, used with
+.Fl sign .
+If not supplied, the Data type is used.
+The type argument can be any valid OID name in either text or numerical format.
+.It Fl in Ar file
+The input message to be encrypted or signed or the message to be decrypted or
+verified.
+.It Fl inform Cm der | pem | smime
+The input format for the CMS structure.
+The default is
+.Cm smime ,
+which reads an S/MIME format message.
+.Cm pem
+and
+.Cm der
+format change this to expect PEM and DER format CMS structures instead.
+This currently only affects the input format of the CMS structure; if no
+CMS structure is being input (for example with
+.Fl encrypt
+or
+.Fl sign )
+this option has no effect.
+.It Fl inkey Ar file
+The private key to use when signing or decrypting.
+This must match the corresponding certificate.
+If this option is not specified then the private key must be included in
+the certificate file specified with the
+.Fl recip
+or
+.Fl signer
+file.
+When signing, this option can be used multiple times to specify successive keys.
+.It Fl keyform Cm der | pem
+Input private key format.
+The default is
+.Cm pem .
+.It Fl keyid
+Use subject key identifier to identify certificates instead of issuer
+name and serial number.
+The supplied certificate must include a subject key identifier extension.
+Supported by
+.Fl sign
+and
+.Fl encrypt
+operations.
+.It Fl keyopt Ar nm:v
+Set customised parameters for the preceding key or certificate
+for encryption and signing.
+It can currently be used to set RSA-PSS for signing, RSA-OAEP for
+encryption or to modify default parameters for ECDH.
+This option can be used multiple times.
+.It Fl md Ar digest
+The digest algorithm to use when signing or resigning.
+If not present then the default digest algorithm for the signing key
+will be used (usually SHA1).
+.It Fl no_attr_verify
+Do not verify the signer's attribute of a signature.
+.It Fl no_content_verify
+Do not verify the content of a signed message.
+.It Fl no_signer_cert_verify
+Do not verify the signer's certificate of a signed message.
+.It Fl noattr
+Do not include attributes.
+Normally when a message is signed a set of attributes are included which
+include the signing time and supported symmetric algorithms.
+With this option they are not included.
+.It Fl nocerts
+Do not include the signer's certificate.
+This will reduce the size of the signed message but the verifier must
+have a copy of the signer's certificate available locally (passed using
+the
+.Fl certfile
+option for example).
+.It Fl nodetach
+When signing a message, use opaque signing.
+This form is more resistant to translation by mail relays but it cannot be
+read by mail agents that do not support S/MIME.
+Without this option cleartext signing with the MIME type multipart/signed is
+used.
+.It Fl nointern
+Only the certificates specified in the
+.Fl certfile
+option are used.
+When verifying a message, normally certificates (if any) included in the
+message are searched for the signing certificate.
+The supplied certificates can still be used as untrusted CAs however.
+.It Fl nooldmime
+Output an old S/MIME content type like "application/x-pkcs7-".
+.It Fl noout
+Do not output the parsed CMS structure for the
+.Fl cmsout
+operation.
+This is useful when combined with the
+.Fl print
+option or if the syntax of the CMS structure is being checked.
+.It Fl nosigs
+Do not try to verify the signatures on the message.
+.It Fl nosmimecap
+Exclude the list of supported algorithms from signed attributes; other
+options such as signing time and content type are still included.
+.It Fl noverify
+Do not verify the signer's certificate of a signed message.
+.It Fl out Ar file
+The message text that has been decrypted or verified or the output MIME
+format message that has been signed or verified.
+.It Fl outform Cm der | pem | smime
+This specifies the output format for the CMS structure.
+The default is
+.Cm smime ,
+which writes an S/MIME format message.
+.Cm pem
+and
+.Cm der
+format change this to write PEM and DER format CMS structures instead.
+This currently only affects the output format of the CMS structure; if
+no CMS structure is being output (for example with
+.Fl verify
+or
+.Fl decrypt )
+this option has no effect.
+.It Fl passin Ar src
+The private key password source.
+.It Fl print
+Print out all fields of the CMS structure for the
+.Fl cmsout
+operation.
+This is mainly useful for testing purposes.
+.It Fl pwri_password Ar arg
+Specify PasswordRecipientInfo (PWRI) password to use.
+Supported by the
+.Fl encrypt
+and
+.Fl decrypt
+operations.
+.It Fl rctform Cm der | pem | smime
+Specify the format for a signed receipt for use with the
+.Fl receipt_verify
+operation.
+The default is
+.Cm smime .
+.It Fl receipt_request_all | receipt_request_first
+Indicate requests should be provided by all recipient or first tier
+recipients (those mailed directly and not from a mailing list), for the
+.Fl sign
+operation to include a signed receipt request.
+Ignored if
+.Fl receipt_request_from
+is included.
+.It Fl receipt_request_from Ar addr
+Add an explicit email address where receipts should be supplied.
+.It Fl receipt_request_print
+Print out the contents of any signed receipt requests for the
+.Fl verify
+operation.
+.It Fl receipt_request_to Ar addr
+Add an explicit email address where signed receipts should be sent to.
+This option must be supplied if a signed receipt is requested.
+.It Fl recip Ar file
+When decrypting a message, this specifies the recipient's certificate.
+The certificate must match one of the recipients of the message or an
+error occurs.
+When encrypting a message, this option may be used multiple times to
+specify each recipient.
+This form must be used if customised parameters are required (for example to
+specify RSA-OAEP).
+Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
+by this option.
+.It Fl secretkey Ar key
+Specify symmetric key to use.
+The key must be supplied in hex format and be consistent with the
+algorithm used.
+Supported by the
+.Fl EncryptedData_encrypt ,
+.Fl EncryptedData_decrypt ,
+.Fl encrypt
+and
+.Fl decrypt
+operations.
+When used with
+.Fl encrypt
+or
+.Fl decrypt ,
+the supplied key is used to wrap or unwrap the content encryption key
+using an AES key in the KEKRecipientInfo type.
+.It Fl secretkeyid Ar id
+The key identifier for the supplied symmetric key for KEKRecipientInfo type.
+This option must be present if the
+.Fl secretkey
+option is used with
+.Fl encrypt .
+With
+.Fl decrypt
+operations the id is used to locate the relevant key; if it is not supplied
+then an attempt is used to decrypt any KEKRecipientInfo structures.
+.It Fl signer Ar file
+A signing certificate when signing or resigning a message; this option
+can be used multiple times if more than one signer is required.
+If a message is being verified then the signers certificates will be
+written to this file if the verification was successful.
+.It Xo
+.Fl stream |
+.Fl indef |
+.Fl noindef
+.Xc
+The
+.Fl stream
+and
+.Fl indef
+options are equivalent and enable streaming I/O for encoding operations.
+This permits single pass processing of data without the need to hold the
+entire contents in memory, potentially supporting very large files.
+Streaming is automatically set for S/MIME signing with detached data if
+the output format is
+.Cm smime ;
+it is currently off by default for all other operations.
+.Fl noindef
+disable streaming I/O where it would produce an indefinite length
+constructed encoding.
+This option currently has no effect.
+.It Fl text
+Add plain text (text/plain) MIME headers to the supplied message if
+encrypting or signing.
+If decrypting or verifying, it strips off text headers: if the decrypted
+or verified message is not of MIME type text/plain then an error occurs.
+.It Fl verify_retcode
+Set verification error code to exit code to indicate what verification error
+has occurred.
+Supported by
+.Fl verify
+operation only.
+Exit code value minus 32 shows verification error code.
+See
+.Nm verify
+command for the list of verification error code.
+.El
+.Pp
+The exit codes for
+.Nm cms
+are as follows:
+.Pp
+.Bl -tag -width "XXXX" -offset 3n -compact
+.It 0
+The operation was completely successful.
+.It 1
+An error occurred parsing the command options.
+.It 2
+One of the input files could not be read.
+.It 3
+An error occurred creating the CMS file or when reading the MIME message.
+.It 4
+An error occurred decrypting or verifying the message.
+.It 5
+The message was verified correctly but an error occurred writing out the
+signer's certificates.
+.It 6
+An error occurred writing the output file.
+.It 32+
+A verify error occurred while
+.Fl verify_retcode
+is specified.
+.El
+.Tg crl
+.Sh CRL
+.Bl -hang -width "openssl crl"
+.It Nm openssl crl
+.Bk -words
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar dir
+.Op Fl crlnumber
+.Op Fl fingerprint
+.Op Fl hash
+.Op Fl hash_old
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl issuer
+.Op Fl lastupdate
+.Op Fl nameopt Ar option
+.Op Fl nextupdate
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl text
+.Op Fl verify
+.Ek
+.El
+.Pp
+The
+.Nm crl
+command processes CRL files in DER or PEM format.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl CAfile Ar file
+Verify the signature on a CRL by looking up the issuing certificate in
+.Ar file .
+.It Fl CApath Ar directory
+Verify the signature on a CRL by looking up the issuing certificate in
+.Ar dir .
+This directory must be a standard certificate directory,
+i.e. a hash of each subject name (using
+.Cm x509 Fl hash )
+should be linked to each certificate.
+.It Fl crlnumber
+Print the CRL number.
+.It Fl fingerprint
+Print the CRL fingerprint.
+.It Fl hash
+Output a hash of the issuer name.
+This can be used to look up CRLs in a directory by issuer name.
+.It Fl hash_old
+Output an old-style (MD5) hash of the issuer name.
+.It Fl in Ar file
+The input file to read from, or standard input if not specified.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl issuer
+Output the issuer name.
+.It Fl lastupdate
+Output the
+.Cm thisUpdate
+field.
+This option is misnamed for historical reasons.
+.It Fl nameopt Ar option
+Specify certificate name options.
+.It Fl nextupdate
+Output the
+.Cm nextUpdate
+field.
+.It Fl noout
+Do not output the encoded version of the CRL.
+.It Fl out Ar file
+The output file to write to, or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl text
+Print the CRL in plain text.
+.It Fl verify
+Verify the signature on the CRL.
+.El
+.Tg crl2pkcs7
+.Sh CRL2PKCS7
+.Bl -hang -width "openssl crl2pkcs7"
+.It Nm openssl crl2pkcs7
+.Bk -words
+.Op Fl certfile Ar file
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl nocrl
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Ek
+.El
+.Pp
+The
+.Nm crl2pkcs7
+command takes an optional CRL and one or more
+certificates and converts them into a PKCS#7 degenerate
+.Qq certificates only
+structure.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl certfile Ar file
+Add the certificates in PEM
+.Ar file
+to the PKCS#7 structure.
+This option can be used more than once
+to read certificates from multiple files.
+.It Fl in Ar file
+Read the CRL from
+.Ar file ,
+or standard input if not specified.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl nocrl
+Normally, a CRL is included in the output file.
+With this option, no CRL is
+included in the output file and a CRL is not read from the input file.
+.It Fl out Ar file
+Write the PKCS#7 structure to
+.Ar file ,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.El
+.Tg dgst
+.Sh DGST
+.Bl -hang -width "openssl dgst"
+.It Nm openssl dgst
+.Bk -words
+.Op Fl cdr
+.Op Fl binary
+.Op Fl Ar digest
+.Op Fl hex
+.Op Fl hmac Ar key
+.Op Fl keyform Cm pem
+.Op Fl mac Ar algorithm
+.Op Fl macopt Ar nm : Ns Ar v
+.Op Fl out Ar file
+.Op Fl passin Ar arg
+.Op Fl prverify Ar file
+.Op Fl sign Ar file
+.Op Fl signature Ar file
+.Op Fl sigopt Ar nm : Ns Ar v
+.Op Fl verify Ar file
+.Op Ar
+.Ek
+.El
+.Pp
+The digest functions output the message digest of a supplied
+.Ar file
+or
+.Ar files
+in hexadecimal form.
+They can also be used for digital signing and verification.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl binary
+Output the digest or signature in binary form.
+.It Fl c
+Print the digest in two-digit groups separated by colons.
+.It Fl d
+Print BIO debugging information.
+.It Fl Ar digest
+Use the specified message
+.Ar digest .
+The default is SHA256.
+The available digests can be displayed using
+.Nm openssl
+.Cm list-message-digest-commands .
+The following are equivalent:
+.Nm openssl dgst
+.Fl sha256
+and
+.Nm openssl
+.Cm sha256 .
+.It Fl hex
+Digest is to be output as a hex dump.
+This is the default case for a
+.Qq normal
+digest as opposed to a digital signature.
+.It Fl hmac Ar key
+Create a hashed MAC using
+.Ar key .
+.It Fl keyform Cm pem
+Specifies the key format to sign the digest with.
+.It Fl mac Ar algorithm
+Create a keyed Message Authentication Code (MAC).
+The most popular MAC algorithm is HMAC (hash-based MAC),
+but there are other MAC algorithms which are not based on hash.
+MAC keys and other options should be set via the
+.Fl macopt
+parameter.
+.It Fl macopt Ar nm : Ns Ar v
+Passes options to the MAC algorithm, specified by
+.Fl mac .
+The following options are supported by HMAC:
+.Bl -tag -width Ds
+.It Cm key : Ns Ar string
+Specifies the MAC key as an alphanumeric string
+(use if the key contain printable characters only).
+String length must conform to any restrictions of the MAC algorithm.
+.It Cm hexkey : Ns Ar string
+Specifies the MAC key in hexadecimal form (two hex digits per byte).
+Key length must conform to any restrictions of the MAC algorithm.
+.El
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passin Ar arg
+The key password source.
+.It Fl prverify Ar file
+Verify the signature using the private key in
+.Ar file .
+The output is either
+.Qq Verification OK
+or
+.Qq Verification Failure .
+.It Fl r
+Print the digest in coreutils format.
+.It Fl sign Ar file
+Digitally sign the digest using the private key in
+.Ar file .
+.It Fl signature Ar file
+The actual signature to verify.
+.It Fl sigopt Ar nm : Ns Ar v
+Pass options to the signature algorithm during sign or verify operations.
+The names and values of these options are algorithm-specific.
+.It Fl verify Ar file
+Verify the signature using the public key in
+.Ar file .
+The output is either
+.Qq Verification OK
+or
+.Qq Verification Failure .
+.It Ar
+File or files to digest.
+If no files are specified then standard input is used.
+.El
+.Tg dhparam
+.Sh DHPARAM
+.Bl -hang -width "openssl dhparam"
+.It Nm openssl dhparam
+.Bk -words
+.Op Fl 2 | 5
+.Op Fl C
+.Op Fl check
+.Op Fl dsaparam
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl text
+.Op Ar numbits
+.Ek
+.El
+.Pp
+The
+.Nm dhparam
+command is used to manipulate DH parameter files.
+Only the older PKCS#3 DH is supported,
+not the newer X9.42 DH.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl 2 , 5
+The generator to use;
+2 is the default.
+If present, the input file is ignored and parameters are generated instead.
+.It Fl C
+Convert the parameters into C code.
+The parameters can then be loaded by calling the
+.No get_dh Ns Ar numbits
+function.
+.It Fl check
+Check the DH parameters.
+.It Fl dsaparam
+Read or create DSA parameters,
+converted to DH format on output.
+Otherwise,
+.Qq strong
+primes
+.Pq such that (p-1)/2 is also prime
+will be used for DH parameter generation.
+.Pp
+DH parameter generation with the
+.Fl dsaparam
+option is much faster,
+and the recommended exponent length is shorter,
+which makes DH key exchange more efficient.
+Beware that with such DSA-style DH parameters,
+a fresh DH key should be created for each use to
+avoid small-subgroup attacks that may be possible otherwise.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl noout
+Do not output the encoded version of the parameters.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl text
+Print the DH parameters in plain text.
+.It Ar numbits
+Generate a parameter set of size
+.Ar numbits .
+It must be the last option.
+If not present, a value of 2048 is used.
+If this value is present, the input file is ignored and
+parameters are generated instead.
+.El
+.Tg dsa
+.Sh DSA
+.Bl -hang -width "openssl dsa"
+.It Nm openssl dsa
+.Bk -words
+.Oo
+.Fl aes128 | aes192 | aes256 |
+.Fl des | des3
+.Oc
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem | pvk
+.Op Fl modulus
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem | pvk
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl pubin
+.Op Fl pubout
+.Op Fl pvk-none | pvk-strong | pvk-weak
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm dsa
+command processes DSA keys.
+They can be converted between various forms and their components printed out.
+.Pp
+.Sy Note :
+This command uses the traditional
+.Nm SSLeay
+compatible format for private key encryption:
+newer applications should use the more secure PKCS#8 format using the
+.Nm pkcs8
+command.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Xo
+.Fl aes128 | aes192 | aes256 |
+.Fl des | des3
+.Xc
+Encrypt the private key with the AES, DES, or the triple DES
+ciphers, respectively, before outputting it.
+A pass phrase is prompted for.
+If none of these options are specified, the key is written in plain text.
+This means that using the
+.Nm dsa
+utility to read an encrypted key with no encryption option can be used to
+remove the pass phrase from a key,
+or by setting the encryption options it can be used to add or change
+the pass phrase.
+These options can only be used with PEM format output files.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+If the key is encrypted, a pass phrase will be prompted for.
+.It Fl inform Cm der | pem | pvk
+The input format.
+.It Fl modulus
+Print the value of the public key component of the key.
+.It Fl noout
+Do not output the encoded version of the key.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+If any encryption options are set then a pass phrase will be
+prompted for.
+.It Fl outform Cm der | pem | pvk
+The output format.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl pubin
+Read in a public key, not a private key.
+.It Fl pubout
+Output a public key, not a private key.
+Automatically set if the input is a public key.
+.It Xo
+.Fl pvk-none | pvk-strong | pvk-weak
+.Xc
+Enable or disable PVK encoding.
+The default is
+.Fl pvk-strong .
+.It Fl text
+Print the public/private key in plain text.
+.El
+.Tg dsaparam
+.Sh DSAPARAM
+.Bl -hang -width "openssl dsaparam"
+.It Nm openssl dsaparam
+.Bk -words
+.Op Fl C
+.Op Fl genkey
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl text
+.Op Ar numbits
+.Ek
+.El
+.Pp
+The
+.Nm dsaparam
+command is used to manipulate or generate DSA parameter files.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl C
+Convert the parameters into C code.
+The parameters can then be loaded by calling the
+.No get_dsa Ns Ar XXX
+function.
+.It Fl genkey
+Generate a DSA key either using the specified or generated
+parameters.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+If the
+.Ar numbits
+parameter is included, then this option is ignored.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl noout
+Do not output the encoded version of the parameters.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl text
+Print the DSA parameters in plain text.
+.It Ar numbits
+Generate a parameter set of size
+.Ar numbits .
+If this option is included, the input file is ignored.
+.El
+.Tg ec
+.Sh EC
+.Bl -hang -width "openssl ec"
+.It Nm openssl ec
+.Bk -words
+.Op Fl conv_form Ar arg
+.Op Fl des
+.Op Fl des3
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl param_enc Ar arg
+.Op Fl param_out
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl pubin
+.Op Fl pubout
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm ec
+command processes EC keys.
+They can be converted between various
+forms and their components printed out.
+.Nm openssl
+uses the private key format specified in
+.Dq SEC 1: Elliptic Curve Cryptography
+.Pq Lk https://www.secg.org/ .
+To convert an
+EC private key into the PKCS#8 private key format use the
+.Nm pkcs8
+command.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl conv_form Ar arg
+Specify how the points on the elliptic curve are converted
+into octet strings.
+Possible values are:
+.Cm compressed ,
+.Cm uncompressed
+(the default),
+and
+.Cm hybrid .
+For more information regarding
+the point conversion forms see the X9.62 standard.
+Note:
+Due to patent issues the
+.Cm compressed
+option is disabled by default for binary curves
+and can be enabled by defining the preprocessor macro
+.Dv OPENSSL_EC_BIN_PT_COMP
+at compile time.
+.It Fl des | des3
+Encrypt the private key with DES, triple DES, or
+any other cipher supported by
+.Nm openssl .
+A pass phrase is prompted for.
+If none of these options are specified, the key is written in plain text.
+This means that using the
+.Nm ec
+utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key,
+or by setting the encryption options
+it can be used to add or change the pass phrase.
+These options can only be used with PEM format output files.
+.It Fl in Ar file
+The input file to read a key from,
+or standard input if not specified.
+If the key is encrypted, a pass phrase will be prompted for.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl noout
+Do not output the encoded version of the key.
+.It Fl out Ar file
+The output filename to write to,
+or standard output if not specified.
+If any encryption options are set then a pass phrase will be prompted for.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl param_enc Ar arg
+Specify how the elliptic curve parameters are encoded.
+Possible value are:
+.Cm named_curve ,
+i.e. the EC parameters are specified by an OID; or
+.Cm explicit ,
+where the EC parameters are explicitly given
+(see RFC 3279 for the definition of the EC parameter structures).
+The default value is
+.Cm named_curve .
+Note: the
+.Cm implicitlyCA
+alternative,
+as specified in RFC 3279,
+is currently not implemented.
+.It Fl param_out
+Print the elliptic curve parameters.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl pubin
+Read in a public key, not a private key.
+.It Fl pubout
+Output a public key, not a private key.
+Automatically set if the input is a public key.
+.It Fl text
+Print the public/private key in plain text.
+.El
+.Tg ecparam
+.Sh ECPARAM
+.Bl -hang -width "openssl ecparam"
+.It Nm openssl ecparam
+.Bk -words
+.Op Fl C
+.Op Fl check
+.Op Fl conv_form Ar arg
+.Op Fl genkey
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl list_curves
+.Op Fl name Ar arg
+.Op Fl no_seed
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl param_enc Ar arg
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm ecparam
+command is used to manipulate or generate EC parameter files.
+.Nm openssl
+is not able to generate new groups so
+.Nm ecparam
+can only create EC parameters from known (named) curves.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl C
+Convert the EC parameters into C code.
+The parameters can then be loaded by calling the
+.No get_ec_group_ Ns Ar XXX
+function.
+.It Fl check
+Validate the elliptic curve parameters.
+.It Fl conv_form Ar arg
+Specify how the points on the elliptic curve are converted
+into octet strings.
+Possible values are:
+.Cm compressed ,
+.Cm uncompressed
+(the default),
+and
+.Cm hybrid .
+For more information regarding
+the point conversion forms see the X9.62 standard.
+Note:
+Due to patent issues the
+.Cm compressed
+option is disabled by default for binary curves
+and can be enabled by defining the preprocessor macro
+.Dv OPENSSL_EC_BIN_PT_COMP
+at compile time.
+.It Fl genkey
+Generate an EC private key using the specified parameters.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl list_curves
+Print a list of all
+currently implemented EC parameter names and exit.
+.It Fl name Ar arg
+Use the EC parameters with the specified "short" name.
+.It Fl no_seed
+Do not include the seed for the parameter generation
+in the ECParameters structure (see RFC 3279).
+.It Fl noout
+Do not output the encoded version of the parameters.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl param_enc Ar arg
+Specify how the elliptic curve parameters are encoded.
+Possible value are:
+.Cm named_curve ,
+i.e. the EC parameters are specified by an OID, or
+.Cm explicit ,
+where the EC parameters are explicitly given
+(see RFC 3279 for the definition of the EC parameter structures).
+The default value is
+.Cm named_curve .
+Note: the
+.Cm implicitlyCA
+alternative, as specified in RFC 3279,
+is currently not implemented.
+.It Fl text
+Print the EC parameters in plain text.
+.El
+.Tg enc
+.Sh ENC
+.Bl -hang -width "openssl enc"
+.It Nm openssl enc
+.Bk -words
+.Fl ciphername
+.Op Fl AadePpv
+.Op Fl base64
+.Op Fl bufsize Ar number
+.Op Fl debug
+.Op Fl in Ar file
+.Op Fl iter Ar iterations
+.Op Fl iv Ar IV
+.Op Fl K Ar key
+.Op Fl k Ar password
+.Op Fl kfile Ar file
+.Op Fl md Ar digest
+.Op Fl none
+.Op Fl nopad
+.Op Fl nosalt
+.Op Fl out Ar file
+.Op Fl pass Ar arg
+.Op Fl pbkdf2
+.Op Fl S Ar salt
+.Op Fl salt
+.Ek
+.El
+.Pp
+The symmetric cipher commands allow data to be encrypted or decrypted
+using various block and stream ciphers using keys based on passwords
+or explicitly provided.
+Base64 encoding or decoding can also be performed either by itself
+or in addition to the encryption or decryption.
+The program can be called either as
+.Nm openssl Ar ciphername
+or
+.Nm openssl enc - Ns Ar ciphername .
+.Pp
+Some of the ciphers do not have large keys and others have security
+implications if not used correctly.
+All the block ciphers normally use PKCS#5 padding,
+also known as standard block padding.
+If padding is disabled, the input data must be a multiple of the cipher
+block length.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl A
+If the
+.Fl a
+option is set, then base64 process the data on one line.
+.It Fl a , base64
+Base64 process the data.
+This means that if encryption is taking place, the data is base64-encoded
+after encryption.
+If decryption is set, the input data is base64-decoded before
+being decrypted.
+.It Fl bufsize Ar number
+Set the buffer size for I/O.
+.It Fl d
+Decrypt the input data.
+.It Fl debug
+Debug the BIOs used for I/O.
+.It Fl e
+Encrypt the input data.
+This is the default.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl iter Ar iterations
+Use the pbkdf2 key derivation function, with
+.Ar iterations
+as the number of iterations.
+.It Fl iv Ar IV
+The actual
+.Ar IV
+.Pq initialisation vector
+to use:
+this must be represented as a string comprised only of hex digits.
+When only the
+.Ar key
+is specified using the
+.Fl K
+option,
+the IV must explicitly be defined.
+When a password is being specified using one of the other options,
+the IV is generated from this password.
+.It Fl K Ar key
+The actual
+.Ar key
+to use:
+this must be represented as a string comprised only of hex digits.
+If only the key is specified,
+the IV must also be specified using the
+.Fl iv
+option.
+When both a
+.Ar key
+and a
+.Ar password
+are specified, the
+.Ar key
+given with the
+.Fl K
+option will be used and the IV generated from the password will be taken.
+It probably does not make much sense to specify both
+.Ar key
+and
+.Ar password .
+.It Fl k Ar password
+The
+.Ar password
+to derive the key from.
+Superseded by the
+.Fl pass
+option.
+.It Fl kfile Ar file
+Read the password to derive the key from the first line of
+.Ar file .
+Superseded by the
+.Fl pass
+option.
+.It Fl md Ar digest
+Use
+.Ar digest
+to create a key from a pass phrase.
+Currently, the default value is
+.Cm sha256 .
+.It Fl none
+Use NULL cipher (no encryption or decryption of input).
+.It Fl nopad
+Disable standard block padding.
+.It Fl nosalt
+Don't use a salt in the key derivation routines.
+This option should never be used
+since it makes it possible to perform efficient dictionary
+attacks on the password and to attack stream cipher encrypted data.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl P
+Print out the salt, key, and IV used, then immediately exit;
+don't do any encryption or decryption.
+.It Fl p
+Print out the salt, key, and IV used.
+.It Fl pass Ar arg
+The password source.
+.It Fl pbkdf2
+Use the pbkdf2 key derivation function, with
+the default of 10000 iterations.
+.It Fl S Ar salt
+The actual
+.Ar salt
+to use:
+this must be represented as a string comprised only of hex digits.
+.It Fl salt
+Use a salt in the key derivation routines (the default).
+When the salt is being used,
+the first eight bytes of the encrypted data are reserved for the salt:
+it is randomly generated when encrypting a file and read from the
+encrypted file when it is decrypted.
+.It Fl v
+Print extra details about the processing.
+.El
+.Tg errstr
+.Sh ERRSTR
+.Nm openssl errstr
+.Ar errno ...
+.Pp
+The
+.Nm errstr
+command performs error number to error string conversion,
+generating a human-readable string representing the error code
+.Ar errno .
+The string is obtained through the
+.Xr ERR_error_string_n 3
+function and has the following format:
+.Pp
+.Dl error:[error code]:[library name]:[function name]:[reason string]
+.Pp
+.Bq error code
+is an 8-digit hexadecimal number.
+The remaining fields
+.Bq library name ,
+.Bq function name ,
+and
+.Bq reason string
+are all ASCII text.
+.Tg gendsa
+.Sh GENDSA
+.Bl -hang -width "openssl gendsa"
+.It Nm openssl gendsa
+.Bk -words
+.Oo
+.Fl aes128 | aes192 | aes256 | camellia128 |
+.Fl camellia192 | camellia256 | des | des3 | idea
+.Oc
+.Op Fl out Ar file
+.Op Fl passout Ar arg
+.Ar paramfile
+.Ek
+.El
+.Pp
+The
+.Nm gendsa
+command generates a DSA private key from a DSA parameter file
+(typically generated by the
+.Nm openssl dsaparam
+command).
+DSA key generation is little more than random number generation so it is
+much quicker than,
+for example,
+RSA key generation.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Xo
+.Fl aes128 | aes192 | aes256 |
+.Fl camellia128 | camellia192 | camellia256 |
+.Fl des | des3 |
+.Fl idea
+.Xc
+Encrypt the private key with the AES, CAMELLIA, DES, triple DES
+or the IDEA ciphers, respectively, before outputting it.
+A pass phrase is prompted for.
+If none of these options are specified, no encryption is used.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passout Ar arg
+The output file password source.
+.It Ar paramfile
+Specify the DSA parameter file to use.
+The parameters in this file determine the size of the private key.
+.El
+.Tg genpkey
+.Sh GENPKEY
+.Bl -hang -width "openssl genpkey"
+.It Nm openssl genpkey
+.Bk -words
+.Op Fl algorithm Ar alg
+.Op Ar cipher
+.Op Fl genparam
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl paramfile Ar file
+.Op Fl pass Ar arg
+.Op Fl pkeyopt Ar opt : Ns Ar value
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm genpkey
+command generates private keys.
+The use of this
+program is encouraged over the algorithm specific utilities
+because additional algorithm options can be used.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl algorithm Ar alg
+The public key algorithm to use,
+such as RSA, DSA, or DH.
+This option must precede any
+.Fl pkeyopt
+options.
+The options
+.Fl paramfile
+and
+.Fl algorithm
+are mutually exclusive.
+.It Ar cipher
+Encrypt the private key with the supplied cipher.
+Any algorithm name accepted by
+.Xr EVP_get_cipherbyname 3
+is acceptable.
+.It Fl genparam
+Generate a set of parameters instead of a private key.
+This option must precede any
+.Fl algorithm ,
+.Fl paramfile ,
+or
+.Fl pkeyopt
+options.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl paramfile Ar file
+Some public key algorithms generate a private key based on a set of parameters,
+which can be supplied using this option.
+If this option is used, the public key
+algorithm used is determined by the parameters.
+This option must precede any
+.Fl pkeyopt
+options.
+The options
+.Fl paramfile
+and
+.Fl algorithm
+are mutually exclusive.
+.It Fl pass Ar arg
+The output file password source.
+.It Fl pkeyopt Ar opt : Ns Ar value
+Set the public key algorithm option
+.Ar opt
+to
+.Ar value ,
+as follows:
+.Bl -tag -width Ds -offset indent
+.It rsa_keygen_bits : Ns Ar numbits
+(RSA)
+The number of bits in the generated key.
+The default is 2048.
+.It rsa_keygen_pubexp : Ns Ar value
+(RSA)
+The RSA public exponent value.
+This can be a large decimal or hexadecimal value if preceded by 0x.
+The default is 65537.
+.It dsa_paramgen_bits : Ns Ar numbits
+(DSA)
+The number of bits in the generated parameters.
+The default is 1024.
+.It dh_paramgen_prime_len : Ns Ar numbits
+(DH)
+The number of bits in the prime parameter
+.Ar p .
+.It dh_paramgen_generator : Ns Ar value
+(DH)
+The value to use for the generator
+.Ar g .
+.It ec_paramgen_curve : Ns Ar curve
+(EC)
+The elliptic curve to use.
+.El
+.It Fl text
+Print the private/public key in plain text.
+.El
+.Tg genrsa
+.Sh GENRSA
+.Bl -hang -width "openssl genrsa"
+.It Nm openssl genrsa
+.Bk -words
+.Op Fl 3 | f4
+.Oo
+.Fl aes128 | aes192 | aes256 | camellia128 |
+.Fl camellia192 | camellia256 | des | des3 | idea
+.Oc
+.Op Fl out Ar file
+.Op Fl passout Ar arg
+.Op Ar numbits
+.Ek
+.El
+.Pp
+The
+.Nm genrsa
+command generates an RSA private key,
+which essentially involves the generation of two prime numbers.
+When generating the key,
+various symbols will be output to indicate the progress of the generation.
+A
+.Sq \&.
+represents each number which has passed an initial sieve test;
+.Sq +
+means a number has passed a single round of the Miller-Rabin primality test;
+.Sq *
+means the number has failed primality testing
+and needs to be generated afresh.
+A newline means that the number has passed all the prime tests
+(the actual number depends on the key size).
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl 3 | f4
+The public exponent to use, either 3 or 65537.
+The default is 65537.
+.It Xo
+.Fl aes128 | aes192 | aes256 |
+.Fl camellia128 | camellia192 | camellia256 |
+.Fl des | des3 |
+.Fl idea
+.Xc
+Encrypt the private key with the AES, CAMELLIA, DES, triple DES
+or the IDEA ciphers, respectively, before outputting it.
+If none of these options are specified, no encryption is used.
+If encryption is used, a pass phrase is prompted for,
+if it is not supplied via the
+.Fl passout
+option.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passout Ar arg
+The output file password source.
+.It Ar numbits
+The size of the private key to generate in bits.
+This must be the last option specified.
+The default is 2048.
+.El
+.Tg ocsp
+.Sh OCSP
+.Bl -hang -width "openssl ocsp"
+.It Nm openssl ocsp
+.Bk -words
+.Op Fl CA Ar file
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl cert Ar file
+.Op Fl dgst Ar alg
+.Op Fl header Ar name value
+.Op Fl host Ar hostname : Ns Ar port
+.Op Fl ignore_err
+.Op Fl index Ar indexfile
+.Op Fl issuer Ar file
+.Op Fl ndays Ar days
+.Op Fl nmin Ar minutes
+.Op Fl no_cert_checks
+.Op Fl no_cert_verify
+.Op Fl no_certs
+.Op Fl no_chain
+.Op Fl no_explicit
+.Op Fl no_intern
+.Op Fl no_nonce
+.Op Fl no_signature_verify
+.Op Fl nonce
+.Op Fl noverify
+.Op Fl nrequest Ar number
+.Op Fl out Ar file
+.Op Fl path Ar path
+.Op Fl port Ar portnum
+.Op Fl req_text
+.Op Fl reqin Ar file
+.Op Fl reqout Ar file
+.Op Fl resp_key_id
+.Op Fl resp_no_certs
+.Op Fl resp_text
+.Op Fl respin Ar file
+.Op Fl respout Ar file
+.Op Fl rkey Ar file
+.Op Fl rother Ar file
+.Op Fl rsigner Ar file
+.Op Fl serial Ar num
+.Op Fl sign_other Ar file
+.Op Fl signer Ar file
+.Op Fl signkey Ar file
+.Op Fl status_age Ar age
+.Op Fl text
+.Op Fl timeout Ar seconds
+.Op Fl trust_other
+.Op Fl url Ar responder_url
+.Op Fl VAfile Ar file
+.Op Fl validity_period Ar nsec
+.Op Fl verify_other Ar file
+.Ek
+.El
+.Pp
+The Online Certificate Status Protocol (OCSP)
+enables applications to determine the (revocation) state
+of an identified certificate (RFC 2560).
+.Pp
+The
+.Nm ocsp
+command performs many common OCSP tasks.
+It can be used to print out requests and responses,
+create requests and send queries to an OCSP responder,
+and behave like a mini OCSP server itself.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl CAfile Ar file , Fl CApath Ar directory
+A file or path containing trusted CA certificates,
+used to verify the signature on the OCSP response.
+.It Fl cert Ar file
+Add the certificate
+.Ar file
+to the request.
+The issuer certificate is taken from the previous
+.Fl issuer
+option, or an error occurs if no issuer certificate is specified.
+.It Fl dgst Ar alg
+Use the digest algorithm
+.Ar alg
+for certificate identification in the OCSP request.
+By default SHA1 is used.
+.It Xo
+.Fl host Ar hostname : Ns Ar port ,
+.Fl path Ar path
+.Xc
+Send
+the OCSP request to
+.Ar hostname
+on
+.Ar port .
+.Fl path
+specifies the HTTP path name to use, or
+.Pa /
+by default.
+.It Fl header Ar name value
+Add the header name with the specified value to the OCSP request that is sent
+to the responder.
+This may be repeated.
+.It Fl issuer Ar file
+The current issuer certificate, in PEM format.
+Can be used multiple times and must come before any
+.Fl cert
+options.
+.It Fl no_cert_checks
+Don't perform any additional checks on the OCSP response signer's certificate.
+That is, do not make any checks to see if the signer's certificate is
+authorised to provide the necessary status information:
+as a result this option should only be used for testing purposes.
+.It Fl no_cert_verify
+Don't verify the OCSP response signer's certificate at all.
+Since this option allows the OCSP response to be signed by any certificate,
+it should only be used for testing purposes.
+.It Fl no_certs
+Don't include any certificates in the signed request.
+.It Fl no_chain
+Do not use certificates in the response as additional untrusted CA
+certificates.
+.It Fl no_explicit
+Don't check the explicit trust for OCSP signing in the root CA certificate.
+.It Fl no_intern
+Ignore certificates contained in the OCSP response
+when searching for the signer's certificate.
+The signer's certificate must be specified with either the
+.Fl verify_other
+or
+.Fl VAfile
+options.
+.It Fl no_signature_verify
+Don't check the signature on the OCSP response.
+Since this option tolerates invalid signatures on OCSP responses,
+it will normally only be used for testing purposes.
+.It Fl nonce , no_nonce
+Add an OCSP nonce extension to a request,
+or disable an OCSP nonce addition.
+Normally, if an OCSP request is input using the
+.Fl respin
+option no nonce is added:
+using the
+.Fl nonce
+option will force the addition of a nonce.
+If an OCSP request is being created (using the
+.Fl cert
+and
+.Fl serial
+options),
+a nonce is automatically added; specifying
+.Fl no_nonce
+overrides this.
+.It Fl noverify
+Don't attempt to verify the OCSP response signature or the nonce values.
+This is normally only be used for debugging
+since it disables all verification of the responder's certificate.
+.It Fl out Ar file
+Specify the output file to write to,
+or standard output if not specified.
+.It Fl req_text , resp_text , text
+Print out the text form of the OCSP request, response, or both, respectively.
+.It Fl reqin Ar file , Fl respin Ar file
+Read an OCSP request or response file from
+.Ar file .
+These options are ignored
+if an OCSP request or response creation is implied by other options
+(for example with the
+.Fl serial , cert ,
+and
+.Fl host
+options).
+.It Fl reqout Ar file , Fl respout Ar file
+Write out the DER-encoded certificate request or response to
+.Ar file .
+.It Fl serial Ar num
+Same as the
+.Fl cert
+option except the certificate with serial number
+.Ar num
+is added to the request.
+The serial number is interpreted as a decimal integer unless preceded by
+.Sq 0x .
+Negative integers can also be specified
+by preceding the value with a minus sign.
+.It Fl sign_other Ar file
+Additional certificates to include in the signed request.
+.It Fl signer Ar file , Fl signkey Ar file
+Sign the OCSP request using the certificate specified in the
+.Fl signer
+option and the private key specified by the
+.Fl signkey
+option.
+If the
+.Fl signkey
+option is not present, then the private key is read from the same file
+as the certificate.
+If neither option is specified, the OCSP request is not signed.
+.It Fl timeout Ar seconds
+Connection timeout to the OCSP responder in seconds.
+.It Fl trust_other
+The certificates specified by the
+.Fl verify_other
+option should be explicitly trusted and no additional checks will be
+performed on them.
+This is useful when the complete responder certificate chain is not available
+or trusting a root CA is not appropriate.
+.It Fl url Ar responder_url
+Specify the responder URL.
+Both HTTP and HTTPS
+.Pq SSL/TLS
+URLs can be specified.
+.It Fl VAfile Ar file
+A file containing explicitly trusted responder certificates.
+Equivalent to the
+.Fl verify_other
+and
+.Fl trust_other
+options.
+.It Fl validity_period Ar nsec , Fl status_age Ar age
+The range of times, in seconds, which will be tolerated in an OCSP response.
+Each certificate status response includes a notBefore time
+and an optional notAfter time.
+The current time should fall between these two values,
+but the interval between the two times may be only a few seconds.
+In practice the OCSP responder and clients' clocks may not be precisely
+synchronised and so such a check may fail.
+To avoid this the
+.Fl validity_period
+option can be used to specify an acceptable error range in seconds,
+the default value being 5 minutes.
+.Pp
+If the notAfter time is omitted from a response,
+it means that new status information is immediately available.
+In this case the age of the notBefore field is checked
+to see it is not older than
+.Ar age
+seconds old.
+By default, this additional check is not performed.
+.It Fl verify_other Ar file
+A file containing additional certificates to search
+when attempting to locate the OCSP response signing certificate.
+Some responders omit the actual signer's certificate from the response,
+so this can be used to supply the necessary certificate.
+.El
+.Pp
+The options for the OCSP server are as follows:
+.Bl -tag -width "XXXX"
+.It Fl CA Ar file
+CA certificate corresponding to the revocation information in
+.Ar indexfile .
+.It Fl ignore_err
+Ignore the invalid response.
+.It Fl index Ar indexfile
+.Ar indexfile
+is a text index file in ca format
+containing certificate revocation information.
+.Pp
+If this option is specified,
+.Nm ocsp
+is in responder mode, otherwise it is in client mode.
+The requests the responder processes can be either specified on
+the command line (using the
+.Fl issuer
+and
+.Fl serial
+options), supplied in a file (using the
+.Fl respin
+option), or via external OCSP clients (if
+.Ar port
+or
+.Ar url
+is specified).
+.Pp
+If this option is present, then the
+.Fl CA
+and
+.Fl rsigner
+options must also be present.
+.It Fl nmin Ar minutes , Fl ndays Ar days
+Number of
+.Ar minutes
+or
+.Ar days
+when fresh revocation information is available:
+used in the nextUpdate field.
+If neither option is present,
+the nextUpdate field is omitted,
+meaning fresh revocation information is immediately available.
+.It Fl nrequest Ar number
+Exit after receiving
+.Ar number
+requests (the default is unlimited).
+.It Fl port Ar portnum
+Port to listen for OCSP requests on.
+May also be specified using the
+.Fl url
+option.
+.It Fl resp_key_id
+Identify the signer certificate using the key ID;
+the default is to use the subject name.
+.It Fl resp_no_certs
+Don't include any certificates in the OCSP response.
+.It Fl rkey Ar file
+The private key to sign OCSP responses with;
+if not present, the file specified in the
+.Fl rsigner
+option is used.
+.It Fl rother Ar file
+Additional certificates to include in the OCSP response.
+.It Fl rsigner Ar file
+The certificate to sign OCSP responses with.
+.El
+.Pp
+Initially the OCSP responder certificate is located and the signature on
+the OCSP request checked using the responder certificate's public key.
+Then a normal certificate verify is performed on the OCSP responder certificate
+building up a certificate chain in the process.
+The locations of the trusted certificates used to build the chain can be
+specified by the
+.Fl CAfile
+and
+.Fl CApath
+options or they will be looked for in the standard
+.Nm openssl
+certificates directory.
+.Pp
+If the initial verify fails, the OCSP verify process halts with an error.
+Otherwise the issuing CA certificate in the request is compared to the OCSP
+responder certificate: if there is a match then the OCSP verify succeeds.
+.Pp
+Otherwise the OCSP responder certificate's CA is checked against the issuing
+CA certificate in the request.
+If there is a match and the OCSPSigning extended key usage is present
+in the OCSP responder certificate, then the OCSP verify succeeds.
+.Pp
+Otherwise the root CA of the OCSP responder's CA is checked to see if it
+is trusted for OCSP signing.
+If it is, the OCSP verify succeeds.
+.Pp
+If none of these checks is successful, the OCSP verify fails.
+What this effectively means is that if the OCSP responder certificate is
+authorised directly by the CA it is issuing revocation information about
+(and it is correctly configured),
+then verification will succeed.
+.Pp
+If the OCSP responder is a global responder,
+which can give details about multiple CAs
+and has its own separate certificate chain,
+then its root CA can be trusted for OCSP signing.
+Alternatively, the responder certificate itself can be explicitly trusted
+with the
+.Fl VAfile
+option.
+.Tg passwd
+.Sh PASSWD
+.Bl -hang -width "openssl passwd"
+.It Nm openssl passwd
+.Bk -words
+.Op Fl 1 | apr1 | crypt
+.Op Fl in Ar file
+.Op Fl noverify
+.Op Fl quiet
+.Op Fl reverse
+.Op Fl salt Ar string
+.Op Fl stdin
+.Op Fl table
+.Op Ar password
+.Ek
+.El
+.Pp
+The
+.Nm passwd
+command computes the hash of a password.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl 1
+Use the MD5 based
+.Bx
+password algorithm
+.Qq 1 .
+.It Fl apr1
+Use the
+.Qq apr1
+algorithm
+.Po
+Apache variant of the
+.Bx
+algorithm
+.Pc .
+.It Fl crypt
+Use the
+.Qq crypt
+algorithm (the default).
+.It Fl in Ar file
+Read passwords from
+.Ar file .
+.It Fl noverify
+Don't verify when reading a password from the terminal.
+.It Fl quiet
+Don't output warnings when passwords given on the command line are truncated.
+.It Fl reverse
+Switch table columns.
+This only makes sense in conjunction with the
+.Fl table
+option.
+.It Fl salt Ar string
+Use the salt specified by
+.Ar string .
+When reading a password from the terminal, this implies
+.Fl noverify .
+.It Fl stdin
+Read passwords from standard input.
+.It Fl table
+In the output list, prepend the cleartext password and a TAB character
+to each password hash.
+.El
+.Tg pkcs7
+.Sh PKCS7
+.Bl -hang -width "openssl pkcs7"
+.It Nm openssl pkcs7
+.Bk -words
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl print
+.Op Fl print_certs
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm pkcs7
+command processes PKCS#7 files in DER or PEM format.
+The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl noout
+Don't output the encoded version of the PKCS#7 structure
+(or certificates if
+.Fl print_certs
+is set).
+.It Fl out Ar file
+The output to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl print
+Print the ASN.1 representation of PKCS#7 structure.
+.It Fl print_certs
+Print any certificates or CRLs contained in the file,
+preceded by their subject and issuer names in a one-line format.
+.It Fl text
+Print certificate details in full rather than just subject and issuer names.
+.El
+.Tg pkcs8
+.Sh PKCS8
+.Bl -hang -width "openssl pkcs8"
+.It Nm openssl pkcs8
+.Bk -words
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl nocrypt
+.Op Fl noiter
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl topk8
+.Op Fl v1 Ar alg
+.Op Fl v2 Ar alg
+.Ek
+.El
+.Pp
+The
+.Nm pkcs8
+command processes private keys
+(both encrypted and unencrypted)
+in PKCS#8 format
+with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
+The default encryption is only 56 bits;
+keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
+are more secure.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+If the key is encrypted, a pass phrase will be prompted for.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl nocrypt
+Generate an unencrypted PrivateKeyInfo structure.
+This option does not encrypt private keys at all
+and should only be used when absolutely necessary.
+.It Fl noiter
+Use an iteration count of 1.
+See the
+.Sx PKCS12
+section below for a detailed explanation of this option.
+.It Fl out Ar file
+The output file to write to,
+or standard output if none is specified.
+If any encryption options are set, a pass phrase will be prompted for.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl topk8
+Read a traditional format private key and write a PKCS#8 format key.
+.It Fl v1 Ar alg
+Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
+.Pp
+.Bl -tag -width "XXXX" -compact
+.It PBE-MD5-DES
+56-bit DES.
+.It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
+64-bit RC2 or 56-bit DES.
+.It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
+.It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
+PKCS#12 password-based encryption algorithm,
+which allow strong encryption algorithms like triple DES or 128-bit RC2.
+.El
+.It Fl v2 Ar alg
+Use PKCS#5 v2.0 algorithms.
+Supports algorithms such as 168-bit triple DES or 128-bit RC2,
+however not many implementations support PKCS#5 v2.0 yet
+(if using private keys with
+.Nm openssl
+this doesn't matter).
+.Pp
+.Ar alg
+is the encryption algorithm to use;
+valid values include des, des3, and rc2.
+It is recommended that des3 is used.
+.El
+.Tg pkcs12
+.Sh PKCS12
+.Bl -hang -width "openssl pkcs12"
+.It Nm openssl pkcs12
+.Bk -words
+.Oo
+.Fl aes128 | aes192 | aes256 | camellia128 |
+.Fl camellia192 | camellia256 | des | des3 | idea
+.Oc
+.Op Fl cacerts
+.Op Fl CAfile Ar file
+.Op Fl caname Ar name
+.Op Fl CApath Ar directory
+.Op Fl certfile Ar file
+.Op Fl certpbe Ar alg
+.Op Fl chain
+.Op Fl clcerts
+.Op Fl descert
+.Op Fl export
+.Op Fl in Ar file
+.Op Fl info
+.Op Fl inkey Ar file
+.Op Fl keyex
+.Op Fl keypbe Ar alg
+.Op Fl keysig
+.Op Fl macalg Ar alg
+.Op Fl maciter
+.Op Fl name Ar name
+.Op Fl nocerts
+.Op Fl nodes
+.Op Fl noiter
+.Op Fl nokeys
+.Op Fl nomac
+.Op Fl nomaciter
+.Op Fl nomacver
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl password Ar arg
+.Op Fl twopass
+.Ek
+.El
+.Pp
+The
+.Nm pkcs12
+command allows PKCS#12 files
+.Pq sometimes referred to as PFX files
+to be created and parsed.
+By default, a PKCS#12 file is parsed;
+a PKCS#12 file can be created by using the
+.Fl export
+option.
+.Pp
+The options for parsing a PKCS12 file are as follows:
+.Bl -tag -width "XXXX"
+.It Xo
+.Fl aes128 | aes192 | aes256 |
+.Fl camellia128 | camellia192 | camellia256 |
+.Fl des | des3 |
+.Fl idea
+.Xc
+Encrypt private keys using AES, CAMELLIA, DES, triple DES
+or the IDEA ciphers, respectively.
+The default is triple DES.
+.It Fl cacerts
+Only output CA certificates
+.Pq not client certificates .
+.It Fl clcerts
+Only output client certificates
+.Pq not CA certificates .
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl info
+Output additional information about the PKCS#12 file structure,
+algorithms used, and iteration counts.
+.It Fl nocerts
+Do not output certificates.
+.It Fl nodes
+Do not encrypt private keys.
+.It Fl nokeys
+Do not output private keys.
+.It Fl nomacver
+Do not attempt to verify the integrity MAC before reading the file.
+.It Fl noout
+Do not output the keys and certificates to the output file
+version of the PKCS#12 file.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl twopass
+Prompt for separate integrity and encryption passwords: most software
+always assumes these are the same so this option will render such
+PKCS#12 files unreadable.
+.El
+.Pp
+The options for PKCS12 file creation are as follows:
+.Bl -tag -width "XXXX"
+.It Fl CAfile Ar file
+CA storage as a file.
+.It Fl CApath Ar directory
+CA storage as a directory.
+The directory must be a standard certificate directory:
+that is, a hash of each subject name (using
+.Nm x509 Fl hash )
+should be linked to each certificate.
+.It Fl caname Ar name
+Specify the
+.Qq friendly name
+for other certificates.
+May be used multiple times to specify names for all certificates
+in the order they appear.
+.It Fl certfile Ar file
+A file to read additional certificates from.
+.It Fl certpbe Ar alg , Fl keypbe Ar alg
+Specify the algorithm used to encrypt the private key and
+certificates to be selected.
+Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
+If a cipher name
+(as output by the
+.Cm list-cipher-algorithms
+command) is specified then it
+is used with PKCS#5 v2.0.
+For interoperability reasons it is advisable to only use PKCS#12 algorithms.
+.It Fl chain
+Include the entire certificate chain of the user certificate.
+The standard CA store is used for this search.
+If the search fails, it is considered a fatal error.
+.It Fl descert
+Encrypt the certificate using triple DES; this may render the PKCS#12
+file unreadable by some
+.Qq export grade
+software.
+By default, the private key is encrypted using triple DES and the
+certificate using 40-bit RC2.
+.It Fl export
+Create a PKCS#12 file (rather than parsing one).
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+The order doesn't matter but one private key and its corresponding
+certificate should be present.
+If additional certificates are present, they will also be included
+in the PKCS#12 file.
+.It Fl inkey Ar file
+File to read a private key from.
+If not present, a private key must be present in the input file.
+.It Fl keyex | keysig
+Specify whether the private key is to be used for key exchange or just signing.
+Normally,
+.Qq export grade
+software will only allow 512-bit RSA keys to be
+used for encryption purposes, but arbitrary length keys for signing.
+The
+.Fl keysig
+option marks the key for signing only.
+Signing only keys can be used for S/MIME signing, authenticode
+(ActiveX control signing)
+and SSL client authentication.
+.It Fl macalg Ar alg
+Specify the MAC digest algorithm.
+The default is SHA1.
+.It Fl maciter
+Included for compatibility only:
+it used to be needed to use MAC iterations counts
+but they are now used by default.
+.It Fl name Ar name
+Specify the
+.Qq friendly name
+for the certificate and private key.
+This name is typically displayed in list boxes by software importing the file.
+.It Fl nomac
+Don't attempt to provide the MAC integrity.
+.It Fl nomaciter , noiter
+Affect the iteration counts on the MAC and key algorithms.
+.Pp
+To discourage attacks by using large dictionaries of common passwords,
+the algorithm that derives keys from passwords can have an iteration count
+applied to it: this causes a certain part of the algorithm to be repeated
+and slows it down.
+The MAC is used to check the file integrity but since it will normally
+have the same password as the keys and certificates it could also be attacked.
+By default, both MAC and encryption iteration counts are set to 2048;
+using these options the MAC and encryption iteration counts can be set to 1.
+Since this reduces the file security, you should not use these options
+unless you really have to.
+Most software supports both MAC and key iteration counts.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl password Ar arg
+With
+.Fl export ,
+.Fl password
+is equivalent to
+.Fl passout .
+Otherwise,
+.Fl password
+is equivalent to
+.Fl passin .
+.El
+.Tg pkey
+.Sh PKEY
+.Bl -hang -width "openssl pkey"
+.It Nm openssl pkey
+.Bk -words
+.Op Ar cipher
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl pubin
+.Op Fl pubout
+.Op Fl text
+.Op Fl text_pub
+.Ek
+.El
+.Pp
+The
+.Nm pkey
+command processes public or private keys.
+They can be converted between various forms
+and their components printed out.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Ar cipher
+Encrypt the private key with the specified cipher.
+Any algorithm name accepted by
+.Xr EVP_get_cipherbyname 3
+is acceptable, such as
+.Cm des3 .
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+If the key is encrypted, a pass phrase will be prompted for.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl noout
+Do not output the encoded version of the key.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+If any encryption options are set then a pass phrase
+will be prompted for.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl pubin
+Read in a public key, not a private key.
+.It Fl pubout
+Output a public key, not a private key.
+Automatically set if the input is a public key.
+.It Fl text
+Print the public/private key in plain text.
+.It Fl text_pub
+Print out only public key components
+even if a private key is being processed.
+.El
+.Tg pkeyparam
+.Sh PKEYPARAM
+.Cm openssl pkeyparam
+.Op Fl in Ar file
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl text
+.Pp
+The
+.Nm pkeyparam
+command processes public or private keys.
+The key type is determined by the PEM headers.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl noout
+Do not output the encoded version of the parameters.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl text
+Print the parameters in plain text.
+.El
+.Tg pkeyutl
+.Sh PKEYUTL
+.Bl -hang -width "openssl pkeyutl"
+.It Nm openssl pkeyutl
+.Bk -words
+.Op Fl asn1parse
+.Op Fl certin
+.Op Fl decrypt
+.Op Fl derive
+.Op Fl encrypt
+.Op Fl hexdump
+.Op Fl in Ar file
+.Op Fl inkey Ar file
+.Op Fl keyform Cm der | pem
+.Op Fl out Ar file
+.Op Fl passin Ar arg
+.Op Fl peerform Cm der | pem
+.Op Fl peerkey Ar file
+.Op Fl pkeyopt Ar opt : Ns Ar value
+.Op Fl pubin
+.Op Fl rev
+.Op Fl sigfile Ar file
+.Op Fl sign
+.Op Fl verify
+.Op Fl verifyrecover
+.Ek
+.El
+.Pp
+The
+.Nm pkeyutl
+command can be used to perform public key operations using
+any supported algorithm.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl asn1parse
+ASN.1 parse the output data.
+This is useful when combined with the
+.Fl verifyrecover
+option when an ASN.1 structure is signed.
+.It Fl certin
+The input is a certificate containing a public key.
+.It Fl decrypt
+Decrypt the input data using a private key.
+.It Fl derive
+Derive a shared secret using the peer key.
+.It Fl encrypt
+Encrypt the input data using a public key.
+.It Fl hexdump
+Hex dump the output data.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl inkey Ar file
+The input key file.
+By default it should be a private key.
+.It Fl keyform Cm der | pem
+The key format.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passin Ar arg
+The key password source.
+.It Fl peerform Cm der | pem
+The peer key format.
+.It Fl peerkey Ar file
+The peer key file, used by key derivation (agreement) operations.
+.It Fl pkeyopt Ar opt : Ns Ar value
+Set the public key algorithm option
+.Ar opt
+to
+.Ar value .
+Unless otherwise mentioned, all algorithms support the format
+.Ar digest : Ns Ar alg ,
+which specifies the digest to use
+for sign, verify, and verifyrecover operations.
+The value
+.Ar alg
+should represent a digest name as used in the
+.Xr EVP_get_digestbyname 3
+function.
+.Pp
+The RSA algorithm supports the
+encrypt, decrypt, sign, verify, and verifyrecover operations in general.
+Some padding modes only support some of these
+operations however.
+.Bl -tag -width Ds
+.It rsa_padding_mode : Ns Ar mode
+This sets the RSA padding mode.
+Acceptable values for
+.Ar mode
+are
+.Cm pkcs1
+for PKCS#1 padding;
+.Cm none
+for no padding;
+.Cm oaep
+for OAEP mode;
+.Cm x931
+for X9.31 mode;
+and
+.Cm pss
+for PSS.
+.Pp
+In PKCS#1 padding if the message digest is not set then the supplied data is
+signed or verified directly instead of using a DigestInfo structure.
+If a digest is set then a DigestInfo
+structure is used and its length
+must correspond to the digest type.
+For oeap mode only encryption and decryption is supported.
+For x931 if the digest type is set it is used to format the block data;
+otherwise the first byte is used to specify the X9.31 digest ID.
+Sign, verify, and verifyrecover can be performed in this mode.
+For pss mode only sign and verify are supported and the digest type must be
+specified.
+.It rsa_pss_saltlen : Ns Ar len
+For pss
+mode only this option specifies the salt length.
+Two special values are supported:
+-1 sets the salt length to the digest length.
+When signing, -2 sets the salt length to the maximum permissible value.
+When verifying, -2 causes the salt length to be automatically determined
+based on the PSS block structure.
+.El
+.Pp
+The DSA algorithm supports the sign and verify operations.
+Currently there are no additional options other than
+.Ar digest .
+Only the SHA1 digest can be used and this digest is assumed by default.
+.Pp
+The DH algorithm supports the derive operation
+and no additional options.
+.Pp
+The EC algorithm supports the sign, verify, and derive operations.
+The sign and verify operations use ECDSA and derive uses ECDH.
+Currently there are no additional options other than
+.Ar digest .
+Only the SHA1 digest can be used and this digest is assumed by default.
+.It Fl pubin
+The input file is a public key.
+.It Fl rev
+Reverse the order of the input buffer.
+.It Fl sigfile Ar file
+Signature file (verify operation only).
+.It Fl sign
+Sign the input data and output the signed result.
+This requires a private key.
+.It Fl verify
+Verify the input data against the signature file and indicate if the
+verification succeeded or failed.
+.It Fl verifyrecover
+Verify the input data and output the recovered data.
+.El
+.Tg prime
+.Sh PRIME
+.Cm openssl prime
+.Op Fl bits Ar n
+.Op Fl checks Ar n
+.Op Fl generate
+.Op Fl hex
+.Op Fl safe
+.Ar p
+.Pp
+The
+.Nm prime
+command is used to generate prime numbers,
+or to check numbers for primality.
+Results are probabilistic:
+they have an exceedingly high likelihood of being correct,
+but are not guaranteed.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl bits Ar n
+Specify the number of bits in the generated prime number.
+Must be used in conjunction with
+.Fl generate .
+.It Fl checks Ar n
+Perform a Miller-Rabin probabilistic primality test with
+.Ar n
+iterations.
+The default is 20.
+.It Fl generate
+Generate a pseudo-random prime number.
+Must be used in conjunction with
+.Fl bits .
+.It Fl hex
+Output in hex format.
+.It Fl safe
+Generate only
+.Qq safe
+prime numbers
+(i.e. a prime p so that (p-1)/2 is also prime).
+.It Ar p
+Test if number
+.Ar p
+is prime.
+.El
+.Tg rand
+.Sh RAND
+.Bl -hang -width "openssl rand"
+.It Nm openssl rand
+.Bk -words
+.Op Fl base64
+.Op Fl hex
+.Op Fl out Ar file
+.Ar num
+.Ek
+.El
+.Pp
+The
+.Nm rand
+command outputs
+.Ar num
+pseudo-random bytes.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl base64
+Perform base64 encoding on the output.
+.It Fl hex
+Specify hexadecimal output.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.El
+.Tg req
+.Sh REQ
+.Bl -hang -width "openssl req"
+.It Nm openssl req
+.Bk -words
+.Op Fl addext Ar ext
+.Op Fl batch
+.Op Fl config Ar file
+.Op Fl days Ar n
+.Op Fl extensions Ar section
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl key Ar keyfile
+.Op Fl keyform Cm der | pem
+.Op Fl keyout Ar file
+.Op Fl md4 | md5 | sha1
+.Op Fl modulus
+.Op Fl multivalue-rdn
+.Op Fl nameopt Ar option
+.Op Fl new
+.Op Fl newhdr
+.Op Fl newkey Ar arg
+.Op Fl nodes
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl pkeyopt Ar opt:value
+.Op Fl pubkey
+.Op Fl reqexts Ar section
+.Op Fl reqopt Ar option
+.Op Fl set_serial Ar n
+.Op Fl sigopt Ar nm:v
+.Op Fl subj Ar arg
+.Op Fl subject
+.Op Fl text
+.Op Fl utf8
+.Op Fl verbose
+.Op Fl verify
+.Op Fl x509
+.Ek
+.El
+.Pp
+The
+.Nm req
+command primarily creates and processes certificate requests
+in PKCS#10 format.
+It can additionally create self-signed certificates,
+for use as root CAs, for example.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl addext Ar ext
+Add a specific extension to the certificate (if the
+.Fl x509
+option is present) or certificate request.
+The argument must have the form of a key=value pair as it would appear in a
+config file.
+This option can be given multiple times.
+.It Fl batch
+Non-interactive mode.
+.It Fl config Ar file
+Specify an alternative configuration file.
+.It Fl days Ar n
+Specify the number of days to certify the certificate for.
+The default is 30 days.
+Used with the
+.Fl x509
+option.
+.It Fl extensions Ar section , Fl reqexts Ar section
+Specify alternative sections to include certificate
+extensions (with
+.Fl x509 )
+or certificate request extensions,
+allowing several different sections to be used in the same configuration file.
+.It Fl in Ar file
+The input file to read a request from,
+or standard input if not specified.
+A request is only read if the creation options
+.Fl new
+and
+.Fl newkey
+are not specified.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl key Ar keyfile
+The file to read the private key from.
+It also accepts PKCS#8 format private keys for PEM format files.
+.It Fl keyform Cm der | pem
+The format of the private key file specified in the
+.Fl key
+argument.
+The default is
+.Cm pem .
+.It Fl keyout Ar file
+The file to write the newly created private key to.
+If this option is not specified,
+the filename present in the configuration file is used.
+.It Fl md5 | sha1 | sha256
+The message digest to sign the request with.
+This overrides the digest algorithm specified in the configuration file.
+.Pp
+Some public key algorithms may override this choice.
+For instance, DSA signatures always use SHA1.
+.It Fl modulus
+Print the value of the modulus of the public key contained in the request.
+.It Fl multivalue-rdn
+This option causes the
+.Fl subj
+argument to be interpreted with full support for multivalued RDNs,
+for example
+.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
+If
+.Fl multivalue-rdn
+is not used, the UID value is set to
+.Qq "123456+CN=John Doe" .
+.It Fl nameopt Ar option , Fl reqopt Ar option
+Determine how the subject or issuer names are displayed.
+.Ar option
+can be a single option or multiple options separated by commas.
+Alternatively, these options may be used more than once to set multiple options.
+See the
+.Sx X509
+section below for details.
+.It Fl new
+Generate a new certificate request.
+The user is prompted for the relevant field values.
+The actual fields prompted for and their maximum and minimum sizes
+are specified in the configuration file and any requested extensions.
+.Pp
+If the
+.Fl key
+option is not used, it will generate a new RSA private
+key using information specified in the configuration file.
+.It Fl newhdr
+Add the word NEW to the PEM file header and footer lines
+on the outputted request.
+Some software and CAs need this.
+.It Fl newkey Ar arg
+Create a new certificate request and a new private key.
+The argument takes one of several forms.
+.Pp
+.No rsa : Ns Ar nbits
+generates an RSA key
+.Ar nbits
+in size.
+If
+.Ar nbits
+is omitted,
+the default key size is used.
+.Pp
+.No dsa : Ns Ar file
+generates a DSA key using the parameters in
+.Ar file .
+.Pp
+.No param : Ns Ar file
+generates a key using the parameters or certificate in
+.Ar file .
+.Pp
+All other algorithms support the form
+.Ar algorithm : Ns Ar file ,
+where file may be an algorithm parameter file,
+created by the
+.Cm genpkey -genparam
+command or an X.509 certificate for a key with appropriate algorithm.
+.Ar file
+can be omitted,
+in which case any parameters can be specified via the
+.Fl pkeyopt
+option.
+.It Fl nodes
+Do not encrypt the private key.
+.It Fl noout
+Do not output the encoded version of the request.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl pkeyopt Ar opt:value
+Set the public key algorithm option
+.Ar opt
+to
+.Ar value .
+.It Fl pubkey
+Output the public key.
+.It Fl reqopt Ar option
+Customise the output format used with
+.Fl text .
+The
+.Ar option
+argument can be a single option or multiple options separated by commas.
+See also the discussion of
+.Fl certopt
+in the
+.Nm x509
+command.
+.It Fl set_serial Ar n
+Serial number to use when outputting a self-signed certificate.
+This may be specified as a decimal value or a hex value if preceded by
+.Sq 0x .
+It is possible to use negative serial numbers but this is not recommended.
+.It Fl sigopt Ar nm:v
+Pass options to the signature algorithm during sign operation.
+The names and values of these options are algorithm-specific.
+.It Fl subj Ar arg
+Replaces the subject field of an input request
+with the specified data and output the modified request.
+.Ar arg
+must be formatted as /type0=value0/type1=value1/type2=...;
+characters may be escaped by
+.Sq \e
+(backslash);
+no spaces are skipped.
+.It Fl subject
+Print the request subject (or certificate subject if
+.Fl x509
+is specified).
+.It Fl text
+Print the certificate request in plain text.
+.It Fl utf8
+Interpret field values as UTF8 strings, not ASCII.
+.It Fl verbose
+Print extra details about the operations being performed.
+.It Fl verify
+Verify the signature on the request.
+.It Fl x509
+Output a self-signed certificate instead of a certificate request.
+This is typically used to generate a test certificate or a self-signed root CA.
+The extensions added to the certificate (if any)
+are specified in the configuration file.
+Unless specified using the
+.Fl set_serial
+option, 0 is used for the serial number.
+.El
+.Pp
+The configuration options are specified in the
+.Qq req
+section of the configuration file.
+The options available are as follows:
+.Bl -tag -width "XXXX"
+.It Cm attributes
+The section containing any request attributes: its format
+is the same as
+.Cm distinguished_name .
+Typically these may contain the challengePassword or unstructuredName types.
+They are currently ignored by the
+.Nm openssl
+request signing utilities, but some CAs might want them.
+.It Cm default_bits
+The default key size, in bits.
+The default is 2048.
+It is used if the
+.Fl new
+option is used and can be overridden by using the
+.Fl newkey
+option.
+.It Cm default_keyfile
+The default file to write a private key to,
+or standard output if not specified.
+It can be overridden by the
+.Fl keyout
+option.
+.It Cm default_md
+The digest algorithm to use.
+Possible values include
+.Cm md5 ,
+.Cm sha1
+and
+.Cm sha256
+(the default).
+It can be overridden on the command line.
+.It Cm distinguished_name
+The section containing the distinguished name fields to
+prompt for when generating a certificate or certificate request.
+The format is described below.
+.It Cm encrypt_key
+If set to
+.Qq no
+and a private key is generated, it is not encrypted.
+It is equivalent to the
+.Fl nodes
+option.
+For compatibility,
+.Cm encrypt_rsa_key
+is an equivalent option.
+.It Cm input_password | output_password
+The passwords for the input private key file (if present)
+and the output private key file (if one will be created).
+The command line options
+.Fl passin
+and
+.Fl passout
+override the configuration file values.
+.It Cm oid_file
+A file containing additional OBJECT IDENTIFIERS.
+Each line of the file should consist of the numerical form of the
+object identifier, followed by whitespace, then the short name followed
+by whitespace and finally the long name.
+.It Cm oid_section
+Specify a section in the configuration file containing extra
+object identifiers.
+Each line should consist of the short name of the
+object identifier followed by
+.Sq =
+and the numerical form.
+The short and long names are the same when this option is used.
+.It Cm prompt
+If set to
+.Qq no ,
+it disables prompting of certificate fields
+and just takes values from the config file directly.
+It also changes the expected format of the
+.Cm distinguished_name
+and
+.Cm attributes
+sections.
+.It Cm req_extensions
+The configuration file section containing a list of
+extensions to add to the certificate request.
+It can be overridden by the
+.Fl reqexts
+option.
+.It Cm string_mask
+Limit the string types for encoding certain fields.
+The following values may be used, limiting strings to the indicated types:
+.Bl -tag -width "MASK:number"
+.It Cm utf8only
+UTF8String.
+This is the default, as recommended by PKIX in RFC 2459.
+.It Cm default
+PrintableString, IA5String, T61String, BMPString, UTF8String.
+.It Cm pkix
+PrintableString, IA5String, BMPString, UTF8String.
+Inspired by the PKIX recommendation in RFC 2459 for certificates
+generated before 2004, but differs by also permitting IA5String.
+.It Cm nombstr
+PrintableString, IA5String, T61String, UniversalString.
+A workaround for some ancient software that had problems
+with the variable-sized BMPString and UTF8String types.
+.It Cm MASK : Ns Ar number
+An explicit bitmask of permitted types, where
+.Ar number
+is a C-style hex, decimal, or octal number that's a bit-wise OR of
+.Dv B_ASN1_*
+values from
+.In openssl/asn1.h .
+.El
+.It Cm utf8
+If set to
+.Qq yes ,
+field values are interpreted as UTF8 strings.
+.It Cm x509_extensions
+The configuration file section containing a list of
+extensions to add to a certificate generated when the
+.Fl x509
+switch is used.
+It can be overridden by the
+.Fl extensions
+command line switch.
+.El
+.Pp
+There are two separate formats for the distinguished name and attribute
+sections.
+If the
+.Fl prompt
+option is set to
+.Qq no ,
+then these sections just consist of field names and values.
+If the
+.Fl prompt
+option is absent or not set to
+.Qq no ,
+then the file contains field prompting information of the form:
+.Bd -unfilled -offset indent
+fieldName="prompt"
+fieldName_default="default field value"
+fieldName_min= 2
+fieldName_max= 4
+.Ed
+.Pp
+.Qq fieldName
+is the field name being used, for example
+.Cm commonName
+(or CN).
+The
+.Qq prompt
+string is used to ask the user to enter the relevant details.
+If the user enters nothing, the default value is used;
+if no default value is present, the field is omitted.
+A field can still be omitted if a default value is present,
+if the user just enters the
+.Sq \&.
+character.
+.Pp
+The number of characters entered must be between the
+fieldName_min and fieldName_max limits:
+there may be additional restrictions based on the field being used
+(for example
+.Cm countryName
+can only ever be two characters long and must fit in a
+.Cm PrintableString ) .
+.Pp
+Some fields (such as
+.Cm organizationName )
+can be used more than once in a DN.
+This presents a problem because configuration files will
+not recognize the same name occurring twice.
+To avoid this problem, if the
+.Cm fieldName
+contains some characters followed by a full stop, they will be ignored.
+So, for example, a second
+.Cm organizationName
+can be input by calling it
+.Qq 1.organizationName .
+.Pp
+The actual permitted field names are any object identifier short or
+long names.
+These are compiled into
+.Nm openssl
+and include the usual values such as
+.Cm commonName , countryName , localityName , organizationName ,
+.Cm organizationalUnitName , stateOrProvinceName .
+Additionally,
+.Cm emailAddress
+is included as well as
+.Cm name , surname , givenName , initials
+and
+.Cm dnQualifier .
+.Pp
+Additional object identifiers can be defined with the
+.Cm oid_file
+or
+.Cm oid_section
+options in the configuration file.
+Any additional fields will be treated as though they were a
+.Cm DirectoryString .
+.Tg rsa
+.Sh RSA
+.Bl -hang -width "openssl rsa"
+.It Nm openssl rsa
+.Bk -words
+.Op Fl aes128 | aes192 | aes256 | des | des3
+.Op Fl check
+.Op Fl in Ar file
+.Op Fl inform Cm der | net | pem | pvk
+.Op Fl modulus
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | net | pem | pvk
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl pubin
+.Op Fl pubout
+.Op Fl pvk-none | pvk-strong | pvk-weak
+.Op Fl RSAPublicKey_in
+.Op Fl RSAPublicKey_out
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm rsa
+command processes RSA keys.
+They can be converted between various forms and their components printed out.
+.Nm rsa
+uses the traditional
+.Nm SSLeay
+compatible format for private key encryption:
+newer applications should use the more secure PKCS#8 format using the
+.Nm pkcs8
+utility.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl aes128 | aes192 | aes256 | des | des3
+Encrypt the private key with the AES, DES,
+or the triple DES ciphers, respectively, before outputting it.
+A pass phrase is prompted for.
+If none of these options are specified, the key is written in plain text.
+This means that using the
+.Nm rsa
+utility to read in an encrypted key with no encryption option can be used
+to remove the pass phrase from a key, or by setting the encryption options
+it can be used to add or change the pass phrase.
+These options can only be used with PEM format output files.
+.It Fl check
+Check the consistency of an RSA private key.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+If the key is encrypted, a pass phrase will be prompted for.
+.It Fl inform Cm der | net | pem | pvk
+The input format.
+.It Fl noout
+Do not output the encoded version of the key.
+.It Fl modulus
+Print the value of the modulus of the key.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | net | pem | pvk
+The output format.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl pubin
+Read in a public key,
+not a private key.
+.It Fl pubout
+Output a public key,
+not a private key.
+Automatically set if the input is a public key.
+.It Xo
+.Fl pvk-none | pvk-strong | pvk-weak
+.Xc
+Enable or disable PVK encoding.
+The default is
+.Fl pvk-strong .
+.It Fl RSAPublicKey_in , RSAPublicKey_out
+Same as
+.Fl pubin
+and
+.Fl pubout
+except
+.Cm RSAPublicKey
+format is used instead.
+.It Fl text
+Print the public/private key components in plain text.
+.El
+.Tg rsautl
+.Sh RSAUTL
+.Bl -hang -width "openssl rsautl"
+.It Nm openssl rsautl
+.Bk -words
+.Op Fl asn1parse
+.Op Fl certin
+.Op Fl decrypt
+.Op Fl encrypt
+.Op Fl hexdump
+.Op Fl in Ar file
+.Op Fl inkey Ar file
+.Op Fl keyform Cm der | pem
+.Op Fl oaep | pkcs | raw | x931
+.Op Fl out Ar file
+.Op Fl passin Ar arg
+.Op Fl pubin
+.Op Fl rev
+.Op Fl sign
+.Op Fl verify
+.Ek
+.El
+.Pp
+The
+.Nm rsautl
+command can be used to sign, verify, encrypt and decrypt
+data using the RSA algorithm.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl asn1parse
+Asn1parse the output data; this is useful when combined with the
+.Fl verify
+option.
+.It Fl certin
+The input is a certificate containing an RSA public key.
+.It Fl decrypt
+Decrypt the input data using an RSA private key.
+.It Fl encrypt
+Encrypt the input data using an RSA public key.
+.It Fl hexdump
+Hex dump the output data.
+.It Fl in Ar file
+The input to read from,
+or standard input if not specified.
+.It Fl inkey Ar file
+The input key file; by default an RSA private key.
+.It Fl keyform Cm der | pem
+The private key format.
+The default is
+.Cm pem .
+.It Fl oaep | pkcs | raw | x931
+The padding to use:
+PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
+respectively.
+For signatures, only
+.Fl pkcs
+and
+.Fl raw
+can be used.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passin Ar arg
+The key password source.
+.It Fl pubin
+The input file is an RSA public key.
+.It Fl rev
+Reverse the order of the input buffer.
+.It Fl sign
+Sign the input data and output the signed result.
+This requires an RSA private key.
+.It Fl verify
+Verify the input data and output the recovered data.
+.El
+.Tg s_client
+.Sh S_CLIENT
+.Bl -hang -width "openssl s_client"
+.It Nm openssl s_client
+.Bk -words
+.Op Fl 4 | 6
+.Op Fl alpn Ar protocols
+.Op Fl bugs
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl cert Ar file
+.Op Fl certform Cm der | pem
+.Op Fl check_ss_sig
+.Op Fl cipher Ar cipherlist
+.Op Fl connect Ar host Ns Op : Ns Ar port
+.Op Fl crl_check
+.Op Fl crl_check_all
+.Op Fl crlf
+.Op Fl debug
+.Op Fl dtls
+.Op Fl dtls1_2
+.Op Fl extended_crl
+.Op Fl groups Ar list
+.Op Fl host Ar host
+.Op Fl ign_eof
+.Op Fl ignore_critical
+.Op Fl issuer_checks
+.Op Fl key Ar keyfile
+.Op Fl keyform Cm der | pem
+.Op Fl keymatexport Ar label
+.Op Fl keymatexportlen Ar len
+.Op Fl legacy_server_connect
+.Op Fl msg
+.Op Fl mtu Ar mtu
+.Op Fl nbio
+.Op Fl nbio_test
+.Op Fl no_comp
+.Op Fl no_ign_eof
+.Op Fl no_legacy_server_connect
+.Op Fl no_ticket
+.Op Fl no_tls1_2
+.Op Fl no_tls1_3
+.Op Fl pass Ar arg
+.Op Fl policy_check
+.Op Fl port Ar port
+.Op Fl prexit
+.Op Fl proxy Ar host : Ns Ar port
+.Op Fl quiet
+.Op Fl reconnect
+.Op Fl servername Ar name
+.Op Fl serverpref
+.Op Fl sess_in Ar file
+.Op Fl sess_out Ar file
+.Op Fl showcerts
+.Op Fl starttls Ar protocol
+.Op Fl state
+.Op Fl status
+.Op Fl timeout
+.Op Fl tls1_2
+.Op Fl tls1_3
+.Op Fl tlsextdebug
+.Op Fl use_srtp Ar profiles
+.Op Fl verify Ar depth
+.Op Fl verify_return_error
+.Op Fl x509_strict
+.Op Fl xmpphost Ar host
+.Ek
+.El
+.Pp
+The
+.Nm s_client
+command implements a generic SSL/TLS client which connects
+to a remote host using SSL/TLS.
+.Pp
+If a connection is established with an SSL server, any data received
+from the server is displayed and any key presses will be sent to the
+server.
+When used interactively (which means neither
+.Fl quiet
+nor
+.Fl ign_eof
+have been given), the session will be renegotiated if the line begins with an
+.Cm R ;
+if the line begins with a
+.Cm Q
+or if end of file is reached, the connection will be closed down.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl 4
+Attempt connections using IPv4 only.
+.It Fl 6
+Attempt connections using IPv6 only.
+.It Fl alpn Ar protocols
+Enable the Application-Layer Protocol Negotiation.
+.Ar protocols
+is a comma-separated list of protocol names that the client should advertise
+support for.
+.It Fl bugs
+Enable various workarounds for buggy implementations.
+.It Fl CAfile Ar file
+A
+.Ar file
+containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+.It Fl CApath Ar directory
+The
+.Ar directory
+to use for server certificate verification.
+This directory must be in
+.Qq hash format ;
+see
+.Fl verify
+for more information.
+These are also used when building the client certificate chain.
+.It Fl cert Ar file
+The certificate to use, if one is requested by the server.
+The default is not to use a certificate.
+.It Fl certform Cm der | pem
+The certificate format.
+The default is
+.Cm pem .
+.It Xo
+.Fl check_ss_sig ,
+.Fl crl_check ,
+.Fl crl_check_all ,
+.Fl extended_crl ,
+.Fl ignore_critical ,
+.Fl issuer_checks ,
+.Fl policy_check ,
+.Fl x509_strict
+.Xc
+Set various certificate chain validation options.
+See the
+.Nm verify
+command for details.
+.It Fl cipher Ar cipherlist
+Modify the cipher list sent by the client.
+Although the server determines which cipher suite is used, it should take
+the first supported cipher in the list sent by the client.
+See the
+.Nm ciphers
+command for more information.
+.It Fl connect Ar host Ns Op : Ns Ar port
+The
+.Ar host
+and
+.Ar port
+to connect to.
+If not specified, an attempt is made to connect to the local host
+on port 4433.
+Alternatively, the host and port pair may be separated using a forward-slash
+character,
+which is useful for numeric IPv6 addresses.
+.It Fl crlf
+Translate a line feed from the terminal into CR+LF,
+as required by some servers.
+.It Fl debug
+Print extensive debugging information, including a hex dump of all traffic.
+.It Fl dtls
+Permit any version of DTLS.
+.It Fl dtls1_2
+Permit only DTLS1.2.
+.It Fl groups Ar list
+Set the supported elliptic curve groups to the colon separated
+.Ar list
+of group NIDs or names as documented in
+.Xr SSL_CTX_set1_groups_list 3 .
+.It Fl host Ar host
+The
+.Ar host
+to connect to.
+The default is localhost.
+.It Fl ign_eof
+Inhibit shutting down the connection when end of file is reached in the input.
+.It Fl key Ar keyfile
+The private key to use.
+If not specified, the certificate file will be used.
+.It Fl keyform Cm der | pem
+The private key format.
+The default is
+.Cm pem .
+.It Fl keymatexport Ar label
+Export keying material using label.
+.It Fl keymatexportlen Ar len
+Export len bytes of keying material (default 20).
+.It Fl legacy_server_connect , no_legacy_server_connect
+Allow or disallow initial connection to servers that don't support RI.
+.It Fl msg
+Show all protocol messages with hex dump.
+.It Fl mtu Ar mtu
+Set the link layer MTU.
+.It Fl nbio
+Turn on non-blocking I/O.
+.It Fl nbio_test
+Test non-blocking I/O.
+.It Fl no_ign_eof
+Shut down the connection when end of file is reached in the input.
+Can be used to override the implicit
+.Fl ign_eof
+after
+.Fl quiet .
+.It Fl no_tls1_2 | no_tls1_3
+Disable the use of TLS1.2 and 1.3, respectively.
+.It Fl no_ticket
+Disable RFC 4507 session ticket support.
+.It Fl pass Ar arg
+The private key password source.
+.It Fl port Ar port
+The
+.Ar port
+to connect to.
+The default is 4433.
+.It Fl prexit
+Print session information when the program exits.
+This will always attempt
+to print out information even if the connection fails.
+Normally, information will only be printed out once if the connection succeeds.
+This option is useful because the cipher in use may be renegotiated
+or the connection may fail because a client certificate is required or is
+requested only after an attempt is made to access a certain URL.
+Note that the output produced by this option is not always accurate
+because a connection might never have been established.
+.It Fl proxy Ar host : Ns Ar port
+Use the HTTP proxy at
+.Ar host
+and
+.Ar port .
+The connection to the proxy is done in cleartext and the
+.Fl connect
+argument is given to the proxy.
+If not specified, localhost is used as final destination.
+After that, switch the connection through the proxy to the destination
+to TLS.
+.It Fl quiet
+Inhibit printing of session and certificate information.
+This implicitly turns on
+.Fl ign_eof
+as well.
+.It Fl reconnect
+Reconnect to the same server 5 times using the same session ID; this can
+be used as a test that session caching is working.
+.It Fl servername Ar name
+Include the TLS Server Name Indication (SNI) extension in the ClientHello
+message, using the specified server
+.Ar name .
+.It Fl showcerts
+Display the whole server certificate chain: normally only the server
+certificate itself is displayed.
+.It Fl serverpref
+Use the server's cipher preferences.
+.It Fl sess_in Ar file
+Load TLS session from file.
+The client will attempt to resume a connection from this session.
+.It Fl sess_out Ar file
+Output TLS session to file.
+.It Fl starttls Ar protocol
+Send the protocol-specific messages to switch to TLS for communication.
+.Ar protocol
+is a keyword for the intended protocol.
+Currently, the supported keywords are
+.Qq ftp ,
+.Qq imap ,
+.Qq smtp ,
+.Qq pop3 ,
+and
+.Qq xmpp .
+.It Fl state
+Print the SSL session states.
+.It Fl status
+Send a certificate status request to the server (OCSP stapling).
+The server response (if any) is printed out.
+.It Fl timeout
+Enable send/receive timeout on DTLS connections.
+.It Fl tls1_2 | tls1_3
+Permit only TLS1.2 or 1.3 respectively.
+.It Fl tlsextdebug
+Print a hex dump of any TLS extensions received from the server.
+.It Fl use_srtp Ar profiles
+Offer SRTP key management with a colon-separated profile list.
+.It Fl verify Ar depth
+Turn on server certificate verification,
+with a maximum length of
+.Ar depth .
+Currently the verify operation continues after errors so all the problems
+with a certificate chain can be seen.
+As a side effect the connection will never fail due to a server
+certificate verify failure.
+.It Fl verify_return_error
+Return verification error.
+.It Fl xmpphost Ar hostname
+When used with
+.Fl starttls Ar xmpp ,
+specify the host for the "to" attribute of the stream element.
+If this option is not specified then the host specified with
+.Fl connect
+will be used.
+.El
+.Tg s_server
+.Sh S_SERVER
+.Bl -hang -width "openssl s_server"
+.It Nm openssl s_server
+.Bk -words
+.Op Fl accept Ar port
+.Op Fl alpn Ar protocols
+.Op Fl bugs
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl cert Ar file
+.Op Fl cert2 Ar file
+.Op Fl certform Cm der | pem
+.Op Fl cipher Ar cipherlist
+.Op Fl context Ar id
+.Op Fl crl_check
+.Op Fl crl_check_all
+.Op Fl crlf
+.Op Fl dcert Ar file
+.Op Fl dcertform Cm der | pem
+.Op Fl debug
+.Op Fl dhparam Ar file
+.Op Fl dkey Ar file
+.Op Fl dkeyform Cm der | pem
+.Op Fl dpass Ar arg
+.Op Fl dtls
+.Op Fl dtls1
+.Op Fl dtls1_2
+.Op Fl groups Ar list
+.Op Fl HTTP
+.Op Fl id_prefix Ar arg
+.Op Fl key Ar keyfile
+.Op Fl key2 Ar keyfile
+.Op Fl keyform Cm der | pem
+.Op Fl keymatexport Ar label
+.Op Fl keymatexportlen Ar len
+.Op Fl msg
+.Op Fl mtu Ar mtu
+.Op Fl naccept Ar num
+.Op Fl named_curve Ar arg
+.Op Fl nbio
+.Op Fl nbio_test
+.Op Fl no_cache
+.Op Fl no_dhe
+.Op Fl no_ecdhe
+.Op Fl no_ticket
+.Op Fl no_tls1_2
+.Op Fl no_tls1_3
+.Op Fl no_tmp_rsa
+.Op Fl nocert
+.Op Fl pass Ar arg
+.Op Fl quiet
+.Op Fl servername Ar name
+.Op Fl servername_fatal
+.Op Fl serverpref
+.Op Fl state
+.Op Fl status
+.Op Fl status_timeout Ar nsec
+.Op Fl status_url Ar url
+.Op Fl status_verbose
+.Op Fl timeout
+.Op Fl tls1_2
+.Op Fl tls1_3
+.Op Fl tlsextdebug
+.Op Fl use_srtp Ar profiles
+.Op Fl Verify Ar depth
+.Op Fl verify Ar depth
+.Op Fl verify_return_error
+.Op Fl WWW
+.Op Fl www
+.Ek
+.El
+.Pp
+The
+.Nm s_server
+command implements a generic SSL/TLS server which listens
+for connections on a given port using SSL/TLS.
+.Pp
+If a connection request is established with a client and neither the
+.Fl www
+nor the
+.Fl WWW
+option has been used, then any data received
+from the client is displayed and any key presses are sent to the client.
+Certain single letter commands perform special operations:
+.Pp
+.Bl -tag -width "XXXX" -compact
+.It Ic P
+Send plain text, which should cause the client to disconnect.
+.It Ic Q
+End the current SSL connection and exit.
+.It Ic q
+End the current SSL connection, but still accept new connections.
+.It Ic R
+Renegotiate the SSL session and request a client certificate.
+.It Ic r
+Renegotiate the SSL session.
+.It Ic S
+Print out some session cache status information.
+.El
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl accept Ar port
+Listen on TCP
+.Ar port
+for connections.
+The default is port 4433.
+.It Fl alpn Ar protocols
+Enable the Application-Layer Protocol Negotiation.
+.Ar protocols
+is a comma-separated list of supported protocol names.
+.It Fl bugs
+Enable various workarounds for buggy implementations.
+.It Fl CAfile Ar file
+A
+.Ar file
+containing trusted certificates to use during client authentication
+and to use when attempting to build the server certificate chain.
+The list is also used in the list of acceptable client CAs passed to the
+client when a certificate is requested.
+.It Fl CApath Ar directory
+The
+.Ar directory
+to use for client certificate verification.
+This directory must be in
+.Qq hash format ;
+see
+.Fl verify
+for more information.
+These are also used when building the server certificate chain.
+.It Fl cert Ar file
+The certificate to use: most server's cipher suites require the use of a
+certificate and some require a certificate with a certain public key type.
+For example, the DSS cipher suites require a certificate containing a DSS
+(DSA) key.
+If not specified, the file
+.Pa server.pem
+will be used.
+.It Fl cert2 Ar file
+The certificate to use for servername.
+.It Fl certform Cm der | pem
+The certificate format.
+The default is
+.Cm pem .
+.It Fl cipher Ar cipherlist
+Modify the cipher list used by the server.
+This allows the cipher list used by the server to be modified.
+When the client sends a list of supported ciphers, the first client cipher
+also included in the server list is used.
+Because the client specifies the preference order, the order of the server
+cipherlist is irrelevant.
+See the
+.Nm ciphers
+command for more information.
+.It Fl context Ar id
+Set the SSL context ID.
+It can be given any string value.
+.It Fl crl_check , crl_check_all
+Check the peer certificate has not been revoked by its CA.
+The CRLs are appended to the certificate file.
+.Fl crl_check_all
+checks all CRLs of all CAs in the chain.
+.It Fl crlf
+Translate a line feed from the terminal into CR+LF.
+.It Fl dcert Ar file , Fl dkey Ar file
+Specify an additional certificate and private key; these behave in the
+same manner as the
+.Fl cert
+and
+.Fl key
+options except there is no default if they are not specified
+(no additional certificate or key is used).
+By using RSA and DSS certificates and keys,
+a server can support clients which only support RSA or DSS cipher suites
+by using an appropriate certificate.
+.It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg
+Additional certificate and private key format, and private key password source,
+respectively.
+.It Fl debug
+Print extensive debugging information, including a hex dump of all traffic.
+.It Fl dhparam Ar file
+The DH parameter file to use.
+The ephemeral DH cipher suites generate keys
+using a set of DH parameters.
+If not specified, an attempt is made to
+load the parameters from the server certificate file.
+If this fails, a static set of parameters hard coded into the
+.Nm s_server
+program will be used.
+.It Fl dtls
+Permit any version of DTLS.
+.It Fl dtls1_2
+Permit only DTLS1.2.
+.It Fl groups Ar list
+Set the supported elliptic curve groups to the colon separated
+.Ar list
+of group NIDs or names as documented in
+.Xr SSL_CTX_set1_groups_list 3 .
+.It Fl HTTP
+Emulate a simple web server.
+Pages are resolved relative to the current directory.
+For example if the URL
+.Pa https://myhost/page.html
+is requested, the file
+.Pa ./page.html
+will be loaded.
+The files loaded are assumed to contain a complete and correct HTTP
+response (lines that are part of the HTTP response line and headers
+must end with CRLF).
+.It Fl id_prefix Ar arg
+Generate SSL/TLS session IDs prefixed by
+.Ar arg .
+This is mostly useful for testing any SSL/TLS code
+that wish to deal with multiple servers,
+when each of which might be generating a unique range of session IDs.
+.It Fl key Ar keyfile
+The private key to use.
+If not specified, the certificate file will be used.
+.It Fl key2 Ar keyfile
+The private key to use for servername.
+.It Fl keyform Cm der | pem
+The private key format.
+The default is
+.Cm pem .
+.It Fl keymatexport Ar label
+Export keying material using label.
+.It Fl keymatexportlen Ar len
+Export len bytes of keying material (default 20).
+.It Fl msg
+Show all protocol messages with hex dump.
+.It Fl mtu Ar mtu
+Set the link layer MTU.
+.It Fl naccept Ar num
+Terminate server after
+.Ar num
+connections.
+.It Fl named_curve Ar arg
+Specify the elliptic curve name to use for ephemeral ECDH keys.
+This option is deprecated; use
+.Fl groups
+instead.
+.It Fl nbio
+Turn on non-blocking I/O.
+.It Fl nbio_test
+Test non-blocking I/O.
+.It Fl no_cache
+Disable session caching.
+.It Fl no_dhe
+Disable ephemeral DH cipher suites.
+.It Fl no_ecdhe
+Disable ephemeral ECDH cipher suites.
+.It Fl no_ticket
+Disable RFC 4507 session ticket support.
+.It Fl no_tls1_2 | no_tls1_3
+Disable the use of TLS1.2 and 1.3, respectively.
+.It Fl no_tmp_rsa
+Disable temporary RSA key generation.
+.It Fl nocert
+Do not use a certificate.
+This restricts the cipher suites available to the anonymous ones
+(currently just anonymous DH).
+.It Fl pass Ar arg
+The private key password source.
+.It Fl quiet
+Inhibit printing of session and certificate information.
+.It Fl servername Ar name
+Set the TLS Server Name Indication (SNI) extension with
+.Ar name .
+.It Fl servername_fatal
+Send fatal alert if servername does not match.
+The default is warning alert.
+.It Fl serverpref
+Use server's cipher preferences.
+.It Fl state
+Print the SSL session states.
+.It Fl status
+Enables certificate status request support (OCSP stapling).
+.It Fl status_timeout Ar nsec
+Sets the timeout for OCSP response in seconds.
+.It Fl status_url Ar url
+Sets a fallback responder URL to use if no responder URL is present in the
+server certificate.
+Without this option, an error is returned if the server certificate does not
+contain a responder address.
+.It Fl status_verbose
+Enables certificate status request support (OCSP stapling) and gives a verbose
+printout of the OCSP response.
+.It Fl timeout
+Enable send/receive timeout on DTLS connections.
+.It Fl tls1_2 | tls1_3
+Permit only TLS1.2, or 1.3, respectively.
+.It Fl tlsextdebug
+Print a hex dump of any TLS extensions received from the server.
+.It Fl use_srtp Ar profiles
+Offer SRTP key management with a colon-separated profile list.
+.It Fl verify_return_error
+Return verification error.
+.It Fl WWW
+Emulate a simple web server.
+Pages are resolved relative to the current directory.
+For example if the URL
+.Pa https://myhost/page.html
+is requested, the file
+.Pa ./page.html
+will be loaded.
+.It Fl www
+Send a status message to the client when it connects,
+including information about the ciphers used and various session parameters.
+The output is in HTML format so this option will normally be used with a
+web browser.
+.It Fl Verify Ar depth , Fl verify Ar depth
+Request a certificate chain from the client,
+with a maximum length of
+.Ar depth .
+With
+.Fl Verify ,
+the client must supply a certificate or an error occurs;
+with
+.Fl verify ,
+a certificate is requested but the client does not have to send one.
+.El
+.Tg s_time
+.Sh S_TIME
+.Bl -hang -width "openssl s_time"
+.It Nm openssl s_time
+.Bk -words
+.Op Fl bugs
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl cert Ar file
+.Op Fl cipher Ar cipherlist
+.Op Fl connect Ar host Ns Op : Ns Ar port
+.Op Fl key Ar keyfile
+.Op Fl nbio
+.Op Fl new
+.Op Fl no_shutdown
+.Op Fl reuse
+.Op Fl time Ar seconds
+.Op Fl verify Ar depth
+.Op Fl www Ar page
+.Ek
+.El
+.Pp
+The
+.Nm s_time
+command implements a generic SSL/TLS client which connects to a
+remote host using SSL/TLS.
+It can request a page from the server and includes
+the time to transfer the payload data in its timing measurements.
+It measures the number of connections within a given timeframe,
+the amount of data transferred
+.Pq if any ,
+and calculates the average time spent for one connection.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl bugs
+Enable various workarounds for buggy implementations.
+.It Fl CAfile Ar file
+A
+.Ar file
+containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+.It Fl CApath Ar directory
+The directory to use for server certificate verification.
+This directory must be in
+.Qq hash format ;
+see
+.Nm verify
+for more information.
+These are also used when building the client certificate chain.
+.It Fl cert Ar file
+The certificate to use, if one is requested by the server.
+The default is not to use a certificate.
+.It Fl cipher Ar cipherlist
+Modify the cipher list sent by the client.
+Although the server determines which cipher suite is used,
+it should take the first supported cipher in the list sent by the client.
+See the
+.Nm ciphers
+command for more information.
+.It Fl connect Ar host Ns Op : Ns Ar port
+The host and port to connect to.
+.It Fl key Ar keyfile
+The private key to use.
+If not specified, the certificate file will be used.
+.It Fl nbio
+Turn on non-blocking I/O.
+.It Fl new
+Perform the timing test using a new session ID for each connection.
+If neither
+.Fl new
+nor
+.Fl reuse
+are specified,
+they are both on by default and executed in sequence.
+.It Fl no_shutdown
+Shut down the connection without sending a
+.Qq close notify
+shutdown alert to the server.
+.It Fl reuse
+Perform the timing test using the same session ID for each connection.
+If neither
+.Fl new
+nor
+.Fl reuse
+are specified,
+they are both on by default and executed in sequence.
+.It Fl time Ar seconds
+Limit
+.Nm s_time
+benchmarks to the number of
+.Ar seconds .
+The default is 30 seconds.
+.It Fl verify Ar depth
+Turn on server certificate verification,
+with a maximum length of
+.Ar depth .
+Currently the verify operation continues after errors, so all the problems
+with a certificate chain can be seen.
+As a side effect,
+the connection will never fail due to a server certificate verify failure.
+.It Fl www Ar page
+The page to GET from the server.
+A value of
+.Sq /
+gets the index.htm[l] page.
+If this parameter is not specified,
+.Nm s_time
+will only perform the handshake to establish SSL connections
+but not transfer any payload data.
+.El
+.Tg sess_id
+.Sh SESS_ID
+.Bl -hang -width "openssl sess_id"
+.It Nm openssl sess_id
+.Bk -words
+.Op Fl cert
+.Op Fl context Ar ID
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm sess_id
+program processes the encoded version of the SSL session structure and
+optionally prints out SSL session details
+(for example the SSL session master key)
+in human-readable format.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl cert
+If a certificate is present in the session,
+it will be output using this option;
+if the
+.Fl text
+option is also present, then it will be printed out in text form.
+.It Fl context Ar ID
+Set the session
+.Ar ID .
+The ID can be any string of characters.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl inform Cm der | pem
+The input format.
+.Cm der
+uses an ASN.1 DER-encoded format containing session details.
+The precise format can vary from one version to the next.
+.Cm pem
+is the default format: it consists of the DER
+format base64-encoded with additional header and footer lines.
+.It Fl noout
+Do not output the encoded version of the session.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl text
+Print the various public or private key components in plain text,
+in addition to the encoded version.
+.El
+.Pp
+The output of
+.Nm sess_id
+is composed as follows:
+.Pp
+.Bl -tag -width "Verify return code " -offset 3n -compact
+.It Protocol
+The protocol in use.
+.It Cipher
+The actual raw SSL or TLS cipher code.
+.It Session-ID
+The SSL session ID, in hex format.
+.It Session-ID-ctx
+The session ID context, in hex format.
+.It Master-Key
+The SSL session master key.
+.It Key-Arg
+The key argument; this is only used in SSL v2.
+.It Start Time
+The session start time.
+.Ux
+format.
+.It Timeout
+The timeout, in seconds.
+.It Verify return code
+The return code when a certificate is verified.
+.El
+.Pp
+Since the SSL session output contains the master key, it is possible to read
+the contents of an encrypted session using this information.
+Therefore appropriate security precautions
+should be taken if the information is being output by a
+.Qq real
+application.
+This is, however, strongly discouraged and should only be used for
+debugging purposes.
+.Tg smime
+.Sh SMIME
+.Bl -hang -width "openssl smime"
+.It Nm openssl smime
+.Bk -words
+.Oo
+.Fl aes128 | aes192 | aes256 | des |
+.Fl des3 | rc2-40 | rc2-64 | rc2-128
+.Oc
+.Op Fl binary
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl certfile Ar file
+.Op Fl check_ss_sig
+.Op Fl content Ar file
+.Op Fl crl_check
+.Op Fl crl_check_all
+.Op Fl decrypt
+.Op Fl encrypt
+.Op Fl extended_crl
+.Op Fl from Ar addr
+.Op Fl ignore_critical
+.Op Fl in Ar file
+.Op Fl indef
+.Op Fl inform Cm der | pem | smime
+.Op Fl inkey Ar file
+.Op Fl issuer_checks
+.Op Fl keyform Cm der | pem
+.Op Fl md Ar digest
+.Op Fl noattr
+.Op Fl nocerts
+.Op Fl nochain
+.Op Fl nodetach
+.Op Fl noindef
+.Op Fl nointern
+.Op Fl nosigs
+.Op Fl nosmimecap
+.Op Fl noverify
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem | smime
+.Op Fl passin Ar arg
+.Op Fl pk7out
+.Op Fl policy_check
+.Op Fl recip Ar file
+.Op Fl resign
+.Op Fl sign
+.Op Fl signer Ar file
+.Op Fl stream
+.Op Fl subject Ar s
+.Op Fl text
+.Op Fl to Ar addr
+.Op Fl verify
+.Op Fl x509_strict
+.Op Ar cert.pem ...
+.Ek
+.El
+.Pp
+The
+.Nm smime
+command handles S/MIME mail.
+It can encrypt, decrypt, sign, and verify S/MIME messages.
+.Pp
+The MIME message must be sent without any blank lines between the
+headers and the output.
+Some mail programs will automatically add a blank line.
+Piping the mail directly to an MTA is one way to
+achieve the correct format.
+.Pp
+The supplied message to be signed or encrypted must include the necessary
+MIME headers or many S/MIME clients won't display it properly (if at all).
+Use the
+.Fl text
+option to automatically add plain text headers.
+.Pp
+A
+.Qq signed and encrypted
+message is one where a signed message is then encrypted.
+This can be produced by encrypting an already signed message.
+.Pp
+There are a number of operations that can be performed, as follows:
+.Bl -tag -width "XXXX"
+.It Fl decrypt
+Decrypt mail using the supplied certificate and private key.
+The input file is an encrypted mail message in MIME format.
+The decrypted mail is written to the output file.
+.It Fl encrypt
+Encrypt mail for the given recipient certificates.
+The input is the message to be encrypted.
+The output file is the encrypted mail, in MIME format.
+.It Fl pk7out
+Take an input message and write out a PEM-encoded PKCS#7 structure.
+.It Fl resign
+Resign a message: take an existing message and one or more new signers.
+.It Fl sign
+Sign mail using the supplied certificate and private key.
+The input file is the message to be signed.
+The signed message, in MIME format, is written to the output file.
+.It Fl verify
+Verify signed mail.
+The input is a signed mail message and the output is the signed data.
+Both clear text and opaque signing is supported.
+.El
+.Pp
+The remaining options are as follows:
+.Bl -tag -width "XXXX"
+.It Xo
+.Fl aes128 | aes192 | aes256 | des |
+.Fl des3 | rc2-40 | rc2-64 | rc2-128
+.Xc
+The encryption algorithm to use.
+128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
+or 40-, 64-, or 128-bit RC2, respectively;
+if not specified, 40-bit RC2 is
+used.
+Only used with
+.Fl encrypt .
+.It Fl binary
+Normally, the input message is converted to
+.Qq canonical
+format which uses CR/LF as end of line,
+as required by the S/MIME specification.
+When this option is present, no translation occurs.
+This is useful when handling binary data which may not be in MIME format.
+.It Fl CAfile Ar file
+A
+.Ar file
+containing trusted CA certificates; only used with
+.Fl verify .
+.It Fl CApath Ar directory
+A
+.Ar directory
+containing trusted CA certificates; only used with
+.Fl verify .
+This directory must be a standard certificate directory:
+that is, a hash of each subject name (using
+.Nm x509 -hash )
+should be linked to each certificate.
+.It Ar cert.pem ...
+One or more certificates of message recipients: used when encrypting
+a message.
+.It Fl certfile Ar file
+Allows additional certificates to be specified.
+When signing, these will be included with the message.
+When verifying, these will be searched for the signers' certificates.
+The certificates should be in PEM format.
+.It Xo
+.Fl check_ss_sig ,
+.Fl crl_check ,
+.Fl crl_check_all ,
+.Fl extended_crl ,
+.Fl ignore_critical ,
+.Fl issuer_checks ,
+.Fl policy_check ,
+.Fl x509_strict
+.Xc
+Set various certificate chain validation options.
+See the
+.Nm verify
+command for details.
+.It Fl content Ar file
+A file containing the detached content.
+This is only useful with the
+.Fl verify
+option,
+and only usable if the PKCS#7 structure is using the detached
+signature form where the content is not included.
+This option will override any content if the input format is S/MIME
+and it uses the multipart/signed MIME content type.
+.It Xo
+.Fl from Ar addr ,
+.Fl subject Ar s ,
+.Fl to Ar addr
+.Xc
+The relevant mail headers.
+These are included outside the signed
+portion of a message so they may be included manually.
+When signing, many S/MIME
+mail clients check that the signer's certificate email
+address matches the From: address.
+.It Fl in Ar file
+The input file to read from.
+.It Fl indef
+Enable streaming I/O for encoding operations.
+This permits single pass processing of data without
+the need to hold the entire contents in memory,
+potentially supporting very large files.
+Streaming is automatically set for S/MIME signing with detached
+data if the output format is SMIME;
+it is currently off by default for all other operations.
+.It Fl inform Cm der | pem | smime
+The input format.
+.It Fl inkey Ar file
+The private key to use when signing or decrypting,
+which must match the corresponding certificate.
+If this option is not specified, the private key must be included
+in the certificate file specified with
+the
+.Fl recip
+or
+.Fl signer
+file.
+When signing,
+this option can be used multiple times to specify successive keys.
+.It Fl keyform Cm der | pem
+Input private key format.
+The default is
+.Cm pem .
+.It Fl md Ar digest
+The digest algorithm to use when signing or resigning.
+If not present then the default digest algorithm for the signing key is used
+(usually SHA1).
+.It Fl noattr
+Do not include attributes.
+.It Fl nocerts
+Do not include the signer's certificate.
+This will reduce the size of the signed message but the verifier must
+have a copy of the signer's certificate available locally (passed using the
+.Fl certfile
+option, for example).
+.It Fl nochain
+Do not do chain verification of signers' certificates: that is,
+don't use the certificates in the signed message as untrusted CAs.
+.It Fl nodetach
+When signing a message, use opaque signing: this form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME.
+Without this option cleartext signing with the MIME type
+multipart/signed is used.
+.It Fl noindef
+Disable streaming I/O where it would produce an encoding of indefinite length
+(currently has no effect).
+.It Fl nointern
+Only use certificates specified in the
+.Fl certfile .
+The supplied certificates can still be used as untrusted CAs.
+.It Fl nosigs
+Do not try to verify the signatures on the message.
+.It Fl nosmimecap
+Exclude the list of supported algorithms from signed attributes,
+other options such as signing time and content type are still included.
+.It Fl noverify
+Do not verify the signer's certificate of a signed message.
+.It Fl out Ar file
+The output file to write to.
+.It Fl outform Cm der | pem | smime
+The output format.
+The default is smime, which writes an S/MIME format message.
+.Cm pem
+and
+.Cm der
+change this to write PEM and DER format PKCS#7 structures instead.
+This currently only affects the output format of the PKCS#7
+structure; if no PKCS#7 structure is being output (for example with
+.Fl verify
+or
+.Fl decrypt )
+this option has no effect.
+.It Fl passin Ar arg
+The key password source.
+.It Fl recip Ar file
+The recipients certificate when decrypting a message.
+This certificate
+must match one of the recipients of the message or an error occurs.
+.It Fl signer Ar file
+A signing certificate when signing or resigning a message;
+this option can be used multiple times if more than one signer is required.
+If a message is being verified, the signer's certificates will be
+written to this file if the verification was successful.
+.It Fl stream
+The same as
+.Fl indef .
+.It Fl text
+Add plain text (text/plain) MIME
+headers to the supplied message if encrypting or signing.
+If decrypting or verifying, it strips off text headers:
+if the decrypted or verified message is not of MIME type text/plain
+then an error occurs.
+.El
+.Pp
+The exit codes for
+.Nm smime
+are as follows:
+.Pp
+.Bl -tag -width "XXXX" -offset 3n -compact
+.It 0
+The operation was completely successful.
+.It 1
+An error occurred parsing the command options.
+.It 2
+One of the input files could not be read.
+.It 3
+An error occurred creating the file or when reading the message.
+.It 4
+An error occurred decrypting or verifying the message.
+.It 5
+An error occurred writing certificates.
+.El
+.Tg speed
+.Sh SPEED
+.Bl -hang -width "openssl speed"
+.It Nm openssl speed
+.Bk -words
+.Op Ar algorithm
+.Op Fl decrypt
+.Op Fl elapsed
+.Op Fl evp Ar algorithm
+.Op Fl mr
+.Op Fl multi Ar number
+.Op Fl unaligned Ar number
+.Ek
+.El
+.Pp
+The
+.Nm speed
+command is used to test the performance of cryptographic algorithms.
+.Bl -tag -width "XXXX"
+.It Ar algorithm
+Perform the test using
+.Ar algorithm .
+The default is to test all algorithms.
+.It Fl decrypt
+Time decryption instead of encryption;
+must be used with
+.Fl evp .
+.It Fl elapsed
+Measure time in real time instead of CPU user time.
+.It Fl evp Ar algorithm
+Perform the test using one of the algorithms accepted by
+.Xr EVP_get_cipherbyname 3 .
+.It Fl mr
+Produce machine readable output.
+.It Fl multi Ar number
+Run
+.Ar number
+benchmarks in parallel.
+.It Fl unaligned Ar number
+Use allocated buffers with an offset of
+.Ar number
+bytes from the alignment provided by
+.Xr malloc 3 .
+.Ar number
+should be between 0 and 16.
+.El
+.Tg ts
+.Sh TS
+.Bk -words
+.Bl -hang -width "openssl ts"
+.It Nm openssl ts
+.Fl query
+.Op Fl md4 | md5 | ripemd160 | sha1
+.Op Fl cert
+.Op Fl config Ar configfile
+.Op Fl data Ar file_to_hash
+.Op Fl digest Ar digest_bytes
+.Op Fl in Ar request.tsq
+.Op Fl no_nonce
+.Op Fl out Ar request.tsq
+.Op Fl policy Ar object_id
+.Op Fl text
+.It Nm openssl ts
+.Fl reply
+.Op Fl chain Ar certs_file.pem
+.Op Fl config Ar configfile
+.Op Fl in Ar response.tsr
+.Op Fl inkey Ar private.pem
+.Op Fl out Ar response.tsr
+.Op Fl passin Ar arg
+.Op Fl policy Ar object_id
+.Op Fl queryfile Ar request.tsq
+.Op Fl section Ar tsa_section
+.Op Fl signer Ar tsa_cert.pem
+.Op Fl text
+.Op Fl token_in
+.Op Fl token_out
+.It Nm openssl ts
+.Fl verify
+.Op Fl CAfile Ar trusted_certs.pem
+.Op Fl CApath Ar trusted_cert_path
+.Op Fl data Ar file_to_hash
+.Op Fl digest Ar digest_bytes
+.Op Fl in Ar response.tsr
+.Op Fl queryfile Ar request.tsq
+.Op Fl token_in
+.Op Fl untrusted Ar cert_file.pem
+.El
+.Ek
+.Pp
+The
+.Nm ts
+command is a basic Time Stamping Authority (TSA) client and server
+application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
+A TSA can be part of a PKI deployment and its role is to provide long
+term proof of the existence of specific data.
+Here is a brief description of the protocol:
+.Bl -enum
+.It
+The TSA client computes a one-way hash value for a data file and sends
+the hash to the TSA.
+.It
+The TSA attaches the current date and time to the received hash value,
+signs them and sends the time stamp token back to the client.
+By creating this token the TSA certifies the existence of the original
+data file at the time of response generation.
+.It
+The TSA client receives the time stamp token and verifies the
+signature on it.
+It also checks if the token contains the same hash
+value that it had sent to the TSA.
+.El
+.Pp
+There is one DER-encoded protocol data unit defined for transporting a time
+stamp request to the TSA and one for sending the time stamp response
+back to the client.
+The
+.Nm ts
+command has three main functions:
+creating a time stamp request based on a data file;
+creating a time stamp response based on a request;
+and verifying if a response corresponds
+to a particular request or a data file.
+.Pp
+There is no support for sending the requests/responses automatically
+over HTTP or TCP yet as suggested in RFC 3161.
+Users must send the requests either by FTP or email.
+.Pp
+The
+.Fl query
+switch can be used for creating and printing a time stamp
+request with the following options:
+.Bl -tag -width Ds
+.It Fl cert
+Expect the TSA to include its signing certificate in the response.
+.It Fl config Ar configfile
+Specify an alternative configuration file.
+Only the OID section is used.
+.It Fl data Ar file_to_hash
+The data file for which the time stamp request needs to be created.
+The default is standard input.
+.It Fl digest Ar digest_bytes
+Specify the message imprint explicitly without the data file.
+The imprint must be specified in a hexadecimal format,
+two characters per byte,
+the bytes optionally separated by colons.
+The number of bytes must match the message digest algorithm in use.
+.It Fl in Ar request.tsq
+A previously created time stamp request in DER
+format that will be printed into the output file.
+Useful for examining the content of a request in human-readable format.
+.It Fl md4 | md5 | ripemd160 | sha | sha1
+The message digest to apply to the data file.
+It supports all the message digest algorithms that are supported by the
+.Nm dgst
+command.
+The default is SHA1.
+.It Fl no_nonce
+Specify no nonce in the request.
+The default, to include a 64-bit long pseudo-random nonce,
+is recommended to protect against replay attacks.
+.It Fl out Ar request.tsq
+The output file to write to,
+or standard output if not specified.
+.It Fl policy Ar object_id
+The policy that the client expects the TSA to use for creating the
+time stamp token.
+Either dotted OID notation or OID names defined
+in the config file can be used.
+If no policy is requested, the TSA uses its own default policy.
+.It Fl text
+Output in human-readable text format instead of DER.
+.El
+.Pp
+A time stamp response (TimeStampResp) consists of a response status
+and the time stamp token itself (ContentInfo),
+if the token generation was successful.
+The
+.Fl reply
+command is for creating a time stamp
+response or time stamp token based on a request and printing the
+response/token in human-readable format.
+If
+.Fl token_out
+is not specified the output is always a time stamp response (TimeStampResp),
+otherwise it is a time stamp token (ContentInfo).
+.Bl -tag -width Ds
+.It Fl chain Ar certs_file.pem
+The collection of PEM certificates
+that will be included in the response
+in addition to the signer certificate if the
+.Fl cert
+option was used for the request.
+This file is supposed to contain the certificate chain
+for the signer certificate from its issuer upwards.
+The
+.Fl reply
+command does not build a certificate chain automatically.
+.It Fl config Ar configfile
+Specify an alternative configuration file.
+.It Fl in Ar response.tsr
+Specify a previously created time stamp response (or time stamp token, if
+.Fl token_in
+is also specified)
+in DER format that will be written to the output file.
+This option does not require a request;
+it is useful, for example,
+to examine the content of a response or token
+or to extract the time stamp token from a response.
+If the input is a token and the output is a time stamp response, a default
+.Qq granted
+status info is added to the token.
+.It Fl inkey Ar private.pem
+The signer private key of the TSA in PEM format.
+Overrides the
+.Cm signer_key
+config file option.
+.It Fl out Ar response.tsr
+The response is written to this file.
+The format and content of the file depends on other options (see
+.Fl text
+and
+.Fl token_out ) .
+The default is stdout.
+.It Fl passin Ar arg
+The key password source.
+.It Fl policy Ar object_id
+The default policy to use for the response.
+Either dotted OID notation or OID names defined
+in the config file can be used.
+If no policy is requested, the TSA uses its own default policy.
+.It Fl queryfile Ar request.tsq
+The file containing a DER-encoded time stamp request.
+.It Fl section Ar tsa_section
+The config file section containing the settings for response generation.
+.It Fl signer Ar tsa_cert.pem
+The PEM signer certificate of the TSA.
+The TSA signing certificate must have exactly one extended key usage
+assigned to it: timeStamping.
+The extended key usage must also be critical,
+otherwise the certificate is going to be refused.
+Overrides the
+.Cm signer_cert
+variable of the config file.
+.It Fl text
+Output in human-readable text format instead of DER.
+.It Fl token_in
+The input is a DER-encoded time stamp token (ContentInfo)
+instead of a time stamp response (TimeStampResp).
+.It Fl token_out
+The output is a time stamp token (ContentInfo)
+instead of a time stamp response (TimeStampResp).
+.El
+.Pp
+The
+.Fl verify
+command is for verifying if a time stamp response or time stamp token
+is valid and matches a particular time stamp request or data file.
+The
+.Fl verify
+command does not use the configuration file.
+.Bl -tag -width Ds
+.It Fl CAfile Ar trusted_certs.pem
+The file containing a set of trusted self-signed PEM CA certificates.
+See
+.Nm verify
+for additional details.
+Either this option or
+.Fl CApath
+must be specified.
+.It Fl CApath Ar trusted_cert_path
+The directory containing the trusted CA certificates of the client.
+See
+.Nm verify
+for additional details.
+Either this option or
+.Fl CAfile
+must be specified.
+.It Fl data Ar file_to_hash
+The response or token must be verified against
+.Ar file_to_hash .
+The file is hashed with the message digest algorithm specified in the token.
+The
+.Fl digest
+and
+.Fl queryfile
+options must not be specified with this one.
+.It Fl digest Ar digest_bytes
+The response or token must be verified against the message digest specified
+with this option.
+The number of bytes must match the message digest algorithm
+specified in the token.
+The
+.Fl data
+and
+.Fl queryfile
+options must not be specified with this one.
+.It Fl in Ar response.tsr
+The time stamp response that needs to be verified, in DER format.
+This option in mandatory.
+.It Fl queryfile Ar request.tsq
+The original time stamp request, in DER format.
+The
+.Fl data
+and
+.Fl digest
+options must not be specified with this one.
+.It Fl token_in
+The input is a DER-encoded time stamp token (ContentInfo)
+instead of a time stamp response (TimeStampResp).
+.It Fl untrusted Ar cert_file.pem
+Additional untrusted PEM certificates which may be needed
+when building the certificate chain for the TSA's signing certificate.
+This file must contain the TSA signing certificate and
+all intermediate CA certificates unless the response includes them.
+.El
+.Pp
+Options specified on the command line always override
+the settings in the config file:
+.Bl -tag -width Ds
+.It Cm tsa Ar section , Cm default_tsa
+This is the main section and it specifies the name of another section
+that contains all the options for the
+.Fl reply
+option.
+This section can be overridden with the
+.Fl section
+command line switch.
+.It Cm oid_file
+See
+.Nm ca
+for a description.
+.It Cm oid_section
+See
+.Nm ca
+for a description.
+.It Cm serial
+The file containing the hexadecimal serial number of the
+last time stamp response created.
+This number is incremented by 1 for each response.
+If the file does not exist at the time of response generation,
+a new file is created with serial number 1.
+This parameter is mandatory.
+.It Cm signer_cert
+TSA signing certificate, in PEM format.
+The same as the
+.Fl signer
+command line option.
+.It Cm certs
+A set of PEM-encoded certificates that need to be
+included in the response.
+The same as the
+.Fl chain
+command line option.
+.It Cm signer_key
+The private key of the TSA, in PEM format.
+The same as the
+.Fl inkey
+command line option.
+.It Cm default_policy
+The default policy to use when the request does not mandate any policy.
+The same as the
+.Fl policy
+command line option.
+.It Cm other_policies
+Comma separated list of policies that are also acceptable by the TSA
+and used only if the request explicitly specifies one of them.
+.It Cm digests
+The list of message digest algorithms that the TSA accepts.
+At least one algorithm must be specified.
+This parameter is mandatory.
+.It Cm accuracy
+The accuracy of the time source of the TSA in seconds, milliseconds
+and microseconds.
+For example, secs:1, millisecs:500, microsecs:100.
+If any of the components is missing,
+zero is assumed for that field.
+.It Cm clock_precision_digits
+The maximum number of digits, which represent the fraction of seconds,
+that need to be included in the time field.
+The trailing zeroes must be removed from the time,
+so there might actually be fewer digits
+or no fraction of seconds at all.
+The maximum value is 6;
+the default is 0.
+.It Cm ordering
+If this option is yes,
+the responses generated by this TSA can always be ordered,
+even if the time difference between two responses is less
+than the sum of their accuracies.
+The default is no.
+.It Cm tsa_name
+Set this option to yes if the subject name of the TSA must be included in
+the TSA name field of the response.
+The default is no.
+.It Cm ess_cert_id_chain
+The SignedData objects created by the TSA always contain the
+certificate identifier of the signing certificate in a signed
+attribute (see RFC 2634, Enhanced Security Services).
+If this option is set to yes and either the
+.Cm certs
+variable or the
+.Fl chain
+option is specified then the certificate identifiers of the chain will also
+be included in the SigningCertificate signed attribute.
+If this variable is set to no,
+only the signing certificate identifier is included.
+The default is no.
+.El
+.Tg verify
+.Sh VERIFY
+.Bl -hang -width "openssl verify"
+.It Nm openssl verify
+.Bk -words
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl check_ss_sig
+.Op Fl CRLfile Ar file
+.Op Fl crl_check
+.Op Fl crl_check_all
+.Op Fl explicit_policy
+.Op Fl extended_crl
+.Op Fl help
+.Op Fl ignore_critical
+.Op Fl inhibit_any
+.Op Fl inhibit_map
+.Op Fl issuer_checks
+.Op Fl legacy_verify
+.Op Fl policy_check
+.Op Fl purpose Ar purpose
+.Op Fl trusted Ar file
+.Op Fl untrusted Ar file
+.Op Fl verbose
+.Op Fl x509_strict
+.Op Ar certificates
+.Ek
+.El
+.Pp
+The
+.Nm verify
+command verifies certificate chains.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl CAfile Ar file
+A
+.Ar file
+of trusted certificates.
+The
+.Ar file
+should contain multiple certificates in PEM format, concatenated together.
+.It Fl CApath Ar directory
+A
+.Ar directory
+of trusted certificates.
+The certificates, or symbolic links to them,
+should have names of the form
+.Ar hash Ns .0 ,
+where
+.Ar hash
+is the hashed certificate subject name
+(see the
+.Fl hash
+option of the
+.Nm x509
+utility).
+.It Fl check_ss_sig
+Verify the signature on the self-signed root CA.
+This is disabled by default
+because it doesn't add any security.
+.It Fl CRLfile Ar file
+The
+.Ar file
+should contain one or more CRLs in PEM format.
+.It Fl crl_check
+Check end entity certificate validity by attempting to look up a valid CRL.
+If a valid CRL cannot be found, an error occurs.
+.It Fl crl_check_all
+Check the validity of all certificates in the chain by attempting
+to look up valid CRLs.
+.It Fl explicit_policy
+Set policy variable require-explicit-policy (RFC 3280).
+.It Fl extended_crl
+Enable extended CRL features such as indirect CRLs and alternate CRL
+signing keys.
+.It Fl help
+Print a usage message.
+.It Fl ignore_critical
+Ignore critical extensions instead of rejecting the certificate.
+.It Fl inhibit_any
+Set policy variable inhibit-any-policy (RFC 3280).
+.It Fl inhibit_map
+Set policy variable inhibit-policy-mapping (RFC 3280).
+.It Fl issuer_checks
+Print diagnostics relating to searches for the issuer certificate
+of the current certificate
+showing why each candidate issuer certificate was rejected.
+The presence of rejection messages
+does not itself imply that anything is wrong:
+during the normal verify process several rejections may take place.
+.It Fl legacy_verify
+Use the legacy X.509 certificate chain verification code.
+.It Fl policy_check
+Enable certificate policy processing.
+.It Fl purpose Ar purpose
+The intended use for the certificate.
+Without this option no chain verification will be done.
+Currently accepted uses are
+.Cm sslclient , sslserver ,
+.Cm nssslserver , smimesign ,
+.Cm smimeencrypt , crlsign ,
+.Cm any ,
+and
+.Cm ocsphelper .
+.It Fl trusted Ar file
+A
+.Ar file
+of trusted certificates.
+The
+.Ar file
+should contain multiple certificates.
+.It Fl untrusted Ar file
+A
+.Ar file
+of untrusted certificates.
+The
+.Ar file
+should contain multiple certificates.
+.It Fl verbose
+Print extra information about the operations being performed.
+.It Fl x509_strict
+Disable workarounds for broken certificates which have to be disabled
+for strict X.509 compliance.
+.It Ar certificates
+One or more PEM
+.Ar certificates
+to verify.
+If no certificate files are included, an attempt is made to read
+a certificate from standard input.
+If the first certificate filename begins with a dash,
+use a lone dash to mark the last option.
+.El
+.Pp
+The
+.Nm verify
+program uses the same functions as the internal SSL and S/MIME verification,
+with one crucial difference:
+wherever possible an attempt is made to continue after an error,
+whereas normally the verify operation would halt on the first error.
+This allows all the problems with a certificate chain to be determined.
+.Pp
+The verify operation consists of a number of separate steps.
+Firstly a certificate chain is built up starting from the supplied certificate
+and ending in the root CA.
+It is an error if the whole chain cannot be built up.
+The chain is built up by looking up the issuer's certificate of the current
+certificate.
+If a certificate is found which is its own issuer, it is assumed
+to be the root CA.
+.Pp
+All certificates whose subject name matches the issuer name
+of the current certificate are subject to further tests.
+The relevant authority key identifier components of the current certificate
+(if present) must match the subject key identifier (if present)
+and issuer and serial number of the candidate issuer;
+in addition the
+.Cm keyUsage
+extension of the candidate issuer (if present) must permit certificate signing.
+.Pp
+The lookup first looks in the list of untrusted certificates and if no match
+is found the remaining lookups are from the trusted certificates.
+The root CA is always looked up in the trusted certificate list:
+if the certificate to verify is a root certificate,
+then an exact match must be found in the trusted list.
+.Pp
+The second operation is to check every untrusted certificate's extensions for
+consistency with the supplied purpose.
+If the
+.Fl purpose
+option is not included, then no checks are done.
+The supplied or
+.Qq leaf
+certificate must have extensions compatible with the supplied purpose
+and all other certificates must also be valid CA certificates.
+The precise extensions required are described in more detail in
+the
+.Nm X509
+section below.
+.Pp
+The third operation is to check the trust settings on the root CA.
+The root CA should be trusted for the supplied purpose.
+A certificate with no trust settings is considered to be valid for
+all purposes.
+.Pp
+The final operation is to check the validity of the certificate chain.
+The validity period is checked against the current system time and the
+.Cm notBefore
+and
+.Cm notAfter
+dates in the certificate.
+The certificate signatures are also checked at this point.
+.Pp
+If all operations complete successfully, the certificate is considered
+valid.
+If any operation fails then the certificate is not valid.
+When a verify operation fails, the output messages can be somewhat cryptic.
+The general form of the error message is:
+.Bd -literal
+server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
+error 24 at 1 depth lookup:invalid CA certificate
+.Ed
+.Pp
+The first line contains the name of the certificate being verified, followed by
+the subject name of the certificate.
+The second line contains the error number as defined by the
+.Dv X509_V_ERR_*
+constants in
+.In openssl/x509_vfy.h ,
+the associated error message documented in
+.Xr X509_STORE_CTX_get_error 3 ,
+and the depth.
+The depth is the number of the certificate being verified when a
+problem was detected starting with zero for the certificate being verified
+itself, then 1 for the CA that signed the certificate and so on.
+.Tg version
+.Sh VERSION
+.Nm openssl version
+.Op Fl abdfpv
+.Pp
+The
+.Nm version
+command is used to print out version information about
+.Nm openssl .
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl a
+All information: this is the same as setting all the other flags.
+.It Fl b
+The date the current version of
+.Nm openssl
+was built.
+.It Fl d
+.Ev OPENSSLDIR
+setting.
+.It Fl f
+Compilation flags.
+.It Fl p
+Platform setting.
+.It Fl v
+The current
+.Nm openssl
+version.
+.El
+.Tg x509
+.Sh X509
+.Bl -hang -width "openssl x509"
+.It Nm openssl x509
+.Bk -words
+.Op Fl C
+.Op Fl addreject Ar arg
+.Op Fl addtrust Ar arg
+.Op Fl alias
+.Op Fl CA Ar file
+.Op Fl CAcreateserial
+.Op Fl CAform Cm der | pem
+.Op Fl CAkey Ar file
+.Op Fl CAkeyform Cm der | pem
+.Op Fl CAserial Ar file
+.Op Fl certopt Ar option
+.Op Fl checkend Ar arg
+.Op Fl clrext
+.Op Fl clrreject
+.Op Fl clrtrust
+.Op Fl dates
+.Op Fl days Ar arg
+.Op Fl email
+.Op Fl enddate
+.Op Fl extensions Ar section
+.Op Fl extfile Ar file
+.Op Fl fingerprint
+.Op Fl force_pubkey Ar key
+.Op Fl hash
+.Op Fl in Ar file
+.Op Fl inform Cm der | net | pem
+.Op Fl issuer
+.Op Fl issuer_hash
+.Op Fl issuer_hash_old
+.Op Fl keyform Cm der | pem
+.Op Fl md5 | sha1
+.Op Fl modulus
+.Op Fl multivalue-rdn
+.Op Fl nameopt Ar option
+.Op Fl new
+.Op Fl next_serial
+.Op Fl noout
+.Op Fl ocsp_uri
+.Op Fl ocspid
+.Op Fl out Ar file
+.Op Fl outform Cm der | net | pem
+.Op Fl passin Ar arg
+.Op Fl pubkey
+.Op Fl purpose
+.Op Fl req
+.Op Fl serial
+.Op Fl set_issuer Ar name
+.Op Fl set_serial Ar n
+.Op Fl set_subject Ar name
+.Op Fl setalias Ar arg
+.Op Fl signkey Ar file
+.Op Fl sigopt Ar nm:v
+.Op Fl startdate
+.Op Fl subject
+.Op Fl subject_hash
+.Op Fl subject_hash_old
+.Op Fl text
+.Op Fl trustout
+.Op Fl utf8
+.Op Fl x509toreq
+.Ek
+.El
+.Pp
+The
+.Nm x509
+command is a multi-purpose certificate utility.
+It can be used to display certificate information, convert certificates to
+various forms, sign certificate requests like a
+.Qq mini CA ,
+or edit certificate trust settings.
+.Pp
+The following are x509 input, output, and general purpose options:
+.Bl -tag -width "XXXX"
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+This option cannot be used with
+.Fl new .
+.It Fl inform Cm der | net | pem
+The input format.
+Normally, the command will expect an X.509 certificate,
+but this can change if other options such as
+.Fl in
+or
+.Fl req
+are present.
+.It Fl md5 | sha1
+The digest to use.
+This affects any signing or display option that uses a message digest,
+such as the
+.Fl fingerprint , signkey ,
+and
+.Fl CA
+options.
+If not specified, MD5 is used.
+SHA1 is always used with DSA keys.
+.It Fl out Ar file
+The output file to write to,
+or standard output if none is specified.
+.It Fl outform Cm der | net | pem
+The output format.
+.It Fl passin Ar arg
+The key password source.
+.El
+.Pp
+The following are x509 display options:
+.Bl -tag -width "XXXX"
+.It Fl C
+Output the certificate in the form of a C source file.
+.It Fl certopt Ar option
+Customise the output format used with
+.Fl text ,
+either using a list of comma-separated options or by specifying
+.Fl certopt
+multiple times.
+The default behaviour is to print all fields.
+The options are as follows:
+.Pp
+.Bl -tag -width "no_extensions" -offset indent -compact
+.It Cm ca_default
+Equivalent to
+.Cm no_issuer , no_pubkey , no_header ,
+.Cm no_version , no_sigdump ,
+and
+.Cm no_signame .
+.It Cm compatible
+Equivalent to no output options at all.
+.It Cm ext_default
+Print unsupported certificate extensions.
+.It Cm ext_dump
+Hex dump unsupported extensions.
+.It Cm ext_error
+Print an error message for unsupported certificate extensions.
+.It Cm ext_parse
+ASN.1 parse unsupported extensions.
+.It Cm no_aux
+Do not print certificate trust information.
+.It Cm no_extensions
+Do not print X509V3 extensions.
+.It Cm no_header
+Do not print header (Certificate and Data) information.
+.It Cm no_issuer
+Do not print the issuer name.
+.It Cm no_pubkey
+Do not print the public key.
+.It Cm no_serial
+Do not print the serial number.
+.It Cm no_sigdump
+Do not give a hexadecimal dump of the certificate signature.
+.It Cm no_signame
+Do not print the signature algorithm used.
+.It Cm no_subject
+Do not print the subject name.
+.It Cm no_validity
+Do not print the
+.Cm notBefore
+and
+.Cm notAfter
+(validity) fields.
+.It Cm no_version
+Do not print the version number.
+.El
+.It Fl dates
+Print the start and expiry date of a certificate.
+.It Fl email
+Output the email addresses, if any.
+.It Fl enddate
+Print the expiry date of the certificate; that is, the
+.Cm notAfter
+date.
+.It Fl fingerprint
+Print the digest of the DER-encoded version of the whole certificate.
+.It Fl hash
+A synonym for
+.Fl subject_hash .
+.It Fl issuer
+Print the issuer name.
+.It Fl issuer_hash
+Print the hash of the certificate issuer name.
+.It Fl issuer_hash_old
+Print the hash of the certificate issuer name
+using the older algorithm as used by
+.Nm openssl
+versions before 1.0.0.
+.It Fl modulus
+Print the value of the modulus of the public key contained in the certificate.
+.It Fl multivalue-rdn
+This option causes the
+.Fl subj
+argument to be interpreted with full support for multivalued RDNs,
+for example
+.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
+If
+.Fl multivalue-rdn
+is not used, the UID value is set to
+.Qq "123456+CN=John Doe" .
+.It Fl nameopt Ar option
+Customise how the subject or issuer names are displayed,
+either using a list of comma-separated options or by specifying
+.Fl nameopt
+multiple times.
+The default behaviour is to use the
+.Cm oneline
+format.
+The options,
+which can be preceded by a dash to turn them off,
+are as follows:
+.Bl -tag -width "XXXX"
+.It Cm align
+Align field values for a more readable output.
+Only usable with
+.Ar sep_multiline .
+.It Cm compat
+Use the old format,
+equivalent to specifying no options at all.
+.It Cm dn_rev
+Reverse the fields of the DN, as required by RFC 2253.
+As a side effect, this also reverses the order of multiple AVAs.
+.It Cm dump_all
+Dump all fields.
+When used with
+.Ar dump_der ,
+it allows the DER encoding of the structure to be unambiguously determined.
+.It Cm dump_der
+Any fields that need to be hexdumped are
+dumped using the DER encoding of the field.
+Otherwise just the content octets will be displayed.
+Both options use the RFC 2253 #XXXX... format.
+.It Cm dump_nostr
+Dump non-character string types
+(for example OCTET STRING);
+usually, non-character string types are displayed
+as though each content octet represents a single character.
+.It Cm dump_unknown
+Dump any field whose OID is not recognised by
+.Nm openssl .
+.It Cm esc_2253
+Escape the
+.Qq special
+characters required by RFC 2253 in a field that is
+.Dq \& ,+"<>; .
+Additionally,
+.Sq #
+is escaped at the beginning of a string
+and a space character at the beginning or end of a string.
+.It Cm esc_ctrl
+Escape control characters.
+That is, those with ASCII values less than 0x20 (space)
+and the delete (0x7f) character.
+They are escaped using the RFC 2253 \eXX notation (where XX are two hex
+digits representing the character value).
+.It Cm esc_msb
+Escape characters with the MSB set; that is, with ASCII values larger than
+127.
+.It Cm multiline
+A multiline format.
+Equivalent to
+.Cm esc_ctrl , esc_msb , sep_multiline ,
+.Cm space_eq , lname ,
+and
+.Cm align .
+.It Cm no_type
+Do not attempt to interpret multibyte characters.
+That is, content octets are merely dumped as though one octet
+represents each character.
+This is useful for diagnostic purposes
+but results in rather odd looking output.
+.It Cm nofname , sname , lname , oid
+Alter how the field name is displayed:
+.Cm nofname
+does not display the field at all;
+.Cm sname
+uses the short name form (CN for
+.Cm commonName ,
+for example);
+.Cm lname
+uses the long form.
+.Cm oid
+represents the OID in numerical form and is useful for diagnostic purpose.
+.It Cm oneline
+A one line format which is more readable than
+.Cm RFC2253 .
+Equivalent to
+.Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
+.Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
+.Cm space_eq ,
+and
+.Cm sname .
+.It Cm RFC2253
+Displays names compatible with RFC 2253.
+Equivalent to
+.Cm esc_2253 , esc_ctrl ,
+.Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
+.Cm dump_der , sep_comma_plus , dn_rev ,
+and
+.Cm sname .
+.It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
+Determine the field separators:
+the first character is between RDNs and the second between multiple AVAs
+(multiple AVAs are very rare and their use is discouraged).
+The options ending in
+.Qq space
+additionally place a space after the separator to make it more readable.
+.Cm sep_multiline
+uses a linefeed character for the RDN separator and a spaced
+.Sq +
+for the AVA separator,
+as well as indenting the fields by four characters.
+If no field separator is specified then
+.Cm sep_comma_plus_space
+is used by default.
+.It Cm show_type
+Show the type of the ASN.1 character string.
+The type precedes the field contents.
+For example
+.Qq BMPSTRING: Hello World .
+.It Cm space_eq
+Place spaces round the
+.Sq =
+character which follows the field name.
+.It Cm use_quote
+Escape some characters by surrounding the whole string with
+.Sq \&"
+characters.
+Without the option, all escaping is done with the
+.Sq \e
+character.
+.It Cm utf8
+Convert all strings to UTF8 format first, as required by RFC 2253.
+On a UTF8 compatible terminal,
+the use of this option (and not setting
+.Cm esc_msb )
+may result in the correct display of multibyte characters.
+Usually, multibyte characters larger than 0xff
+are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
+for 32 bits,
+and any UTF8Strings are converted to their character form first.
+.El
+.It Fl next_serial
+Print the next serial number.
+.It Fl noout
+Do not output the encoded version of the request.
+.It Fl ocsp_uri
+Print the OCSP responder addresses, if any.
+.It Fl ocspid
+Print OCSP hash values for the subject name and public key.
+.It Fl pubkey
+Print the public key.
+.It Fl serial
+Print the certificate serial number.
+.It Fl sigopt Ar nm:v
+Pass options to the signature algorithm during sign or certify operations.
+The names and values of these options are algorithm-specific.
+.It Fl startdate
+Print the start date of the certificate; that is, the
+.Cm notBefore
+date.
+.It Fl subject
+Print the subject name.
+.It Fl subject_hash
+Print the hash of the certificate subject name.
+This is used in
+.Nm openssl
+to form an index to allow certificates in a directory to be looked up
+by subject name.
+.It Fl subject_hash_old
+Print the hash of the certificate subject name
+using the older algorithm as used by
+.Nm openssl
+versions before 1.0.0.
+.It Fl text
+Print the full certificate in text form.
+.El
+.Pp
+A trusted certificate is a certificate which has several
+additional pieces of information attached to it such as the permitted
+and prohibited uses of the certificate and an alias.
+When a certificate is being verified, at least one certificate must be trusted.
+By default, a trusted certificate must be stored locally and be a root CA.
+The following are x509 trust settings options:
+.Bl -tag -width "XXXX"
+.It Fl addreject Ar arg
+Add a prohibited use.
+Accepts the same values as the
+.Fl addtrust
+option.
+.It Fl addtrust Ar arg
+Add a trusted certificate use.
+Any object name can be used here, but currently only
+.Cm clientAuth
+(SSL client use),
+.Cm serverAuth
+(SSL server use),
+and
+.Cm emailProtection
+(S/MIME email) are used.
+.It Fl alias
+Output the certificate alias.
+.It Fl clrreject
+Clear all the prohibited or rejected uses of the certificate.
+.It Fl clrtrust
+Clear all the permitted or trusted uses of the certificate.
+.It Fl purpose
+Perform tests on the certificate extensions.
+The same code is used when verifying untrusted certificates in chains,
+so this section is useful if a chain is rejected by the verify code.
+.Pp
+The
+.Cm basicConstraints
+extension CA flag is used to determine whether the
+certificate can be used as a CA.
+If the CA flag is true, it is a CA;
+if the CA flag is false, it is not a CA.
+All CAs should have the CA flag set to true.
+.Pp
+If the
+.Cm basicConstraints
+extension is absent, then the certificate is
+considered to be a possible CA;
+other extensions are checked according to the intended use of the certificate.
+A warning is given in this case because the certificate should really not
+be regarded as a CA.
+However it is allowed to be a CA to work around some broken software.
+.Pp
+If the certificate is a V1 certificate
+(and thus has no extensions) and it is self-signed,
+it is also assumed to be a CA but a warning is again given.
+This is to work around the problem of Verisign roots
+which are V1 self-signed certificates.
+.Pp
+If the
+.Cm keyUsage
+extension is present, then additional restraints are
+made on the uses of the certificate.
+A CA certificate must have the
+.Cm keyCertSign
+bit set if the
+.Cm keyUsage
+extension is present.
+.Pp
+The extended key usage extension places additional restrictions on the
+certificate uses.
+If this extension is present, whether critical or not,
+the key can only be used for the purposes specified.
+.Pp
+A complete description of each test is given below.
+The comments about
+.Cm basicConstraints
+and
+.Cm keyUsage
+and V1 certificates above apply to all CA certificates.
+.Bl -tag -width "XXXX"
+.It SSL Client
+The extended key usage extension must be absent or include the
+web client authentication OID.
+.Cm keyUsage
+must be absent or it must have the
+.Cm digitalSignature
+bit set.
+The Netscape certificate type must be absent
+or it must have the SSL client bit set.
+.It SSL Client CA
+The extended key usage extension must be absent or include the
+web client authentication OID.
+The Netscape certificate type must be absent
+or it must have the SSL CA bit set:
+this is used as a workaround if the
+.Cm basicConstraints
+extension is absent.
+.It SSL Server
+The extended key usage extension must be absent or include the
+web server authentication and/or one of the SGC OIDs.
+.Cm keyUsage
+must be absent or it must have the
+.Cm digitalSignature
+set, the
+.Cm keyEncipherment
+set, or both bits set.
+The Netscape certificate type must be absent or have the SSL server bit set.
+.It SSL Server CA
+The extended key usage extension must be absent or include the
+web server authentication and/or one of the SGC OIDs.
+The Netscape certificate type must be absent or the SSL CA bit must be set:
+this is used as a workaround if the
+.Cm basicConstraints
+extension is absent.
+.It Netscape SSL Server
+For Netscape SSL clients to connect to an SSL server; it must have the
+.Cm keyEncipherment
+bit set if the
+.Cm keyUsage
+extension is present.
+This isn't always valid because some cipher suites use the key for
+digital signing.
+Otherwise it is the same as a normal SSL server.
+.It Common S/MIME Client Tests
+The extended key usage extension must be absent or include the
+email protection OID.
+The Netscape certificate type must be absent or should have the S/MIME bit set.
+If the S/MIME bit is not set in Netscape certificate type, then the SSL
+client bit is tolerated as an alternative but a warning is shown:
+this is because some Verisign certificates don't set the S/MIME bit.
+.It S/MIME Signing
+In addition to the common S/MIME client tests, the
+.Cm digitalSignature
+bit must be set if the
+.Cm keyUsage
+extension is present.
+.It S/MIME Encryption
+In addition to the common S/MIME tests, the
+.Cm keyEncipherment
+bit must be set if the
+.Cm keyUsage
+extension is present.
+.It S/MIME CA
+The extended key usage extension must be absent or include the
+email protection OID.
+The Netscape certificate type must be absent
+or must have the S/MIME CA bit set:
+this is used as a workaround if the
+.Cm basicConstraints
+extension is absent.
+.It CRL Signing
+The
+.Cm keyUsage
+extension must be absent or it must have the CRL signing bit set.
+.It CRL Signing CA
+The normal CA tests apply, except the
+.Cm basicConstraints
+extension must be present.
+.El
+.It Fl setalias Ar arg
+Set the alias of the certificate,
+allowing the certificate to be referred to using a nickname,
+such as
+.Qq Steve's Certificate .
+.It Fl trustout
+Output a trusted certificate
+(the default if any trust settings are modified).
+An ordinary or trusted certificate can be input, but by default an ordinary
+certificate is output and any trust settings are discarded.
+.El
+.Pp
+The
+.Nm x509
+utility can be used to sign certificates and requests:
+it can thus behave like a mini CA.
+The following are x509 signing options:
+.Bl -tag -width "XXXX"
+.It Fl CA Ar file
+The CA certificate to be used for signing.
+When this option is present,
+.Nm x509
+behaves like a mini CA.
+The input file is signed by the CA using this option;
+that is, its issuer name is set to the subject name of the CA and it is
+digitally signed using the CA's private key.
+.Pp
+This option is normally combined with the
+.Fl req
+option.
+Without the
+.Fl req
+option, the input is a certificate which must be self-signed.
+.It Fl CAcreateserial
+Create the CA serial number file if it does not exist
+instead of generating an error.
+The file will contain the serial number
+.Sq 02
+and the certificate being signed will have
+.Sq 1
+as its serial number.
+.It Fl CAform Cm der | pem
+The format of the CA certificate file.
+The default is
+.Cm pem .
+.It Fl CAkey Ar file
+Set the CA private key to sign a certificate with.
+Otherwise it is assumed that the CA private key is present
+in the CA certificate file.
+.It Fl CAkeyform Cm der | pem
+The format of the CA private key.
+The default is
+.Cm pem .
+.It Fl CAserial Ar file
+Use the serial number in
+.Ar file
+to sign a certificate.
+The file should consist of one line containing an even number of hex digits
+with the serial number to use.
+After each use the serial number is incremented and written out
+to the file again.
+.Pp
+The default filename consists of the CA certificate file base name with
+.Pa .srl
+appended.
+For example, if the CA certificate file is called
+.Pa mycacert.pem ,
+it expects to find a serial number file called
+.Pa mycacert.srl .
+.It Fl checkend Ar arg
+Check whether the certificate expires in the next
+.Ar arg
+seconds.
+If so, exit with return value 1;
+otherwise exit with return value 0.
+.It Fl clrext
+Delete any extensions from a certificate.
+This option is used when a certificate is being created from another
+certificate (for example with the
+.Fl signkey
+or the
+.Fl CA
+options).
+Normally, all extensions are retained.
+.It Fl days Ar arg
+The number of days to make a certificate valid for.
+The default is 30 days.
+.It Fl extensions Ar section
+The section to add certificate extensions from.
+If this option is not specified, the extensions should either be
+contained in the unnamed (default) section
+or the default section should contain a variable called
+.Qq extensions
+which contains the section to use.
+.It Fl extfile Ar file
+File containing certificate extensions to use.
+If not specified, no extensions are added to the certificate.
+.It Fl force_pubkey Ar key
+Set the public key of the certificate to the public key contained in
+.Ar key .
+.It Fl keyform Cm der | pem
+The format of the key file used in the
+.Fl force_pubkey
+and
+.Fl signkey
+options.
+.It Fl new
+Generate a new certificate using the subject given by
+.Fl set_subject
+and signed by
+.Fl signkey .
+If no public key is provided with
+.Fl force_pubkey ,
+the resulting certificate is self-signed.
+This option cannot be used with
+.Fl in
+or
+.Fl req .
+.It Fl req
+Expect a certificate request on input instead of a certificate.
+This option cannot be used with
+.Fl new .
+.It Fl set_issuer Ar name
+The issuer name to use.
+.Ar name
+must be formatted as /type0=value0/type1=value1/type2=...;
+characters may be escaped by
+.Sq \e
+(backslash);
+no spaces are skipped.
+.It Fl set_serial Ar n
+The serial number to use.
+This option can be used with either the
+.Fl signkey
+or
+.Fl CA
+options.
+If used in conjunction with the
+.Fl CA
+option, the serial number file (as specified by the
+.Fl CAserial
+or
+.Fl CAcreateserial
+options) is not used.
+.Pp
+The serial number can be decimal or hex (if preceded by
+.Sq 0x ) .
+Negative serial numbers can also be specified but their use is not recommended.
+.It Fl set_subject Ar name
+The subject name to use.
+.Ar name
+must be formatted as /type0=value0/type1=value1/type2=...;
+characters may be escaped by
+.Sq \e
+(backslash);
+no spaces are skipped.
+.It Fl signkey Ar file
+Self-sign
+.Ar file
+using the supplied private key.
+.Pp
+If the input file is a certificate, it sets the issuer name to the
+subject name (i.e. makes it self-signed),
+changes the public key to the supplied value,
+and changes the start and end dates.
+The start date is set to the current time and the end date is set to
+a value determined by the
+.Fl days
+option.
+Any certificate extensions are retained unless the
+.Fl clrext
+option is supplied.
+.Pp
+If the input is a certificate request, a self-signed certificate
+is created using the supplied private key using the subject name in
+the request.
+.It Fl utf8
+Interpret field values read from a terminal or obtained from a configuration
+file as UTF-8 strings.
+By default, they are interpreted as ASCII.
+.It Fl x509toreq
+Convert a certificate into a certificate request.
+The
+.Fl signkey
+option is used to pass the required private key.
+.El
+.Sh COMMON NOTATION
+Several commands share a common syntax,
+as detailed below.
+.Pp
+Password arguments, typically specified using
+.Fl passin
+and
+.Fl passout
+for input and output passwords,
+allow passwords to be obtained from a variety of sources.
+Both of these options take a single argument, described below.
+If no password argument is given and a password is required,
+then the user is prompted to enter one:
+this will typically be read from the current terminal with echoing turned off.
+.Bl -tag -width "pass:password" -offset indent
+.It Cm pass : Ns Ar password
+The actual password is
+.Ar password .
+Since the password is visible to utilities,
+this form should only be used where security is not important.
+.It Cm env : Ns Ar var
+Obtain the password from the environment variable
+.Ar var .
+Since the environment of other processes is visible,
+this option should be used with caution.
+.It Cm file : Ns Ar path
+The first line of
+.Ar path
+is the password.
+If the same
+.Ar path
+argument is supplied to
+.Fl passin
+and
+.Fl passout ,
+then the first line will be used for the input password and the next line
+for the output password.
+.Ar path
+need not refer to a regular file:
+it could, for example, refer to a device or named pipe.
+.It Cm fd : Ns Ar number
+Read the password from the file descriptor
+.Ar number .
+This can be used to send the data via a pipe, for example.
+.It Cm stdin
+Read the password from standard input.
+.El
+.Pp
+Input/output formats,
+typically specified using
+.Fl inform
+and
+.Fl outform ,
+indicate the format being read from or written to.
+The argument is case insensitive.
+.Pp
+.Bl -tag -width Ds -offset indent -compact
+.It Cm der
+Distinguished Encoding Rules (DER)
+is a binary format.
+.It Cm net
+Insecure legacy format.
+.It Cm pem
+Privacy Enhanced Mail (PEM)
+is base64-encoded.
+.It Cm pvk
+Private Key format.
+.It Cm smime
+An SMIME format message.
+.It Cm txt
+Plain ASCII text.
+.El
+.Sh ENVIRONMENT
+The following environment variables affect the execution of
+.Nm openssl :
+.Bl -tag -width "/etc/pki/tls/libressl.cnf"
+.It Ev OPENSSL_CONF
+The location of the master configuration file.
+.El
+.Sh FILES
+.Bl -tag -width "/etc/pki/tls/libressl.cnf" -compact
+.It Pa /etc/ssl/
+Default config directory for
+.Nm openssl .
+.It Pa /etc/ssl/lib/
+Unused.
+.It Pa /etc/ssl/private/
+Default private key directory.
+.It Pa /etc/ssl/libressl.cnf
+Default configuration file for
+.Nm openssl .
+.It Pa /etc/ssl/x509v3.cnf
+Default configuration file for
+.Nm x509
+certificates.
+.El
+.Sh SEE ALSO
+.Xr acme-client 1 ,
+.Xr nc 1 ,
+.Xr libressl.cnf 5 ,
+.Xr x509v3.cnf 5 ,
+.Xr ssl 8 ,
+.Xr starttls 8
+.Sh STANDARDS
+.Rs
+.%A T. Dierks
+.%A C. Allen
+.%D January 1999
+.%R RFC 2246
+.%T The TLS Protocol Version 1.0
+.Re
+.Pp
+.Rs
+.%A M. Wahl
+.%A S. Killie
+.%A T. Howes
+.%D December 1997
+.%R RFC 2253
+.%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
+.Re
+.Pp
+.Rs
+.%A B. Kaliski
+.%D March 1998
+.%R RFC 2315
+.%T PKCS #7: Cryptographic Message Syntax Version 1.5
+.Re
+.Pp
+.Rs
+.%A R. Housley
+.%A W. Ford
+.%A W. Polk
+.%A D. Solo
+.%D January 1999
+.%R RFC 2459
+.%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
+.Re
+.Pp
+.Rs
+.%A M. Myers
+.%A R. Ankney
+.%A A. Malpani
+.%A S. Galperin
+.%A C. Adams
+.%D June 1999
+.%R RFC 2560
+.%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
+.Re
+.Pp
+.Rs
+.%A R. Housley
+.%D June 1999
+.%R RFC 2630
+.%T Cryptographic Message Syntax
+.Re
+.Pp
+.Rs
+.%A P. Chown
+.%D June 2002
+.%R RFC 3268
+.%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
+.Re