1 | =pod
2 |
3 | =head1 NAME
4 |
5 | openssl - OpenSSL command line program
6 |
7 | =head1 SYNOPSIS
8 |
9 | B<openssl>
10 | I<command>
11 | [ I<options> ... ]
12 | [ I<parameters> ... ]
13 |
14 | B<openssl> B<no->I<XXX> [ I<options> ]
15 |
16 | =head1 DESCRIPTION
17 |
18 | OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
19 | v2/v3) and Transport Layer Security (TLS v1) network protocols and related
20 | cryptography standards required by them.
21 |
22 | The B<openssl> program is a command line program for using the various
23 | cryptography functions of OpenSSL's B<crypto> library from the shell.
24 | It can be used for
25 |
26 | o Creation and management of private keys, public keys and parameters
27 | o Public key cryptographic operations
28 | o Creation of X.509 certificates, CSRs and CRLs
29 | o Calculation of Message Digests and Message Authentication Codes
30 | o Encryption and Decryption with Ciphers
31 | o SSL/TLS Client and Server Tests
32 | o Handling of S/MIME signed or encrypted mail
33 | o Timestamp requests, generation and verification
34 |
36 |
37 | The B<openssl> program provides a rich variety of commands (I<command> in
38 | the L</SYNOPSIS> above).
39 | Each command can have many options and argument parameters, shown above as
40 | I<options> and I<parameters>.
41 |
42 | Detailed documentation and use cases for most standard subcommands are available
43 | (e.g., L<openssl-x509(1)>). The subcommand L<openssl-list(1)> may be used to list
44 | subcommands.
45 |
46 | The command B<no->I<XXX> tests whether a command of the
47 | specified name is available. If no command named I<XXX> exists, it
48 | returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
49 | and prints I<XXX>. In both cases, the output goes to B<stdout> and
50 | nothing is printed to B<stderr>. Additional command line arguments
51 | are always ignored. Since for each cipher there is a command of the
52 | same name, this provides an easy way for shell scripts to test for the
53 | availability of ciphers in the B<openssl> program. (B<no->I<XXX> is
54 | not able to detect pseudo-commands such as B<quit>,
55 | B<list>, or B<no->I<XXX> itself.)
56 |
57 | =head2 Configuration Option
58 |
59 | Many commands use an external configuration file for some or all of their
60 | arguments and have a B<-config> option to specify that file.
61 | The default name of the file is F<openssl.cnf> in the default certificate
62 | storage area, which can be determined from the L<openssl-version(1)>
63 | command using the B<-d> or B<-a> option.
64 | The environment variable B<OPENSSL_CONF> can be used to specify a different
65 | file location or to disable loading a configuration (using the empty string).
66 |
67 | Among others, the configuration file can be used to load modules
68 | and to specify parameters for generating certificates and random numbers.
69 | See L<config(5)> for details.
70 |
71 | =head2 Standard Commands
72 |
73 | =over 4
74 |
75 | =item B<asn1parse>
76 |
77 | Parse an ASN.1 sequence.
78 |
79 | =item B<ca>
80 |
81 | Certificate Authority (CA) Management.
82 |
83 | =item B<ciphers>
84 |
85 | Cipher Suite Description Determination.
86 |
87 | =item B<cms>
88 |
89 | CMS (Cryptographic Message Syntax) command.
90 |
91 | =item B<crl>
92 |
93 | Certificate Revocation List (CRL) Management.
94 |
95 | =item B<crl2pkcs7>
96 |
97 | CRL to PKCS#7 Conversion.
98 |
99 | =item B<dgst>
100 |
101 | Message Digest calculation. MAC calculations are superseded by
102 | L<openssl-mac(1)>.
103 |
104 | =item B<dhparam>
105 |
106 | Generation and Management of Diffie-Hellman Parameters. Superseded by
107 | L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>.
108 |
109 | =item B<dsa>
110 |
111 | DSA Data Management.
112 |
113 | =item B<dsaparam>
114 |
115 | DSA Parameter Generation and Management. Superseded by
116 | L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>.
117 |
118 | =item B<ec>
119 |
120 | EC (Elliptic curve) key processing.
121 |
122 | =item B<ecparam>
123 |
124 | EC parameter manipulation and generation.
125 |
126 | =item B<enc>
127 |
128 | Encryption, decryption, and encoding.
129 |
130 | =item B<engine>
131 |
132 | Engine (loadable module) information and manipulation.
133 |
134 | =item B<errstr>
135 |
136 | Error Number to Error String Conversion.
137 |
138 | =item B<fipsinstall>
139 |
140 | FIPS configuration installation.
141 |
142 | =item B<gendsa>
143 |
144 | Generation of DSA Private Key from Parameters. Superseded by
145 | L<openssl-genpkey(1)> and L<openssl-pkey(1)>.
146 |
147 | =item B<genpkey>
148 |
149 | Generation of Private Key or Parameters.
150 |
151 | =item B<genrsa>
152 |
153 | Generation of RSA Private Key. Superseded by L<openssl-genpkey(1)>.
154 |
155 | =item B<help>
156 |
157 | Display information about a command's options.
158 |
159 | =item B<info>
160 |
161 | Display diverse information built into the OpenSSL libraries.
162 |
163 | =item B<kdf>
164 |
165 | Key Derivation Functions.
166 |
167 | =item B<list>
168 |
169 | List algorithms and features.
170 |
171 | =item B<mac>
172 |
173 | Message Authentication Code Calculation.
174 |
175 | =item B<nseq>
176 |
177 | Create or examine a Netscape certificate sequence.
178 |
179 | =item B<ocsp>
180 |
181 | Online Certificate Status Protocol command.
182 |
183 | =item B<passwd>
184 |
185 | Generation of hashed passwords.
186 |
187 | =item B<pkcs12>
188 |
189 | PKCS#12 Data Management.
190 |
191 | =item B<pkcs7>
192 |
193 | PKCS#7 Data Management.
194 |
195 | =item B<pkcs8>
196 |
197 | PKCS#8 format private key conversion command.
198 |
199 | =item B<pkey>
200 |
201 | Public and private key management.
202 |
203 | =item B<pkeyparam>
204 |
205 | Public key algorithm parameter management.
206 |
207 | =item B<pkeyutl>
208 |
209 | Public key algorithm cryptographic operation command.
210 |
211 | =item B<prime>
212 |
213 | Compute prime numbers.
214 |
215 | =item B<rand>
216 |
217 | Generate pseudo-random bytes.
218 |
219 | =item B<rehash>
220 |
221 | Create symbolic links to certificate and CRL files named by the hash values.
222 |
223 | =item B<req>
224 |
225 | PKCS#10 X.509 Certificate Signing Request (CSR) Management.
226 |
227 | =item B<rsa>
228 |
229 | RSA key management.
230 |
231 | =item B<rsautl>
232 |
233 | RSA command for signing, verification, encryption, and decryption. Superseded
234 | by L<openssl-pkeyutl(1)>.
235 |
236 | =item B<s_client>
237 |
238 | This implements a generic SSL/TLS client which can establish a transparent
239 | connection to a remote server speaking SSL/TLS. It's intended for testing
240 | purposes only and provides only rudimentary interface functionality but
241 | internally uses mostly all functionality of the OpenSSL B<ssl> library.
242 |
243 | =item B<s_server>
244 |
245 | This implements a generic SSL/TLS server which accepts connections from remote
246 | clients speaking SSL/TLS. It's intended for testing purposes only and provides
247 | only rudimentary interface functionality but internally uses mostly all
248 | functionality of the OpenSSL B<ssl> library. It provides both an own command
249 | line oriented protocol for testing SSL functions and a simple HTTP response
250 | facility to emulate an SSL/TLS-aware webserver.
251 |
252 | =item B<s_time>
253 |
254 | SSL Connection Timer.
255 |
256 | =item B<sess_id>
257 |
258 | SSL Session Data Management.
259 |
260 | =item B<smime>
261 |
262 | S/MIME mail processing.
263 |
264 | =item B<speed>
265 |
266 | Algorithm Speed Measurement.
267 |
268 | =item B<spkac>
269 |
270 | SPKAC printing and generating command.
271 |
272 | =item B<srp>
273 |
274 | Maintain SRP password file. This command is deprecated.
275 |
276 | =item B<storeutl>
277 |
278 | Command to list and display certificates, keys, CRLs, etc.
279 |
280 | =item B<ts>
281 |
282 | Time Stamping Authority command.
283 |
284 | =item B<verify>
285 |
286 | X.509 Certificate Verification.
287 | See also the L<openssl-verification-options(1)> manual page.
288 |
289 | =item B<version>
290 |
291 | OpenSSL Version Information.
292 |
293 | =item B<x509>
294 |
295 | X.509 Certificate Data Management.
296 |
297 | =back
298 |
299 | =head2 Message Digest Commands
300 |
301 | =over 4
302 |
303 | =item B<blake2b512>
304 |
305 | BLAKE2b-512 Digest
306 |
307 | =item B<blake2s256>
308 |
309 | BLAKE2s-256 Digest
310 |
311 | =item B<md2>
312 |
313 | MD2 Digest
314 |
315 | =item B<md4>
316 |
317 | MD4 Digest
318 |
319 | =item B<md5>
320 |
321 | MD5 Digest
322 |
323 | =item B<mdc2>
324 |
325 | MDC2 Digest
326 |
327 | =item B<rmd160>
328 |
329 | RMD-160 Digest
330 |
331 | =item B<sha1>
332 |
333 | SHA-1 Digest
334 |
335 | =item B<sha224>
336 |
337 | SHA-2 224 Digest
338 |
339 | =item B<sha256>
340 |
341 | SHA-2 256 Digest
342 |
343 | =item B<sha384>
344 |
345 | SHA-2 384 Digest
346 |
347 | =item B<sha512>
348 |
349 | SHA-2 512 Digest
350 |
351 | =item B<sha3-224>
352 |
353 | SHA-3 224 Digest
354 |
355 | =item B<sha3-256>
356 |
357 | SHA-3 256 Digest
358 |
359 | =item B<sha3-384>
360 |
361 | SHA-3 384 Digest
362 |
363 | =item B<sha3-512>
364 |
365 | SHA-3 512 Digest
366 |
367 | =item B<shake128>
368 |
369 | SHA-3 SHAKE128 Digest
370 |
371 | =item B<shake256>
372 |
373 | SHA-3 SHAKE256 Digest
374 |
375 | =item B<sm3>
376 |
377 | SM3 Digest
378 |
379 | =back
380 |
381 | =head2 Encryption, Decryption, and Encoding Commands
382 |
383 | The following aliases provide convenient access to the most used encodings
384 | and ciphers.
385 |
386 | Depending on how OpenSSL was configured and built, not all ciphers listed
387 | here may be present. See L<openssl-enc(1)> for more information.
388 |
389 | =over 4
390 |
391 | =item B<aes128>, B<aes-128-cbc>, B<aes-128-cfb>, B<aes-128-ctr>, B<aes-128-ecb>, B<aes-128-ofb>
392 |
393 | AES-128 Cipher
394 |
395 | =item B<aes192>, B<aes-192-cbc>, B<aes-192-cfb>, B<aes-192-ctr>, B<aes-192-ecb>, B<aes-192-ofb>
396 |
397 | AES-192 Cipher
398 |
399 | =item B<aes256>, B<aes-256-cbc>, B<aes-256-cfb>, B<aes-256-ctr>, B<aes-256-ecb>, B<aes-256-ofb>
400 |
401 | AES-256 Cipher
402 |
403 | =item B<aria128>, B<aria-128-cbc>, B<aria-128-cfb>, B<aria-128-ctr>, B<aria-128-ecb>, B<aria-128-ofb>
404 |
405 | Aria-128 Cipher
406 |
407 | =item B<aria192>, B<aria-192-cbc>, B<aria-192-cfb>, B<aria-192-ctr>, B<aria-192-ecb>, B<aria-192-ofb>
408 |
409 | Aria-192 Cipher
410 |
411 | =item B<aria256>, B<aria-256-cbc>, B<aria-256-cfb>, B<aria-256-ctr>, B<aria-256-ecb>, B<aria-256-ofb>
412 |
413 | Aria-256 Cipher
414 |
415 | =item B<base64>
416 |
417 | Base64 Encoding
418 |
419 | =item B<bf>, B<bf-cbc>, B<bf-cfb>, B<bf-ecb>, B<bf-ofb>
420 |
421 | Blowfish Cipher
422 |
423 | =item B<camellia128>, B<camellia-128-cbc>, B<camellia-128-cfb>, B<camellia-128-ctr>, B<camellia-128-ecb>, B<camellia-128-ofb>
424 |
425 | Camellia-128 Cipher
426 |
427 | =item B<camellia192>, B<camellia-192-cbc>, B<camellia-192-cfb>, B<camellia-192-ctr>, B<camellia-192-ecb>, B<camellia-192-ofb>
428 |
429 | Camellia-192 Cipher
430 |
431 | =item B<camellia256>, B<camellia-256-cbc>, B<camellia-256-cfb>, B<camellia-256-ctr>, B<camellia-256-ecb>, B<camellia-256-ofb>
432 |
433 | Camellia-256 Cipher
434 |
435 | =item B<cast>, B<cast-cbc>
436 |
437 | CAST Cipher
438 |
439 | =item B<cast5-cbc>, B<cast5-cfb>, B<cast5-ecb>, B<cast5-ofb>
440 |
441 | CAST5 Cipher
442 |
443 | =item B<chacha20>
444 |
445 | Chacha20 Cipher
446 |
447 | =item B<des>, B<des-cbc>, B<des-cfb>, B<des-ecb>, B<des-ede>, B<des-ede-cbc>, B<des-ede-cfb>, B<des-ede-ofb>, B<des-ofb>
448 |
449 | DES Cipher
450 |
451 | =item B<des3>, B<desx>, B<des-ede3>, B<des-ede3-cbc>, B<des-ede3-cfb>, B<des-ede3-ofb>
452 |
453 | Triple-DES Cipher
454 |
455 | =item B<idea>, B<idea-cbc>, B<idea-cfb>, B<idea-ecb>, B<idea-ofb>
456 |
457 | IDEA Cipher
458 |
459 | =item B<rc2>, B<rc2-cbc>, B<rc2-cfb>, B<rc2-ecb>, B<rc2-ofb>
460 |
461 | RC2 Cipher
462 |
463 | =item B<rc4>
464 |
465 | RC4 Cipher
466 |
467 | =item B<rc5>, B<rc5-cbc>, B<rc5-cfb>, B<rc5-ecb>, B<rc5-ofb>
468 |
469 | RC5 Cipher
470 |
471 | =item B<seed>, B<seed-cbc>, B<seed-cfb>, B<seed-ecb>, B<seed-ofb>
472 |
473 | SEED Cipher
474 |
475 | =item B<sm4>, B<sm4-cbc>, B<sm4-cfb>, B<sm4-ctr>, B<sm4-ecb>, B<sm4-ofb>
476 |
477 | SM4 Cipher
478 |
479 | =back
480 |
481 | =head1 OPTIONS
482 |
483 | Details of which options are available depend on the specific command.
484 | This section describes some common options with common behavior.
485 |
486 | =head2 Common Options
487 |
488 | =over 4
489 |
490 | =item B<-help>
491 |
492 | Provides a terse summary of all options.
493 | If an option takes an argument, the "type" of argument is also given.
494 |
495 | =item B<-->
496 |
497 | This terminates the list of options. It is mostly useful if any filename
498 | parameters start with a minus sign:
499 |
500 | openssl verify [flags...] -- -cert1.pem...
501 |
502 | =back
503 |
504 | =head2 Format Options
505 |
506 | See L<openssl-format-options(1)> for manual page.
507 |
508 | =head2 Pass Phrase Options
509 |
510 | See the L<openssl-passphrase-options(1)> manual page.
511 |
512 | =head2 Random State Options
513 |
514 | Prior to OpenSSL 1.1.1, it was common for applications to store information
515 | about the state of the random-number generator in a file that was loaded
516 | at startup and rewritten upon exit. On modern operating systems, this is
517 | generally no longer necessary as OpenSSL will seed itself from a trusted
518 | entropy source provided by the operating system. These flags are still
519 | supported for special platforms or circumstances that might require them.
520 |
521 | It is generally an error to use the same seed file more than once and
522 | every use of B<-rand> should be paired with B<-writerand>.
523 |
524 | =over 4
525 |
526 | =item B<-rand> I<files>
527 |
528 | A file or files containing random data used to seed the random number
529 | generator.
530 | Multiple files can be specified separated by an OS-dependent character.
531 | The separator is C<;> for MS-Windows, C<,> for OpenVMS, and C<:> for
532 | all others. Another way to specify multiple files is to repeat this flag
533 | with different filenames.
534 |
535 | =item B<-writerand> I<file>
536 |
537 | Writes the seed data to the specified I<file> upon exit.
538 | This file can be used in a subsequent command invocation.
539 |
540 | =back
541 |
542 | =head2 Certificate Verification Options
543 |
544 | See the L<openssl-verification-options(1)> manual page.
545 |
546 | =head2 Name Format Options
547 |
548 | See the L<openssl-namedisplay-options(1)> manual page.
549 |
550 | =head2 TLS Version Options
551 |
552 | Several commands use SSL, TLS, or DTLS. By default, the commands use TLS and
553 | clients will offer the lowest and highest protocol version they support,
554 | and servers will pick the highest version that the client offers that is also
555 | supported by the server.
556 |
557 | The options below can be used to limit which protocol versions are used,
558 | and whether TCP (SSL and TLS) or UDP (DTLS) is used.
559 | Note that not all protocols and flags may be available, depending on how
560 | OpenSSL was built.
561 |
562 | =over 4
563 |
564 | =item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
565 |
566 | These options require or disable the use of the specified SSL or TLS protocols.
567 | When a specific TLS version is required, only that version will be offered or
568 | accepted.
569 | Only one specific protocol can be given and it cannot be combined with any of
570 | the B<no_> options.
571 |
572 | =item B<-dtls>, B<-dtls1>, B<-dtls1_2>
573 |
574 | These options specify to use DTLS instead of DLTS.
575 | With B<-dtls>, clients will negotiate any supported DTLS protocol version.
576 | Use the B<-dtls1> or B<-dtls1_2> options to support only DTLS1.0 or DTLS1.2,
577 | respectively.
578 |
579 | =back
580 |
581 | =head2 Engine Options
582 |
583 | =over 4
584 |
585 | =item B<-engine> I<id>
586 |
587 | Load the engine identified by I<id> and use all the methods it implements
588 | (algorithms, key storage, etc.), unless specified otherwise in the
589 | command-specific documentation or it is configured to do so, as described in
590 | L<config(5)/Engine Configuration>.
591 |
592 | The engine will be used for key ids specified with B<-key> and similar
593 | options when an option like B<-keyform engine> is given.
594 |
595 | A special case is the C<loader_attic> engine, which
596 | is meant just for internal OpenSSL testing purposes and
597 | supports loading keys, parameters, certificates, and CRLs from files.
598 | When this engine is used, files with such credentials are read via this engine.
599 | Using the C<file:> schema is optional; a plain file (path) name will do.
600 |
601 | =back
602 |
603 | Options specifying keys, like B<-key> and similar, can use the generic
604 | OpenSSL engine key loading URI scheme C<org.openssl.engine:> to retrieve
605 | private keys and public keys. The URI syntax is as follows, in simplified
606 | form:
607 |
608 | org.openssl.engine:{engineid}:{keyid}
609 |
610 | Where C<{engineid}> is the identity/name of the engine, and C<{keyid}> is a
611 | key identifier that's acceptable by that engine. For example, when using an
612 | engine that interfaces against a PKCS#11 implementation, the generic key URI
613 | would be something like this (this happens to be an example for the PKCS#11
614 | engine that's part of OpenSC):
615 |
616 | -key org.openssl.engine:pkcs11:label_some-private-key
617 |
618 | As a third possibility, for engines and providers that have implemented
619 | their own L<OSSL_STORE_LOADER(3)>, C<org.openssl.engine:> should not be
620 | necessary. For a PKCS#11 implementation that has implemented such a loader,
621 | the PKCS#11 URI as defined in RFC 7512 should be possible to use directly:
622 |
623 | -key pkcs11:object=some-private-key;pin-value=1234
624 |
625 | =head2 Provider Options
626 |
627 | =over 4
628 |
629 | =item B<-provider> I<name>
630 |
631 | Load and initialize the provider identified by I<name>. The I<name>
632 | can be also a path to the provider module. In that case the provider name
633 | will be the specified path and not just the provider module name.
634 | Interpretation of relative paths is platform specific. The configured
635 | "MODULESDIR" path, B<OPENSSL_MODULES> environment variable, or the path
636 | specified by B<-provider-path> is prepended to relative paths.
637 | See L<provider(7)> for a more detailed description.
638 |
639 | =item B<-provider-path> I<path>
640 |
641 | Specifies the search path that is to be used for looking for providers.
642 | Equivalently, the B<OPENSSL_MODULES> environment variable may be set.
643 |
644 | =item B<-propquery> I<propq>
645 |
646 | Specifies the I<property query clause> to be used when fetching algorithms
647 | from the loaded providers.
648 | See L<property(7)> for a more detailed description.
649 |
650 | =back
651 |
652 | =head1 ENVIRONMENT
653 |
654 | The OpenSSL library can be take some configuration parameters from the
655 | environment. Some of these variables are listed below. For information
656 | about specific commands, see L<openssl-engine(1)>,
657 | L<openssl-rehash(1)>, and L<tsget(1)>.
658 |
659 | For information about the use of environment variables in configuration,
660 | see L<config(5)/ENVIRONMENT>.
661 |
662 | For information about querying or specifying CPU architecture flags, see
663 | L<OPENSSL_ia32cap(3)>, and L<OPENSSL_s390xcap(3)>.
664 |
665 | For information about all environment variables used by the OpenSSL libraries,
666 | see L<openssl-env(7)>.
667 |
668 | =over 4
669 |
670 | =item B<OPENSSL_TRACE=>I<name>[,...]
671 |
672 | Enable tracing output of OpenSSL library, by name.
673 | This output will only make sense if you know OpenSSL internals well.
674 | Also, it might not give you any output at all
675 | if OpenSSL was built without tracing support.
676 |
677 | The value is a comma separated list of names, with the following
678 | available:
679 |
680 | =over 4
681 |
682 | =item B<TRACE>
683 |
684 | Traces the OpenSSL trace API itself.
685 |
686 | =item B<INIT>
687 |
688 | Traces OpenSSL library initialization and cleanup.
689 |
690 | =item B<TLS>
691 |
692 | Traces the TLS/SSL protocol.
693 |
694 | =item B<TLS_CIPHER>
695 |
696 | Traces the ciphers used by the TLS/SSL protocol.
697 |
698 | =item B<CONF>
699 |
700 | Show details about provider and engine configuration.
701 |
702 | =item B<ENGINE_TABLE>
703 |
704 | The function that is used by RSA, DSA (etc) code to select registered
705 | ENGINEs, cache defaults and functional references (etc), will generate
706 | debugging summaries.
707 |
708 | =item B<ENGINE_REF_COUNT>
709 |
710 | Reference counts in the ENGINE structure will be monitored with a line
711 | of generated for each change.
712 |
713 | =item B<PKCS5V2>
714 |
715 | Traces PKCS#5 v2 key generation.
716 |
717 | =item B<PKCS12_KEYGEN>
718 |
719 | Traces PKCS#12 key generation.
720 |
721 | =item B<PKCS12_DECRYPT>
722 |
723 | Traces PKCS#12 decryption.
724 |
725 | =item B<X509V3_POLICY>
726 |
727 | Generates the complete policy tree at various points during X.509 v3
728 | policy evaluation.
729 |
730 | =item B<BN_CTX>
731 |
732 | Traces BIGNUM context operations.
733 |
734 | =item B<CMP>
735 |
736 | Traces CMP client and server activity.
737 |
738 | =item B<STORE>
739 |
740 | Traces STORE operations.
741 |
742 | =item B<DECODER>
743 |
744 | Traces decoder operations.
745 |
746 | =item B<ENCODER>
747 |
748 | Traces encoder operations.
749 |
750 | =item B<REF_COUNT>
751 |
752 | Traces decrementing certain ASN.1 structure references.
753 |
754 | =item B<HTTP>
755 |
756 | HTTP client diagnostics
757 |
758 | =back
759 |
760 | =back
761 |
762 | =head1 SEE ALSO
763 |
764 | L<openssl-asn1parse(1)>,
765 | L<openssl-ca(1)>,
766 | L<openssl-ciphers(1)>,
767 | L<openssl-cms(1)>,
768 | L<openssl-crl(1)>,
769 | L<openssl-crl2pkcs7(1)>,
770 | L<openssl-dgst(1)>,
771 | L<openssl-dhparam(1)>,
772 | L<openssl-dsa(1)>,
773 | L<openssl-dsaparam(1)>,
774 | L<openssl-ec(1)>,
775 | L<openssl-ecparam(1)>,
776 | L<openssl-enc(1)>,
777 | L<openssl-engine(1)>,
778 | L<openssl-errstr(1)>,
779 | L<openssl-gendsa(1)>,
780 | L<openssl-genpkey(1)>,
781 | L<openssl-genrsa(1)>,
782 | L<openssl-kdf(1)>,
783 | L<openssl-list(1)>,
784 | L<openssl-mac(1)>,
785 | L<openssl-nseq(1)>,
786 | L<openssl-ocsp(1)>,
787 | L<openssl-passwd(1)>,
788 | L<openssl-pkcs12(1)>,
789 | L<openssl-pkcs7(1)>,
790 | L<openssl-pkcs8(1)>,
791 | L<openssl-pkey(1)>,
792 | L<openssl-pkeyparam(1)>,
793 | L<openssl-pkeyutl(1)>,
794 | L<openssl-prime(1)>,
795 | L<openssl-rand(1)>,
796 | L<openssl-rehash(1)>,
797 | L<openssl-req(1)>,
798 | L<openssl-rsa(1)>,
799 | L<openssl-rsautl(1)>,
800 | L<openssl-s_client(1)>,
801 | L<openssl-s_server(1)>,
802 | L<openssl-s_time(1)>,
803 | L<openssl-sess_id(1)>,
804 | L<openssl-smime(1)>,
805 | L<openssl-speed(1)>,
806 | L<openssl-spkac(1)>,
807 | L<openssl-srp(1)>,
808 | L<openssl-storeutl(1)>,
809 | L<openssl-ts(1)>,
810 | L<openssl-verify(1)>,
811 | L<openssl-version(1)>,
812 | L<openssl-x509(1)>,
813 | L<config(5)>,
814 | L<crypto(7)>,
815 | L<openssl-env(7)>.
816 | L<ssl(7)>,
817 | L<x509v3_config(5)>
818 |
819 |
820 | =head1 HISTORY
821 |
822 | The B<list> -I<XXX>B<-algorithms> options were added in OpenSSL 1.0.0;
823 | For notes on the availability of other commands, see their individual
824 | manual pages.
825 |
826 | The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
827 | is silently ignored.
828 |
829 | The B<-xcertform> and B<-xkeyform> options
830 | are obsolete since OpenSSL 3.0 and have no effect.
831 |
832 | The interactive mode, which could be invoked by running C<openssl>
833 | with no further arguments, was removed in OpenSSL 3.0, and running
834 | that program with no arguments is now equivalent to C<openssl help>.
835 |
836 | =head1 COPYRIGHT
837 |
838 | Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
839 |
840 | Licensed under the Apache License 2.0 (the "License"). You may not use
841 | this file except in compliance with the License. You can obtain a copy
842 | in the file LICENSE in the source distribution or at
843 | L<https://www.openssl.org/source/license.html>.
844 |
845 | =cut