[B<-state>]
[B<-CApath directory>]
[B<-CAfile filename>]
+[B<-attime timestamp>]
+[B<-check_ss_sig>]
+[B<-explicit_policy>]
+[B<-extended_crl>]
+[B<-ignore_critical>]
+[B<-inhibit_any>]
+[B<-inhibit_map>]
+[B<-issuer_checks>]
+[B<-partial_chain>]
+[B<-policy arg>]
+[B<-policy_check>]
+[B<-policy_print>]
+[B<-purpose purpose>]
+[B<-suiteB_128>]
+[B<-suiteB_128_only>]
+[B<-suiteB_192>]
[B<-trusted_first>]
+[B<-use_deltas>]
+[B<-verify_depth num>]
+[B<-verify_email email>]
+[B<-verify_hostname hostname>]
+[B<-verify_ip ip>]
+[B<-verify_name name>]
+[B<-x509_strict>]
[B<-nocert>]
[B<-cipher cipherlist>]
+[B<-serverpref>]
[B<-quiet>]
[B<-no_tmp_rsa>]
[B<-ssl2>]
[B<-id_prefix arg>]
[B<-rand file(s)>]
[B<-serverinfo file>]
-[B<-auth>]
-[B<-auth_require_reneg>]
[B<-no_resumption_on_reneg>]
=head1 DESCRIPTION
is also used in the list of acceptable client CAs passed to the client when
a certificate is requested.
-=item B<-trusted_first>
+=item B<-attime>, B<-check_ss_sig>, B<explicit_policy>, B<-extended_crl>,
+B<-ignore_critical>, B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>,
+B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>,
+B<-suiteB_128>, B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>,
+B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
+B<-verify_ip>, B<-verify_name>, B<-x509_strict>
-Set certificate verification option.
+Set different peer certificate verification options.
See the L<B<verify>|verify(1)> manual page for details.
=item B<-state>
the preference order, the order of the server cipherlist irrelevant. See
the B<ciphers> command for more information.
+=item B<-serverpref>
+
+use the server's cipher preferences, rather than the client's preferences.
+
=item B<-tlsextdebug>
print out a hex dump of any TLS extensions received from the server.
an empty TLS ClientHello extension matching the type, the corresponding
ServerHello extension will be returned.
-=item B<-auth>
-
-send RFC 5878 client and server authorization extensions in the Client Hello as well as
-supplemental data if the server also sent the authorization extensions in the Server Hello.
-
-=item B<-auth_require_reneg>
-
-only send RFC 5878 client and server authorization extensions during renegotiation.
-
=item B<-no_resumption_on_reneg>
-set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag. Required in order to receive supplemental data
-during renegotiation if auth and auth_require_reneg are set.
+set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION flag.
=back