[B<-Verify> I<int>]
[B<-cert> I<infile>]
[B<-cert2> I<infile>]
-[B<-certform> B<DER>|B<PEM>]
+[B<-certform> B<DER>|B<PEM>|B<P12>]
[B<-cert_chain> I<infile>]
[B<-build_chain>]
[B<-serverinfo> I<val>]
[B<-key> I<infile>]
[B<-key2> I<infile>]
-[B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
+[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-pass> I<val>]
[B<-dcert> I<infile>]
-[B<-dcertform> B<DER>|B<PEM>]
+[B<-dcertform> B<DER>|B<PEM>|B<P12>]
[B<-dcert_chain> I<infile>]
[B<-dkey> I<infile>]
-[B<-dkeyform> B<DER>|B<PEM>|B<ENGINE>]
+[B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-dpass> I<val>]
[B<-nbio_test>]
[B<-crlf>]
[B<-www>]
[B<-WWW>]
[B<-http_server_binmode>]
+[B<-no_ca_names>]
[B<-servername>]
[B<-servername_fatal>]
[B<-tlsextdebug>]
for example the DSS cipher suites require a certificate containing a DSS
(DSA) key. If not specified then the filename F<server.pem> will be used.
-=item B<-certform> B<DER>|B<PEM>
+=item B<-certform> B<DER>|B<PEM>|B<P12>
-The server certificate file format; the default is B<PEM>.
-See L<openssl(1)/Format Options> for details.
+The server certificate file format.
+This option has no effect and is retained for backward compatibility only.
=item B<-cert_chain>
The private key to use. If not specified then the certificate file will
be used.
-=item B<-keyform> B<DER>|B<PEM>|B<ENGINE>
+=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The key format; the default is B<PEM>.
+The only value with effect is B<ENGINE>; all others have become obsolete.
See L<openssl(1)/Format Options> for details.
=item B<-pass> I<val>
server certificate chain when a certificate specified via the B<-dcert> option
is in use.
-=item B<-dcertform> B<DER>|B<PEM>
+=item B<-dcertform> B<DER>|B<PEM>|B<P12>
-The format of the additional certificate file; the default is B<PEM>.
-See L<openssl(1)/Format Options>.
+The format of the additional certificate file.
+This option has no effect and is retained for backward compatibility only.
-=item B<-dkeyform> B<DER>|B<PEM>|B<ENGINE>
+=item B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The format of the additional private key; the default is B<PEM>.
+The only value with effect is B<ENGINE>; all others have become obsolete.
See L<openssl(1)/Format Options>.
=item B<-dpass> I<val>
When acting as web-server (using option B<-WWW> or B<-HTTP>) open files requested
by the client in binary mode.
+=item B<-no_ca_names>
+
+Disable TLS Extension CA Names. You may want to disable it for security reasons
+or for compatibility with some Windows TLS implementations crashing when this
+extension is larger than 1024 bytes.
+
=item B<-id_prefix> I<val>
Generate SSL/TLS session IDs prefixed by I<val>. This is mostly useful
The
-allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.
+All B<-keyform> and B<-dkeyform> values except B<ENGINE>
+have become obsolete in OpenSSL 3.0.0 and have no effect.
+
+The B<-certform> and B<-dcertform> options have become obsolete in OpenSSL 3.0.0
+and have no effect.
+
=head1 COPYRIGHT
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy