=pod
-
-=begin comment
-{- join("\n", @autowarntext) -}
-
-=end comment
+{- OpenSSL::safe::output_do_not_edit_headers(); -}
=head1 NAME
-openssl-smime - S/MIME utility
+openssl-smime - S/MIME command
=head1 SYNOPSIS
[B<-crlfeol>]
[B<-I<cipher>>]
[B<-in> I<file>]
-[B<-attime> I<timestamp>]
-[B<-check_ss_sig>]
-[B<-crl_check>]
-[B<-crl_check_all>]
-[B<-explicit_policy>]
-[B<-extended_crl>]
-[B<-ignore_critical>]
-[B<-inhibit_any>]
-[B<-inhibit_map>]
-[B<-partial_chain>]
-[B<-policy> I<arg>]
-[B<-policy_check>]
-[B<-policy_print>]
-[B<-purpose> I<purpose>]
-[B<-suiteB_128>]
-[B<-suiteB_128_only>]
-[B<-suiteB_192>]
-[B<-trusted_first>]
-[B<-no_alt_chains>]
-[B<-use_deltas>]
-[B<-auth_level> I<num>]
-[B<-verify_depth> I<num>]
-[B<-verify_email> I<email>]
-[B<-verify_hostname> I<hostname>]
-[B<-verify_ip> I<ip>]
-[B<-verify_name> I<name>]
-[B<-x509_strict>]
[B<-certfile> I<file>]
[B<-signer> I<file>]
+[B<-nointern>]
+[B<-noverify>]
+[B<-nochain>]
+[B<-nosigs>]
+[B<-nocerts>]
+[B<-noattr>]
+[B<-nodetach>]
+[B<-nosmimecap>]
[B<-recip> I< file>]
[B<-inform> B<DER>|B<PEM>|B<SMIME>]
[B<-outform> B<DER>|B<PEM>|B<SMIME>]
[B<-stream>]
[B<-md> I<digest>]
{- $OpenSSL::safe::opt_trust_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_v_synopsis -}
+{- $OpenSSL::safe::opt_provider_synopsis -}
I<cert.pem> ...
=for openssl ifdef engine
=item B<-nochain>
-Do not do chain verification of signers certificates: that is don't
+Do not do chain verification of signers certificates; that is, do not
use the certificates in the signed message as untrusted CAs.
=item B<-nosigs>
include the signing time and supported symmetric algorithms. With this
option they are not included.
+=item B<-nodetach>
+
+When signing a message use opaque signing. This form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME. Without this option cleartext signing with
+the MIME type multipart/signed is used.
+
+=item B<-nosmimecap>
+
+When signing a message, do not include the B<SMIMECapabilities> attribute.
+
=item B<-binary>
Normally the input message is converted to "canonical" format which is
Normally the output file uses a single B<LF> as end of line. When this
option is present B<CRLF> is used instead.
-=item B<-nodetach>
-
-When signing a message use opaque signing: this form is more resistant
-to translation by mail relays but it cannot be read by mail agents that
-do not support S/MIME. Without this option cleartext signing with
-the MIME type multipart/signed is used.
-
=item B<-certfile> I<file>
Allows additional certificates to be specified. When signing these will
verified then the signers certificates will be written to this file if the
verification was successful.
+=item B<-nocerts>
+
+Don't include signers certificate when signing.
+
+=item B<-noattr>
+
+Don't include any signed attributes when signing.
+
=item B<-recip> I<file>
The recipients certificate when decrypting a message. This certificate
then many S/MIME mail clients check the signers certificate's email
address matches that specified in the From: address.
-=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
-B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
-B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
-B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
-B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
-B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-B<-verify_ip>, B<-verify_name>, B<-x509_strict>
+{- $OpenSSL::safe::opt_v_item -}
-Set various options of certificate chain verification. See
-L<openssl-verify(1)> manual page for details.
+Any verification errors cause the command to exit.
{- $OpenSSL::safe::opt_trust_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_provider_item -}
+
=item I<cert.pem> ...
One or more certificates of message recipients, used when encrypting