Use OSSL_STORE for load_{,pub}key() and load_cert() in apps/lib/apps.c

[openssl.git] / doc / man1 / openssl-x509.pod.in

diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in
index b8fd2a4041ce3f18cff093525b9c2e3ed18b4f50..918c91b34b6cb329565ef9d793b5914eca4984c6 100644 (file)
--- a/doc/man1/openssl-x509.pod.in
+++ b/doc/man1/openssl-x509.pod.in
@@ -11,9 +11,9 @@ B<openssl> B<x509>
 [B<-help>]
 [B<-inform> B<DER>|B<PEM>]
 [B<-outform> B<DER>|B<PEM>]
-[B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
-[B<-CAform> B<DER>|B<PEM>]
-[B<-CAkeyform> B<DER>|B<PEM>|B<ENGINE>]
+[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
+[B<-CAform> B<DER>|B<PEM>|B<P12>]
+[B<-CAkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
 [B<-in> I<filename>]
 [B<-out> I<filename>]
 [B<-serial>]
@@ -100,13 +100,18 @@ various sections.
 
 Print out a usage message.
 
-=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
+=item B<-inform> B<DER>|B<PEM>
 
-The input and formats; the default is B<PEM>.
+The CSR input format; the default is B<PEM>.
 See L<openssl(1)/Format Options> for details.
 
-The input is normally an X.509 certificate, but this can change if other
-options such as B<-req> are used.
+The input is normally an X.509 certificate file of any format,
+but this can change if other options such as B<-req> are used.
+
+B<-outform> B<DER>|B<PEM>
+
+The output format; the default is B<PEM>.
+See L<openssl(1)/Format Options> for details.
 
 =item B<-in> I<filename>
 
@@ -355,8 +360,7 @@ can thus behave like a "mini CA".
 =item B<-signkey> I<arg>
 
 This option causes the input file to be self signed using the supplied
-private key or engine. The private key's format is specified with the
-B<-keyform> option.
+private key or engine.
 
 It sets the issuer name to the subject name (i.e., makes it self-issued)
 and changes the public key to the supplied value (unless overridden by
@@ -392,14 +396,21 @@ certificate is being created from another certificate (for example with
 the B<-signkey> or the B<-CA> options). Normally all extensions are
 retained.
 
-=item B<-keyform> B<DER>|B<PEM>|B<ENGINE>
+=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
 
 The key format; the default is B<PEM>.
+The only value with effect is B<ENGINE>; all others have become obsolete.
 See L<openssl(1)/Format Options> for details.
 
-=item B<-CAform> B<DER>|B<PEM>, B<-CAkeyform> B<DER>|B<PEM>|B<ENGINE>
+=item B<-CAform> B<DER>|B<PEM>|B<P12>,
+
+The format for the CA certificate.
+This option has no effect and is retained for backward compatibility.
 
-The format for the CA certificate and key; the default is B<PEM>.
+=item B<-CAkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
+
+The format for the CA key; the default is B<PEM>.
+The only value with effect is B<ENGINE>; all others have become obsolete.
 See L<openssl(1)/Format Options> for details.
 
 =item B<-days> I<arg>
@@ -502,8 +513,6 @@ self-signed, for instance when the key cannot be used for signing, such as DH.
 It can also be used in conjunction with b<-new> and B<-subj> to directly
 generate a certificate containing any desired public key.
 
-The format of the key file can be specified using the B<-keyform> option.
-
 =item B<-subj> I<arg>
 
 When a certificate is created set its subject name to the given value.
@@ -821,6 +830,11 @@ of the distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical
 version of the DN using SHA1. This means that any directories using the old
 form must have their links rebuilt using L<openssl-rehash(1)> or similar.
 
+All B<-keyform> and B<-CAkeyform> values except B<ENGINE>
+have become obsolete in OpenSSL 3.0.0 and have no effect.
+
+The B<-CAform> option has become obsolete in OpenSSL 3.0.0 and has no effect.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.