=head2 Format Options
Several OpenSSL commands can take input or generate output in a variety
-of formats. The list of acceptable formats, and the default, is
+of formats.
+Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from
+files in any of the B<DER>, B<PEM>, or B<P12> formats,
+while specifying their input format is no more needed.
+
+The list of acceptable formats, and the default, is
described in each command documentation. The list of formats is
described below. Both uppercase and lowercase are accepted.
=item B<-keyform> I<format>
Format of a private key input source.
+The only value with effect is B<ENGINE>; all others have become obsolete.
+See L<openssl(1)/Format Options> for details.
=item B<-CRLform> I<format>
=over 4
-=item B<-xchain_build>
-
-Specify whether the application should build the certificate chain to be
-provided to the server for the extra certificates via the B<-xkey>,
-B<-xcert>, and B<-xchain> options.
-
=item B<-xkey> I<infile>, B<-xcert> I<infile>, B<-xchain>
Specify an extra certificate, private key and certificate chain. These behave
specified, the callback returning the first valid chain will be in use by the
client.
-=item B<-xcertform> B<DER>|B<PEM>, B<-xkeyform> B<DER>|B<PEM>
-
-The input format for the extra certificate and key, respectively.
-See L<openssl(1)/Format Options> for details.
-
=item B<-xchain_build>
Specify whether the application should build the certificate chain to be
provided to the server for the extra certificates via the B<-xkey>,
B<-xcert>, and B<-xchain> options.
-=item B<-xcertform> B<DER>|B<PEM>, B<-xkeyform> B<DER>|B<PEM>
+=item B<-xcertform> B<DER>|B<PEM>|B<P12>
-The input format for the extra certificate and key, respectively.
-See L<openssl(1)/Format Options> for details.
+The input format for the extra certificate.
+This option has no effect and is retained for backward compatibility only.
+
+=item B<-xkeyform> B<DER>|B<PEM>|B<P12>
+
+The input format for the extra key.
+This option has no effect and is retained for backward compatibility only.
=back
Parse I<file> as a set of one or more certificates in PEM format.
All certificates must be self-signed, unless the
B<-partial_chain> option is specified.
-This option implies the B<-no-CAfile> and B<-no-CApath> options and it
-cannot be used with either the B<-CAfile> or B<-CApath> options, so
+This option implies the B<-no-CAfile>, B<-no-CApath>, and B<-no-CAstore> options
+and it cannot be used with the B<-CAfile>, B<-CApath> or B<-CAstore> options, so
only certificates in the file are trust anchors.
This option may be used multiple times.
Escapes some characters by surrounding the entire string with quotation
marks, C<">.
-Without this option, individual special characters are preceeded with
+Without this option, individual special characters are preceded with
a backslash character, C<\>.
=item B<utf8>
SSL/TLS cipher.
-=item B<ENGINE_CONF>
+=item B<CONF>
-ENGINE configuration.
+Show details about provider and engine configuration.
=item B<ENGINE_TABLE>
The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
is silently ignored.
+The B<-xcertform> and B<-xkeyform> options
+are obsolete since OpenSSL 3.0 and have no effect.
+
+The interactive mode, which could be invoked by running C<openssl>
+with no further arguments, was removed in OpenSSL 3.0, and running
+that program with no arguments is now equivalent to C<openssl help>.
+
=head1 COPYRIGHT
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy