[B<-no_alt_chains>]
[B<-use_deltas>]
[B<-auth_level num>]
+[B<-nameopt option>]
[B<-verify_depth num>]
[B<-verify_return_error>]
[B<-verify_email email>]
[B<-status_verbose>]
[B<-status_timeout nsec>]
[B<-status_url url>]
+[B<-status_file file>]
[B<-alpn protocols>]
[B<-nextprotoneg protocols>]
If the ciphersuite cannot request a client certificate (for example an
anonymous ciphersuite or PSK) this option has no effect.
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. The
+B<option> argument can be a single option or multiple options separated by
+commas. Alternatively the B<-nameopt> switch may be used more than once to
+set multiple options. See the L<x509(1)> manual page for details.
+
=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
server certificate. Without this option an error is returned if the server
certificate does not contain a responder address.
+=item B<-status_file file>
+
+Overrides any OCSP responder URLs from the certificate and always provides the
+OCSP Response stored in the file. The file must be in DER format.
+
=item B<-alpn protocols>, B<-nextprotoneg protocols>
these flags enable the
print out some session cache status information.
+=item B<-keylogfile path>
+
+Appends TLS secrets to the specified keylog file such that external programs
+(like Wireshark) can decrypt TLS connections.
+
=back
=head1 NOTES