B<openssl> B<crl>
[B<-help>]
-[B<-inform PEM|DER>]
-[B<-outform PEM|DER>]
+[B<-inform> B<DER>|B<PEM>]
+[B<-outform> B<DER>|B<PEM>]
+[B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
[B<-text>]
-[B<-in filename>]
-[B<-out filename>]
-[B<-nameopt option>]
+[B<-in> I<filename>]
+[B<-out> I<filename>]
+[B<-nameopt> I<option>]
[B<-noout>]
[B<-hash>]
[B<-issuer>]
[B<-lastupdate>]
[B<-nextupdate>]
-[B<-CAfile file>]
-[B<-CApath dir>]
+[B<-CAfile> I<file>]
+[B<-CApath> I<dir>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
+
+=for openssl ifdef hash_old
=head1 DESCRIPTION
-The B<crl> command processes CRL files in DER or PEM format.
+This command processes CRL files in DER or PEM format.
=head1 OPTIONS
Print out a usage message.
-=item B<-inform DER|PEM>
+=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
-This specifies the input format. B<DER> format is DER encoded CRL
-structure. B<PEM> (the default) is a base64 encoded version of
-the DER form with header and footer lines.
+The input and output formats of the CRL; the default is B<PEM>.
+See L<openssl(1)/Format Options> for details.
-=item B<-outform DER|PEM>
+=item B<-keyform> B<DER>|B<PEM>|B<ENGINE>
-This specifies the output format, the options have the same meaning and default
-as the B<-inform> option.
+The format of the private key file; the default is B<PEM>.
+See L<openssl(1)/Format Options> for details.
-=item B<-in filename>
+=item B<-in> I<filename>
This specifies the input filename to read from or standard input if this
option is not specified.
-=item B<-out filename>
+=item B<-out> I<filename>
Specifies the output filename to write to or standard output by
default.
Print out the CRL in text form.
-=item B<-nameopt option>
+=item B<-nameopt> I<option>
Option which determines how the subject or issuer names are displayed. See
-the description of B<-nameopt> in L<x509(1)>.
+the description of B<-nameopt> in L<openssl-x509(1)>.
=item B<-noout>
Output the nextUpdate field.
-=item B<-CAfile file>
-
-Verify the signature on a CRL by looking up the issuing certificate in
-B<file>.
-
-=item B<-CApath dir>
+=item B<-CAfile> I<file>, B<-no-CAfile>, B<-CApath> I<dir>, B<-no-CApath>
-Verify the signature on a CRL by looking up the issuing certificate in
-B<dir>. This directory must be a standard certificate directory: that
-is a hash of each subject name (using B<x509 -hash>) should be linked
-to each certificate.
+See L<openssl(1)/Trusted Certificate Options> for more information.
=back
-=head1 NOTES
-
-The PEM CRL format uses the header and footer lines:
-
- -----BEGIN X509 CRL-----
- -----END X509 CRL-----
-
=head1 EXAMPLES
Convert a CRL file from PEM to DER: