[B<-reuse>]
[B<-new>]
[B<-verify> I<depth>]
-[B<-nameopt> I<option>]
[B<-time> I<seconds>]
[B<-ssl3>]
[B<-tls1>]
[B<-bugs>]
[B<-cipher> I<cipherlist>]
[B<-ciphersuites> I<val>]
+{- $OpenSSL::safe::opt_name_synopsis -}
+[B<-cafile> I<file>]
{- $OpenSSL::safe::opt_trust_synopsis -}
-
-=for openssl ifdef ssl3 tls1 tls1_1 tls1_2 tls1_3
+{- $OpenSSL::safe::opt_provider_synopsis -}
=head1 DESCRIPTION
with a certificate chain can be seen. As a side effect the connection
will never fail due to a server certificate verify failure.
-=item B<-nameopt> I<option>
-
-Option which determines how the subject or issuer names are displayed. The
-I<option> argument can be a single option or multiple options separated by
-commas. Alternatively the B<-nameopt> switch may be used more than once to
-set multiple options. See the L<openssl-x509(1)> manual page for details.
-
=item B<-new>
Performs the timing test using a new session ID for each connection.
that session caching is working. If neither B<-new> nor B<-reuse> are
specified, they are both on by default and executed in sequence.
-=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>
-
-These options enable specific SSL or TLS protocol versions for the handshake
-initiated by this command.
-By default, it negotiates the highest mutually supported protocol
-version.
-Note that not all protocols and flags may be available, depending on how
-OpenSSL was built.
-
=item B<-bugs>
There are several known bugs in SSL and TLS implementations. Adding this
performance and the link speed determine how many connections it
can establish.
+{- $OpenSSL::safe::opt_name_item -}
+
{- $OpenSSL::safe::opt_trust_item -}
+{- $OpenSSL::safe::opt_provider_item -}
+
+=item B<-cafile> I<file>
+
+This is an obsolete synonym for B<-CAfile>.
+
+=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>
+
+See L<openssl(1)/TLS Version Options>.
+
=back
=head1 NOTES
list to choose from. This is normally because the server is not sending
the clients certificate authority in its "acceptable CA list" when it
requests a certificate. By using L<openssl-s_client(1)> the CA list can be
-viewed and checked. However some servers only request client authentication
+viewed and checked. However, some servers only request client authentication
after a specific URL is requested. To obtain the list in this case it
is necessary to use the B<-prexit> option of L<openssl-s_client(1)> and
send an HTTP request for an appropriate page.
If a certificate is specified on the command line using the B<-cert>
option it will not be used unless the server specifically requests
-a client certificate. Therefor merely including a client certificate
+a client certificate. Therefore, merely including a client certificate
on the command line is no guarantee that the certificate works.
=head1 BUGS
The B<-verify> option should really exit if the server verification
fails.
+=head1 HISTORY
+
+The B<-cafile> option was deprecated in OpenSSL 3.0.
+
=head1 SEE ALSO
L<openssl(1)>,
=head1 COPYRIGHT
-Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy