prov = OSSL_PROVIDER_load(libctx, provider_name);
if (prov == NULL) {
- opt_printf_stderr("%s: unable to load provider %s\n",
+ opt_printf_stderr("%s: unable to load provider %s\n"
+ "Hint: use -provider-path option or OPENSSL_MODULES environment variable.\n",
opt_getprog(), provider_name);
ERR_print_errors(bio_err);
return 0;
and many further options such as B<-chain> are relevant only with B<-export>.
Conversely, the options regarding encryption of private keys when outputting
PKCS#12 input are relevant only when the B<-export> option is not given.
+
The default encryption algorithm is AES-256-CBC with PBKDF2 for key derivation.
+When encountering problems loading legacy PKCS#12 files that involve,
+for example, RC2-40-CBC,
+try using the B<-legacy> option and, if needed, the B<-provider-path> option.
+
=over 4
=item B<-help>
=item B<-legacy>
Use legacy mode of operation and automatically load the legacy provider.
+If OpenSSL is not installed system-wide,
+it is necessary to also use, for example, C<-provider-path ./providers>
+or to set the environment variable B<OPENSSL_MODULES>
+to point to the directory where the providers can be found.
+
In the legacy mode, the default algorithm for certificate encryption
is RC2_CBC or 3DES_CBC depending on whether the RC2 cipher is enabled
in the build. The default algorithm for private key encryption is 3DES_CBC.
=item B<-provider> I<name>
Load and initialize the provider identified by I<name>.
+See L<provider(7)> for a more detailed description.
=item B<-provider-path> I<path>
Specifies the search path that is to be used for looking for providers.
+Equivalently, the B<OPENSSL_MODULES> environment variable may be set.
=item B<-propquery> I<propq>
=item B<OPENSSL_MODULES>
Specifies the directory from which cryptographic providers are loaded.
+Equivalently, the generic B<-provider-path> command-line option may be used.
=item B<OPENSSL_WIN32_UTF8>
. "\n"
. "=item B<-propquery> I<propq>\n"
. "\n"
-. "See L<openssl(1)/Provider Options>.";
+. "See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.";
# Configuration option
$OpenSSL::safe::opt_config_synopsis = ""