B<openssl>
I<command>
-[ I<command_opts> ]
-[ I<command_args> ]
+[ I<command_opts> ... ]
+[ I<command_args> ... ]
-B<openssl> B<list> [ B<standard-commands> | B<digest-commands> | B<cipher-commands> | B<cipher-algorithms> | B<digest-algorithms> | B<public-key-algorithms>]
+B<openssl>
+B<list>
+B<-standard-commands> |
+B<-digest-commands> |
+B<-cipher-commands> |
+B<-cipher-algorithms> |
+B<-digest-algorithms> |
+B<-mac-algorithms> |
+B<-public-key-algorithms>
B<openssl> B<no->I<XXX> [ I<arbitrary options> ]
o Creation and management of private keys, public keys and parameters
o Public key cryptographic operations
o Creation of X.509 certificates, CSRs and CRLs
- o Calculation of Message Digests
+ o Calculation of Message Digests and Message Authentication Codes
o Encryption and Decryption with Ciphers
o SSL/TLS Client and Server Tests
o Handling of S/MIME signed or encrypted mail
- o Time Stamp requests, generation and verification
+ o Timestamp requests, generation and verification
=head1 COMMAND SUMMARY
-The B<openssl> program provides a rich variety of commands (I<command> in the
-SYNOPSIS above), each of which often has a wealth of options and arguments
+The B<openssl> program provides a rich variety of sub-commands (I<command> in
+the SYNOPSIS above), each of which often has a wealth of options and arguments
(I<command_opts> and I<command_args> in the SYNOPSIS).
+Detailed documentation and use cases for most standard subcommands are available
+(e.g., L<x509(1)> or L<openssl-x509(1)>).
+
Many commands use an external configuration file for some or all of their
arguments and have a B<-config> option to specify that file.
The environment variable B<OPENSSL_CONF> can be used to specify
the location of the file.
If the environment variable is not specified, then the file is named
-B<openssl.cnf> in the default certificate storage area, whose value
+F<openssl.cnf> in the default certificate storage area, whose value
depends on the configuration flags specified when the OpenSSL
was built.
-The list parameters B<standard-commands>, B<digest-commands>,
-and B<cipher-commands> output a list (one entry per line) of the names
+The list options B<-standard-commands>, B<-digest-commands>,
+and B<-cipher-commands> output a list (one entry per line) of the names
of all standard commands, message digest commands, or cipher commands,
-respectively, that are available in the present B<openssl> utility.
+respectively, that are available.
-The list parameters B<cipher-algorithms> and
-B<digest-algorithms> list all cipher and message digest names, one entry per line. Aliases are listed as:
+The list parameters B<-cipher-algorithms>, B<-digest-algorithms>,
+and B<-mac-algorithms> list all cipher, message digest, and message
+authentication code names, one entry per line. Aliases are listed as:
from => to
-The list parameter B<public-key-algorithms> lists all supported public
+The list parameter B<-public-key-algorithms> lists all supported public
key algorithms.
The command B<no->I<XXX> tests whether a command of the
not able to detect pseudo-commands such as B<quit>,
B<list>, or B<no->I<XXX> itself.)
-=head2 Standard Commands
+=head2 Standard Sub-commands
=over 4
-=item L<B<asn1parse>|asn1parse(1)>
+=item B<asn1parse>
Parse an ASN.1 sequence.
-=item L<B<ca>|ca(1)>
+=item B<ca>
Certificate Authority (CA) Management.
-=item L<B<ciphers>|ciphers(1)>
+=item B<ciphers>
Cipher Suite Description Determination.
-=item L<B<cms>|cms(1)>
+=item B<cms>
CMS (Cryptographic Message Syntax) utility.
-=item L<B<crl>|crl(1)>
+=item B<crl>
Certificate Revocation List (CRL) Management.
-=item L<B<crl2pkcs7>|crl2pkcs7(1)>
+=item B<crl2pkcs7>
CRL to PKCS#7 Conversion.
-=item L<B<dgst>|dgst(1)>
+=item B<dgst>
-Message Digest Calculation.
+Message Digest calculation. MAC calculations are superseded by
+L<openssl-mac(1)>.
=item B<dh>
Diffie-Hellman Parameter Management.
-Obsoleted by L<B<dhparam>|dhparam(1)>.
+Obsoleted by L<openssl-dhparam(1)>.
-=item L<B<dhparam>|dhparam(1)>
+=item B<dhparam>
Generation and Management of Diffie-Hellman Parameters. Superseded by
-L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>.
+L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>.
-=item L<B<dsa>|dsa(1)>
+=item B<dsa>
DSA Data Management.
-=item L<B<dsaparam>|dsaparam(1)>
+=item B<dsaparam>
DSA Parameter Generation and Management. Superseded by
-L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>.
+L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>.
-=item L<B<ec>|ec(1)>
+=item B<ec>
EC (Elliptic curve) key processing.
-=item L<B<ecparam>|ecparam(1)>
+=item B<ecparam>
EC parameter manipulation and generation.
-=item L<B<enc>|enc(1)>
+=item B<enc>
Encoding with Ciphers.
-=item L<B<engine>|engine(1)>
+=item B<engine>
Engine (loadable module) information and manipulation.
-=item L<B<errstr>|errstr(1)>
+=item B<errstr>
Error Number to Error String Conversion.
=item B<gendh>
Generation of Diffie-Hellman Parameters.
-Obsoleted by L<B<dhparam>|dhparam(1)>.
+Obsoleted by L<openssl-dhparam(1)>.
-=item L<B<gendsa>|gendsa(1)>
+=item B<gendsa>
Generation of DSA Private Key from Parameters. Superseded by
-L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)>.
+L<openssl-genpkey(1)> and L<openssl-pkey(1)>.
-=item L<B<genpkey>|genpkey(1)>
+=item B<genpkey>
Generation of Private Key or Parameters.
-=item L<B<genrsa>|genrsa(1)>
+=item B<genrsa>
+
+Generation of RSA Private Key. Superseded by L<openssl-genpkey(1)>.
+
+=item B<info>
+
+Display diverse information built into the OpenSSL libraries.
-Generation of RSA Private Key. Superseded by L<B<genpkey>|genpkey(1)>.
+=item B<kdf>
-=item L<B<nseq>|nseq(1)>
+Key Derivation Functions.
+
+=item B<mac>
+
+Message Authentication Code Calculation.
+
+=item B<nseq>
Create or examine a Netscape certificate sequence.
-=item L<B<ocsp>|ocsp(1)>
+=item B<ocsp>
Online Certificate Status Protocol utility.
-=item L<B<passwd>|passwd(1)>
+=item B<passwd>
Generation of hashed passwords.
-=item L<B<pkcs12>|pkcs12(1)>
+=item B<pkcs12>
PKCS#12 Data Management.
-=item L<B<pkcs7>|pkcs7(1)>
+=item B<pkcs7>
PKCS#7 Data Management.
-=item L<B<pkcs8>|pkcs8(1)>
+=item B<pkcs8>
PKCS#8 format private key conversion tool.
-=item L<B<pkey>|pkey(1)>
+=item B<pkey>
Public and private key management.
-=item L<B<pkeyparam>|pkeyparam(1)>
+=item B<pkeyparam>
Public key algorithm parameter management.
-=item L<B<pkeyutl>|pkeyutl(1)>
+=item B<pkeyutl>
Public key algorithm cryptographic operation utility.
-=item L<B<prime>|prime(1)>
+=item B<prime>
Compute prime numbers.
-=item L<B<rand>|rand(1)>
+=item B<rand>
Generate pseudo-random bytes.
-=item L<B<rehash>|rehash(1)>
+=item B<rehash>
Create symbolic links to certificate and CRL files named by the hash values.
-=item L<B<req>|req(1)>
+=item B<req>
PKCS#10 X.509 Certificate Signing Request (CSR) Management.
-=item L<B<rsa>|rsa(1)>
+=item B<rsa>
RSA key management.
-
-=item L<B<rsautl>|rsautl(1)>
+=item B<rsautl>
RSA utility for signing, verification, encryption, and decryption. Superseded
-by L<B<pkeyutl>|pkeyutl(1)>.
+by L<openssl-pkeyutl(1)>.
-=item L<B<s_client>|s_client(1)>
+=item B<s_client>
This implements a generic SSL/TLS client which can establish a transparent
connection to a remote server speaking SSL/TLS. It's intended for testing
purposes only and provides only rudimentary interface functionality but
internally uses mostly all functionality of the OpenSSL B<ssl> library.
-=item L<B<s_server>|s_server(1)>
+=item B<s_server>
This implements a generic SSL/TLS server which accepts connections from remote
clients speaking SSL/TLS. It's intended for testing purposes only and provides
line oriented protocol for testing SSL functions and a simple HTTP response
facility to emulate an SSL/TLS-aware webserver.
-=item L<B<s_time>|s_time(1)>
+=item B<s_time>
SSL Connection Timer.
-=item L<B<sess_id>|sess_id(1)>
+=item B<sess_id>
SSL Session Data Management.
-=item L<B<smime>|smime(1)>
+=item B<smime>
S/MIME mail processing.
-=item L<B<speed>|speed(1)>
+=item B<speed>
Algorithm Speed Measurement.
-=item L<B<spkac>|spkac(1)>
+=item B<spkac>
SPKAC printing and generating utility.
-=item L<B<srp>|srp(1)>
+=item B<srp>
Maintain SRP password file.
-=item L<B<storeutl>|storeutl(1)>
+=item B<storeutl>
Utility to list and display certificates, keys, CRLs, etc.
-=item L<B<ts>|ts(1)>
+=item B<ts>
Time Stamping Authority tool (client/server).
-=item L<B<verify>|verify(1)>
+=item B<verify>
X.509 Certificate Verification.
-=item L<B<version>|version(1)>
+=item B<version>
OpenSSL Version Information.
-=item L<B<x509>|x509(1)>
+=item B<x509>
X.509 Certificate Data Management.
=head2 Encoding and Cipher Commands
+The following aliases provide convenient access to the most used encodings
+and ciphers.
+
+Depending on how OpenSSL was configured and built, not all ciphers listed
+here may be present. See L<openssl-enc(1)> for more information and command
+usage.
+
=over 4
+=item B<aes128>, B<aes-128-cbc>, B<aes-128-cfb>, B<aes-128-ctr>, B<aes-128-ecb>, B<aes-128-ofb>
+
+AES-128 Cipher
+
+=item B<aes192>, B<aes-192-cbc>, B<aes-192-cfb>, B<aes-192-ctr>, B<aes-192-ecb>, B<aes-192-ofb>
+
+AES-192 Cipher
+
+=item B<aes256>, B<aes-256-cbc>, B<aes-256-cfb>, B<aes-256-ctr>, B<aes-256-ecb>, B<aes-256-ofb>
+
+AES-256 Cipher
+
+=item B<aria128>, B<aria-128-cbc>, B<aria-128-cfb>, B<aria-128-ctr>, B<aria-128-ecb>, B<aria-128-ofb>
+
+Aria-128 Cipher
+
+=item B<aria192>, B<aria-192-cbc>, B<aria-192-cfb>, B<aria-192-ctr>, B<aria-192-ecb>, B<aria-192-ofb>
+
+Aria-192 Cipher
+
+=item B<aria256>, B<aria-256-cbc>, B<aria-256-cfb>, B<aria-256-ctr>, B<aria-256-ecb>, B<aria-256-ofb>
+
+Aria-256 Cipher
+
=item B<base64>
Base64 Encoding
-=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb>
+=item B<bf>, B<bf-cbc>, B<bf-cfb>, B<bf-ecb>, B<bf-ofb>
Blowfish Cipher
-=item B<cast cast-cbc>
+=item B<camellia128>, B<camellia-128-cbc>, B<camellia-128-cfb>, B<camellia-128-ctr>, B<camellia-128-ecb>, B<camellia-128-ofb>
+
+Camellia-128 Cipher
+
+=item B<camellia192>, B<camellia-192-cbc>, B<camellia-192-cfb>, B<camellia-192-ctr>, B<camellia-192-ecb>, B<camellia-192-ofb>
+
+Camellia-192 Cipher
+
+=item B<camellia256>, B<camellia-256-cbc>, B<camellia-256-cfb>, B<camellia-256-ctr>, B<camellia-256-ecb>, B<camellia-256-ofb>
+
+Camellia-256 Cipher
+
+=item B<cast>, B<cast-cbc>
CAST Cipher
-=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb>
+=item B<cast5-cbc>, B<cast5-cfb>, B<cast5-ecb>, B<cast5-ofb>
CAST5 Cipher
-=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb>
+=item B<chacha20>
+
+Chacha20 Cipher
+
+=item B<des>, B<des-cbc>, B<des-cfb>, B<des-ecb>, B<des-ede>, B<des-ede-cbc>, B<des-ede-cfb>, B<des-ede-ofb>, B<des-ofb>
DES Cipher
-=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb>
+=item B<des3>, B<desx>, B<des-ede3>, B<des-ede3-cbc>, B<des-ede3-cfb>, B<des-ede3-ofb>
Triple-DES Cipher
-=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb>
+=item B<idea>, B<idea-cbc>, B<idea-cfb>, B<idea-ecb>, B<idea-ofb>
IDEA Cipher
-=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb>
+=item B<rc2>, B<rc2-cbc>, B<rc2-cfb>, B<rc2-ecb>, B<rc2-ofb>
RC2 Cipher
RC4 Cipher
-=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb>
+=item B<rc5>, B<rc5-cbc>, B<rc5-cfb>, B<rc5-ecb>, B<rc5-ofb>
RC5 Cipher
+=item B<seed>, B<seed-cbc>, B<seed-cfb>, B<seed-ecb>, B<seed-ofb>
+
+SEED Cipher
+
+=item B<sm4>, B<sm4-cbc>, B<sm4-cfb>, B<sm4-ctr>, B<sm4-ecb>, B<sm4-ofb>
+
+SM4 Cipher
+
=back
=head1 OPTIONS
=item B<-help>
Provides a terse summary of all options.
+If an option takes an argument, the "type" of argument is also given.
+
+=item B<-->
+
+This terminates the list of options. It is mostly useful if any filename
+parameters start with a minus sign:
+
+ openssl verify [flags...] -- -cert1.pem...
+
+=back
+
+=head2 Format Options
+
+Several OpenSSL commands can take input or generate output in a variety
+of formats. The list of acceptable formats, and the default, is
+described in each command documentation. The list of formats is
+described below. Both uppercase and lowercase are accepted.
+
+=over 4
+
+=item B<DER>
+
+A binary format, encoded or parsed according to Distinguished Encoding Rules
+(DER) of the ASN.1 data language.
+
+=item B<ENGINE>
+
+Used to specify that the cryptographic material is in an OpenSSL B<engine>.
+An engine must be configured or specified using the B<-engine> option.
+In addition, the B<-input> flag can be used to name a specific object in
+the engine.
+A password, such as the B<-passin> flag often must be specified as well.
+
+=item B<P12>
+
+A DER-encoded file containing a PKCS#12 object.
+It might be necessary to provide a decryption password to retrieve
+the private key.
+
+=item B<PEM>
+
+A text format defined in IETF RFC 1421 and IETF RFC 7468. Briefly, this is
+a block of base-64 encoding (defined in IETF RFC 4648), with specific
+lines used to mark the start and end:
+
+ Text before the BEGIN line is ignored.
+ ----- BEGIN object-type -----
+ OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
+ xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
+ UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
+ ----- END object-type -----
+ Text after the END line is also ignored
+
+The I<object-type> must match the type of object that is expected.
+For example a C<BEGIN X509 CERTIFICATE> will not match if the command
+is trying to read a private key. The types supported include:
+
+ ANY PRIVATE KEY
+ CERTIFICATE
+ CERTIFICATE REQUEST
+ CMS
+ DH PARAMETERS
+ DSA PARAMETERS
+ DSA PUBLIC KEY
+ EC PARAMETERS
+ EC PRIVATE KEY
+ ECDSA PUBLIC KEY
+ ENCRYPTED PRIVATE KEY
+ PARAMETERS
+ PKCS #7 SIGNED DATA
+ PKCS7
+ PRIVATE KEY
+ PUBLIC KEY
+ RSA PRIVATE KEY
+ SSL SESSION PARAMETERS
+ TRUSTED CERTIFICATE
+ X509 CRL
+ X9.42 DH PARAMETERS
+
+The following legacy I<object-type>'s are also supported for compatibility
+with earlier releases:
+
+ DSA PRIVATE KEY
+ NEW CERTIFICATE REQUEST
+ RSA PUBLIC KEY
+ X509 CERTIFICATE
+
+=item B<SMIME>
+
+An S/MIME object as described in IETF RFC 8551.
+Earlier versions were known as CMS and are compatible.
+Note that the parsing is simple and might fail to parse some legal data.
+
+=back
+
+The options to specify the format are as follows. Refer to the individual
+manpage to see which options are accepted.
+
+=over 4
+
+=item B<-inform> I<format>, B<-outform> I<format>
+
+The format of the input or output streams.
+
+=item B<-keyform> I<format>
+
+Format of a private key input source.
+
+=item B<-CRLform> I<format>
+
+Format of a CRL input source.
=back
=over 4
-=item B<pass:password>
+=item B<pass:>I<password>
-The actual password is
B<password>. Since the password is visible
+The actual password is
I<password>. Since the password is visible
to utilities (like 'ps' under Unix) this form should only be used
where security is not important.
-=item B<env:var>
+=item B<env:>I<var>
-Obtain the password from the environment variable B<var>. Since
+Obtain the password from the environment variable I<var>. Since
the environment of other processes is visible on certain platforms
(e.g. ps under certain Unix OSes) this option should be used with caution.
-=item B<file:pathname>
+=item B<file:>I<pathname>
-The first line of
B<pathname> is the password. If the same B<pathname>
+The first line of
I<pathname> is the password. If the same I<pathname>
argument is supplied to B<-passin> and B<-passout> arguments then the first
line will be used for the input password and the next line for the output
-password.
B<pathname> need not refer to a regular file: it could for example
+password.
I<pathname> need not refer to a regular file: it could for example
refer to a device or named pipe.
-=item B<fd:number>
+=item B<fd:>I<number>
-Read the password from the file descriptor B<number>. This can be used to
+Read the password from the file descriptor I<number>. This can be used to
send the data via a pipe for example.
=item B<stdin>
=back
+=head2 Trusted Certificate Options
+
+Part of validating a certificate includes verifying that the chain of CA's
+can be traced up to an existing trusted root. The following options specify
+how to list the trusted roots, also known as trust anchors. A collection
+of trusted roots is called a I<trust store>.
+
+Note that OpenSSL does not provide a default set of trust anchors. Many
+Linux distributions include a system default and configure OpenSSL to point
+to that. Mozilla maintains an influential trust store that can be found at
+L<https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/>.
+
+=over 4
+
+=item B<-CAfile> I<file>
+
+Load the specified file which contains one or more PEM-format certificates
+of CA's that are trusted.
+
+=item B<-no-CAfile>
+
+Do not load the default file of trusted certificates.
+
+=item B<-CApath> I<dir>
+
+Use the specified directory as a list of trust certificates. That is,
+files should be named with the hash of the X.509 SubjectName of each
+certificate. This is so that the library can extract the IssuerName,
+hash it, and directly lookup the file to get the issuer certificate.
+See L<openssl-rehash(1)> for information on creating this type of directory.
+
+=item B<-no-CApath>
+
+Do not use the default directory of trusted certificates.
+
+=back
+
+=head2 Random State Options
+
+Prior to OpenSSL 3.0, it was common for applications to store information
+about the state of the random-number generator in a file that was loaded
+at startup and rewritten upon exit. On modern operating systems, this is
+generally no longer necessary as OpenSSL will seed itself from the
+appropriate CPU flags, device files, and so on. These flags are still
+supported for special platforms or circumstances that might require them.
+
+It is generally an error to use the same seed file more than once and
+every use of B<-rand> should be paired with B<-writerand>.
+
+=over 4
+
+=item B<-rand> I<files>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is C<;> for MS-Windows, C<,> for OpenVMS, and C<:> for
+all others. Another way to specify multiple files is to repeat this flag
+with different filenames.
+
+=item B<-writerand> I<file>
+
+Writes the seed data to the specified I<file> upon exit.
+This file can be used in a subsequent command invocation.
+
+=back
+
+=head2 Extended Verification Options
+
+Sometimes there may be more than one certificate chain leading to an
+end-entity certificate.
+This usually happens when a root or intermediate CA signs a certificate
+for another a CA in other organization.
+Another reason is when a CA might have intermediates that use two different
+signature formats, such as a SHA-1 and a SHA-256 digest.
+
+The following options can be used to provide data that will allow the
+OpenSSL command to generate an alternative chain.
+
+=over 4
+
+=item B<-xchain_build>
+
+Specify whether the application should build the certificate chain to be
+provided to the server for the extra certificates via the B<-xkey>,
+B<-xcert>, and B<-xchain> options.
+
+=item B<-xkey> I<infile>, B<-xcert> I<infile>, B<-xchain>
+
+Specify an extra certificate, private key and certificate chain. These behave
+in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options. When
+specified, the callback returning the first valid chain will be in use by the
+client.
+
+=item B<-xcertform> B<DER>|B<PEM>, B<-xkeyform> B<DER>|B<PEM>
+
+The input format for the extra certifcate and key, respectively.
+See L<openssl(1)/Format Options> for details.
+
+=back
+
+=head1 ENVIRONMENT
+
+=over 4
+
+=item B<OPENSSL_TRACE=>I<name>[,...]
+
+Enable tracing output of OpenSSL library, by name.
+This output will only make sense if you know OpenSSL internals well.
+Also, it might not give you any output at all, depending on how
+OpenSSL was built.
+
+The value is a comma separated list of names, with the following
+available:
+
+=over 4
+
+=item B<TRACE>
+
+The tracing functionality.
+
+=item B<TLS>
+
+General SSL/TLS.
+
+=item B<TLS_CIPHER>
+
+SSL/TLS cipher.
+
+=item B<ENGINE_CONF>
+
+ENGINE configuration.
+
+=item B<ENGINE_TABLE>
+
+The function that is used by RSA, DSA (etc) code to select registered
+ENGINEs, cache defaults and functional references (etc), will generate
+debugging summaries.
+
+=item B<ENGINE_REF_COUNT>
+
+Reference counts in the ENGINE structure will be monitored with a line
+of generated for each change.
+
+=item B<PKCS5V2>
+
+PKCS#5 v2 keygen.
+
+=item B<PKCS12_KEYGEN>
+
+PKCS#12 key generation.
+
+=item B<PKCS12_DECRYPT>
+
+PKCS#12 decryption.
+
+=item B<X509V3_POLICY>
+
+Generates the complete policy tree at various point during X.509 v3
+policy evaluation.
+
+=item B<BN_CTX>
+
+BIGNUM context.
+
+=back
+
+=back
+
=head1 SEE ALSO
-L<asn1parse(1)>, L<ca(1)>, L<ciphers(1)>, L<cms(1)>, L<config(5)>,
-L<crl(1)>, L<crl2pkcs7(1)>, L<dgst(1)>,
-L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>,
-L<ec(1)>, L<ecparam(1)>,
-L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
-L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
-L<passwd(1)>,
-L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
-L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>, L<prime(1)>,
-L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
-L<rsautl(1)>, L<s_client(1)>,
-L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
-L<smime(1)>, L<speed(1)>, L<spkac(1)>, L<srp(1)>, L<storeutl(1)>,
-L<ts(1)>,
-L<verify(1)>, L<version(1)>, L<x509(1)>,
-L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>
+L<openssl-asn1parse(1)>,
+L<openssl-ca(1)>,
+L<openssl-ciphers(1)>,
+L<openssl-cms(1)>,
+L<openssl-crl(1)>,
+L<openssl-crl2pkcs7(1)>,
+L<openssl-dgst(1)>,
+L<openssl-dhparam(1)>,
+L<openssl-dsa(1)>,
+L<openssl-dsaparam(1)>,
+L<openssl-ec(1)>,
+L<openssl-ecparam(1)>,
+L<openssl-enc(1)>,
+L<openssl-engine(1)>,
+L<openssl-errstr(1)>,
+L<openssl-gendsa(1)>,
+L<openssl-genpkey(1)>,
+L<openssl-genrsa(1)>,
+L<openssl-kdf(1)>,
+L<openssl-mac(1)>,
+L<openssl-nseq(1)>,
+L<openssl-ocsp(1)>,
+L<openssl-passwd(1)>,
+L<openssl-pkcs12(1)>,
+L<openssl-pkcs7(1)>,
+L<openssl-pkcs8(1)>,
+L<openssl-pkey(1)>,
+L<openssl-pkeyparam(1)>,
+L<openssl-pkeyutl(1)>,
+L<openssl-prime(1)>,
+L<openssl-rand(1)>,
+L<openssl-rehash(1)>,
+L<openssl-req(1)>,
+L<openssl-rsa(1)>,
+L<openssl-rsautl(1)>,
+L<openssl-s_client(1)>,
+L<openssl-s_server(1)>,
+L<openssl-s_time(1)>,
+L<openssl-sess_id(1)>,
+L<openssl-smime(1)>,
+L<openssl-speed(1)>,
+L<openssl-spkac(1)>,
+L<openssl-srp(1)>,
+L<openssl-storeutl(1)>,
+L<openssl-ts(1)>,
+L<openssl-verify(1)>,
+L<openssl-version(1)>,
+L<openssl-x509(1)>,
+L<config(5)>,
+L<crypto(7)>,
+L<ssl(7)>,
+L<x509v3_config(5)>
+
=head1 HISTORY
-The B<list->I<XXX>B<-algorithms> pseudo-commands were added in OpenSSL 1.0.0;
+The B<list> -I<XXX>B<-algorithms> options were added in OpenSSL 1.0.0;
For notes on the availability of other commands, see their individual
manual pages.
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
projects / openssl.git / blobdiff