mirror of https://github.com/openssl/openssl
Document most missing options
Add cmd-nits make target. Listing options should stop when it hits the "parameters" separator. Add missing .pod.in files to doc/man1/build.info Tweak find-doc-nits to try openssl-XXX before XXX for POD files and change an error messavge to be more useful. Fix the following pages: ca, cms, crl, dgst, enc, engine, errstr, gendsa, genrsa, list, ocsp, passwd, pkcs7, pkcs12, rand, rehash, req, rsautil, s_server, speed, s_time, sess_id, smime, srp, ts, x509. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10873)
This commit is contained in:
parent
62742fdd8c
commit
65718c516e
|
@ -516,7 +516,7 @@ clean: libclean
|
|||
-$(RM) `find . -name '*{- platform->depext() -}' \! -name '.*' \! -type d -print`
|
||||
-$(RM) `find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -print`
|
||||
$(RM) core
|
||||
$(RM) tags TAGS doc-nits
|
||||
$(RM) tags TAGS doc-nits cmd-nits
|
||||
$(RM) -r test/test-runs
|
||||
$(RM) openssl.pc libcrypto.pc libssl.pc
|
||||
-$(RM) `find . -type l \! -name '.*' -print`
|
||||
|
@ -950,10 +950,13 @@ update: generate errors ordinals
|
|||
generate: generate_apps generate_crypto_bn generate_crypto_objects \
|
||||
generate_crypto_conf generate_crypto_asn1 generate_fuzz_oids
|
||||
|
||||
.PHONY: doc-nits
|
||||
.PHONY: doc-nits cmd-nits
|
||||
doc-nits: build_generated
|
||||
(cd $(SRCDIR); $(PERL) util/find-doc-nits -n -l -e )
|
||||
|
||||
cmd-nits: build_generated apps/openssl
|
||||
(cd $(SRCDIR); $(PERL) util/find-doc-nits -c )
|
||||
|
||||
# Test coverage is a good idea for the future
|
||||
#coverage: $(PROGRAMS) $(TESTPROGRAMS)
|
||||
# ...
|
||||
|
|
|
@ -364,10 +364,12 @@ static void list_options_for_command(const char *command)
|
|||
for ( ; o->name != NULL; o++) {
|
||||
char c = o->valtype;
|
||||
|
||||
if (o->name == OPT_PARAM_STR)
|
||||
break;
|
||||
|
||||
if (o->name == OPT_HELP_STR
|
||||
|| o->name == OPT_MORE_STR
|
||||
|| o->name == OPT_SECTION_STR
|
||||
|| o->name == OPT_PARAM_STR
|
||||
|| o->name[0] == '\0')
|
||||
continue;
|
||||
BIO_printf(bio_out, "%s %c\n", o->name, c == '\0' ? '-' : c);
|
||||
|
|
|
@ -89,6 +89,7 @@ const OPTIONS s_time_options[] = {
|
|||
{"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"},
|
||||
{"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
|
||||
{"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
|
||||
{"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
|
||||
{"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
|
||||
{"CAstore", OPT_CASTORE, ':', "URI to store of CA's"},
|
||||
{"no-CAfile", OPT_NOCAFILE, '-',
|
||||
|
|
|
@ -39,75 +39,75 @@ DEPEND[]= \
|
|||
openssl-x509.pod
|
||||
|
||||
DEPEND[openssl-ca.pod]=../perlvars.pm
|
||||
GENERATE[openssl-ca.pod]=openssl-ca.pod.in
|
||||
DEPEND[openssl-cms.pod]=../perlvars.pm
|
||||
GENERATE[openssl-cms.pod]=openssl-cms.pod.in
|
||||
DEPEND[openssl-crl.pod]=../perlvars.pm
|
||||
GENERATE[openssl-crl.pod]=openssl-crl.pod.in
|
||||
DEPEND[openssl-dgst.pod]=../perlvars.pm
|
||||
GENERATE[openssl-dgst.pod]=openssl-dgst.pod.in
|
||||
DEPEND[openssl-dhparam.pod]=../perlvars.pm
|
||||
GENERATE[openssl-dhparam.pod]=openssl-dhparam.pod.in
|
||||
DEPEND[openssl-dsa.pod]=../perlvars.pm
|
||||
GENERATE[openssl-dsa.pod]=openssl-dsa.pod.in
|
||||
DEPEND[openssl-dsaparam.pod]=../perlvars.pm
|
||||
GENERATE[openssl-dsaparam.pod]=openssl-dsaparam.pod.in
|
||||
DEPEND[openssl-ec.pod]=../perlvars.pm
|
||||
GENERATE[openssl-ec.pod]=openssl-ec.pod.in
|
||||
DEPEND[openssl-ecparam.pod]=../perlvars.pm
|
||||
GENERATE[openssl-ecparam.pod]=openssl-ecparam.pod.in
|
||||
DEPEND[openssl-ec.pod]=../perlvars.pm
|
||||
DEPEND[openssl-enc.pod]=../perlvars.pm
|
||||
GENERATE[openssl-enc.pod]=openssl-enc.pod.in
|
||||
DEPEND[openssl-gendsa.pod]=../perlvars.pm
|
||||
GENERATE[openssl-gendsa.pod]=openssl-gendsa.pod.in
|
||||
DEPEND[openssl-genpkey.pod]=../perlvars.pm
|
||||
GENERATE[openssl-genpkey.pod]=openssl-genpkey.pod.in
|
||||
DEPEND[openssl-genrsa.pod]=../perlvars.pm
|
||||
GENERATE[openssl-genrsa.pod]=openssl-genrsa.pod.in
|
||||
DEPEND[openssl-ocsp.pod]=../perlvars.pm
|
||||
GENERATE[openssl-ocsp.pod]=openssl-ocsp.pod.in
|
||||
DEPEND[openssl-passwd.pod]=../perlvars.pm
|
||||
GENERATE[openssl-passwd.pod]=openssl-passwd.pod.in
|
||||
DEPEND[openssl-pkcs7.pod]=../perlvars.pm
|
||||
GENERATE[openssl-pkcs7.pod]=openssl-pkcs7.pod.in
|
||||
DEPEND[openssl-pkcs8.pod]=../perlvars.pm
|
||||
GENERATE[openssl-pkcs8.pod]=openssl-pkcs8.pod.in
|
||||
DEPEND[openssl-pkcs12.pod]=../perlvars.pm
|
||||
GENERATE[openssl-pkcs12.pod]=openssl-pkcs12.pod.in
|
||||
DEPEND[openssl-pkcs7.pod]=../perlvars.pm
|
||||
DEPEND[openssl-pkcs8.pod]=../perlvars.pm
|
||||
DEPEND[openssl-pkey.pod]=../perlvars.pm
|
||||
GENERATE[openssl-pkey.pod]=openssl-pkey.pod.in
|
||||
DEPEND[openssl-pkeyparam.pod]=../perlvars.pm
|
||||
GENERATE[openssl-pkeyparam.pod]=openssl-pkeyparam.pod.in
|
||||
DEPEND[openssl-pkeyutl.pod]=../perlvars.pm
|
||||
GENERATE[openssl-pkeyutl.pod]=openssl-pkeyutl.pod.in
|
||||
DEPEND[openssl-rand.pod]=../perlvars.pm
|
||||
GENERATE[openssl-rand.pod]=openssl-rand.pod.in
|
||||
DEPEND[openssl-req.pod]=../perlvars.pm
|
||||
GENERATE[openssl-req.pod]=openssl-req.pod.in
|
||||
DEPEND[openssl-rsa.pod]=../perlvars.pm
|
||||
GENERATE[openssl-rsa.pod]=openssl-rsa.pod.in
|
||||
DEPEND[openssl-rsautl.pod]=../perlvars.pm
|
||||
GENERATE[openssl-rsautl.pod]=openssl-rsautl.pod.in
|
||||
DEPEND[openssl-s_client.pod]=../perlvars.pm
|
||||
GENERATE[openssl-s_client.pod]=openssl-s_client.pod.in
|
||||
DEPEND[openssl-s_server.pod]=../perlvars.pm
|
||||
GENERATE[openssl-s_server.pod]=openssl-s_server.pod.in
|
||||
DEPEND[openssl-s_time.pod]=../perlvars.pm
|
||||
GENERATE[openssl-s_time.pod]=openssl-s_time.pod.in
|
||||
DEPEND[openssl-smime.pod]=../perlvars.pm
|
||||
GENERATE[openssl-smime.pod]=openssl-smime.pod.in
|
||||
DEPEND[openssl-speed.pod]=../perlvars.pm
|
||||
GENERATE[openssl-speed.pod]=openssl-speed.pod.in
|
||||
DEPEND[openssl-spkac.pod]=../perlvars.pm
|
||||
GENERATE[openssl-spkac.pod]=openssl-spkac.pod.in
|
||||
DEPEND[openssl-srp.pod]=../perlvars.pm
|
||||
GENERATE[openssl-srp.pod]=openssl-srp.pod.in
|
||||
DEPEND[openssl-storeutl.pod]=../perlvars.pm
|
||||
GENERATE[openssl-storeutl.pod]=openssl-storeutl.pod.in
|
||||
DEPEND[openssl-ts.pod]=../perlvars.pm
|
||||
GENERATE[openssl-ts.pod]=openssl-ts.pod.in
|
||||
DEPEND[openssl-verify.pod]=../perlvars.pm
|
||||
GENERATE[openssl-verify.pod]=openssl-verify.pod.in
|
||||
DEPEND[openssl-x509.pod]=../perlvars.pm
|
||||
|
||||
GENERATE[openssl-ca.pod]=openssl-ca.pod.in
|
||||
GENERATE[openssl-cms.pod]=openssl-cms.pod.in
|
||||
GENERATE[openssl-crl.pod]=openssl-crl.pod.in
|
||||
GENERATE[openssl-dgst.pod]=openssl-dgst.pod.in
|
||||
GENERATE[openssl-dhparam.pod]=openssl-dhparam.pod.in
|
||||
GENERATE[openssl-dsa.pod]=openssl-dsa.pod.in
|
||||
GENERATE[openssl-dsaparam.pod]=openssl-dsaparam.pod.in
|
||||
GENERATE[openssl-ec.pod]=openssl-ec.pod.in
|
||||
GENERATE[openssl-ecparam.pod]=openssl-ecparam.pod.in
|
||||
GENERATE[openssl-enc.pod]=openssl-enc.pod.in
|
||||
GENERATE[openssl-gendsa.pod]=openssl-gendsa.pod.in
|
||||
GENERATE[openssl-genpkey.pod]=openssl-genpkey.pod.in
|
||||
GENERATE[openssl-genrsa.pod]=openssl-genrsa.pod.in
|
||||
GENERATE[openssl-ocsp.pod]=openssl-ocsp.pod.in
|
||||
GENERATE[openssl-passwd.pod]=openssl-passwd.pod.in
|
||||
GENERATE[openssl-pkcs12.pod]=openssl-pkcs12.pod.in
|
||||
GENERATE[openssl-pkcs7.pod]=openssl-pkcs7.pod.in
|
||||
GENERATE[openssl-pkcs8.pod]=openssl-pkcs8.pod.in
|
||||
GENERATE[openssl-pkey.pod]=openssl-pkey.pod.in
|
||||
GENERATE[openssl-pkeyparam.pod]=openssl-pkeyparam.pod.in
|
||||
GENERATE[openssl-pkeyutl.pod]=openssl-pkeyutl.pod.in
|
||||
GENERATE[openssl-rand.pod]=openssl-rand.pod.in
|
||||
GENERATE[openssl-req.pod]=openssl-req.pod.in
|
||||
GENERATE[openssl-rsa.pod]=openssl-rsa.pod.in
|
||||
GENERATE[openssl-rsautl.pod]=openssl-rsautl.pod.in
|
||||
GENERATE[openssl-s_client.pod]=openssl-s_client.pod.in
|
||||
GENERATE[openssl-s_server.pod]=openssl-s_server.pod.in
|
||||
GENERATE[openssl-s_time.pod]=openssl-s_time.pod.in
|
||||
GENERATE[openssl-smime.pod]=openssl-smime.pod.in
|
||||
GENERATE[openssl-speed.pod]=openssl-speed.pod.in
|
||||
GENERATE[openssl-spkac.pod]=openssl-spkac.pod.in
|
||||
GENERATE[openssl-srp.pod]=openssl-srp.pod.in
|
||||
GENERATE[openssl-storeutl.pod]=openssl-storeutl.pod.in
|
||||
GENERATE[openssl-ts.pod]=openssl-ts.pod.in
|
||||
GENERATE[openssl-verify.pod]=openssl-verify.pod.in
|
||||
GENERATE[openssl-x509.pod]=openssl-x509.pod.in
|
||||
|
|
|
@ -23,6 +23,7 @@ B<openssl> B<ca>
|
|||
[B<-crl_CA_compromise> I<time>]
|
||||
[B<-crldays> I<days>]
|
||||
[B<-crlhours> I<hours>]
|
||||
[B<-crlsec> I<seconds>]
|
||||
[B<-crlexts> I<section>]
|
||||
[B<-startdate> I<date>]
|
||||
[B<-enddate> I<date>]
|
||||
|
@ -326,6 +327,10 @@ now to place in the CRL nextUpdate field.
|
|||
|
||||
The number of hours before the next CRL is due.
|
||||
|
||||
=item B<-crlsec> I<num>
|
||||
|
||||
The number of seconds before the next CRL is due.
|
||||
|
||||
=item B<-revoke> I<filename>
|
||||
|
||||
A filename containing a certificate to revoke.
|
||||
|
|
|
@ -11,8 +11,13 @@ B<openssl> B<cms>
|
|||
[B<-help>]
|
||||
[B<-encrypt>]
|
||||
[B<-decrypt>]
|
||||
[B<-debug_decrypt>]
|
||||
[B<-sign>]
|
||||
[B<-verify>]
|
||||
[B<-verify_retcode>]
|
||||
[B<-no_attr_verify>]
|
||||
[B<-nosigs>]
|
||||
[B<-no_content_verify>]
|
||||
[B<-cmsout>]
|
||||
[B<-resign>]
|
||||
[B<-cades>]
|
||||
|
@ -22,6 +27,7 @@ B<openssl> B<cms>
|
|||
[B<-digest_verify>]
|
||||
[B<-compress>]
|
||||
[B<-uncompress>]
|
||||
[B<-EncryptedData_decrypt>]
|
||||
[B<-EncryptedData_encrypt>]
|
||||
[B<-sign_receipt>]
|
||||
[B<-verify_receipt> I<receipt>]
|
||||
|
@ -34,7 +40,6 @@ B<openssl> B<cms>
|
|||
[B<-stream>]
|
||||
[B<-indef>]
|
||||
[B<-noindef>]
|
||||
[B<-noindef>]
|
||||
[B<-content> I<filename>]
|
||||
[B<-text>]
|
||||
[B<-noout>]
|
||||
|
@ -59,6 +64,7 @@ B<openssl> B<cms>
|
|||
[B<-receipt_request_from> I<emailaddress>]
|
||||
[B<-receipt_request_to> I<emailaddress>]
|
||||
[B<-receipt_request_print>]
|
||||
[B<-pwri_password> I<password>]
|
||||
[B<-secretkey> I<key>]
|
||||
[B<-secretkeyid> I<id>]
|
||||
[B<-econtent_type> I<type>]
|
||||
|
@ -71,6 +77,7 @@ B<openssl> B<cms>
|
|||
{- $OpenSSL::safe::opt_v_synopsis -}
|
||||
{- $OpenSSL::safe::opt_trust_synopsis -}
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
{- $OpenSSL::safe::opt_engine_synopsis -}
|
||||
[I<cert.pem> ...]
|
||||
|
||||
=for openssl ifdef des-wrap engine
|
||||
|
@ -123,6 +130,22 @@ to the output file.
|
|||
Verify signed mail. Expects a signed mail message on input and outputs
|
||||
the signed data. Both clear text and opaque signing is supported.
|
||||
|
||||
=item B<-verify_retcode>
|
||||
|
||||
Exit nonzero on verification failure.
|
||||
|
||||
=item B<-no_attr_verify>
|
||||
|
||||
Do not verify signed attribute signatures.
|
||||
|
||||
=item B<-no_content_verify>
|
||||
|
||||
Do not verify signed content signatures.
|
||||
|
||||
=item B<-nosigs>
|
||||
|
||||
Don't verify message signature.
|
||||
|
||||
=item B<-cmsout>
|
||||
|
||||
Takes an input message and writes out a PEM encoded CMS structure.
|
||||
|
@ -164,6 +187,11 @@ Uncompress a CMS B<CompressedData> type and output the content. OpenSSL must be
|
|||
compiled with B<zlib> support for this option to work, otherwise it will
|
||||
output an error.
|
||||
|
||||
=item B<-EncryptedData_decrypt>
|
||||
|
||||
Decrypt content using supplied symmetric key and algorithm using a CMS
|
||||
B<EncryptedData> type and output the content.
|
||||
|
||||
=item B<-EncryptedData_encrypt>
|
||||
|
||||
Encrypt content using supplied symmetric key and algorithm using a CMS
|
||||
|
@ -214,7 +242,7 @@ The signed receipt format for use with the B<-receipt_verify>; the default
|
|||
is B<SMIME>.
|
||||
See L<openssl(1)/Format Options> for details.
|
||||
|
||||
=item B<-stream>, B<-indef>, B<-noindef>
|
||||
=item B<-stream>, B<-indef>
|
||||
|
||||
The B<-stream> and B<-indef> options are equivalent and enable streaming I/O
|
||||
for encoding operations. This permits single pass processing of data without
|
||||
|
@ -385,6 +413,10 @@ option B<must> but supplied if a signed receipt it requested.
|
|||
For the B<-verify> operation print out the contents of any signed receipt
|
||||
requests.
|
||||
|
||||
=item B<-pwri_password> I<password>
|
||||
|
||||
Specify password for recipient.
|
||||
|
||||
=item B<-secretkey> I<key>
|
||||
|
||||
Specify symmetric key to use. The key must be supplied in hex format and be
|
||||
|
@ -442,6 +474,8 @@ Any verification errors cause the command to exit.
|
|||
|
||||
{- $OpenSSL::safe::opt_r_item -}
|
||||
|
||||
{- $OpenSSL::safe::opt_engine_item -}
|
||||
|
||||
=item I<cert.pem> ...
|
||||
|
||||
One or more certificates of message recipients: used when encrypting
|
||||
|
|
|
@ -11,12 +11,19 @@ B<openssl> B<crl>
|
|||
[B<-help>]
|
||||
[B<-inform> B<DER>|B<PEM>]
|
||||
[B<-outform> B<DER>|B<PEM>]
|
||||
[B<-key> I<filename>]
|
||||
[B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
|
||||
[B<-text>]
|
||||
[B<-in> I<filename>]
|
||||
[B<-out> I<filename>]
|
||||
[B<-gendelta> I<filename>]
|
||||
[B<-badsig>]
|
||||
[B<-verify>]
|
||||
[B<-noout>]
|
||||
[B<-hash>]
|
||||
[B<-hash_old>]
|
||||
[B<-fingerprint>]
|
||||
[B<-crlnumber>]
|
||||
[B<-issuer>]
|
||||
[B<-lastupdate>]
|
||||
[B<-nextupdate>]
|
||||
|
@ -42,6 +49,10 @@ Print out a usage message.
|
|||
The input and output formats of the CRL; the default is B<PEM>.
|
||||
See L<openssl(1)/Format Options> for details.
|
||||
|
||||
=item B<-key> I<filename>
|
||||
|
||||
The private key to be used to sign the CRL.
|
||||
|
||||
=item B<-keyform> B<DER>|B<PEM>|B<ENGINE>
|
||||
|
||||
The format of the private key file; the default is B<PEM>.
|
||||
|
@ -57,14 +68,35 @@ option is not specified.
|
|||
Specifies the output filename to write to or standard output by
|
||||
default.
|
||||
|
||||
=item B<-gendelta> I<filename>
|
||||
|
||||
Output a comparison of the main CRL and the one specified here.
|
||||
|
||||
=item B<-badsig>
|
||||
|
||||
Corrupt the signature before writing it; this can be useful
|
||||
for testing.
|
||||
|
||||
=item B<-text>
|
||||
|
||||
Print out the CRL in text form.
|
||||
|
||||
=item B<-verify>
|
||||
|
||||
Verify the signature in the CRL.
|
||||
|
||||
=item B<-noout>
|
||||
|
||||
Don't output the encoded version of the CRL.
|
||||
|
||||
=item B<-fingerprint>
|
||||
|
||||
Output the fingerprint of the CRL.
|
||||
|
||||
=item B<-crlnumber>
|
||||
|
||||
Output the number of the CRL.
|
||||
|
||||
=item B<-hash>
|
||||
|
||||
Output a hash of the issuer name. This can be use to lookup CRLs in
|
||||
|
|
|
@ -12,6 +12,7 @@ B<openssl> B<dgst>|I<digest>
|
|||
[B<-help>]
|
||||
[B<-c>]
|
||||
[B<-d>]
|
||||
[B<-debug>]
|
||||
[B<-list>]
|
||||
[B<-hex>]
|
||||
[B<-binary>]
|
||||
|
@ -25,10 +26,11 @@ B<openssl> B<dgst>|I<digest>
|
|||
[B<-signature> I<filename>]
|
||||
[B<-sigopt> I<nm>:I<v>]
|
||||
[B<-hmac> I<key>]
|
||||
[B<-mac> I<alg>]
|
||||
[B<-macopt> I<nm>:I<v>]
|
||||
[B<-fips-fingerprint>]
|
||||
[B<-engine> I<id>]
|
||||
[B<-engine_impl> I<id>]
|
||||
{- $OpenSSL::safe::opt_engine_synopsis -}
|
||||
[B<-engine_impl> I<id>]
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
[I<file> ...]
|
||||
|
||||
|
@ -62,7 +64,7 @@ supported digests, use the command C<list --digest-commands>.
|
|||
Print out the digest in two digit groups separated by colons, only relevant if
|
||||
the B<-hex> option is given as well.
|
||||
|
||||
=item B<-d>
|
||||
=item B<-d>, B<-debug>
|
||||
|
||||
Print out BIO debugging information.
|
||||
|
||||
|
@ -177,7 +179,7 @@ Compute HMAC using a specific key for certain OpenSSL-FIPS operations.
|
|||
The engine is not used for digests unless the B<-engine_impl> option is
|
||||
used or it is configured to do so, see L<config(5)/Engine Configuration Module>.
|
||||
|
||||
=item B<-engine_impl>
|
||||
=item B<-engine_impl> I<id>
|
||||
|
||||
When used with the B<-engine> option, it specifies to also use
|
||||
engine I<id> for digest operations.
|
||||
|
|
|
@ -35,12 +35,13 @@ B<openssl> B<enc>|I<cipher>
|
|||
[B<-P>]
|
||||
[B<-bufsize> I<number>]
|
||||
[B<-nopad>]
|
||||
[B<-v>]
|
||||
[B<-debug>]
|
||||
[B<-none>]
|
||||
{- $OpenSSL::safe::opt_engine_synopsis -}
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
|
||||
=for openssl ifdef z engine
|
||||
=for openssl ifdef z engine ciphers
|
||||
|
||||
B<openssl> I<cipher> [B<...>]
|
||||
|
||||
|
@ -176,6 +177,10 @@ Set the buffer size for I/O.
|
|||
|
||||
Disable standard block padding.
|
||||
|
||||
=item B<-v>
|
||||
|
||||
Verbose print; display some statistics about I/O and buffer sizes.
|
||||
|
||||
=item B<-debug>
|
||||
|
||||
Debug the BIOs used for I/O.
|
||||
|
|
|
@ -7,6 +7,7 @@ openssl-engine - load and query engines
|
|||
=head1 SYNOPSIS
|
||||
|
||||
B<openssl engine>
|
||||
[B<-help>]
|
||||
[B<-v>]
|
||||
[B<-vv>]
|
||||
[B<-vvv>]
|
||||
|
@ -29,6 +30,10 @@ Only those specified are queried.
|
|||
|
||||
=over 4
|
||||
|
||||
=item B<-help>
|
||||
|
||||
Display an option summary.
|
||||
|
||||
=item B<-v> B<-vv> B<-vvv> B<-vvvv>
|
||||
|
||||
Provides information about each specified engine. The first flag lists
|
||||
|
|
|
@ -6,24 +6,32 @@ openssl-errstr - lookup error codes
|
|||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
B<openssl errstr> I<error_code>
|
||||
B<openssl errstr>
|
||||
[B<-help>]
|
||||
I<error_code...>
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
Sometimes an application will not load error message and only
|
||||
Sometimes an application will not load error message texts and only
|
||||
numerical forms will be available. This command can be
|
||||
used to display the meaning of the hex code. The hex code is the hex digits
|
||||
after the second colon.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
None.
|
||||
=over 4
|
||||
|
||||
=item B<-help>
|
||||
|
||||
Display a usage message.
|
||||
|
||||
=back
|
||||
|
||||
=head1 EXAMPLES
|
||||
|
||||
The error code:
|
||||
|
||||
27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107:
|
||||
27594:error:2006D080:lib(32)::reason(128)::107:
|
||||
|
||||
can be displayed with:
|
||||
|
||||
|
@ -31,7 +39,7 @@ can be displayed with:
|
|||
|
||||
to produce the error message:
|
||||
|
||||
error:2006D080:BIO routines:BIO_new_file:no such file
|
||||
error:2006D080:BIO routines::no such file
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ openssl-gendsa - generate a DSA private key from a set of parameters
|
|||
B<openssl> B<gendsa>
|
||||
[B<-help>]
|
||||
[B<-out> I<filename>]
|
||||
[B<-passout> I<arg>]
|
||||
[B<-aes128>]
|
||||
[B<-aes192>]
|
||||
[B<-aes256>]
|
||||
|
@ -47,6 +48,11 @@ Print out a usage message.
|
|||
Output the key to the specified file. If this argument is not specified then
|
||||
standard output is used.
|
||||
|
||||
=item B<-passout> I<arg>
|
||||
|
||||
The passphrase used for the output file.
|
||||
See L<openssl(1)/Pass Phrase Options>.
|
||||
|
||||
=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
|
||||
|
||||
These options encrypt the private key with specified
|
||||
|
|
|
@ -23,7 +23,9 @@ B<openssl> B<genrsa>
|
|||
[B<-des>]
|
||||
[B<-des3>]
|
||||
[B<-idea>]
|
||||
[B<-f4>|B<-3>]
|
||||
[B<-F4>]
|
||||
[B<-f4>]
|
||||
[B<-3>]
|
||||
[B<-primes> I<num>]
|
||||
[B<-verbose>]
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
|
@ -61,7 +63,7 @@ cipher before outputting it. If none of these options is
|
|||
specified no encryption is used. If encryption is used a pass phrase is prompted
|
||||
for if it is not supplied via the B<-passout> argument.
|
||||
|
||||
=item B<-F4>|B<-3>
|
||||
=item B<-F4>, B<-f4>, B<-3>
|
||||
|
||||
The public exponent to use, either 65537 or 3. The default is 65537.
|
||||
|
||||
|
|
|
@ -21,6 +21,8 @@ B<openssl list>
|
|||
[B<-public-key-methods>]
|
||||
[B<-engines>]
|
||||
[B<-disabled>]
|
||||
[B<-objects>]
|
||||
[B<-options> I<command>]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
|
@ -92,6 +94,14 @@ of the installation.
|
|||
Display a list of built in objects, i.e. OIDs with names. They're listed in the
|
||||
format described in L<config(5)/ASN1 Object Configuration Module>.
|
||||
|
||||
=item B<-options> I<command>
|
||||
|
||||
Output a two-column list of the options accepted by the specified I<command>.
|
||||
The first is the option name, and the second is a one-character indication
|
||||
of what type of parameter it takes, if any.
|
||||
This is an internal option, used for checking that the documentation
|
||||
is complete.
|
||||
|
||||
=back
|
||||
|
||||
=head2 Display of algorithm names
|
||||
|
|
|
@ -30,6 +30,7 @@ B<openssl> B<ocsp>
|
|||
[B<-host> I<host>:I<port>]
|
||||
[B<-multi> I<process-count>]
|
||||
[B<-header>]
|
||||
[B<-timeout> I<seconds>]
|
||||
[B<-path>]
|
||||
[B<-VAfile> I<file>]
|
||||
[B<-validity_period> I<n>]
|
||||
|
@ -52,6 +53,8 @@ B<openssl> B<ocsp>
|
|||
[B<-passin> I<arg>]
|
||||
[B<-rother> I<file>]
|
||||
[B<-rsigopt> I<nm>:I<v>]
|
||||
[B<-rmd> I<digest>]
|
||||
[B<-badsig>]
|
||||
[B<-resp_no_certs>]
|
||||
[B<-nmin> I<n>]
|
||||
[B<-ndays> I<n>]
|
||||
|
@ -328,6 +331,15 @@ see L<openssl(1)/Pass Phrase Options>.
|
|||
Pass options to the signature algorithm when signing OCSP responses.
|
||||
Names and values of these options are algorithm-specific.
|
||||
|
||||
=item B<-rmd> I<digest>
|
||||
|
||||
The digest to use when signing the response.
|
||||
|
||||
=item B<-badsig>
|
||||
|
||||
Corrupt the response signature before writing it; this can be useful
|
||||
for testing.
|
||||
|
||||
=item B<-port> I<portnum>
|
||||
|
||||
Port to listen for OCSP requests on. The port may also be specified
|
||||
|
|
|
@ -21,6 +21,7 @@ B<openssl passwd>
|
|||
[B<-noverify>]
|
||||
[B<-quiet>]
|
||||
[B<-table>]
|
||||
[B<-reverse>]
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
[I<password>]
|
||||
|
||||
|
@ -93,6 +94,10 @@ Don't output warnings when passwords given at the command line are truncated.
|
|||
In the output list, prepend the cleartext password and a TAB character
|
||||
to each password hash.
|
||||
|
||||
=item B<-reverse>
|
||||
|
||||
When the B<-table> option is used, reverse the order of cleartext and hash.
|
||||
|
||||
{- $OpenSSL::safe::opt_r_item -}
|
||||
|
||||
=back
|
||||
|
|
|
@ -24,8 +24,22 @@ B<openssl> B<pkcs12>
|
|||
[B<-cacerts>]
|
||||
[B<-nokeys>]
|
||||
[B<-info>]
|
||||
[B<-des> B<-des3> B<-idea> B<-aes128> B<-aes192> B<-aes256> B<-aria128> B<-aria192> B<-aria256> B<-camellia128> B<-camellia192> B<-camellia256> B<-nodes>]
|
||||
[B<-iter> I<count> | B<-noiter> | B<-nomaciter>]
|
||||
[B<-des>]
|
||||
[B<-des3>]
|
||||
[B<-idea>]
|
||||
[B<-aes128>]
|
||||
[B<-aes192>]
|
||||
[B<-aes256>]
|
||||
[B<-aria128>]
|
||||
[B<-aria192>]
|
||||
[B<-aria256>]
|
||||
[B<-camellia128>]
|
||||
[B<-camellia192>]
|
||||
[B<-camellia256>]
|
||||
[B<-nodes>]
|
||||
[B<-iter> I<count>]
|
||||
[B<-noiter>]
|
||||
[B<-nomaciter>]
|
||||
[B<-maciter>]
|
||||
[B<-nomac>]
|
||||
[B<-twopass>]
|
||||
|
@ -38,6 +52,7 @@ B<openssl> B<pkcs12>
|
|||
[B<-password> I<arg>]
|
||||
[B<-passin> I<arg>]
|
||||
[B<-passout> I<arg>]
|
||||
[B<-LMK>]
|
||||
[B<-CSP> I<name>]
|
||||
{- $OpenSSL::safe::opt_trust_synopsis -}
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
|
@ -264,6 +279,10 @@ to be needed to use MAC iterations counts but they are now used by default.
|
|||
|
||||
Don't attempt to provide the MAC integrity.
|
||||
|
||||
=item B<-LMK>
|
||||
|
||||
Add the "Local Key Set" identifier to the attributes.
|
||||
|
||||
=item B<-CSP> I<name>
|
||||
|
||||
Write I<name> as a Microsoft CSP name.
|
||||
|
|
|
@ -17,6 +17,7 @@ B<openssl> B<pkcs7>
|
|||
[B<-outform> B<DER>|B<PEM>]
|
||||
[B<-in> I<filename>]
|
||||
[B<-out> I<filename>]
|
||||
[B<-print>]
|
||||
[B<-print_certs>]
|
||||
[B<-text>]
|
||||
[B<-noout>]
|
||||
|
@ -30,8 +31,6 @@ This command processes PKCS#7 files. Note that it only understands PKCS#7
|
|||
v 1.5 as specified in IETF RFC 2315. It cannot currently parse CMS as
|
||||
described in IETF RFC 2630.
|
||||
|
||||
There is no option to print out all the fields of a PKCS#7 file.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
@ -57,6 +56,10 @@ option is not specified.
|
|||
Specifies the output filename to write to or standard output by
|
||||
default.
|
||||
|
||||
=item B<-print>
|
||||
|
||||
Print out the full PKCS7 object.
|
||||
|
||||
=item B<-print_certs>
|
||||
|
||||
Prints out any certificates or CRLs contained in the file. They are
|
||||
|
@ -64,13 +67,13 @@ preceded by their subject and issuer names in one line format.
|
|||
|
||||
=item B<-text>
|
||||
|
||||
Prints out certificates details in full rather than just subject and
|
||||
Prints out certificate details in full rather than just subject and
|
||||
issuer names.
|
||||
|
||||
=item B<-noout>
|
||||
|
||||
Don't output the encoded version of the PKCS#7 structure (or certificates
|
||||
is B<-print_certs> is set).
|
||||
if B<-print_certs> is set).
|
||||
|
||||
{- $OpenSSL::safe::opt_engine_item -}
|
||||
|
||||
|
|
|
@ -12,6 +12,7 @@ B<openssl rand>
|
|||
[B<-out> I<file>]
|
||||
[B<-base64>]
|
||||
[B<-hex>]
|
||||
{- $OpenSSL::safe::opt_engine_synopsis -}
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
I<num>
|
||||
|
||||
|
@ -42,6 +43,8 @@ Perform base64 encoding on the output.
|
|||
|
||||
Show the output as a hex string.
|
||||
|
||||
{- $OpenSSL::safe::opt_engine_item -}
|
||||
|
||||
{- $OpenSSL::safe::opt_r_item -}
|
||||
|
||||
=back
|
||||
|
|
|
@ -15,6 +15,7 @@ B<rehash>
|
|||
[B<-h>]
|
||||
[B<-help>]
|
||||
[B<-old>]
|
||||
[B<-compat>]
|
||||
[B<-n>]
|
||||
[B<-v>]
|
||||
[I<directory>] ...
|
||||
|
@ -29,9 +30,9 @@ B<c_rehash>
|
|||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
On some platforms, this command isn't available, and the external
|
||||
script B<c_rehash> has to be used instead. They are functionally
|
||||
equivalent, except for minor differences noted below.
|
||||
This command is generally equivalent to the external
|
||||
script B<c_rehash>,
|
||||
except for minor differences noted below.
|
||||
|
||||
B<openssl rehash> scans directories and calculates a hash value of
|
||||
each F<.pem>, F<.crt>, F<.cer>, or F<.crl>
|
||||
|
|
|
@ -22,6 +22,7 @@ B<openssl> B<req>
|
|||
[B<-modulus>]
|
||||
[B<-new>]
|
||||
[B<-newkey> I<arg>]
|
||||
[B<-pkeyopt> I<opt>:I<value>]
|
||||
[B<-nodes>]
|
||||
[B<-key> I<filename>]
|
||||
[B<-keyform> B<DER>|B<PEM>]
|
||||
|
|
|
@ -10,6 +10,8 @@ openssl-rsautl - RSA utility
|
|||
B<openssl> B<rsautl>
|
||||
[B<-help>]
|
||||
[B<-in> I<file>]
|
||||
[B<-passin> I<arg>]
|
||||
[B<-rev>]
|
||||
[B<-out> I<file>]
|
||||
[B<-inkey> I<file>]
|
||||
[B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
|
||||
|
@ -20,10 +22,16 @@ B<openssl> B<rsautl>
|
|||
[B<-encrypt>]
|
||||
[B<-decrypt>]
|
||||
[B<-pkcs>]
|
||||
[B<-x931>]
|
||||
[B<-oaep>]
|
||||
[B<-ssl>]
|
||||
[B<-raw>]
|
||||
[B<-pkcs>]
|
||||
[B<-ssl>]
|
||||
[B<-raw>]
|
||||
[B<-hexdump>]
|
||||
[B<-asn1parse>]
|
||||
{- $OpenSSL::safe::opt_engine_synopsis -}
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
|
||||
=for openssl ifdef engine
|
||||
|
@ -46,6 +54,15 @@ Print out a usage message.
|
|||
This specifies the input filename to read data from or standard input
|
||||
if this option is not specified.
|
||||
|
||||
=item B<-passin> I<arg>
|
||||
|
||||
The passphrase used in the output file.
|
||||
See see L<openssl(1)/Pass Phrase Options>.
|
||||
|
||||
=item B<-rev>
|
||||
|
||||
Reverse the order of the input.
|
||||
|
||||
=item B<-out> I<filename>
|
||||
|
||||
Specifies the output filename to write to or standard output by
|
||||
|
@ -85,9 +102,10 @@ Encrypt the input data using an RSA public key.
|
|||
|
||||
Decrypt the input data using an RSA private key.
|
||||
|
||||
=item B<-pkcs>, B<-oaep>, B<-ssl>, B<-raw>
|
||||
=item B<-pkcs>, B<-oaep>, B<-x931> B<-ssl>, B<-raw>
|
||||
|
||||
The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
|
||||
ANSI X9.31,
|
||||
special padding used in SSL v2 backwards compatible handshakes,
|
||||
or no padding, respectively.
|
||||
For signatures, only B<-pkcs> and B<-raw> can be used.
|
||||
|
@ -101,6 +119,8 @@ Hex dump the output data.
|
|||
Parse the ASN.1 output data, this is useful when combined with the
|
||||
B<-verify> option.
|
||||
|
||||
{- $OpenSSL::safe::opt_engine_item -}
|
||||
|
||||
{- $OpenSSL::safe::opt_r_item -}
|
||||
|
||||
=back
|
||||
|
|
|
@ -50,6 +50,7 @@ B<openssl> B<s_server>
|
|||
[B<-id_prefix> I<val>]
|
||||
[B<-keymatexport> I<val>]
|
||||
[B<-keymatexportlen> I<+int>]
|
||||
[B<-CRLform> B<DER>|B<PEM>]
|
||||
[B<-CRL> I<infile>]
|
||||
[B<-crl_download>]
|
||||
[B<-cert_chain> I<infile>]
|
||||
|
@ -125,7 +126,9 @@ B<openssl> B<s_server>
|
|||
[B<-alpn> I<val>]
|
||||
[B<-keylogfile> I<outfile>]
|
||||
[B<-max_early_data> I<int>]
|
||||
[B<-recv_max_early_data> I<int>]
|
||||
[B<-early_data>]
|
||||
[B<-stateless>]
|
||||
[B<-anti_replay>]
|
||||
[B<-no_anti_replay>]
|
||||
[B<-http_server_binmode>]
|
||||
|
@ -615,11 +618,20 @@ and any incoming early data (when used in conjunction with the B<-early_data>
|
|||
flag). The default value is approximately 16k. The argument must be an integer
|
||||
greater than or equal to 0.
|
||||
|
||||
=item B<-recv_max_early_data> I<int>
|
||||
|
||||
Specify the hard limit on the maximum number of early data bytes that will
|
||||
be accepted.
|
||||
|
||||
=item B<-early_data>
|
||||
|
||||
Accept early data where possible. Cannot be used in conjunction with B<-www>,
|
||||
B<-WWW>, B<-HTTP> or B<-rev>.
|
||||
|
||||
=item B<-stateless>
|
||||
|
||||
Require TLSv1.3 cookies.
|
||||
|
||||
=item B<-anti_replay>, B<-no_anti_replay>
|
||||
|
||||
Switches replay protection on or off, respectively. Replay protection is on by
|
||||
|
|
|
@ -17,11 +17,16 @@ B<openssl> B<s_time>
|
|||
[B<-new>]
|
||||
[B<-verify> I<depth>]
|
||||
[B<-time> I<seconds>]
|
||||
{- $OpenSSL::safe::opt_versiontls_synopsis -}
|
||||
[B<-ssl3>]
|
||||
[B<-tls1>]
|
||||
[B<-tls1_1>]
|
||||
[B<-tls1_2>]
|
||||
[B<-tls1_3>]
|
||||
[B<-bugs>]
|
||||
[B<-cipher> I<cipherlist>]
|
||||
[B<-ciphersuites> I<val>]
|
||||
{- $OpenSSL::safe::opt_name_synopsis -}
|
||||
[B<-cafile> I<file>]
|
||||
{- $OpenSSL::safe::opt_trust_synopsis -}
|
||||
|
||||
=for openssl ifdef ssl3 tls1 tls1_1 tls1_2 tls1_3
|
||||
|
@ -117,7 +122,13 @@ can establish.
|
|||
|
||||
{- $OpenSSL::safe::opt_trust_item -}
|
||||
|
||||
{- $OpenSSL::safe::opt_versiontls_item -}
|
||||
=item B<-cafile> I<file>
|
||||
|
||||
This is an obsolete synonym for B<-CAfile>.
|
||||
|
||||
=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>
|
||||
|
||||
See L<openssl(1)/TLS Version Options>.
|
||||
|
||||
=back
|
||||
|
||||
|
@ -162,6 +173,10 @@ be able to measure the performance of all protocols with all servers.
|
|||
The B<-verify> option should really exit if the server verification
|
||||
fails.
|
||||
|
||||
=head1 HISTORY
|
||||
|
||||
The B<-cafile> option was deprecated in OpenSSL 3.0.
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
L<openssl(1)>,
|
||||
|
|
|
@ -13,6 +13,7 @@ B<openssl> B<sess_id>
|
|||
[B<-in> I<filename>]
|
||||
[B<-out> I<filename>]
|
||||
[B<-text>]
|
||||
[B<-cert>]
|
||||
[B<-noout>]
|
||||
[B<-context> I<ID>]
|
||||
|
||||
|
|
|
@ -21,6 +21,14 @@ B<openssl> B<smime>
|
|||
[B<-in> I<file>]
|
||||
[B<-certfile> I<file>]
|
||||
[B<-signer> I<file>]
|
||||
[B<-nointern>]
|
||||
[B<-noverify>]
|
||||
[B<-nochain>]
|
||||
[B<-nosigs>]
|
||||
[B<-nocerts>]
|
||||
[B<-noattr>]
|
||||
[B<-nodetach>]
|
||||
[B<-nosmimecap>]
|
||||
[B<-recip> I< file>]
|
||||
[B<-inform> B<DER>|B<PEM>|B<SMIME>]
|
||||
[B<-outform> B<DER>|B<PEM>|B<SMIME>]
|
||||
|
@ -38,6 +46,7 @@ B<openssl> B<smime>
|
|||
[B<-stream>]
|
||||
[B<-md> I<digest>]
|
||||
{- $OpenSSL::safe::opt_trust_synopsis -}
|
||||
{- $OpenSSL::safe::opt_engine_synopsis -}
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
{- $OpenSSL::safe::opt_v_synopsis -}
|
||||
I<cert.pem> ...
|
||||
|
@ -178,7 +187,7 @@ Do not verify the signers certificate of a signed message.
|
|||
|
||||
=item B<-nochain>
|
||||
|
||||
Do not do chain verification of signers certificates: that is don't
|
||||
Do not do chain verification of signers certificates; that is, do not
|
||||
use the certificates in the signed message as untrusted CAs.
|
||||
|
||||
=item B<-nosigs>
|
||||
|
@ -198,6 +207,17 @@ Normally when a message is signed a set of attributes are included which
|
|||
include the signing time and supported symmetric algorithms. With this
|
||||
option they are not included.
|
||||
|
||||
=item B<-nodetach>
|
||||
|
||||
When signing a message use opaque signing. This form is more resistant
|
||||
to translation by mail relays but it cannot be read by mail agents that
|
||||
do not support S/MIME. Without this option cleartext signing with
|
||||
the MIME type multipart/signed is used.
|
||||
|
||||
=item B<-nosmimecap>
|
||||
|
||||
When signing a message, do not include the B<SMIMECapabilities> attribute.
|
||||
|
||||
=item B<-binary>
|
||||
|
||||
Normally the input message is converted to "canonical" format which is
|
||||
|
@ -210,13 +230,6 @@ is useful when handling binary data which may not be in MIME format.
|
|||
Normally the output file uses a single B<LF> as end of line. When this
|
||||
option is present B<CRLF> is used instead.
|
||||
|
||||
=item B<-nodetach>
|
||||
|
||||
When signing a message use opaque signing: this form is more resistant
|
||||
to translation by mail relays but it cannot be read by mail agents that
|
||||
do not support S/MIME. Without this option cleartext signing with
|
||||
the MIME type multipart/signed is used.
|
||||
|
||||
=item B<-certfile> I<file>
|
||||
|
||||
Allows additional certificates to be specified. When signing these will
|
||||
|
@ -230,6 +243,14 @@ used multiple times if more than one signer is required. If a message is being
|
|||
verified then the signers certificates will be written to this file if the
|
||||
verification was successful.
|
||||
|
||||
=item B<-nocerts>
|
||||
|
||||
Don't include signers certificate when signing.
|
||||
|
||||
=item B<-noattr>
|
||||
|
||||
Don't include any signed attributes when signing.
|
||||
|
||||
=item B<-recip> I<file>
|
||||
|
||||
The recipients certificate when decrypting a message. This certificate
|
||||
|
@ -263,6 +284,8 @@ Any verification errors cause the command to exit.
|
|||
|
||||
{- $OpenSSL::safe::opt_trust_item -}
|
||||
|
||||
{- $OpenSSL::safe::opt_engine_item -}
|
||||
|
||||
{- $OpenSSL::safe::opt_r_item -}
|
||||
|
||||
=item I<cert.pem> ...
|
||||
|
|
|
@ -13,10 +13,16 @@ B<openssl speed>
|
|||
[B<-evp> I<algo>]
|
||||
[B<-hmac> I<algo>]
|
||||
[B<-cmac> I<algo>]
|
||||
[B<-mb>]
|
||||
[B<-aead>]
|
||||
[B<-multi> I<num>]
|
||||
[B<-async_jobs> I<num>]
|
||||
[B<-misalign> I<num>]
|
||||
[B<-decrypt>]
|
||||
[B<-primes> I<num>]
|
||||
[B<-seconds> I<num>]
|
||||
[B<-bytes> I<num>]
|
||||
[B<-mr>]
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
{- $OpenSSL::safe::opt_engine_synopsis -}
|
||||
[I<algorithm> ...]
|
||||
|
@ -51,6 +57,18 @@ If I<algo> is an AEAD cipher, then you can pass B<-aead> to benchmark a
|
|||
TLS-like sequence. And if I<algo> is a multi-buffer capable cipher, e.g.
|
||||
aes-128-cbc-hmac-sha1, then B<-mb> will time multi-buffer operation.
|
||||
|
||||
=item B<-multi> I<num>
|
||||
|
||||
Run multiple operations in parallel.
|
||||
|
||||
=item B<-async_jobs> I<num>
|
||||
|
||||
Enable async mode and start specified number of jobs.
|
||||
|
||||
=item B<-misalign> I<num>
|
||||
|
||||
Misalign the buffers by the specified number of bytes.
|
||||
|
||||
=item B<-hmac> I<digest>
|
||||
|
||||
Time the HMAC algorithm using the specified message digest.
|
||||
|
@ -77,6 +95,10 @@ Run benchmarks for I<num> seconds.
|
|||
|
||||
Run benchmarks on I<num>-byte buffers. Affects ciphers, digests and the CSPRNG.
|
||||
|
||||
=item B<-mr>
|
||||
|
||||
Produce the summary in a mechanical, machine-readable, format.
|
||||
|
||||
{- $OpenSSL::safe::opt_r_item -}
|
||||
|
||||
{- $OpenSSL::safe::opt_engine_item -}
|
||||
|
|
|
@ -21,6 +21,7 @@ B<openssl srp>
|
|||
[B<-userinfo> I<text>]
|
||||
[B<-passin> I<arg>]
|
||||
[B<-passout> I<arg>]
|
||||
{- $OpenSSL::safe::opt_engine_synopsis -}
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
[I<user> ...]
|
||||
|
||||
|
@ -71,6 +72,8 @@ The password source for the input and output file.
|
|||
For more information about the format of B<arg>
|
||||
see L<openssl(1)/Pass Phrase Options>.
|
||||
|
||||
{- $OpenSSL::safe::opt_engine_item -}
|
||||
|
||||
{- $OpenSSL::safe::opt_r_synopsis -}
|
||||
|
||||
=back
|
||||
|
|
|
@ -7,6 +7,9 @@ openssl-ts - Time Stamping Authority tool (client/server)
|
|||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
B<openssl> B<ts>
|
||||
B<-help>
|
||||
|
||||
B<openssl> B<ts>
|
||||
B<-query>
|
||||
[B<-config> I<configfile>]
|
||||
|
@ -95,6 +98,14 @@ requests either by ftp or e-mail.
|
|||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
||||
=item B<-help>
|
||||
|
||||
Print out a usage message.
|
||||
|
||||
=back
|
||||
|
||||
=head2 Timestamp Request generation
|
||||
|
||||
The B<-query> switch can be used for creating and printing a timestamp
|
||||
|
|
|
@ -19,7 +19,9 @@ B<openssl> B<x509>
|
|||
[B<-serial>]
|
||||
[B<-hash>]
|
||||
[B<-subject_hash>]
|
||||
[B<-subject_hash_old>]
|
||||
[B<-issuer_hash>]
|
||||
[B<-issuer_hash_old>]
|
||||
[B<-ocspid>]
|
||||
[B<-subject>]
|
||||
[B<-issuer>]
|
||||
|
@ -44,6 +46,7 @@ B<openssl> B<x509>
|
|||
[B<-days> I<arg>]
|
||||
[B<-set_serial> I<n>]
|
||||
[B<-signkey> I<filename>]
|
||||
[B<-badsig>]
|
||||
[B<-passin> I<arg>]
|
||||
[B<-x509toreq>]
|
||||
[B<-req>]
|
||||
|
@ -52,11 +55,16 @@ B<openssl> B<x509>
|
|||
[B<-CAcreateserial>]
|
||||
[B<-CAserial> I<filename>]
|
||||
[B<-new>]
|
||||
[B<-next_serial>]
|
||||
[B<-nocert>]
|
||||
[B<-force_pubkey> I<filename>]
|
||||
[B<-subj> I<arg>]
|
||||
[B<-text>]
|
||||
[B<-ext> I<extensions>]
|
||||
[B<-certopt> I<option>]
|
||||
[B<-checkhost> I<host>]
|
||||
[B<-checkemail> I<host>]
|
||||
[B<-checkip> I<ipaddr>]
|
||||
[B<-C>]
|
||||
[B<-I<digest>>]
|
||||
[B<-clrext>]
|
||||
|
@ -155,6 +163,18 @@ can be a single option or multiple options separated by commas. The
|
|||
B<-certopt> switch may be also be used more than once to set multiple
|
||||
options. See the L</Text Options> section for more information.
|
||||
|
||||
=item B<-checkhost> I<host>
|
||||
|
||||
Check that the certificate matches the specified host.
|
||||
|
||||
=item B<-checkemail> I<email>
|
||||
|
||||
Check that the certificate matches the specified email address.
|
||||
|
||||
=item B<-checkip> I<ipaddr>
|
||||
|
||||
Check that the certificate matches the specified IP address.
|
||||
|
||||
=item B<-noout>
|
||||
|
||||
This option prevents output of the encoded version of the certificate.
|
||||
|
@ -340,6 +360,11 @@ and the end date to a value determined by the B<-days> option.
|
|||
It retains any certificate extensions unless the B<-clrext> option is supplied;
|
||||
this includes, for example, any existing key identifier extensions.
|
||||
|
||||
=item B<-badsig>
|
||||
|
||||
Corrupt the signature before writing it; this can be useful
|
||||
for testing.
|
||||
|
||||
=item B<-sigopt> I<nm>:I<v>
|
||||
|
||||
Pass options to the signature algorithm during sign or verify operations.
|
||||
|
@ -449,6 +474,14 @@ Generate a certificate from scratch, not using an input certificate
|
|||
or certificate request. So the B<-in> option must not be used in this case.
|
||||
Instead, the B<-subj> and <-force_pubkey> options need to be given.
|
||||
|
||||
=item B<-next_serial>
|
||||
|
||||
Set the serial to be one more than the number in the certificate.
|
||||
|
||||
=item B<-nocert>
|
||||
|
||||
Do not generate or output a certificate.
|
||||
|
||||
=item B<-force_pubkey> I<filename>
|
||||
|
||||
When a certificate is created set its public key to the key in I<filename>
|
||||
|
|
|
@ -808,8 +808,14 @@ sub checkflags {
|
|||
}
|
||||
next;
|
||||
}
|
||||
next unless /\[B<-([^ >]+)/;
|
||||
my $opt = $1;
|
||||
my $opt;
|
||||
if ( /\[B<-([^ >]+)/ ) {
|
||||
$opt = $1;
|
||||
} elsif ( /^B<-([^ >]+)/ ) {
|
||||
$opt = $1;
|
||||
} else {
|
||||
next;
|
||||
}
|
||||
$opt = $1 if $opt =~ /I<(.*)/;
|
||||
$docopts{$1} = 1;
|
||||
}
|
||||
|
@ -826,7 +832,7 @@ sub checkflags {
|
|||
my @unimpl = sort grep { !defined $cmdopts{$_} } keys %docopts;
|
||||
foreach ( @unimpl ) {
|
||||
next if defined $skips{$_} || defined $localskips{$_};
|
||||
err("$cmd documented but not implemented -$_");
|
||||
err("$doc: $cmd does not implement -$_");
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -852,8 +858,9 @@ if ( $opt_c ) {
|
|||
# See if each has a manpage.
|
||||
foreach my $cmd ( @commands ) {
|
||||
next if $cmd eq 'help' || $cmd eq 'exit';
|
||||
my $doc = "doc/man1/$cmd.pod";
|
||||
$doc = "doc/man1/openssl-$cmd.pod" if -f "doc/man1/openssl-$cmd.pod";
|
||||
my $doc = "doc/man1/openssl-$cmd.pod";
|
||||
# Handle "tsget" and "CA.pl" pod pages
|
||||
$doc = "doc/man1/$cmd.pod" if -f "doc/man1/$cmd.pod";
|
||||
if ( ! -f "$doc" ) {
|
||||
err("$doc does not exist");
|
||||
} else {
|
||||
|
|
Loading…
Reference in New Issue