openssl.pod 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834
  1. =pod
  2. =head1 NAME
  3. openssl - OpenSSL command line program
  4. =head1 SYNOPSIS
  5. B<openssl>
  6. I<command>
  7. [ I<options> ... ]
  8. [ I<parameters> ... ]
  9. B<openssl>
  10. B<list>
  11. B<standard-commands> |
  12. B<digest-commands> |
  13. B<cipher-commands> |
  14. B<cipher-algorithms> |
  15. B<digest-algorithms> |
  16. B<mac-algorithms> |
  17. B<public-key-algorithms>
  18. B<openssl> B<no->I<XXX> [ I<options> ]
  19. =head1 DESCRIPTION
  20. OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
  21. v2/v3) and Transport Layer Security (TLS v1) network protocols and related
  22. cryptography standards required by them.
  23. The B<openssl> program is a command line program for using the various
  24. cryptography functions of OpenSSL's B<crypto> library from the shell.
  25. It can be used for
  26. o Creation and management of private keys, public keys and parameters
  27. o Public key cryptographic operations
  28. o Creation of X.509 certificates, CSRs and CRLs
  29. o Calculation of Message Digests and Message Authentication Codes
  30. o Encryption and Decryption with Ciphers
  31. o SSL/TLS Client and Server Tests
  32. o Handling of S/MIME signed or encrypted mail
  33. o Timestamp requests, generation and verification
  34. =head1 COMMAND SUMMARY
  35. The B<openssl> program provides a rich variety of commands (I<command> in
  36. the L</SYNOPSIS> above).
  37. Each command can have many options and argument parameters, shown above as
  38. I<options> and I<parameters>.
  39. Detailed documentation and use cases for most standard subcommands are available
  40. (e.g., L<openssl-x509(1)>).
  41. The list options B<-standard-commands>, B<-digest-commands>,
  42. and B<-cipher-commands> output a list (one entry per line) of the names
  43. of all standard commands, message digest commands, or cipher commands,
  44. respectively, that are available.
  45. The list parameters B<-cipher-algorithms>, B<-digest-algorithms>,
  46. and B<-mac-algorithms> list all cipher, message digest, and message
  47. authentication code names, one entry per line. Aliases are listed as:
  48. from => to
  49. The list parameter B<-public-key-algorithms> lists all supported public
  50. key algorithms.
  51. The command B<no->I<XXX> tests whether a command of the
  52. specified name is available. If no command named I<XXX> exists, it
  53. returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
  54. and prints I<XXX>. In both cases, the output goes to B<stdout> and
  55. nothing is printed to B<stderr>. Additional command line arguments
  56. are always ignored. Since for each cipher there is a command of the
  57. same name, this provides an easy way for shell scripts to test for the
  58. availability of ciphers in the B<openssl> program. (B<no->I<XXX> is
  59. not able to detect pseudo-commands such as B<quit>,
  60. B<list>, or B<no->I<XXX> itself.)
  61. =head2 Configuration Option
  62. Many commands use an external configuration file for some or all of their
  63. arguments and have a B<-config> option to specify that file.
  64. The default name of the file is F<openssl.cnf> in the default certificate
  65. storage area, which can be determined from the L<openssl-version(1)>
  66. command using the B<-d> or B<-a> option.
  67. The environment variable B<OPENSSL_CONF> can be used to specify a different
  68. file location or to disable loading a configuration (using the empty string).
  69. Among others, the configuration file can be used to load modules
  70. and to specify parameters for generating certificates and random numbers.
  71. See L<config(5)> for details.
  72. =head2 Standard Commands
  73. =over 4
  74. =item B<asn1parse>
  75. Parse an ASN.1 sequence.
  76. =item B<ca>
  77. Certificate Authority (CA) Management.
  78. =item B<ciphers>
  79. Cipher Suite Description Determination.
  80. =item B<cms>
  81. CMS (Cryptographic Message Syntax) command.
  82. =item B<crl>
  83. Certificate Revocation List (CRL) Management.
  84. =item B<crl2pkcs7>
  85. CRL to PKCS#7 Conversion.
  86. =item B<dgst>
  87. Message Digest calculation. MAC calculations are superseded by
  88. L<openssl-mac(1)>.
  89. =item B<dhparam>
  90. Generation and Management of Diffie-Hellman Parameters. Superseded by
  91. L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>.
  92. =item B<dsa>
  93. DSA Data Management.
  94. =item B<dsaparam>
  95. DSA Parameter Generation and Management. Superseded by
  96. L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>.
  97. =item B<ec>
  98. EC (Elliptic curve) key processing.
  99. =item B<ecparam>
  100. EC parameter manipulation and generation.
  101. =item B<enc>
  102. Encryption, decryption, and encoding.
  103. =item B<engine>
  104. Engine (loadable module) information and manipulation.
  105. =item B<errstr>
  106. Error Number to Error String Conversion.
  107. =item B<fipsinstall>
  108. FIPS configuration installation.
  109. =item B<gendsa>
  110. Generation of DSA Private Key from Parameters. Superseded by
  111. L<openssl-genpkey(1)> and L<openssl-pkey(1)>.
  112. =item B<genpkey>
  113. Generation of Private Key or Parameters.
  114. =item B<genrsa>
  115. Generation of RSA Private Key. Superseded by L<openssl-genpkey(1)>.
  116. =item B<help>
  117. Display information about a command's options.
  118. =item B<info>
  119. Display diverse information built into the OpenSSL libraries.
  120. =item B<kdf>
  121. Key Derivation Functions.
  122. =item B<list>
  123. List algorithms and features.
  124. =item B<mac>
  125. Message Authentication Code Calculation.
  126. =item B<nseq>
  127. Create or examine a Netscape certificate sequence.
  128. =item B<ocsp>
  129. Online Certificate Status Protocol command.
  130. =item B<passwd>
  131. Generation of hashed passwords.
  132. =item B<pkcs12>
  133. PKCS#12 Data Management.
  134. =item B<pkcs7>
  135. PKCS#7 Data Management.
  136. =item B<pkcs8>
  137. PKCS#8 format private key conversion command.
  138. =item B<pkey>
  139. Public and private key management.
  140. =item B<pkeyparam>
  141. Public key algorithm parameter management.
  142. =item B<pkeyutl>
  143. Public key algorithm cryptographic operation command.
  144. =item B<prime>
  145. Compute prime numbers.
  146. =item B<rand>
  147. Generate pseudo-random bytes.
  148. =item B<rehash>
  149. Create symbolic links to certificate and CRL files named by the hash values.
  150. =item B<req>
  151. PKCS#10 X.509 Certificate Signing Request (CSR) Management.
  152. =item B<rsa>
  153. RSA key management.
  154. =item B<rsautl>
  155. RSA command for signing, verification, encryption, and decryption. Superseded
  156. by L<openssl-pkeyutl(1)>.
  157. =item B<s_client>
  158. This implements a generic SSL/TLS client which can establish a transparent
  159. connection to a remote server speaking SSL/TLS. It's intended for testing
  160. purposes only and provides only rudimentary interface functionality but
  161. internally uses mostly all functionality of the OpenSSL B<ssl> library.
  162. =item B<s_server>
  163. This implements a generic SSL/TLS server which accepts connections from remote
  164. clients speaking SSL/TLS. It's intended for testing purposes only and provides
  165. only rudimentary interface functionality but internally uses mostly all
  166. functionality of the OpenSSL B<ssl> library. It provides both an own command
  167. line oriented protocol for testing SSL functions and a simple HTTP response
  168. facility to emulate an SSL/TLS-aware webserver.
  169. =item B<s_time>
  170. SSL Connection Timer.
  171. =item B<sess_id>
  172. SSL Session Data Management.
  173. =item B<smime>
  174. S/MIME mail processing.
  175. =item B<speed>
  176. Algorithm Speed Measurement.
  177. =item B<spkac>
  178. SPKAC printing and generating command.
  179. =item B<srp>
  180. Maintain SRP password file. This command is deprecated.
  181. =item B<storeutl>
  182. Command to list and display certificates, keys, CRLs, etc.
  183. =item B<ts>
  184. Time Stamping Authority command.
  185. =item B<verify>
  186. X.509 Certificate Verification.
  187. See also the L<openssl-verification-options(1)> manual page.
  188. =item B<version>
  189. OpenSSL Version Information.
  190. =item B<x509>
  191. X.509 Certificate Data Management.
  192. =back
  193. =head2 Message Digest Commands
  194. =over 4
  195. =item B<blake2b512>
  196. BLAKE2b-512 Digest
  197. =item B<blake2s256>
  198. BLAKE2s-256 Digest
  199. =item B<md2>
  200. MD2 Digest
  201. =item B<md4>
  202. MD4 Digest
  203. =item B<md5>
  204. MD5 Digest
  205. =item B<mdc2>
  206. MDC2 Digest
  207. =item B<rmd160>
  208. RMD-160 Digest
  209. =item B<sha1>
  210. SHA-1 Digest
  211. =item B<sha224>
  212. SHA-2 224 Digest
  213. =item B<sha256>
  214. SHA-2 256 Digest
  215. =item B<sha384>
  216. SHA-2 384 Digest
  217. =item B<sha512>
  218. SHA-2 512 Digest
  219. =item B<sha3-224>
  220. SHA-3 224 Digest
  221. =item B<sha3-256>
  222. SHA-3 256 Digest
  223. =item B<sha3-384>
  224. SHA-3 384 Digest
  225. =item B<sha3-512>
  226. SHA-3 512 Digest
  227. =item B<shake128>
  228. SHA-3 SHAKE128 Digest
  229. =item B<shake256>
  230. SHA-3 SHAKE256 Digest
  231. =item B<sm3>
  232. SM3 Digest
  233. =back
  234. =head2 Encryption, Decryption, and Encoding Commands
  235. The following aliases provide convenient access to the most used encodings
  236. and ciphers.
  237. Depending on how OpenSSL was configured and built, not all ciphers listed
  238. here may be present. See L<openssl-enc(1)> for more information.
  239. =over 4
  240. =item B<aes128>, B<aes-128-cbc>, B<aes-128-cfb>, B<aes-128-ctr>, B<aes-128-ecb>, B<aes-128-ofb>
  241. AES-128 Cipher
  242. =item B<aes192>, B<aes-192-cbc>, B<aes-192-cfb>, B<aes-192-ctr>, B<aes-192-ecb>, B<aes-192-ofb>
  243. AES-192 Cipher
  244. =item B<aes256>, B<aes-256-cbc>, B<aes-256-cfb>, B<aes-256-ctr>, B<aes-256-ecb>, B<aes-256-ofb>
  245. AES-256 Cipher
  246. =item B<aria128>, B<aria-128-cbc>, B<aria-128-cfb>, B<aria-128-ctr>, B<aria-128-ecb>, B<aria-128-ofb>
  247. Aria-128 Cipher
  248. =item B<aria192>, B<aria-192-cbc>, B<aria-192-cfb>, B<aria-192-ctr>, B<aria-192-ecb>, B<aria-192-ofb>
  249. Aria-192 Cipher
  250. =item B<aria256>, B<aria-256-cbc>, B<aria-256-cfb>, B<aria-256-ctr>, B<aria-256-ecb>, B<aria-256-ofb>
  251. Aria-256 Cipher
  252. =item B<base64>
  253. Base64 Encoding
  254. =item B<bf>, B<bf-cbc>, B<bf-cfb>, B<bf-ecb>, B<bf-ofb>
  255. Blowfish Cipher
  256. =item B<camellia128>, B<camellia-128-cbc>, B<camellia-128-cfb>, B<camellia-128-ctr>, B<camellia-128-ecb>, B<camellia-128-ofb>
  257. Camellia-128 Cipher
  258. =item B<camellia192>, B<camellia-192-cbc>, B<camellia-192-cfb>, B<camellia-192-ctr>, B<camellia-192-ecb>, B<camellia-192-ofb>
  259. Camellia-192 Cipher
  260. =item B<camellia256>, B<camellia-256-cbc>, B<camellia-256-cfb>, B<camellia-256-ctr>, B<camellia-256-ecb>, B<camellia-256-ofb>
  261. Camellia-256 Cipher
  262. =item B<cast>, B<cast-cbc>
  263. CAST Cipher
  264. =item B<cast5-cbc>, B<cast5-cfb>, B<cast5-ecb>, B<cast5-ofb>
  265. CAST5 Cipher
  266. =item B<chacha20>
  267. Chacha20 Cipher
  268. =item B<des>, B<des-cbc>, B<des-cfb>, B<des-ecb>, B<des-ede>, B<des-ede-cbc>, B<des-ede-cfb>, B<des-ede-ofb>, B<des-ofb>
  269. DES Cipher
  270. =item B<des3>, B<desx>, B<des-ede3>, B<des-ede3-cbc>, B<des-ede3-cfb>, B<des-ede3-ofb>
  271. Triple-DES Cipher
  272. =item B<idea>, B<idea-cbc>, B<idea-cfb>, B<idea-ecb>, B<idea-ofb>
  273. IDEA Cipher
  274. =item B<rc2>, B<rc2-cbc>, B<rc2-cfb>, B<rc2-ecb>, B<rc2-ofb>
  275. RC2 Cipher
  276. =item B<rc4>
  277. RC4 Cipher
  278. =item B<rc5>, B<rc5-cbc>, B<rc5-cfb>, B<rc5-ecb>, B<rc5-ofb>
  279. RC5 Cipher
  280. =item B<seed>, B<seed-cbc>, B<seed-cfb>, B<seed-ecb>, B<seed-ofb>
  281. SEED Cipher
  282. =item B<sm4>, B<sm4-cbc>, B<sm4-cfb>, B<sm4-ctr>, B<sm4-ecb>, B<sm4-ofb>
  283. SM4 Cipher
  284. =back
  285. =head1 OPTIONS
  286. Details of which options are available depend on the specific command.
  287. This section describes some common options with common behavior.
  288. =head2 Common Options
  289. =over 4
  290. =item B<-help>
  291. Provides a terse summary of all options.
  292. If an option takes an argument, the "type" of argument is also given.
  293. =item B<-->
  294. This terminates the list of options. It is mostly useful if any filename
  295. parameters start with a minus sign:
  296. openssl verify [flags...] -- -cert1.pem...
  297. =back
  298. =head2 Format Options
  299. See L<openssl-format-options(1)> for manual page.
  300. =head2 Pass Phrase Options
  301. See the L<openssl-passphrase-options(1)> manual page.
  302. =head2 Random State Options
  303. Prior to OpenSSL 1.1.1, it was common for applications to store information
  304. about the state of the random-number generator in a file that was loaded
  305. at startup and rewritten upon exit. On modern operating systems, this is
  306. generally no longer necessary as OpenSSL will seed itself from a trusted
  307. entropy source provided by the operating system. These flags are still
  308. supported for special platforms or circumstances that might require them.
  309. It is generally an error to use the same seed file more than once and
  310. every use of B<-rand> should be paired with B<-writerand>.
  311. =over 4
  312. =item B<-rand> I<files>
  313. A file or files containing random data used to seed the random number
  314. generator.
  315. Multiple files can be specified separated by an OS-dependent character.
  316. The separator is C<;> for MS-Windows, C<,> for OpenVMS, and C<:> for
  317. all others. Another way to specify multiple files is to repeat this flag
  318. with different filenames.
  319. =item B<-writerand> I<file>
  320. Writes the seed data to the specified I<file> upon exit.
  321. This file can be used in a subsequent command invocation.
  322. =back
  323. =head2 Certificate Verification Options
  324. See the L<openssl-verification-options(1)> manual page.
  325. =head2 Name Format Options
  326. See the L<openssl-namedisplay-options(1)> manual page.
  327. =head2 TLS Version Options
  328. Several commands use SSL, TLS, or DTLS. By default, the commands use TLS and
  329. clients will offer the lowest and highest protocol version they support,
  330. and servers will pick the highest version that the client offers that is also
  331. supported by the server.
  332. The options below can be used to limit which protocol versions are used,
  333. and whether TCP (SSL and TLS) or UDP (DTLS) is used.
  334. Note that not all protocols and flags may be available, depending on how
  335. OpenSSL was built.
  336. =over 4
  337. =item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
  338. These options require or disable the use of the specified SSL or TLS protocols.
  339. When a specific TLS version is required, only that version will be offered or
  340. accepted.
  341. Only one specific protocol can be given and it cannot be combined with any of
  342. the B<no_> options.
  343. =item B<-dtls>, B<-dtls1>, B<-dtls1_2>
  344. These options specify to use DTLS instead of DLTS.
  345. With B<-dtls>, clients will negotiate any supported DTLS protocol version.
  346. Use the B<-dtls1> or B<-dtls1_2> options to support only DTLS1.0 or DTLS1.2,
  347. respectively.
  348. =back
  349. =head2 Engine Options
  350. =over 4
  351. =item B<-engine> I<id>
  352. Load the engine identified by I<id> and use all the methods it implements
  353. (algorithms, key storage, etc.), unless specified otherwise in the
  354. command-specific documentation or it is configured to do so, as described in
  355. L<config(5)/Engine Configuration>.
  356. The engine will be used for key ids specified with B<-key> and similar
  357. options when an option like B<-keyform engine> is given.
  358. A special case is the C<loader_attic> engine, which
  359. is meant just for internal OpenSSL testing purposes and
  360. supports loading keys, parameters, certificates, and CRLs from files.
  361. When this engine is used, files with such credentials are read via this engine.
  362. Using the C<file:> schema is optional; a plain file (path) name will do.
  363. =back
  364. Options specifying keys, like B<-key> and similar, can use the generic
  365. OpenSSL engine key loading URI scheme C<org.openssl.engine:> to retrieve
  366. private keys and public keys. The URI syntax is as follows, in simplified
  367. form:
  368. org.openssl.engine:{engineid}:{keyid}
  369. Where C<{engineid}> is the identity/name of the engine, and C<{keyid}> is a
  370. key identifier that's acceptable by that engine. For example, when using an
  371. engine that interfaces against a PKCS#11 implementation, the generic key URI
  372. would be something like this (this happens to be an example for the PKCS#11
  373. engine that's part of OpenSC):
  374. -key org.openssl.engine:pkcs11:label_some-private-key
  375. As a third possibility, for engines and providers that have implemented
  376. their own L<OSSL_STORE_LOADER(3)>, C<org.openssl.engine:> should not be
  377. necessary. For a PKCS#11 implementation that has implemented such a loader,
  378. the PKCS#11 URI as defined in RFC 7512 should be possible to use directly:
  379. -key pkcs11:object=some-private-key;pin-value=1234
  380. =head2 Provider Options
  381. =over 4
  382. =item B<-provider> I<name>
  383. Load and initialize the provider identified by I<name>.
  384. See L<provider(7)> for a more detailed description.
  385. =item B<-provider-path> I<path>
  386. Specifies the search path that is to be used for looking for providers.
  387. Equivalently, the B<OPENSSL_MODULES> environment variable may be set.
  388. =item B<-propquery> I<propq>
  389. Specifies the I<property query clause> to be used when fetching algorithms
  390. from the loaded providers.
  391. See L<property(7)> for a more detailed description.
  392. =back
  393. =head1 ENVIRONMENT
  394. The OpenSSL library can be take some configuration parameters from the
  395. environment. Some of these variables are listed below. For information
  396. about specific commands, see L<openssl-engine(1)>,
  397. L<openssl-rehash(1)>, and L<tsget(1)>.
  398. For information about the use of environment variables in configuration,
  399. see L<config(5)/ENVIRONMENT>.
  400. For information about querying or specifying CPU architecture flags, see
  401. L<OPENSSL_ia32cap(3)>, and L<OPENSSL_s390xcap(3)>.
  402. For information about all environment variables used by the OpenSSL libraries,
  403. see L<openssl-env(7)>.
  404. =over 4
  405. =item B<OPENSSL_TRACE=>I<name>[,...]
  406. Enable tracing output of OpenSSL library, by name.
  407. This output will only make sense if you know OpenSSL internals well.
  408. Also, it might not give you any output at all, depending on how
  409. OpenSSL was built.
  410. The value is a comma separated list of names, with the following
  411. available:
  412. =over 4
  413. =item B<TRACE>
  414. The tracing functionality.
  415. =item B<TLS>
  416. General SSL/TLS.
  417. =item B<TLS_CIPHER>
  418. SSL/TLS cipher.
  419. =item B<CONF>
  420. Show details about provider and engine configuration.
  421. =item B<ENGINE_TABLE>
  422. The function that is used by RSA, DSA (etc) code to select registered
  423. ENGINEs, cache defaults and functional references (etc), will generate
  424. debugging summaries.
  425. =item B<ENGINE_REF_COUNT>
  426. Reference counts in the ENGINE structure will be monitored with a line
  427. of generated for each change.
  428. =item B<PKCS5V2>
  429. PKCS#5 v2 keygen.
  430. =item B<PKCS12_KEYGEN>
  431. PKCS#12 key generation.
  432. =item B<PKCS12_DECRYPT>
  433. PKCS#12 decryption.
  434. =item B<X509V3_POLICY>
  435. Generates the complete policy tree at various point during X.509 v3
  436. policy evaluation.
  437. =item B<BN_CTX>
  438. BIGNUM context.
  439. =back
  440. =back
  441. =head1 SEE ALSO
  442. L<openssl-asn1parse(1)>,
  443. L<openssl-ca(1)>,
  444. L<openssl-ciphers(1)>,
  445. L<openssl-cms(1)>,
  446. L<openssl-crl(1)>,
  447. L<openssl-crl2pkcs7(1)>,
  448. L<openssl-dgst(1)>,
  449. L<openssl-dhparam(1)>,
  450. L<openssl-dsa(1)>,
  451. L<openssl-dsaparam(1)>,
  452. L<openssl-ec(1)>,
  453. L<openssl-ecparam(1)>,
  454. L<openssl-enc(1)>,
  455. L<openssl-engine(1)>,
  456. L<openssl-errstr(1)>,
  457. L<openssl-gendsa(1)>,
  458. L<openssl-genpkey(1)>,
  459. L<openssl-genrsa(1)>,
  460. L<openssl-kdf(1)>,
  461. L<openssl-mac(1)>,
  462. L<openssl-nseq(1)>,
  463. L<openssl-ocsp(1)>,
  464. L<openssl-passwd(1)>,
  465. L<openssl-pkcs12(1)>,
  466. L<openssl-pkcs7(1)>,
  467. L<openssl-pkcs8(1)>,
  468. L<openssl-pkey(1)>,
  469. L<openssl-pkeyparam(1)>,
  470. L<openssl-pkeyutl(1)>,
  471. L<openssl-prime(1)>,
  472. L<openssl-rand(1)>,
  473. L<openssl-rehash(1)>,
  474. L<openssl-req(1)>,
  475. L<openssl-rsa(1)>,
  476. L<openssl-rsautl(1)>,
  477. L<openssl-s_client(1)>,
  478. L<openssl-s_server(1)>,
  479. L<openssl-s_time(1)>,
  480. L<openssl-sess_id(1)>,
  481. L<openssl-smime(1)>,
  482. L<openssl-speed(1)>,
  483. L<openssl-spkac(1)>,
  484. L<openssl-srp(1)>,
  485. L<openssl-storeutl(1)>,
  486. L<openssl-ts(1)>,
  487. L<openssl-verify(1)>,
  488. L<openssl-version(1)>,
  489. L<openssl-x509(1)>,
  490. L<config(5)>,
  491. L<crypto(7)>,
  492. L<openssl-env(7)>.
  493. L<ssl(7)>,
  494. L<x509v3_config(5)>
  495. =head1 HISTORY
  496. The B<list> -I<XXX>B<-algorithms> options were added in OpenSSL 1.0.0;
  497. For notes on the availability of other commands, see their individual
  498. manual pages.
  499. The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
  500. is silently ignored.
  501. The B<-xcertform> and B<-xkeyform> options
  502. are obsolete since OpenSSL 3.0 and have no effect.
  503. The interactive mode, which could be invoked by running C<openssl>
  504. with no further arguments, was removed in OpenSSL 3.0, and running
  505. that program with no arguments is now equivalent to C<openssl help>.
  506. =head1 COPYRIGHT
  507. Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
  508. Licensed under the Apache License 2.0 (the "License"). You may not use
  509. this file except in compliance with the License. You can obtain a copy
  510. in the file LICENSE in the source distribution or at
  511. L<https://www.openssl.org/source/license.html>.
  512. =cut