openssl.pod 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803
  1. =pod
  2. =head1 NAME
  3. openssl - OpenSSL command line program
  4. =head1 SYNOPSIS
  5. B<openssl>
  6. I<command>
  7. [ I<options> ... ]
  8. [ I<parameters> ... ]
  9. B<openssl>
  10. B<list>
  11. B<-standard-commands> |
  12. B<-digest-commands> |
  13. B<-cipher-commands> |
  14. B<-cipher-algorithms> |
  15. B<-digest-algorithms> |
  16. B<-mac-algorithms> |
  17. B<-public-key-algorithms>
  18. B<openssl> B<no->I<XXX> [ I<options> ]
  19. =head1 DESCRIPTION
  20. OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
  21. v2/v3) and Transport Layer Security (TLS v1) network protocols and related
  22. cryptography standards required by them.
  23. The B<openssl> program is a command line program for using the various
  24. cryptography functions of OpenSSL's B<crypto> library from the shell.
  25. It can be used for
  26. o Creation and management of private keys, public keys and parameters
  27. o Public key cryptographic operations
  28. o Creation of X.509 certificates, CSRs and CRLs
  29. o Calculation of Message Digests and Message Authentication Codes
  30. o Encryption and Decryption with Ciphers
  31. o SSL/TLS Client and Server Tests
  32. o Handling of S/MIME signed or encrypted mail
  33. o Timestamp requests, generation and verification
  34. =head1 COMMAND SUMMARY
  35. The B<openssl> program provides a rich variety of commands (I<command> in
  36. the L</SYNOPSIS> above).
  37. Each command can have many options and argument parameters, shown above as
  38. I<options> and I<parameters>.
  39. Detailed documentation and use cases for most standard subcommands are available
  40. (e.g., L<openssl-x509(1)>).
  41. The list options B<-standard-commands>, B<-digest-commands>,
  42. and B<-cipher-commands> output a list (one entry per line) of the names
  43. of all standard commands, message digest commands, or cipher commands,
  44. respectively, that are available.
  45. The list parameters B<-cipher-algorithms>, B<-digest-algorithms>,
  46. and B<-mac-algorithms> list all cipher, message digest, and message
  47. authentication code names, one entry per line. Aliases are listed as:
  48. from => to
  49. The list parameter B<-public-key-algorithms> lists all supported public
  50. key algorithms.
  51. The command B<no->I<XXX> tests whether a command of the
  52. specified name is available. If no command named I<XXX> exists, it
  53. returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
  54. and prints I<XXX>. In both cases, the output goes to B<stdout> and
  55. nothing is printed to B<stderr>. Additional command line arguments
  56. are always ignored. Since for each cipher there is a command of the
  57. same name, this provides an easy way for shell scripts to test for the
  58. availability of ciphers in the B<openssl> program. (B<no->I<XXX> is
  59. not able to detect pseudo-commands such as B<quit>,
  60. B<list>, or B<no->I<XXX> itself.)
  61. =head2 Configuration Option
  62. Many commands use an external configuration file for some or all of their
  63. arguments and have a B<-config> option to specify that file.
  64. The default name of the file is F<openssl.cnf> in the default certificate
  65. storage area, which can be determined from the L<openssl-version(1)>
  66. command. This can be used to load modules.
  67. The environment variable B<OPENSSL_CONF> can be used to specify
  68. a different location of the file.
  69. See L<openssl-env(7)>.
  70. =head2 Standard Commands
  71. =over 4
  72. =item B<asn1parse>
  73. Parse an ASN.1 sequence.
  74. =item B<ca>
  75. Certificate Authority (CA) Management.
  76. =item B<ciphers>
  77. Cipher Suite Description Determination.
  78. =item B<cms>
  79. CMS (Cryptographic Message Syntax) command.
  80. =item B<crl>
  81. Certificate Revocation List (CRL) Management.
  82. =item B<crl2pkcs7>
  83. CRL to PKCS#7 Conversion.
  84. =item B<dgst>
  85. Message Digest calculation. MAC calculations are superseded by
  86. L<openssl-mac(1)>.
  87. =item B<dhparam>
  88. Generation and Management of Diffie-Hellman Parameters. Superseded by
  89. L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>.
  90. =item B<dsa>
  91. DSA Data Management.
  92. =item B<dsaparam>
  93. DSA Parameter Generation and Management. Superseded by
  94. L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>.
  95. =item B<ec>
  96. EC (Elliptic curve) key processing.
  97. =item B<ecparam>
  98. EC parameter manipulation and generation.
  99. =item B<enc>
  100. Encryption, decryption, and encoding.
  101. =item B<engine>
  102. Engine (loadable module) information and manipulation.
  103. =item B<errstr>
  104. Error Number to Error String Conversion.
  105. =item B<fipsinstall>
  106. FIPS configuration installation.
  107. =item B<gendsa>
  108. Generation of DSA Private Key from Parameters. Superseded by
  109. L<openssl-genpkey(1)> and L<openssl-pkey(1)>.
  110. =item B<genpkey>
  111. Generation of Private Key or Parameters.
  112. =item B<genrsa>
  113. Generation of RSA Private Key. Superseded by L<openssl-genpkey(1)>.
  114. =item B<help>
  115. Display information about a command's options.
  116. =item B<info>
  117. Display diverse information built into the OpenSSL libraries.
  118. =item B<kdf>
  119. Key Derivation Functions.
  120. =item B<list>
  121. List algorithms and features.
  122. =item B<mac>
  123. Message Authentication Code Calculation.
  124. =item B<nseq>
  125. Create or examine a Netscape certificate sequence.
  126. =item B<ocsp>
  127. Online Certificate Status Protocol command.
  128. =item B<passwd>
  129. Generation of hashed passwords.
  130. =item B<pkcs12>
  131. PKCS#12 Data Management.
  132. =item B<pkcs7>
  133. PKCS#7 Data Management.
  134. =item B<pkcs8>
  135. PKCS#8 format private key conversion command.
  136. =item B<pkey>
  137. Public and private key management.
  138. =item B<pkeyparam>
  139. Public key algorithm parameter management.
  140. =item B<pkeyutl>
  141. Public key algorithm cryptographic operation command.
  142. =item B<prime>
  143. Compute prime numbers.
  144. =item B<rand>
  145. Generate pseudo-random bytes.
  146. =item B<rehash>
  147. Create symbolic links to certificate and CRL files named by the hash values.
  148. =item B<req>
  149. PKCS#10 X.509 Certificate Signing Request (CSR) Management.
  150. =item B<rsa>
  151. RSA key management.
  152. =item B<rsautl>
  153. RSA command for signing, verification, encryption, and decryption. Superseded
  154. by L<openssl-pkeyutl(1)>.
  155. =item B<s_client>
  156. This implements a generic SSL/TLS client which can establish a transparent
  157. connection to a remote server speaking SSL/TLS. It's intended for testing
  158. purposes only and provides only rudimentary interface functionality but
  159. internally uses mostly all functionality of the OpenSSL B<ssl> library.
  160. =item B<s_server>
  161. This implements a generic SSL/TLS server which accepts connections from remote
  162. clients speaking SSL/TLS. It's intended for testing purposes only and provides
  163. only rudimentary interface functionality but internally uses mostly all
  164. functionality of the OpenSSL B<ssl> library. It provides both an own command
  165. line oriented protocol for testing SSL functions and a simple HTTP response
  166. facility to emulate an SSL/TLS-aware webserver.
  167. =item B<s_time>
  168. SSL Connection Timer.
  169. =item B<sess_id>
  170. SSL Session Data Management.
  171. =item B<smime>
  172. S/MIME mail processing.
  173. =item B<speed>
  174. Algorithm Speed Measurement.
  175. =item B<spkac>
  176. SPKAC printing and generating command.
  177. =item B<srp>
  178. Maintain SRP password file.
  179. =item B<storeutl>
  180. Command to list and display certificates, keys, CRLs, etc.
  181. =item B<ts>
  182. Time Stamping Authority command.
  183. =item B<verify>
  184. X.509 Certificate Verification.
  185. See also the L<openssl-verification-options(1)> manual page.
  186. =item B<version>
  187. OpenSSL Version Information.
  188. =item B<x509>
  189. X.509 Certificate Data Management.
  190. =back
  191. =head2 Message Digest Commands
  192. =over 4
  193. =item B<blake2b512>
  194. BLAKE2b-512 Digest
  195. =item B<blake2s256>
  196. BLAKE2s-256 Digest
  197. =item B<md2>
  198. MD2 Digest
  199. =item B<md4>
  200. MD4 Digest
  201. =item B<md5>
  202. MD5 Digest
  203. =item B<mdc2>
  204. MDC2 Digest
  205. =item B<rmd160>
  206. RMD-160 Digest
  207. =item B<sha1>
  208. SHA-1 Digest
  209. =item B<sha224>
  210. SHA-2 224 Digest
  211. =item B<sha256>
  212. SHA-2 256 Digest
  213. =item B<sha384>
  214. SHA-2 384 Digest
  215. =item B<sha512>
  216. SHA-2 512 Digest
  217. =item B<sha3-224>
  218. SHA-3 224 Digest
  219. =item B<sha3-256>
  220. SHA-3 256 Digest
  221. =item B<sha3-384>
  222. SHA-3 384 Digest
  223. =item B<sha3-512>
  224. SHA-3 512 Digest
  225. =item B<shake128>
  226. SHA-3 SHAKE128 Digest
  227. =item B<shake256>
  228. SHA-3 SHAKE256 Digest
  229. =item B<sm3>
  230. SM3 Digest
  231. =back
  232. =head2 Encryption, Decryption, and Encoding Commands
  233. The following aliases provide convenient access to the most used encodings
  234. and ciphers.
  235. Depending on how OpenSSL was configured and built, not all ciphers listed
  236. here may be present. See L<openssl-enc(1)> for more information.
  237. =over 4
  238. =item B<aes128>, B<aes-128-cbc>, B<aes-128-cfb>, B<aes-128-ctr>, B<aes-128-ecb>, B<aes-128-ofb>
  239. AES-128 Cipher
  240. =item B<aes192>, B<aes-192-cbc>, B<aes-192-cfb>, B<aes-192-ctr>, B<aes-192-ecb>, B<aes-192-ofb>
  241. AES-192 Cipher
  242. =item B<aes256>, B<aes-256-cbc>, B<aes-256-cfb>, B<aes-256-ctr>, B<aes-256-ecb>, B<aes-256-ofb>
  243. AES-256 Cipher
  244. =item B<aria128>, B<aria-128-cbc>, B<aria-128-cfb>, B<aria-128-ctr>, B<aria-128-ecb>, B<aria-128-ofb>
  245. Aria-128 Cipher
  246. =item B<aria192>, B<aria-192-cbc>, B<aria-192-cfb>, B<aria-192-ctr>, B<aria-192-ecb>, B<aria-192-ofb>
  247. Aria-192 Cipher
  248. =item B<aria256>, B<aria-256-cbc>, B<aria-256-cfb>, B<aria-256-ctr>, B<aria-256-ecb>, B<aria-256-ofb>
  249. Aria-256 Cipher
  250. =item B<base64>
  251. Base64 Encoding
  252. =item B<bf>, B<bf-cbc>, B<bf-cfb>, B<bf-ecb>, B<bf-ofb>
  253. Blowfish Cipher
  254. =item B<camellia128>, B<camellia-128-cbc>, B<camellia-128-cfb>, B<camellia-128-ctr>, B<camellia-128-ecb>, B<camellia-128-ofb>
  255. Camellia-128 Cipher
  256. =item B<camellia192>, B<camellia-192-cbc>, B<camellia-192-cfb>, B<camellia-192-ctr>, B<camellia-192-ecb>, B<camellia-192-ofb>
  257. Camellia-192 Cipher
  258. =item B<camellia256>, B<camellia-256-cbc>, B<camellia-256-cfb>, B<camellia-256-ctr>, B<camellia-256-ecb>, B<camellia-256-ofb>
  259. Camellia-256 Cipher
  260. =item B<cast>, B<cast-cbc>
  261. CAST Cipher
  262. =item B<cast5-cbc>, B<cast5-cfb>, B<cast5-ecb>, B<cast5-ofb>
  263. CAST5 Cipher
  264. =item B<chacha20>
  265. Chacha20 Cipher
  266. =item B<des>, B<des-cbc>, B<des-cfb>, B<des-ecb>, B<des-ede>, B<des-ede-cbc>, B<des-ede-cfb>, B<des-ede-ofb>, B<des-ofb>
  267. DES Cipher
  268. =item B<des3>, B<desx>, B<des-ede3>, B<des-ede3-cbc>, B<des-ede3-cfb>, B<des-ede3-ofb>
  269. Triple-DES Cipher
  270. =item B<idea>, B<idea-cbc>, B<idea-cfb>, B<idea-ecb>, B<idea-ofb>
  271. IDEA Cipher
  272. =item B<rc2>, B<rc2-cbc>, B<rc2-cfb>, B<rc2-ecb>, B<rc2-ofb>
  273. RC2 Cipher
  274. =item B<rc4>
  275. RC4 Cipher
  276. =item B<rc5>, B<rc5-cbc>, B<rc5-cfb>, B<rc5-ecb>, B<rc5-ofb>
  277. RC5 Cipher
  278. =item B<seed>, B<seed-cbc>, B<seed-cfb>, B<seed-ecb>, B<seed-ofb>
  279. SEED Cipher
  280. =item B<sm4>, B<sm4-cbc>, B<sm4-cfb>, B<sm4-ctr>, B<sm4-ecb>, B<sm4-ofb>
  281. SM4 Cipher
  282. =back
  283. =head1 OPTIONS
  284. Details of which options are available depend on the specific command.
  285. This section describes some common options with common behavior.
  286. =head2 Common Options
  287. =over 4
  288. =item B<-help>
  289. Provides a terse summary of all options.
  290. If an option takes an argument, the "type" of argument is also given.
  291. =item B<-->
  292. This terminates the list of options. It is mostly useful if any filename
  293. parameters start with a minus sign:
  294. openssl verify [flags...] -- -cert1.pem...
  295. =back
  296. =head2 Format Options
  297. See L<openssl-format-options(1)> for manual page.
  298. =head2 Pass Phrase Options
  299. See the L<openssl-passphrase-options(1)> manual page.
  300. =head2 Random State Options
  301. Prior to OpenSSL 1.1.1, it was common for applications to store information
  302. about the state of the random-number generator in a file that was loaded
  303. at startup and rewritten upon exit. On modern operating systems, this is
  304. generally no longer necessary as OpenSSL will seed itself from a trusted
  305. entropy source provided by the operating system. These flags are still
  306. supported for special platforms or circumstances that might require them.
  307. It is generally an error to use the same seed file more than once and
  308. every use of B<-rand> should be paired with B<-writerand>.
  309. =over 4
  310. =item B<-rand> I<files>
  311. A file or files containing random data used to seed the random number
  312. generator.
  313. Multiple files can be specified separated by an OS-dependent character.
  314. The separator is C<;> for MS-Windows, C<,> for OpenVMS, and C<:> for
  315. all others. Another way to specify multiple files is to repeat this flag
  316. with different filenames.
  317. =item B<-writerand> I<file>
  318. Writes the seed data to the specified I<file> upon exit.
  319. This file can be used in a subsequent command invocation.
  320. =back
  321. =head2 Certificate Verification Options
  322. See the L<openssl-verification-options(1)> manual page.
  323. =head2 Name Format Options
  324. See the L<openssl-namedisplay-options(1)> manual page.
  325. =head2 TLS Version Options
  326. Several commands use SSL, TLS, or DTLS. By default, the commands use TLS and
  327. clients will offer the lowest and highest protocol version they support,
  328. and servers will pick the highest version that the client offers that is also
  329. supported by the server.
  330. The options below can be used to limit which protocol versions are used,
  331. and whether TCP (SSL and TLS) or UDP (DTLS) is used.
  332. Note that not all protocols and flags may be available, depending on how
  333. OpenSSL was built.
  334. =over 4
  335. =item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3>
  336. These options require or disable the use of the specified SSL or TLS protocols.
  337. When a specific TLS version is required, only that version will be offered or
  338. accepted.
  339. Only one specific protocol can be given and it cannot be combined with any of
  340. the B<no_> options.
  341. =item B<-dtls>, B<-dtls1>, B<-dtls1_2>
  342. These options specify to use DTLS instead of DLTS.
  343. With B<-dtls>, clients will negotiate any supported DTLS protocol version.
  344. Use the B<-dtls1> or B<-dtls1_2> options to support only DTLS1.0 or DTLS1.2,
  345. respectively.
  346. =back
  347. =head2 Engine Options
  348. =over 4
  349. =item B<-engine> I<id>
  350. Load the engine identified by I<id> and use all the methods it implements
  351. (algorithms, key storage, etc.), unless specified otherwise in the
  352. command-specific documentation or it is configured to do so, as described in
  353. L<config(5)/Engine Configuration>.
  354. The engine will be used for key ids specified with B<-key> and similar
  355. options when an option like B<-keyform engine> is given.
  356. =back
  357. Options specifying keys, like B<-key> and similar, can use the generic
  358. OpenSSL engine key loading URI scheme C<org.openssl.engine:> to retrieve
  359. private keys and public keys. The URI syntax is as follows, in simplified
  360. form:
  361. org.openssl.engine:{engineid}:{keyid}
  362. Where C<{engineid}> is the identity/name of the engine, and C<{keyid}> is a
  363. key identifier that's acceptable by that engine. For example, when using an
  364. engine that interfaces against a PKCS#11 implementation, the generic key URI
  365. would be something like this (this happens to be an example for the PKCS#11
  366. engine that's part of OpenSC):
  367. -key org.openssl.engine:pkcs11:label_some-private-key
  368. As a third possibility, for engines and providers that have implemented
  369. their own L<OSSL_STORE_LOADER(3)>, C<org.openssl.engine:> should not be
  370. necessary. For a PKCS#11 implementation that has implemented such a loader,
  371. the PKCS#11 URI as defined in RFC 7512 should be possible to use directly:
  372. -key pkcs11:object=some-private-key;pin-value=1234
  373. =head1 ENVIRONMENT
  374. The OpenSSL library can be take some configuration parameters from the
  375. environment. Some of these variables are listed below. For information
  376. about specific commands, see L<openssl-engine(1)>,
  377. L<openssl-rehash(1)>, and L<tsget(1)>.
  378. For information about the use of environment variables in configuration,
  379. see L<config(5)/ENVIRONMENT>.
  380. For information about querying or specifying CPU architecture flags, see
  381. L<OPENSSL_ia32cap(3)>, and L<OPENSSL_s390xcap(3)>.
  382. For information about all environment variables used by the OpenSSL libraries,
  383. see L<openssl-env(7)>.
  384. =over 4
  385. =item B<OPENSSL_TRACE=>I<name>[,...]
  386. Enable tracing output of OpenSSL library, by name.
  387. This output will only make sense if you know OpenSSL internals well.
  388. Also, it might not give you any output at all, depending on how
  389. OpenSSL was built.
  390. The value is a comma separated list of names, with the following
  391. available:
  392. =over 4
  393. =item B<TRACE>
  394. The tracing functionality.
  395. =item B<TLS>
  396. General SSL/TLS.
  397. =item B<TLS_CIPHER>
  398. SSL/TLS cipher.
  399. =item B<CONF>
  400. Show details about provider and engine configuration.
  401. =item B<ENGINE_TABLE>
  402. The function that is used by RSA, DSA (etc) code to select registered
  403. ENGINEs, cache defaults and functional references (etc), will generate
  404. debugging summaries.
  405. =item B<ENGINE_REF_COUNT>
  406. Reference counts in the ENGINE structure will be monitored with a line
  407. of generated for each change.
  408. =item B<PKCS5V2>
  409. PKCS#5 v2 keygen.
  410. =item B<PKCS12_KEYGEN>
  411. PKCS#12 key generation.
  412. =item B<PKCS12_DECRYPT>
  413. PKCS#12 decryption.
  414. =item B<X509V3_POLICY>
  415. Generates the complete policy tree at various point during X.509 v3
  416. policy evaluation.
  417. =item B<BN_CTX>
  418. BIGNUM context.
  419. =back
  420. =back
  421. =head1 SEE ALSO
  422. L<openssl-asn1parse(1)>,
  423. L<openssl-ca(1)>,
  424. L<openssl-ciphers(1)>,
  425. L<openssl-cms(1)>,
  426. L<openssl-crl(1)>,
  427. L<openssl-crl2pkcs7(1)>,
  428. L<openssl-dgst(1)>,
  429. L<openssl-dhparam(1)>,
  430. L<openssl-dsa(1)>,
  431. L<openssl-dsaparam(1)>,
  432. L<openssl-ec(1)>,
  433. L<openssl-ecparam(1)>,
  434. L<openssl-enc(1)>,
  435. L<openssl-engine(1)>,
  436. L<openssl-errstr(1)>,
  437. L<openssl-gendsa(1)>,
  438. L<openssl-genpkey(1)>,
  439. L<openssl-genrsa(1)>,
  440. L<openssl-kdf(1)>,
  441. L<openssl-mac(1)>,
  442. L<openssl-nseq(1)>,
  443. L<openssl-ocsp(1)>,
  444. L<openssl-passwd(1)>,
  445. L<openssl-pkcs12(1)>,
  446. L<openssl-pkcs7(1)>,
  447. L<openssl-pkcs8(1)>,
  448. L<openssl-pkey(1)>,
  449. L<openssl-pkeyparam(1)>,
  450. L<openssl-pkeyutl(1)>,
  451. L<openssl-prime(1)>,
  452. L<openssl-rand(1)>,
  453. L<openssl-rehash(1)>,
  454. L<openssl-req(1)>,
  455. L<openssl-rsa(1)>,
  456. L<openssl-rsautl(1)>,
  457. L<openssl-s_client(1)>,
  458. L<openssl-s_server(1)>,
  459. L<openssl-s_time(1)>,
  460. L<openssl-sess_id(1)>,
  461. L<openssl-smime(1)>,
  462. L<openssl-speed(1)>,
  463. L<openssl-spkac(1)>,
  464. L<openssl-srp(1)>,
  465. L<openssl-storeutl(1)>,
  466. L<openssl-ts(1)>,
  467. L<openssl-verify(1)>,
  468. L<openssl-version(1)>,
  469. L<openssl-x509(1)>,
  470. L<config(5)>,
  471. L<crypto(7)>,
  472. L<openssl-env(7)>.
  473. L<ssl(7)>,
  474. L<x509v3_config(5)>
  475. =head1 HISTORY
  476. The B<list> -I<XXX>B<-algorithms> options were added in OpenSSL 1.0.0;
  477. For notes on the availability of other commands, see their individual
  478. manual pages.
  479. The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and
  480. is silently ignored.
  481. The B<-xcertform> and B<-xkeyform> options
  482. are obsolete since OpenSSL 3.0 and have no effect.
  483. The interactive mode, which could be invoked by running C<openssl>
  484. with no further arguments, was removed in OpenSSL 3.0, and running
  485. that program with no arguments is now equivalent to C<openssl help>.
  486. =head1 COPYRIGHT
  487. Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
  488. Licensed under the Apache License 2.0 (the "License"). You may not use
  489. this file except in compliance with the License. You can obtain a copy
  490. in the file LICENSE in the source distribution or at
  491. L<https://www.openssl.org/source/license.html>.
  492. =cut