mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
6d382c74b3
This also adds the more flexible and general load_key_cert_crl() as well as helper functions get_passwd(), cleanse(), and clear_free() to be used also in apps/cmp.c etc. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11755)
174 lines
3.3 KiB
Plaintext
174 lines
3.3 KiB
Plaintext
=pod
|
|
{- OpenSSL::safe::output_do_not_edit_headers(); -}
|
|
|
|
=head1 NAME
|
|
|
|
openssl-crl - CRL command
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
B<openssl> B<crl>
|
|
[B<-help>]
|
|
[B<-inform> B<DER>|B<PEM>]
|
|
[B<-outform> B<DER>|B<PEM>]
|
|
[B<-key> I<filename>]
|
|
[B<-keyform> B<DER>|B<PEM>|B<P12>]
|
|
[B<-text>]
|
|
[B<-in> I<filename>]
|
|
[B<-out> I<filename>]
|
|
[B<-gendelta> I<filename>]
|
|
[B<-badsig>]
|
|
[B<-verify>]
|
|
[B<-noout>]
|
|
[B<-hash>]
|
|
[B<-hash_old>]
|
|
[B<-fingerprint>]
|
|
[B<-crlnumber>]
|
|
[B<-issuer>]
|
|
[B<-lastupdate>]
|
|
[B<-nextupdate>]
|
|
{- $OpenSSL::safe::opt_name_synopsis -}
|
|
{- $OpenSSL::safe::opt_trust_synopsis -}
|
|
{- $OpenSSL::safe::opt_provider_synopsis -}
|
|
|
|
=for openssl ifdef hash_old
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
This command processes CRL files in DER or PEM format.
|
|
|
|
=head1 OPTIONS
|
|
|
|
=over 4
|
|
|
|
=item B<-help>
|
|
|
|
Print out a usage message.
|
|
|
|
=item B<-inform> B<DER>|B<PEM>
|
|
|
|
The CRL input format.
|
|
This option has no effect and is retained for backward compatibility only.
|
|
|
|
=item B<-outform> B<DER>|B<PEM>
|
|
|
|
The CRL output format; the default is B<PEM>.
|
|
See L<openssl(1)/Format Options> for details.
|
|
|
|
=item B<-key> I<filename>
|
|
|
|
The private key to be used to sign the CRL.
|
|
|
|
=item B<-keyform> B<DER>|B<PEM>|B<P12>
|
|
|
|
The format of the private key file.
|
|
This option has no effect and is retained for backward compatibility only.
|
|
|
|
=item B<-in> I<filename>
|
|
|
|
This specifies the input filename to read from or standard input if this
|
|
option is not specified.
|
|
|
|
=item B<-out> I<filename>
|
|
|
|
Specifies the output filename to write to or standard output by
|
|
default.
|
|
|
|
=item B<-gendelta> I<filename>
|
|
|
|
Output a comparison of the main CRL and the one specified here.
|
|
|
|
=item B<-badsig>
|
|
|
|
Corrupt the signature before writing it; this can be useful
|
|
for testing.
|
|
|
|
=item B<-text>
|
|
|
|
Print out the CRL in text form.
|
|
|
|
=item B<-verify>
|
|
|
|
Verify the signature in the CRL.
|
|
|
|
=item B<-noout>
|
|
|
|
Don't output the encoded version of the CRL.
|
|
|
|
=item B<-fingerprint>
|
|
|
|
Output the fingerprint of the CRL.
|
|
|
|
=item B<-crlnumber>
|
|
|
|
Output the number of the CRL.
|
|
|
|
=item B<-hash>
|
|
|
|
Output a hash of the issuer name. This can be use to lookup CRLs in
|
|
a directory by issuer name.
|
|
|
|
=item B<-hash_old>
|
|
|
|
Outputs the "hash" of the CRL issuer name using the older algorithm
|
|
as used by OpenSSL before version 1.0.0.
|
|
|
|
=item B<-issuer>
|
|
|
|
Output the issuer name.
|
|
|
|
=item B<-lastupdate>
|
|
|
|
Output the lastUpdate field.
|
|
|
|
=item B<-nextupdate>
|
|
|
|
Output the nextUpdate field.
|
|
|
|
{- $OpenSSL::safe::opt_name_item -}
|
|
|
|
{- $OpenSSL::safe::opt_trust_item -}
|
|
|
|
{- $OpenSSL::safe::opt_provider_item -}
|
|
|
|
=back
|
|
|
|
=head1 EXAMPLES
|
|
|
|
Convert a CRL file from PEM to DER:
|
|
|
|
openssl crl -in crl.pem -outform DER -out crl.der
|
|
|
|
Output the text form of a DER encoded certificate:
|
|
|
|
openssl crl -in crl.der -text -noout
|
|
|
|
=head1 BUGS
|
|
|
|
Ideally it should be possible to create a CRL using appropriate options
|
|
and files too.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<openssl(1)>,
|
|
L<openssl-crl2pkcs7(1)>,
|
|
L<openssl-ca(1)>,
|
|
L<openssl-x509(1)>,
|
|
L<ossl_store-file(7)>
|
|
|
|
=head1 HISTORY
|
|
|
|
The B<-inform> and B<-keyform> options have become obsolete in OpenSSL 3.0.0
|
|
and have no effect.
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|