mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
65718c516e
Add cmd-nits make target. Listing options should stop when it hits the "parameters" separator. Add missing .pod.in files to doc/man1/build.info Tweak find-doc-nits to try openssl-XXX before XXX for POD files and change an error messavge to be more useful. Fix the following pages: ca, cms, crl, dgst, enc, engine, errstr, gendsa, genrsa, list, ocsp, passwd, pkcs7, pkcs12, rand, rehash, req, rsautil, s_server, speed, s_time, sess_id, smime, srp, ts, x509. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/10873)
161 lines
3.0 KiB
Plaintext
161 lines
3.0 KiB
Plaintext
=pod
|
|
{- OpenSSL::safe::output_do_not_edit_headers(); -}
|
|
|
|
=head1 NAME
|
|
|
|
openssl-crl - CRL utility
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
B<openssl> B<crl>
|
|
[B<-help>]
|
|
[B<-inform> B<DER>|B<PEM>]
|
|
[B<-outform> B<DER>|B<PEM>]
|
|
[B<-key> I<filename>]
|
|
[B<-keyform> B<DER>|B<PEM>|B<ENGINE>]
|
|
[B<-text>]
|
|
[B<-in> I<filename>]
|
|
[B<-out> I<filename>]
|
|
[B<-gendelta> I<filename>]
|
|
[B<-badsig>]
|
|
[B<-verify>]
|
|
[B<-noout>]
|
|
[B<-hash>]
|
|
[B<-hash_old>]
|
|
[B<-fingerprint>]
|
|
[B<-crlnumber>]
|
|
[B<-issuer>]
|
|
[B<-lastupdate>]
|
|
[B<-nextupdate>]
|
|
{- $OpenSSL::safe::opt_name_synopsis -}
|
|
{- $OpenSSL::safe::opt_trust_synopsis -}
|
|
|
|
=for openssl ifdef hash_old
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
This command processes CRL files in DER or PEM format.
|
|
|
|
=head1 OPTIONS
|
|
|
|
=over 4
|
|
|
|
=item B<-help>
|
|
|
|
Print out a usage message.
|
|
|
|
=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
|
|
|
|
The input and output formats of the CRL; the default is B<PEM>.
|
|
See L<openssl(1)/Format Options> for details.
|
|
|
|
=item B<-key> I<filename>
|
|
|
|
The private key to be used to sign the CRL.
|
|
|
|
=item B<-keyform> B<DER>|B<PEM>|B<ENGINE>
|
|
|
|
The format of the private key file; the default is B<PEM>.
|
|
See L<openssl(1)/Format Options> for details.
|
|
|
|
=item B<-in> I<filename>
|
|
|
|
This specifies the input filename to read from or standard input if this
|
|
option is not specified.
|
|
|
|
=item B<-out> I<filename>
|
|
|
|
Specifies the output filename to write to or standard output by
|
|
default.
|
|
|
|
=item B<-gendelta> I<filename>
|
|
|
|
Output a comparison of the main CRL and the one specified here.
|
|
|
|
=item B<-badsig>
|
|
|
|
Corrupt the signature before writing it; this can be useful
|
|
for testing.
|
|
|
|
=item B<-text>
|
|
|
|
Print out the CRL in text form.
|
|
|
|
=item B<-verify>
|
|
|
|
Verify the signature in the CRL.
|
|
|
|
=item B<-noout>
|
|
|
|
Don't output the encoded version of the CRL.
|
|
|
|
=item B<-fingerprint>
|
|
|
|
Output the fingerprint of the CRL.
|
|
|
|
=item B<-crlnumber>
|
|
|
|
Output the number of the CRL.
|
|
|
|
=item B<-hash>
|
|
|
|
Output a hash of the issuer name. This can be use to lookup CRLs in
|
|
a directory by issuer name.
|
|
|
|
=item B<-hash_old>
|
|
|
|
Outputs the "hash" of the CRL issuer name using the older algorithm
|
|
as used by OpenSSL before version 1.0.0.
|
|
|
|
=item B<-issuer>
|
|
|
|
Output the issuer name.
|
|
|
|
=item B<-lastupdate>
|
|
|
|
Output the lastUpdate field.
|
|
|
|
=item B<-nextupdate>
|
|
|
|
Output the nextUpdate field.
|
|
|
|
{- $OpenSSL::safe::opt_name_item -}
|
|
|
|
{- $OpenSSL::safe::opt_trust_item -}
|
|
|
|
=back
|
|
|
|
=head1 EXAMPLES
|
|
|
|
Convert a CRL file from PEM to DER:
|
|
|
|
openssl crl -in crl.pem -outform DER -out crl.der
|
|
|
|
Output the text form of a DER encoded certificate:
|
|
|
|
openssl crl -in crl.der -inform DER -text -noout
|
|
|
|
=head1 BUGS
|
|
|
|
Ideally it should be possible to create a CRL using appropriate options
|
|
and files too.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<openssl(1)>,
|
|
L<openssl-crl2pkcs7(1)>,
|
|
L<openssl-ca(1)>,
|
|
L<openssl-x509(1)>,
|
|
L<ossl_store-file(7)>
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|