Commit bee3f3890547cc7f349b69ef63665ebcc80d48ed - openssl

+7

-0

CHANGES.md less more

49	49	behaviour of openssl-genpkey(1) for DH parameter generation.
50	50
51	51	Shane Lontis
	52
	53	* The openssl commands that read keys, certificates, and CRLs now
	54	automatically detect the PEM or DER format of the input files so it is not
	55	necessary to explicitly specify the input format anymore. However if the
	56	input format option is used the specified format will be required.
	57
	58	David von Oheimb, Richard Levitte, and Tomáš Mráz
52	59
53	60	* Added enhanced PKCS#12 APIs which accept a library context `OSSL_LIB_CTX`
54	61	and (where relevant) a property query. Other APIs which handle PKCS#7 and

+8

-11

doc/man1/openssl-ca.pod.in less more

113	113
114	114	=item B<-inform> B<DER>\|B<PEM>
115	115
116		The format of the data in certificate request input files.
117		The default is PEM.
	116	The format of the data in certificate request input files;
	117	unspecified by default.
	118	See L<openssl-format-options(1)> for details.
118	119
119	120	=item B<-ss_cert> I<filename>
120	121

149	150
150	151	=item B<-certform> B<DER>\|B<PEM>\|B<P12>
151	152
152		The format of the data in certificate input files.
153		This option has no effect and is retained for backward compatibility only.
	153	The format of the data in certificate input files; unspecified by default.
	154	See L<openssl-format-options(1)> for details.
154	155
155	156	=item B<-keyfile> I<filename>\|I<uri>
156	157

159	160
160	161	=item B<-keyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
161	162
162		The format of the private key input file; the default is B<PEM>.
163		The only value with effect is B<ENGINE>; all others have become obsolete.
	163	The format of the private key input file; unspecified by default.
164	164	See L<openssl-format-options(1)> for details.
165	165
166	166	=item B<-sigopt> I<nm>:I<v>

817	817
818	818	The B<-section> option was added in OpenSSL 3.0.0.
819	819
820		The B<-certform> and B<-multivalue-rdn> options
821		have become obsolete in OpenSSL 3.0.0 and have no effect.
822
823		All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
824		and have no effect.
	820	The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and
	821	has no effect.
825	822
826	823	The B<-engine> option was deprecated in OpenSSL 3.0.
827	824

+1

-2

doc/man1/openssl-cmp.pod.in less more

731	731
732	732	=item B<-keyform> I<PEM\|DER\|P12\|ENGINE>
733	733
734		The format of the key input.
735		The only value with effect is B<ENGINE>.
	734	The format of the key input; unspecified by default.
736	735	See L<openssl(1)/Format Options> for details.
737	736
738	737	=item B<-otherpass> I<arg>

+1

-5

doc/man1/openssl-cms.pod.in less more

240	240
241	241	=item B<-keyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
242	242
243		The format of the private key file; the default is B<PEM>.
244		The only value with effect is B<ENGINE>; all others have become obsolete.
	243	The format of the private key file; unspecified by default.
245	244	See L<openssl-format-options(1)> for details.
246	245
247	246	=item B<-rctform> B<DER>\|B<PEM>\|B<SMIME>

785	784
786	785	The -no_alt_chains option was added in OpenSSL 1.0.2b.
787	786
788		All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
789		and have no effect.
790
791	787	The B<-nameopt> option was added in OpenSSL 3.0.0.
792	788
793	789	The B<-engine> option was deprecated in OpenSSL 3.0.

+4

-9

doc/man1/openssl-crl.pod.in less more

46	46
47	47	=item B<-inform> B<DER>\|B<PEM>
48	48
49		The CRL input format.
50		This option has no effect and is retained for backward compatibility only.
	49	The CRL input format; unspecified by default.
	50	See L<openssl-format-options(1)> for details.
51	51
52	52	=item B<-outform> B<DER>\|B<PEM>
53	53

60	60
61	61	=item B<-keyform> B<DER>\|B<PEM>\|B<P12>
62	62
63		The format of the private key file.
64		This option has no effect and is retained for backward compatibility only.
	63	The format of the private key file; unspecified by default.
	64	See L<openssl-format-options(1)> for details.
65	65
66	66	=item B<-in> I<filename>
67	67

155	155	L<openssl-x509(1)>,
156	156	L<ossl_store-file(7)>
157	157
158		=head1 HISTORY
159
160		The B<-inform> and B<-keyform> options have become obsolete in OpenSSL 3.0.0
161		and have no effect.
162
163	158	=head1 COPYRIGHT
164	159
165	160	Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

+1

-5

doc/man1/openssl-dgst.pod.in less more

107	107
108	108	=item B<-keyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
109	109
110		The format of the key to sign with; the default is B<PEM>.
111		The only value with effect is B<ENGINE>; all others have become obsolete.
	110	The format of the key to sign with; unspecified by default.
112	111	See L<openssl-format-options(1)> for details.
113	112
114	113	=item B<-sigopt> I<nm>:I<v>

255	254	The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
256	255	The FIPS-related options were removed in OpenSSL 1.1.0.
257	256
258		All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
259		and have no effect.
260
261	257	The B<-engine> and B<-engine_impl> options were deprecated in OpenSSL 3.0.
262	258
263	259	=head1 COPYRIGHT

+7

-2

doc/man1/openssl-dsa.pod.in less more

54	54
55	55	Print out a usage message.
56	56
57		=item B<-inform> B<DER>\|B<PEM>, B<-outform> B<DER>\|B<PEM>
	57	=item B<-inform> B<DER>\|B<PEM>
58	58
59		The input and formats; the default is B<PEM>.
	59	The key input format; unspecified by default.
	60	See L<openssl-format-options(1)> for details.
	61
	62	=item B<-outform> B<DER>\|B<PEM>
	63
	64	The key output format; the default is B<PEM>.
60	65	See L<openssl-format-options(1)> for details.
61	66
62	67	Private keys are a sequence of B<ASN.1 INTEGERS>: the version (zero), B<p>,

+7

-2

doc/man1/openssl-dsaparam.pod.in less more

35	35
36	36	Print out a usage message.
37	37
38		=item B<-inform> B<DER>\|B<PEM>, B<-outform> B<DER>\|B<PEM>
	38	=item B<-inform> B<DER>\|B<PEM>
39	39
40		This option has become obsolete.
	40	The DSA parameters input format; unspecified by default.
	41	See L<openssl-format-options(1)> for details.
	42
	43	=item B<-outform> B<DER>\|B<PEM>
	44
	45	The DSA parameters output format; the default is B<PEM>.
41	46	See L<openssl-format-options(1)> for details.
42	47
43	48	Parameters are a sequence of B<ASN.1 INTEGER>s: B<p>, B<q>, and B<g>.

+2

-3

doc/man1/openssl-ec.pod.in less more

52	52
53	53	=item B<-inform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
54	54
55		The key input format; the default is B<PEM>.
56		The only value with effect is B<ENGINE>; all others have become obsolete.
	55	The key input format; unspecified by default.
57	56	See L<openssl-format-options(1)> for details.
58	57
59	58	=item B<-outform> B<DER>\|B<PEM>
60	59
61		The key output formats; the default is B<PEM>.
	60	The key output format; the default is B<PEM>.
62	61	See L<openssl-format-options(1)> for details.
63	62
64	63	Private keys are an SEC1 private key or PKCS#8 format.

+7

-2

doc/man1/openssl-ecparam.pod.in less more

42	42
43	43	Print out a usage message.
44	44
45		=item B<-inform> B<DER>\|B<PEM>, B<-outform> B<DER>\|B<PEM>
	45	=item B<-inform> B<DER>\|B<PEM>
46	46
47		The input and formats; the default is B<PEM>.
	47	The EC parameters input format; unspecified by default.
	48	See L<openssl-format-options(1)> for details.
	49
	50	=item B<-outform> B<DER>\|B<PEM>
	51
	52	The EC parameters output format; the default is B<PEM>.
48	53	See L<openssl-format-options(1)> for details.
49	54
50	55	Parameters are encoded as B<EcpkParameters> as specified in IETF RFC 3279.

+6

-4

doc/man1/openssl-format-options.pod less more

14	14
15	15	Several OpenSSL commands can take input or generate output in a variety
16	16	of formats.
	17
17	18	Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from
18		files in any of the B<DER>, B<PEM> or B<P12> formats,
19		while specifying their input format is no more needed.
	19	files in any of the B<DER>, B<PEM> or B<P12> formats. Specifying their input
	20	format is no more needed and the openssl commands will automatically try all
	21	the possible formats. However if the B<DER> or B<PEM> input format is specified
	22	it will be enforced.
	23
20	24	In order to access a key via an engine the input format B<ENGINE> may be used;
21	25	alternatively the key identifier in the <uri> argument of the respective key
22	26	option may be preceded by C<org.openssl.engine:>.

38	42	=item B<-keyform> I<format>
39	43
40	44	Format of a private key input source.
41		The only value with effect is B<ENGINE>; all others have become obsolete.
42		See L<openssl(1)/Format Options> for details.
43	45
44	46	=item B<-CRLform> I<format>
45	47

+1

-2

doc/man1/openssl-pkey.pod.in less more

77	77
78	78	=item B<-inform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
79	79
80		The key input format; the default is B<PEM>.
81		The only value with effect is B<ENGINE>; all others have become obsolete.
	80	The key input format; unspecified by default.
82	81	See L<openssl-format-options(1)> for details.
83	82
84	83	=item B<-passin> I<arg>

+2

-7

doc/man1/openssl-pkeyutl.pod.in less more

90	90
91	91	=item B<-keyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
92	92
93		The key format; the default is B<PEM>.
94		The only value with effect is B<ENGINE>; all others have become obsolete.
	93	The key format; unspecified by default.
95	94	See L<openssl-format-options(1)> for details.
96	95
97	96	=item B<-passin> I<arg>

105	104
106	105	=item B<-peerform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
107	106
108		The peer key format; the default is B<PEM>.
109		The only value with effect is B<ENGINE>; all others have become obsolete.
	107	The peer key format; unspecified by default.
110	108	See L<openssl-format-options(1)> for details.
111	109
112	110	=item B<-pubin>

409	407
410	408	=head1 HISTORY
411	409
412		All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
413		and have no effect.
414
415	410	The B<-engine> option was deprecated in OpenSSL 3.0.
416	411
417	412	=head1 COPYRIGHT

+4

-5

doc/man1/openssl-req.pod.in less more

73	73
74	74	=item B<-inform> B<DER>\|B<PEM>, B<-outform> B<DER>\|B<PEM>
75	75
76		The input and output formats; the default is B<PEM>.
	76	The input and output formats; unspecified by default.
77	77	See L<openssl-format-options(1)> for details.
78	78
79	79	The data is a PKCS#10 object.

196	196
197	197	=item B<-keyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
198	198
199		The format of the private key; the default is B<PEM>.
200		The only value with effect is B<ENGINE>; all others have become obsolete.
	199	The format of the private key; unspecified by default.
201	200	See L<openssl-format-options(1)> for details.
202	201
203	202	=item B<-keyout> I<filename>

736	735
737	736	The B<-section> option was added in OpenSSL 3.0.0.
738	737
739		All B<-keyform> values except B<ENGINE> and the B<-multivalue-rdn> option
740		have become obsolete in OpenSSL 3.0.0 and have no effect.
	738	The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and
	739	has no effect.
741	740
742	741	The B<-engine> option was deprecated in OpenSSL 3.0.
743	742	The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead.

+1

-2

doc/man1/openssl-rsa.pod.in less more

59	59
60	60	=item B<-inform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
61	61
62		The key input format; the default is B<PEM>.
63		The only value with effect is B<ENGINE>; all others have become obsolete.
	62	The key input format; unspecified by default.
64	63	See L<openssl-format-options(1)> for details.
65	64
66	65	=item B<-outform> B<DER>\|B<PEM>

+1

-5

doc/man1/openssl-rsautl.pod.in less more

72	72
73	73	=item B<-keyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
74	74
75		The key format; the default is B<PEM>.
76		The only value with effect is B<ENGINE>; all others have become obsolete.
	75	The key format; unspecified by default.
77	76	See L<openssl-format-options(1)> for details.
78	77
79	78	=item B<-pubin>

230	229
231	230	This command was deprecated in OpenSSL 3.0.
232	231
233		All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
234		and have no effect.
235
236	232	The B<-engine> option was deprecated in OpenSSL 3.0.
237	233
238	234	=head1 COPYRIGHT

+4

-8

doc/man1/openssl-s_client.pod.in less more

242	242
243	243	=item B<-certform> B<DER>\|B<PEM>\|B<P12>
244	244
245		The client certificate file format to use; the default is B<PEM>.
246		This option has no effect and is retained for backward compatibility only.
	245	The client certificate file format to use; unspecified by default.
	246	See L<openssl-format-options(1)> for details.
247	247
248	248	=item B<-cert_chain>
249	249

262	262
263	263	=item B<-CRLform> B<DER>\|B<PEM>
264	264
265		The CRL file format; the default is B<PEM>.
	265	The CRL file format; unspecified by default.
266	266	See L<openssl-format-options(1)> for details.
267	267
268	268	=item B<-crl_download>

276	276
277	277	=item B<-keyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
278	278
279		The key format; the default is B<PEM>.
280		The only value with effect is B<ENGINE>; all others have become obsolete.
	279	The key format; unspecified by default.
281	280	See L<openssl-format-options(1)> for details.
282	281
283	282	=item B<-pass> I<arg>

911	910
912	911	The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect.
913	912
914		All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
915		and have no effect.
916
917	913	The B<-engine> option was deprecated in OpenSSL 3.0.
918	914
919	915	=head1 COPYRIGHT

+8

-16

doc/man1/openssl-s_server.pod.in less more

224	224
225	225	=item B<-certform> B<DER>\|B<PEM>\|B<P12>
226	226
227		The server certificate file format.
228		This option has no effect and is retained for backward compatibility only.
	227	The server certificate file format; unspecified by default.
	228	See L<openssl-format-options(1)> for details.
229	229
230	230	=item B<-cert_chain>
231	231

257	257
258	258	=item B<-keyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
259	259
260		The key format; the default is B<PEM>.
261		The only value with effect is B<ENGINE>; all others have become obsolete.
	260	The key format; unspecified by default.
262	261	See L<openssl-format-options(1)> for details.
263	262
264	263	=item B<-pass> I<val>

287	286
288	287	=item B<-dcertform> B<DER>\|B<PEM>\|B<P12>
289	288
290		The format of the additional certificate file.
291		This option has no effect and is retained for backward compatibility only.
	289	The format of the additional certificate file; unspecified by default.
	290	See L<openssl-format-options(1)> for details.
292	291
293	292	=item B<-dkeyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
294	293
295		The format of the additional private key; the default is B<PEM>.
296		The only value with effect is B<ENGINE>; all others have become obsolete.
297		See L<openssl-format-options(1)>.
	294	The format of the additional private key; unspecified by default.
	295	See L<openssl-format-options(1)> for details.
298	296
299	297	=item B<-dpass> I<val>
300	298

332	330
333	331	=item B<-CRLform> B<DER>\|B<PEM>
334	332
335		The CRL file format; the default is B<PEM>.
	333	The CRL file format; unspecified by default.
336	334	See L<openssl-format-options(1)> for details.
337	335
338	336	=item B<-crl_download>

843	841	The
844	842	-allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1.
845	843
846		All B<-keyform> and B<-dkeyform> values except B<ENGINE>
847		have become obsolete in OpenSSL 3.0.0 and have no effect.
848
849		The B<-certform> and B<-dcertform> options have become obsolete in OpenSSL 3.0.0
850		and have no effect.
851
852	844	The B<-engine> option was deprecated in OpenSSL 3.0.
853	845
854	846	=head1 COPYRIGHT

+1

-5

doc/man1/openssl-smime.pod.in less more

126	126
127	127	=item B<-keyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
128	128
129		The key format; the default is B<PEM>.
130		The only value with effect is B<ENGINE>; all others have become obsolete.
	129	The key format; unspecified by default.
131	130	See L<openssl-format-options(1)> for details.
132	131
133	132	=item B<-stream>, B<-indef>, B<-noindef>

480	479
481	480	The -no_alt_chains option was added in OpenSSL 1.1.0.
482	481
483		All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
484		and have no effect.
485
486	482	The B<-engine> option was deprecated in OpenSSL 3.0.
487	483
488	484	=head1 COPYRIGHT

+1

-5

doc/man1/openssl-spkac.pod.in less more

59	59
60	60	=item B<-keyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
61	61
62		The key format; the default is B<PEM>.
63		The only value with effect is B<ENGINE>; all others have become obsolete.
	62	The key format; unspecified by default.
64	63	See L<openssl-format-options(1)> for details.
65	64
66	65	=item B<-passin> I<arg>

149	148
150	149	=head1 HISTORY
151	150
152		All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0
153		and have no effect.
154
155	151	The B<-engine> option was deprecated in OpenSSL 3.0.
156	152
157	153	=head1 COPYRIGHT

+5

-12

doc/man1/openssl-x509.pod.in less more

153	153
154	154	=item B<-inform> B<DER>\|B<PEM>
155	155
156		The CSR input file format; the default is B<PEM>.
	156	The input file format; unspecified by default.
157	157	See L<openssl-format-options(1)> for details.
158	158
159	159	=item B<-vfyopt> I<nm>:I<v>

180	180
181	181	=item B<-keyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
182	182
183		The key input format; the default is B<PEM>.
184		The only value with effect is B<ENGINE>; all others have become obsolete.
	183	The key input format; unspecified by default.
185	184	See L<openssl-format-options(1)> for details.
186	185
187	186	=item B<-out> I<filename>

467	466
468	467	=item B<-CAform> B<DER>\|B<PEM>\|B<P12>,
469	468
470		The format for the CA certificate.
471		This option has no effect and is retained for backward compatibility.
	469	The format for the CA certificate; unspecifed by default.
	470	See L<openssl-format-options(1)> for details.
472	471
473	472	=item B<-CAkey> I<filename>\|I<uri>
474	473

478	477
479	478	=item B<-CAkeyform> B<DER>\|B<PEM>\|B<P12>\|B<ENGINE>
480	479
481		The format for the CA key; the default is B<PEM>.
482		The only value with effect is B<ENGINE>; all others have become obsolete.
	480	The format for the CA key; unspecified by default.
483	481	See L<openssl-format-options(1)> for details.
484	482
485	483	=item B<-CAserial> I<filename>

878	876	The B<-signkey> option has been renamed to B<-key> in OpenSSL 3.0,
879	877	keeping the old name as an alias.
880	878
881		All B<-keyform> and B<-CAkeyform> values except B<ENGINE>
882		have become obsolete in OpenSSL 3.0.0 and have no effect.
883
884		The B<-CAform> option has become obsolete in OpenSSL 3.0.0 and has no effect.
885
886	879	The B<-engine> option was deprecated in OpenSSL 3.0.
887	880
888	881	The B<-C> option was removed in OpenSSL 3.0.