Common wording courtesy Richard Levitte.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10128)
doc/man1/openssl-crl.pod
doc/man1/openssl-dgst.pod
doc/man1/openssl-dhparam.pod
+doc/man1/openssl-dsa.pod
doc/man1/openssl-dsaparam.pod
+doc/man1/openssl-ec.pod
doc/man1/openssl-ecparam.pod
doc/man1/openssl-enc.pod
+doc/man1/openssl-engine.pod
doc/man1/openssl-gendsa.pod
+doc/man1/openssl-genpkey.pod
doc/man1/openssl-genrsa.pod
+doc/man1/openssl-info.pod
+doc/man1/openssl-list.pod
doc/man1/openssl-ocsp.pod
doc/man1/openssl-passwd.pod
doc/man1/openssl-pkcs12.pod
+doc/man1/openssl-pkcs7.pod
doc/man1/openssl-pkcs8.pod
+doc/man1/openssl-pkey.pod
+doc/man1/openssl-pkeyparam.pod
doc/man1/openssl-pkeyutl.pod
doc/man1/openssl-rand.pod
doc/man1/openssl-req.pod
+doc/man1/openssl-rsa.pod
doc/man1/openssl-rsautl.pod
doc/man1/openssl-s_client.pod
doc/man1/openssl-s_server.pod
doc/man1/openssl-s_time.pod
doc/man1/openssl-smime.pod
doc/man1/openssl-speed.pod
+doc/man1/openssl-spkac.pod
doc/man1/openssl-srp.pod
+doc/man1/openssl-storeutl.pod
doc/man1/openssl-ts.pod
doc/man1/openssl-verify.pod
doc/man1/openssl-x509.pod
+doc/man1/openssl.pod
# error code files
/crypto/err/openssl.txt.old
[B<-msie_hack>]
[B<-extensions> I<section>]
[B<-extfile> I<section>]
-[B<-engine> I<id>]
[B<-subj> I<arg>]
[B<-utf8>]
[B<-sigopt> I<nm>:I<v>]
[B<-sm2-id> I<string>]
[B<-sm2-hex-id> I<hex-string>]
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
[I<certreq>...]
=for openssl ifdef engine sm2-id sm2-hex-id
(using the default section unless the B<-extensions> option is also
used).
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause B<ca>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
=item B<-subj> I<arg>
Supersedes subject name given in the request.
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+
=back
=head1 CRL OPTIONS
[B<-hmac> I<key>]
[B<-fips-fingerprint>]
[B<-engine> I<id>]
-[B<-engine_impl>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
[I<file> ...]
Compute HMAC using a specific key for certain OpenSSL-FIPS operations.
-=item B<-engine> I<id>
-
-Use engine I<id> for operations (including private key storage).
-This engine is not used as source for digest algorithms, unless it is
-also specified in the configuration file or B<-engine_impl> is also
-specified.
-
=item B<-engine_impl>
When used with the B<-engine> option, it specifies to also use
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+The engine is not used for digests unless the B<-engine_impl> option is
+used or it is configured to do so, see L<config(5)/Engine Configuration Module>.
+
=item I<file> ...
File or files to digest. If no files are specified then standard input is
[B<-2>]
[B<-3>]
[B<-5>]
-[B<-engine> I<id>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
[I<numbits>]
This option converts the parameters into C code. The parameters can then
be loaded by calling the get_dhNNNN() function.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause B<dhparam>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
+{- $OpenSSL::safe::opt_engine_item -}
{- $OpenSSL::safe::opt_r_item -}
=pod
+=begin comment
+{- join("\n", @autowarntext) -}
+
+=end comment
+
=head1 NAME
openssl-dsa - DSA key processing
[B<-modulus>]
[B<-pubin>]
[B<-pubout>]
-[B<-engine> I<id>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef pvk-string pvk-weak pvk-none engine
key will be output instead. This option is automatically set if the input is
a public key.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause L<openssl-dsa(1)>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
+{- $OpenSSL::safe::opt_engine_item -}
=back
[B<-text>]
[B<-C>]
[B<-genkey>]
-[B<-engine> I<id>]
[B<-verbose>]
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
[I<numbits>]
=head1 DESCRIPTION
This option will generate a DSA either using the specified or generated
parameters.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
=item B<-verbose>
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+
=item I<numbits>
This option specifies that a parameter set should be generated of size
=pod
+=begin comment
+{- join("\n", @autowarntext) -}
+
+=end comment
+
=head1 NAME
openssl-ec - EC key processing
[B<-param_enc> I<arg>]
[B<-no_public>]
[B<-check>]
-[B<-engine> I<id>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
This option checks the consistency of an EC private or public key.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
+{- $OpenSSL::safe::opt_engine_item -}
=back
[B<-param_enc> I<arg>]
[B<-no_seed>]
[B<-genkey>]
-[B<-engine> I<id>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
=for openssl ifdef engine
This option will generate an EC private key using the specified parameters.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause B<ecparam>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
+{- $OpenSSL::safe::opt_engine_item -}
{- $OpenSSL::safe::opt_r_item -}
[B<-nopad>]
[B<-debug>]
[B<-none>]
-[B<-engine> I<id>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
=for openssl ifdef z engine
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+
=back
=head1 NOTES
Engines which provide entirely new encryption algorithms (such as the ccgost
engine which provides gost89 algorithm) should be configured in the
-configuration file. Engines specified on the command line using -engine
-options can only be used for hardware-assisted implementations of
+configuration file. Engines specified on the command line using B<-engine>
+option can only be used for hardware-assisted implementations of
ciphers which are supported by the OpenSSL core or another engine specified
in the configuration file.
[B<-des>]
[B<-des3>]
[B<-idea>]
-[B<-engine> I<id>]
[B<-verbose>]
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
[I<paramfile>]
=for openssl ifdef engine
cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified no encryption is used.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
=item B<-verbose>
Print extra details about the operations being performed.
+{- $OpenSSL::safe::opt_r_item -}
+
+{- $OpenSSL::safe::opt_engine_item -}
+
=item I<paramfile>
The DSA parameter file to use. The parameters in this file determine
the size of the private key. DSA parameters can be generated and
examined using the L<openssl-dsaparam(1)> command.
-{- $OpenSSL::safe::opt_r_item -}
-
=back
=head1 NOTES
=pod
+=begin comment
+{- join("\n", @autowarntext) -}
+
+=end comment
+
=head1 NAME
openssl-genpkey - generate a private key
[B<-outform> B<DER>|B<PEM>]
[B<-pass> I<arg>]
[B<-I<cipher>>]
-[B<-engine> I<id>]
[B<-paramfile> I<file>]
[B<-algorithm> I<alg>]
[B<-pkeyopt> I<opt>:I<value>]
[B<-genparam>]
[B<-text>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
This option encrypts the private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms. If used this option should precede all other
-options.
-
=item B<-algorithm> I<alg>
Public key algorithm to use such as RSA, DSA or DH. If used this option must
Print an (unencrypted) text representation of private and public keys and
parameters along with the PEM or DER structure.
+{- $OpenSSL::safe::opt_engine_item -}
+
=back
=head1 KEY GENERATION OPTIONS
[B<-des3>]
[B<-idea>]
[B<-f4>|B<-3>]
-[B<-engine> I<id>]
[B<-primes> I<num>]
[B<-verbose>]
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
[B<numbits>]
=for openssl ifdef engine
The public exponent to use, either 65537 or 3. The default is 65537.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
=item B<-primes> I<num>
Specify the number of primes to use while generating the RSA key. The I<num>
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+
=item B<numbits>
The size of the private key to generate in bits. This must be the last option
[B<-CSP> I<name>]
{- $OpenSSL::safe::opt_trust_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+
=back
=head1 NOTES
=pod
+=begin comment
+{- join("\n", @autowarntext) -}
+
+=end comment
+
=head1 NAME
openssl-pkcs7 - PKCS#7 utility
[B<-print_certs>]
[B<-text>]
[B<-noout>]
-[B<-engine> I<id>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
Don't output the encoded version of the PKCS#7 structure (or certificates
is B<-print_certs> is set).
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
+{- $OpenSSL::safe::opt_engine_item -}
=back
[B<-v2> I<alg>]
[B<-v2prf> I<alg>]
[B<-v1> I<alg>]
-[B<-engine> I<id>]
[B<-scrypt>]
[B<-scrypt_N> I<N>]
[B<-scrypt_r> I<r>]
[B<-scrypt_p> I<p>]
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine scrypt scrypt_N scrypt_r scrypt_p
older implementations may not support PKCS#5 v2.0 and may require this option.
If not specified PKCS#5 v2.0 form is used.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
=item B<-scrypt>
Uses the B<scrypt> algorithm for private key encryption using default
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+
=back
=head1 NOTES
=pod
+=begin comment
+{- join("\n", @autowarntext) -}
+
+=end comment
+
=head1 NAME
openssl-pkey - public or private key processing tool
[B<-noout>]
[B<-pubin>]
[B<-pubout>]
-[B<-engine> I<id>]
[B<-check>]
[B<-pubcheck>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
key will be output instead. This option is automatically set if
the input is a public key.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
=item B<-check>
This option checks the consistency of a key pair for both public and private
This option checks the correctness of either a public key or the public component
of a key pair.
+{- $OpenSSL::safe::opt_engine_item -}
+
=back
=head1 EXAMPLES
=pod
+=begin comment
+{- join("\n", @autowarntext) -}
+
+=end comment
+
=head1 NAME
openssl-pkeyparam - public key algorithm parameter processing tool
[B<-out> I<filename>]
[B<-text>]
[B<-noout>]
-[B<-engine> I<id>]
[B<-check>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
Do not output the encoded version of the parameters.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
=item B<-check>
This option checks the correctness of parameters.
+{- $OpenSSL::safe::opt_engine_item -}
+
=back
=head1 EXAMPLES
[B<-pkeyopt_passin> I<opt>[:I<passarg>]]
[B<-hexdump>]
[B<-asn1parse>]
-[B<-engine> I<id>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
[B<-engine_impl>]
{- $OpenSSL::safe::opt_r_synopsis -}
Parse the ASN.1 output data, this is useful when combined with the
B<-verifyrecover> option when an ASN1 structure is signed.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
+{- $OpenSSL::safe::opt_engine_item -}
=item B<-engine_impl>
[B<-sigopt> I<nm>:I<v>]
[B<-batch>]
[B<-verbose>]
-[B<-engine> I<id>]
[B<-sm2-id> I<string>]
[B<-sm2-hex-id> I<hex-string>]
{- $OpenSSL::safe::opt_name_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine keygen_engine sm2-id sm2-hex-id
Print extra details about the operations being performed.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
=item B<-keygen_engine> I<id>
Specifies an engine (by its unique I<id> string) which would be used
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+
=back
=head1 CONFIGURATION FILE FORMAT
=pod
+=begin comment
+{- join("\n", @autowarntext) -}
+
+=end comment
+
=head1 NAME
openssl-rsa - RSA key processing tool
[B<-pubout>]
[B<-RSAPublicKey_in>]
[B<-RSAPublicKey_out>]
-[B<-engine> I<id>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef pvk-strong pvk-weak pvk-none engine
Like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
+{- $OpenSSL::safe::opt_engine_item -}
=back
[B<-starttls> I<protocol>]
[B<-xmpphost> I<hostname>]
[B<-name> I<hostname>]
-[B<-engine> I<id>]
[B<-tlsextdebug>]
[B<-no_ticket>]
[B<-sess_out> I<filename>]
{- $OpenSSL::safe::opt_x_synopsis -}
{- $OpenSSL::safe::opt_trust_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
[I<host>:I<port>]
=for openssl ifdef engine ssl_client_engine ct noct ctlogfile
Load SSL session from I<filename>. The client will attempt to resume a
connection from this session.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
=item B<-serverinfo> I<types>
A list of comma-separated TLS Extension Types (numbers between 0 and
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+
=back
=head1 CONNECTED COMMANDS
[B<-nextprotoneg> I<val>]
[B<-use_srtp> I<val>]
[B<-alpn> I<val>]
-[B<-engine> I<val>]
[B<-keylogfile> I<outfile>]
[B<-max_early_data> I<int>]
[B<-early_data>]
{- $OpenSSL::safe::opt_x_synopsis -}
{- $OpenSSL::safe::opt_trust_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef unix 4 6 unlink no_dhe nextprotoneg use_srtp engine
"spdy/3".
The flag B<-nextprotoneg> cannot be specified if B<-tls1_3> is used.
-=item B<-engine> I<val>
-
-Specifying an engine (by its unique id string in I<val>) will cause
-this command to attempt to obtain a functional reference to the
-specified engine, thus initialising it if needed. The engine will then be
-set as the default for all available algorithms.
-
=item B<-keylogfile> I<outfile>
Appends TLS secrets to the specified keylog file such that external programs
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+
=back
=head1 CONNECTED COMMANDS
B<openssl speed>
[B<-help>]
-[B<-engine> I<id>]
[B<-elapsed>]
[B<-evp> I<algo>]
[B<-hmac> I<algo>]
[B<-seconds> I<num>]
[B<-bytes> I<num>]
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
[I<algorithm> ...]
=for openssl ifdef cmac multi async_jobs engine
Print out a usage message.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
=item B<-elapsed>
When calculating operations- or bytes-per-second, use wall-clock time
{- $OpenSSL::safe::opt_r_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+
=item I<algorithm> ...
If any I<algorithm> is given, then those algorithms are tested, otherwise a
=pod
+=begin comment
+{- join("\n", @autowarntext) -}
+
+=end comment
+
=head1 NAME
openssl-spkac - SPKAC printing and generating utility
[B<-spksect> I<section>]
[B<-noout>]
[B<-verify>]
-[B<-engine> I<id>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine
Verifies the digital signature on the supplied SPKAC.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
+{- $OpenSSL::safe::opt_engine_item -}
=back
=pod
+=begin comment
+{- join("\n", @autowarntext) -}
+
+=end comment
+
=head1 NAME
openssl-storeutl - STORE utility
[B<-noout>]
[B<-passin> I<arg>]
[B<-text> I<arg>]
-[B<-engine> I<id>]
[B<-r>]
[B<-certs>]
[B<-keys>]
[B<-alias> I<arg>]
[B<-fingerprint> I<arg>]
[B<-I<digest>>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
I<uri> ...
=head1 DESCRIPTION
Prints out the objects in text form, similarly to the B<-text> output from
L<openssl-x509(1)>, L<openssl-pkey(1)>, etc.
-=item B<-engine> I<id>
-
-specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed.
-The engine will then be set as the default for all available algorithms.
-
=item B<-r>
Fetch objects recursively when possible.
The digest that was used to compute the fingerprint given with B<-fingerprint>.
+{- $OpenSSL::safe::opt_engine_item -}
+
=back
=head1 SEE ALSO
[B<-out> I<response.tsr>]
[B<-token_out>]
[B<-text>]
-[B<-engine> I<id>]
+{- $OpenSSL::safe::opt_engine_synopsis -}
B<openssl> B<ts>
B<-verify>
If this option is specified the output is human-readable text format
instead of DER. (Optional)
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms. Default is built-in. (Optional)
+{- $OpenSSL::safe::opt_engine_item -}
=back
[B<-crl_download>]
[B<-crl_check>]
[B<-crl_check_all>]
-[B<-engine> I<id>]
[B<-explicit_policy>]
[B<-extended_crl>]
[B<-ignore_critical>]
[B<-sm2-hex-id> I<hex-string>]
{- $OpenSSL::safe::opt_name_synopsis -}
{- $OpenSSL::safe::opt_trust_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
[B<-->]
[I<certificate> ...]
Checks the validity of B<all> certificates in the chain by attempting
to look up valid CRLs.
-=item B<-engine> I<id>
-
-Specifying an engine I<id> will cause this command to attempt to load the
-specified engine.
-The engine will then be set as the default for all its supported algorithms.
-If you want to load certificates or CRLs that require engine support via any of
-the B<-trusted>, B<-untrusted> or B<-CRLfile> options, the B<-engine> option
-must be specified before those options.
-
=item B<-explicit_policy>
Set policy variable require-explicit-policy (see RFC5280).
{- $OpenSSL::safe::opt_trust_item -}
+{- $OpenSSL::safe::opt_engine_item -}
+To load certificates or CRLs that require engine support, specify the
+B<-engine> option before any of the
+B<-trusted>, B<-untrusted> or B<-CRLfile> options.
+
=item B<-->
Indicates the last option. All arguments following this are assumed to be
[B<-extfile> I<filename>]
[B<-extensions> I<section>]
[B<-sigopt> I<nm>:I<v>]
-[B<-engine> I<id>]
[B<-preserve_dates>]
{- $OpenSSL::safe::opt_name_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_synopsis -}
=for openssl ifdef engine subject_hash_old issuer_hash_old
If not specified then SHA1 is used with B<-fingerprint> or
the default digest for the signing algorithm is used, typically SHA256.
-=item B<-engine> I<id>
-
-Specifying an engine (by its unique I<id> string) will cause this command
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
=item B<-preserve_dates>
When signing a certificate, preserve the "notBefore" and "notAfter" dates
{- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_engine_item -}
+
=back
=head2 Display Options
=back
+=head2 Engine Options
+
+=over 4
+
+=item B<-engine> I<id>
+
+Use the engine identified by I<id> and use all the methods it
+implements (algorithms, key storage, etc.), unless specified otherwise in
+the command-specific documentation or it is configured to do so, as described
+in L<config(5)/Engine Configuration Module>.
+
+=back
+
=head1 ENVIRONMENT
The OpenSSL library can be take some configuration parameters from the
. "\n"
. "See L<openssl(1)/Random State Options> for details.";
+# Engine option
+$OpenSSL::safe::opt_engine_synopsis = ""
+. "[B<-engine> I<id>]";
+$OpenSSL::safe::opt_engine_item = ""
+. "=item B<-engine> I<id>\n"
+. "\n"
+. "See L<openssl(1)/Engine Options>.";
+
# Trusted certs options
$OpenSSL::safe::opt_trust_synopsis = ""
. "[B<-CAfile> I<file>]\n"
projects / thirdparty / openssl.git / commitdiff
