doc/man1/crl.pod - third_party/openssl - Git at Google

 =pod

 =head1 NAME

 crl - CRL utility

 =head1 SYNOPSIS

 B<openssl> B<crl>
 [B<-help>]
 [B<-inform PEM|DER>]
 [B<-outform PEM|DER>]
 [B<-text>]
 [B<-in filename>]
 [B<-out filename>]
 [B<-nameopt option>]
 [B<-noout>]
 [B<-hash>]
 [B<-issuer>]
 [B<-lastupdate>]
 [B<-nextupdate>]
 [B<-CAfile file>]
 [B<-CApath dir>]

 =head1 DESCRIPTION

 The B<crl> command processes CRL files in DER or PEM format.

 =head1 OPTIONS

 =over 4

 =item B<-help>

 Print out a usage message.

 =item B<-inform DER|PEM>

 This specifies the input format. B<DER> format is DER encoded CRL
 structure. B<PEM> (the default) is a base64 encoded version of
 the DER form with header and footer lines.

 =item B<-outform DER|PEM>

 This specifies the output format, the options have the same meaning as the
 B<-inform> option.

 =item B<-in filename>

 This specifies the input filename to read from or standard input if this
 option is not specified.

 =item B<-out filename>

 specifies the output filename to write to or standard output by
 default.

 =item B<-text>

 print out the CRL in text form.

 =item B<-nameopt option>

 option which determines how the subject or issuer names are displayed. See
 the description of B<-nameopt> in L<x509(1)>.

 =item B<-noout>

 don't output the encoded version of the CRL.

 =item B<-hash>

 output a hash of the issuer name. This can be use to lookup CRLs in
 a directory by issuer name.

 =item B<-hash_old>

 outputs the "hash" of the CRL issuer name using the older algorithm
 as used by OpenSSL versions before 1.0.0.

 =item B<-issuer>

 output the issuer name.

 =item B<-lastupdate>

 output the lastUpdate field.

 =item B<-nextupdate>

 output the nextUpdate field.

 =item B<-CAfile file>

 verify the signature on a CRL by looking up the issuing certificate in
 B<file>

 =item B<-CApath dir>

 verify the signature on a CRL by looking up the issuing certificate in
 B<dir>. This directory must be a standard certificate directory: that
 is a hash of each subject name (using B<x509 -hash>) should be linked
 to each certificate.

 =back

 =head1 NOTES

 The PEM CRL format uses the header and footer lines:

  -----BEGIN X509 CRL-----
  -----END X509 CRL-----

 =head1 EXAMPLES

 Convert a CRL file from PEM to DER:

  openssl crl -in crl.pem -outform DER -out crl.der

 Output the text form of a DER encoded certificate:

  openssl crl -in crl.der -text -noout

 =head1 BUGS

 Ideally it should be possible to create a CRL using appropriate options
 and files too.

 =head1 SEE ALSO

 L<crl2pkcs7(1)>, L<ca(1)>, L<x509(1)>

 =head1 COPYRIGHT

 Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L<https://www.openssl.org/source/license.html>.

 =cut
	=pod

	=head1 NAME

	crl - CRL utility

	=head1 SYNOPSIS

	B<openssl> B<crl>
	[B<-help>]
	[B<-inform PEM\|DER>]
	[B<-outform PEM\|DER>]
	[B<-text>]
	[B<-in filename>]
	[B<-out filename>]
	[B<-nameopt option>]
	[B<-noout>]
	[B<-hash>]
	[B<-issuer>]
	[B<-lastupdate>]
	[B<-nextupdate>]
	[B<-CAfile file>]
	[B<-CApath dir>]

	=head1 DESCRIPTION

	The B<crl> command processes CRL files in DER or PEM format.

	=head1 OPTIONS

	=over 4

	=item B<-help>

	Print out a usage message.

	=item B<-inform DER\|PEM>

	This specifies the input format. B<DER> format is DER encoded CRL
	structure. B<PEM> (the default) is a base64 encoded version of
	the DER form with header and footer lines.

	=item B<-outform DER\|PEM>

	This specifies the output format, the options have the same meaning as the
	B<-inform> option.

	=item B<-in filename>

	This specifies the input filename to read from or standard input if this
	option is not specified.

	=item B<-out filename>

	specifies the output filename to write to or standard output by
	default.

	=item B<-text>

	print out the CRL in text form.

	=item B<-nameopt option>

	option which determines how the subject or issuer names are displayed. See
	the description of B<-nameopt> in L<x509(1)>.

	=item B<-noout>

	don't output the encoded version of the CRL.

	=item B<-hash>

	output a hash of the issuer name. This can be use to lookup CRLs in
	a directory by issuer name.

	=item B<-hash_old>

	outputs the "hash" of the CRL issuer name using the older algorithm
	as used by OpenSSL versions before 1.0.0.

	=item B<-issuer>

	output the issuer name.

	=item B<-lastupdate>

	output the lastUpdate field.

	=item B<-nextupdate>

	output the nextUpdate field.

	=item B<-CAfile file>

	verify the signature on a CRL by looking up the issuing certificate in
	B<file>

	=item B<-CApath dir>

	verify the signature on a CRL by looking up the issuing certificate in
	B<dir>. This directory must be a standard certificate directory: that
	is a hash of each subject name (using B<x509 -hash>) should be linked
	to each certificate.

	=back

	=head1 NOTES

	The PEM CRL format uses the header and footer lines:

	-----BEGIN X509 CRL-----
	-----END X509 CRL-----

	=head1 EXAMPLES

	Convert a CRL file from PEM to DER:

	openssl crl -in crl.pem -outform DER -out crl.der

	Output the text form of a DER encoded certificate:

	openssl crl -in crl.der -text -noout

	=head1 BUGS

	Ideally it should be possible to create a CRL using appropriate options
	and files too.

	=head1 SEE ALSO

	L<crl2pkcs7(1)>, L<ca(1)>, L<x509(1)>

	=head1 COPYRIGHT

	Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

	Licensed under the OpenSSL license (the "License"). You may not use
	this file except in compliance with the License. You can obtain a copy
	in the file LICENSE in the source distribution or at
	L<https://www.openssl.org/source/license.html>.

	=cut