diff options
author | marha <marha@users.sourceforge.net> | 2010-03-30 12:36:28 +0000 |
---|---|---|
committer | marha <marha@users.sourceforge.net> | 2010-03-30 12:36:28 +0000 |
commit | ff48c0d9098080b51ea12710029135916d117806 (patch) | |
tree | 96e6af9caf170ba21a1027b24e306a07e27d7b75 /openssl/doc/apps/x509.pod | |
parent | bb731f5ac92655c4860a41fa818a7a63005f8369 (diff) | |
download | vcxsrv-ff48c0d9098080b51ea12710029135916d117806.tar.gz vcxsrv-ff48c0d9098080b51ea12710029135916d117806.tar.bz2 vcxsrv-ff48c0d9098080b51ea12710029135916d117806.zip |
svn merge -r514:HEAD ^/branches/released .
Diffstat (limited to 'openssl/doc/apps/x509.pod')
-rw-r--r-- | openssl/doc/apps/x509.pod | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/openssl/doc/apps/x509.pod b/openssl/doc/apps/x509.pod index f43c17523..3002b0812 100644 --- a/openssl/doc/apps/x509.pod +++ b/openssl/doc/apps/x509.pod @@ -23,6 +23,7 @@ B<openssl> B<x509> [B<-issuer>] [B<-nameopt option>] [B<-email>] +[B<-ocsp_uri>] [B<-startdate>] [B<-enddate>] [B<-purpose>] @@ -103,7 +104,7 @@ then this option has no effect: SHA1 is always used with DSA keys. =item B<-engine id> -specifying an engine (by it's unique B<id> string) will cause B<req> +specifying an engine (by its unique B<id> string) will cause B<x509> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. @@ -157,6 +158,16 @@ outputs the "hash" of the certificate issuer name. synonym for "-subject_hash" for backward compatibility reasons. +=item B<-subject_hash_old> + +outputs the "hash" of the certificate subject name using the older algorithm +as used by OpenSSL versions before 1.0.0. + +=item B<-issuer_hash_old> + +outputs the "hash" of the certificate issuer name using the older algorithm +as used by OpenSSL versions before 1.0.0. + =item B<-subject> outputs the subject name. @@ -176,6 +187,10 @@ set multiple options. See the B<NAME OPTIONS> section for more information. outputs the email address(es) if any. +=item B<-ocsp_uri> + +outputs the OCSP responder address(es) if any. + =item B<-startdate> prints out the start date of the certificate, that is the notBefore date. @@ -376,7 +391,9 @@ no extensions are added to the certificate. the section to add certificate extensions from. If this option is not specified then the extensions should either be contained in the unnamed (default) section or the default section should contain a variable called -"extensions" which contains the section to use. +"extensions" which contains the section to use. See the +L<x509v3_config(5)|x509v3_config(5)> manual page for details of the +extension section format. =back @@ -823,10 +840,17 @@ OpenSSL 0.9.5 and later. =head1 SEE ALSO L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>, -L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)> +L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>, +L<x509v3_config(5)|x509v3_config(5)> =head1 HISTORY Before OpenSSL 0.9.8, the default digest for RSA keys was MD5. +The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options +before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding +of the distinguished name. In OpenSSL 1.0.0 and later it is based on a +canonical version of the DN using SHA1. This means that any directories using +the old form must have their links rebuilt using B<c_rehash> or similar. + =cut |