NAME

crl - CRL utility

SYNOPSIS

gmssl crl [-help] [-inform PEM|DER] [-outform PEM|DER] [-text] [-in filename] [-out filename] [-nameopt option] [-noout] [-hash] [-issuer] [-lastupdate] [-nextupdate] [-CAfile file] [-CApath dir]

DESCRIPTION

The crl command processes CRL files in DER or PEM format.

crl命令以DER或PEM格式处理CRL文件。

OPTIONS

-help

Print out a usage message.

输出使用信息。

-inform DER|PEM

This specifies the input format. DER format is DER encoded CRL structure. PEM (the default) is a base64 encoded version of the DER form with header and footer lines.

输入文件的格式。DER是DER编码的CRL对象。PEM(默认的格式)是base64编码的CRL对象。

-outform DER|PEM

This specifies the output format, the options have the same meaning as the -inform option.

指定文件的输出格式。跟-inform的意思一样。

-in filename

This specifies the input filename to read from or standard input if this option is not specified.

指定的输入文件名,一般为标注输入

-out filename

specifies the output filename to write to or standard output by default.

指定的输出文件名,一般为标准输出

-text

print out the CRL in text form.

以文本的格式来打印出CRL

-nameopt option

option which determines how the subject or issuer names are displayed. See the description of -nameopt in x509(1).

决定了名称的显示方式。

-noout

don't output the encoded version of the CRL.

不输出CRL文件内容

-hash

output a hash of the issuer name. This can be use to lookup CRLs in a directory by issuer name.

输出颁发者信息的哈希值。这一项可用于在文件中根据颁发者的哈希值来查询CRL。

-hash_old

outputs the "hash" of the CRL issuer name using the older algorithm as used by GmSSL versions before 1.0.0.

输出CRL颁发者信息的哈希值用GmSSL1.0.0版本以前更加古老的算法。

-issuer

output the issuer name.

输出发行者的信息。

-lastupdate

output the lastUpdate field.

输出上一次更新的时间。

-nextupdate

output the nextUpdate field.

输出下一次更新的时间。

-CAfile file

verify the signature on a CRL by looking up the issuing certificate in file

指定文件来验证该CRL对象是否合法。

-CApath dir

verify the signature on a CRL by looking up the issuing certificate in dir. This directory must be a standard certificate directory: that is a hash of each subject name (using x509 -hash) should be linked to each certificate.

通过查找dir中的颁发证书来验证CRL上的签名。 此目录必须是标准证书目录:这是每个主题名称的哈希(使用x509 -hash)应链接到每个证书。

NOTES

The PEM CRL format uses the header and footer lines:

-----BEGIN X509 CRL-----
-----END X509 CRL-----

EXAMPLES

Convert a CRL file from PEM to DER:

gmssl crl -in crl.pem -outform DER -out crl.der

Output the text form of a DER encoded certificate:

gmssl crl -in crl.der -text -noout

BUGS

Ideally it should be possible to create a CRL using appropriate options and files too.

SEE ALSO

crl2pkcs7(1), ca(1), x509(1)

COPYRIGHT

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the GmSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.