ca <ca-file>
Use the CA public certificate found in <ca-file> in PEM format
- ca-path <directory>
+ capath <directory>
Use the directory <directory> as the CA public certificate directory
cert <cert-file>
Use the client public certificate found in <cert-file> in PEM format
key <key-file>
Use the client private key found in <key-file> in PEM format
or in engine:engine_id format
+ pkcs12 <pkcs12-file>
+ Use a pkcs12 envelope as a substitute for cert and key. A password may be
+ required to use this file.
crl <crl-file>
Use the Certificate Revocation List (CRL) file <crl-file> in PEM format.
crl-dir <dir>
max-tls-version <1.0|1.1|1.2 (default)|1.3>
Specify the maximum TLS protocol version to negotiate with peers. Defaults
to TLSv1.2 as the TLSv1.3 code is experimental.
+ tls-verify-key-usage
+ Validate certificate purpose and extended key usage
+ tls-verify-method <none|subject|name|suffix>
+ Compare the remotename against the subject, certificate name, or
+ match by suffix. Default is 'name'.
Note:
password-encrypted certificates can be used as of v0.94 of this