=pod

=encoding utf8 

=head1 NAME

crl - CRL utility

=head1 SYNOPSIS

B<gmssl> B<crl>
[B<-help>]
[B<-inform PEM|DER>]
[B<-outform PEM|DER>]
[B<-text>]
[B<-in filename>]
[B<-out filename>]
[B<-nameopt option>]
[B<-noout>]
[B<-hash>]
[B<-issuer>]
[B<-lastupdate>]
[B<-nextupdate>]
[B<-CAfile file>]
[B<-CApath dir>]

=head1 DESCRIPTION

The B<crl> command processes CRL files in DER or PEM format.

crl命令以DER或PEM格式处理CRL文件。

=head1 OPTIONS

=over 4

=item B<-help>

Print out a usage message.

输出使用信息。

=item B<-inform DER|PEM>

This specifies the input format. B<DER> format is DER encoded CRL
structure. B<PEM> (the default) is a base64 encoded version of
the DER form with header and footer lines.

输入文件的格式。DER是DER编码的CRL对象。PEM（默认的格式）是base64编码的CRL对象。

=item B<-outform DER|PEM>

This specifies the output format, the options have the same meaning as the
B<-inform> option.

指定文件的输出格式。跟-inform的意思一样。

=item B<-in filename>

This specifies the input filename to read from or standard input if this
option is not specified.

指定的输入文件名，一般为标注输入

=item B<-out filename>

specifies the output filename to write to or standard output by
default.

指定的输出文件名，一般为标准输出

=item B<-text>

print out the CRL in text form.

以文本的格式来打印出CRL

=item B<-nameopt option>

option which determines how the subject or issuer names are displayed. See
the description of B<-nameopt> in L<x509(1)>.

决定了名称的显示方式。

=item B<-noout>

don't output the encoded version of the CRL.

不输出CRL文件内容

=item B<-hash>

output a hash of the issuer name. This can be use to lookup CRLs in
a directory by issuer name.

输出颁发者信息的哈希值。这一项可用于在文件中根据颁发者的哈希值来查询CRL。

=item B<-hash_old>

outputs the "hash" of the CRL issuer name using the older algorithm
as used by GmSSL versions before 1.0.0.

输出CRL颁发者信息的哈希值用GmSSL1.0.0版本以前更加古老的算法。

=item B<-issuer>

output the issuer name.

输出发行者的信息。

=item B<-lastupdate>

output the lastUpdate field.

输出上一次更新的时间。

=item B<-nextupdate>

output the nextUpdate field.

输出下一次更新的时间。

=item B<-CAfile file>

verify the signature on a CRL by looking up the issuing certificate in
B<file>

指定文件来验证该CRL对象是否合法。

=item B<-CApath dir>

verify the signature on a CRL by looking up the issuing certificate in
B<dir>. This directory must be a standard certificate directory: that
is a hash of each subject name (using B<x509 -hash>) should be linked
to each certificate.

通过查找dir中的颁发证书来验证CRL上的签名。 此目录必须是标准证书目录：这是每个主题名称的哈希（使用x509 -hash）应链接到每个证书。

=back

=head1 NOTES

The PEM CRL format uses the header and footer lines:

 -----BEGIN X509 CRL-----
 -----END X509 CRL-----

=head1 EXAMPLES

Convert a CRL file from PEM to DER:

 gmssl crl -in crl.pem -outform DER -out crl.der

Output the text form of a DER encoded certificate:

 gmssl crl -in crl.der -text -noout

=head1 BUGS

Ideally it should be possible to create a CRL using appropriate options
and files too.

=head1 SEE ALSO

L<crl2pkcs7(1)>, L<ca(1)>, L<x509(1)>

=head1 COPYRIGHT

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the GmSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut