Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/843)
[B<-newhdr>]
[B<-extensions section>]
[B<-reqexts section>]
+[B<-precert>]
[B<-utf8>]
[B<-nameopt>]
[B<-reqopt>]
be used in the same configuration file to specify requests for
a variety of purposes.
+=item B<-precert>
+
+a poison extension will be added to the certificate, making it a
+"pre-certificate" (see RFC6962). This can be submitted to Certificate
+Transparency logs in order to obtain signed certificate timestamps (SCTs).
+These SCTs can then be embedded into the pre-certificate as an extension, before
+removing the poison and signing the certificate.
+
=item B<-utf8>
this option causes field values to be interpreted as UTF8 strings, by