diff options
Diffstat (limited to 'crypto/openssl/doc/apps')
-rw-r--r-- | crypto/openssl/doc/apps/ca.pod | 8 | ||||
-rw-r--r-- | crypto/openssl/doc/apps/ocsp.pod | 37 | ||||
-rw-r--r-- | crypto/openssl/doc/apps/s_client.pod | 7 | ||||
-rw-r--r-- | crypto/openssl/doc/apps/s_server.pod | 8 |
4 files changed, 46 insertions, 14 deletions
diff --git a/crypto/openssl/doc/apps/ca.pod b/crypto/openssl/doc/apps/ca.pod index de66c53..74f45ca 100644 --- a/crypto/openssl/doc/apps/ca.pod +++ b/crypto/openssl/doc/apps/ca.pod @@ -359,7 +359,7 @@ the same as the B<-md> option. The message digest to use. Mandatory. the text database file to use. Mandatory. This file must be present though initially it will be empty. -=item B<serialfile> +=item B<serial> a text file containing the next serial number to use in hex. Mandatory. This file must be present and contain a valid serial number. @@ -400,7 +400,7 @@ here, except the B<no_signame> and B<no_sigdump> are permanently set and cannot be disabled (this is because the certificate signature cannot be displayed because the certificate has not been signed at this point). -For convenience the values B<default_ca> are accepted by both to produce +For convenience the values B<ca_default> are accepted by both to produce a reasonable output. If neither option is present the format used in earlier versions of @@ -513,8 +513,8 @@ A sample configuration file with the relevant sections for B<ca>: policy = policy_any # default policy email_in_dn = no # Don't add the email into cert DN - nameopt = default_ca # Subject name display option - certopt = default_ca # Certificate display option + nameopt = ca_default # Subject name display option + certopt = ca_default # Certificate display option copy_extensions = none # Don't copy extensions from request [ policy_any ] diff --git a/crypto/openssl/doc/apps/ocsp.pod b/crypto/openssl/doc/apps/ocsp.pod index da201b9..4f26605 100644 --- a/crypto/openssl/doc/apps/ocsp.pod +++ b/crypto/openssl/doc/apps/ocsp.pod @@ -11,6 +11,10 @@ B<openssl> B<ocsp> [B<-issuer file>] [B<-cert file>] [B<-serial n>] +[B<-signer file>] +[B<-signkey file>] +[B<-sign_other file>] +[B<-no_certs>] [B<-req_text>] [B<-resp_text>] [B<-text>] @@ -20,27 +24,36 @@ B<openssl> B<ocsp> [B<-respin file>] [B<-nonce>] [B<-no_nonce>] -[B<-url responder_url>] +[B<-url URL>] [B<-host host:n>] [B<-path>] -[B<-CApath file>] +[B<-CApath dir>] [B<-CAfile file>] [B<-VAfile file>] -[B<-verify_certs file>] +[B<-validity_period n>] +[B<-status_age n>] [B<-noverify>] +[B<-verify_other file>] [B<-trust_other>] [B<-no_intern>] -[B<-no_sig_verify>] +[B<-no_signature_verify>] [B<-no_cert_verify>] [B<-no_chain>] [B<-no_cert_checks>] -[B<-validity_period nsec>] -[B<-status_age nsec>] +[B<-port num>] +[B<-index file>] +[B<-CA file>] +[B<-rsigner file>] +[B<-rkey file>] +[B<-rother file>] +[B<-resp_no_certs>] +[B<-nmin n>] +[B<-ndays n>] +[B<-resp_key_id>] +[B<-nrequest n>] =head1 DESCRIPTION -B<WARNING: this documentation is preliminary and subject to change.> - The Online Certificate Status Protocol (OCSP) enables applications to determine the (revocation) state of an identified certificate (RFC 2560). @@ -83,6 +96,10 @@ the B<signkey> option is not present then the private key is read from the same file as the certificate. If neither option is specified then the OCSP request is not signed. +=item B<-sign_other filename> + +Additional certificates to include in the signed request. + =item B<-nonce>, B<-no_nonce> Add an OCSP nonce extension to a request or disable OCSP nonce addition. @@ -120,7 +137,7 @@ or "/" by default. file or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response. -=item B<-verify_certs file> +=item B<-verify_other file> file containing additional certificates to search when attempting to locate the OCSP response signing certificate. Some responders omit the actual signer's @@ -151,7 +168,7 @@ ignore certificates contained in the OCSP response when searching for the signers certificate. With this option the signers certificate must be specified with either the B<-verify_certs> or B<-VAfile> options. -=item B<-no_sig_verify> +=item B<-no_signature_verify> don't check the signature on the OCSP response. Since this option tolerates invalid signatures on OCSP responses it will normally only be used for testing purposes. diff --git a/crypto/openssl/doc/apps/s_client.pod b/crypto/openssl/doc/apps/s_client.pod index 7fca9cb..d061326 100644 --- a/crypto/openssl/doc/apps/s_client.pod +++ b/crypto/openssl/doc/apps/s_client.pod @@ -33,6 +33,7 @@ B<openssl> B<s_client> [B<-no_tls1>] [B<-bugs>] [B<-cipher cipherlist>] +[B<-starttls protocol>] [B<-engine id>] [B<-rand file(s)>] @@ -163,6 +164,12 @@ the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See the B<ciphers> command for more information. +=item B<-starttls protocol> + +send the protocol-specific message(s) to switch to TLS for communication. +B<protocol> is a keyword for the intended protocol. Currently, the only +supported keywords are "smtp" and "pop3". + =item B<-engine id> specifying an engine (by it's unique B<id> string) will cause B<s_client> diff --git a/crypto/openssl/doc/apps/s_server.pod b/crypto/openssl/doc/apps/s_server.pod index 4b1e426..1d21921 100644 --- a/crypto/openssl/doc/apps/s_server.pod +++ b/crypto/openssl/doc/apps/s_server.pod @@ -42,6 +42,7 @@ B<openssl> B<s_server> [B<-WWW>] [B<-HTTP>] [B<-engine id>] +[B<-id_prefix arg>] [B<-rand file(s)>] =head1 DESCRIPTION @@ -209,6 +210,13 @@ to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. +=item B<-id_prefix arg> + +generate SSL/TLS session IDs prefixed by B<arg>. This is mostly useful +for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple +servers, when each of which might be generating a unique range of session +IDs (eg. with a certain prefix). + =item B<-rand file(s)> a file or files containing random data used to seed the random number |