diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/ocsp.1')
-rw-r--r-- | secure/usr.bin/openssl/man/ocsp.1 | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index 9af6e38..87735ff 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28) +.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30) .\" .\" Standard preamble: .\" ======================================================================== @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2015-01-15" "1.0.1l" "OpenSSL" +.TH OCSP 1 "2015-03-19" "1.0.1m" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -176,6 +176,7 @@ ocsp \- Online Certificate Status Protocol utility [\fB\-no_cert_verify\fR] [\fB\-no_chain\fR] [\fB\-no_cert_checks\fR] +[\fB\-no_explicit\fR] [\fB\-port num\fR] [\fB\-index file\fR] [\fB\-CA file\fR] @@ -299,6 +300,9 @@ testing purposes. .IX Item "-no_chain" do not use certificates in the response as additional untrusted \s-1CA\s0 certificates. +.IP "\fB\-no_explicit\fR" 4 +.IX Item "-no_explicit" +do not explicitly trust the root \s-1CA\s0 if it is set to be trusted for \s-1OCSP\s0 signing. .IP "\fB\-no_cert_checks\fR" 4 .IX Item "-no_cert_checks" don't perform any additional checks on the \s-1OCSP\s0 response signers certificate. @@ -392,8 +396,9 @@ Otherwise the \s-1OCSP\s0 responder certificate's \s-1CA\s0 is checked against t extended key usage is present in the \s-1OCSP\s0 responder certificate then the \&\s-1OCSP\s0 verify succeeds. .PP -Otherwise the root \s-1CA\s0 of the \s-1OCSP\s0 responders \s-1CA\s0 is checked to see if it -is trusted for \s-1OCSP\s0 signing. If it is the \s-1OCSP\s0 verify succeeds. +Otherwise, if \fB\-no_explicit\fR is \fBnot\fR set the root \s-1CA\s0 of the \s-1OCSP\s0 responders +\&\s-1CA\s0 is checked to see if it is trusted for \s-1OCSP\s0 signing. If it is the \s-1OCSP\s0 +verify succeeds. .PP If none of these checks is successful then the \s-1OCSP\s0 verify fails. .PP |