summaryrefslogtreecommitdiffstats
path: root/secure/usr.bin/openssl/man/ocsp.1
diff options
context:
space:
mode:
Diffstat (limited to 'secure/usr.bin/openssl/man/ocsp.1')
-rw-r--r--secure/usr.bin/openssl/man/ocsp.113
1 files changed, 9 insertions, 4 deletions
diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1
index 9af6e38..87735ff 100644
--- a/secure/usr.bin/openssl/man/ocsp.1
+++ b/secure/usr.bin/openssl/man/ocsp.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.30)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "OCSP 1"
-.TH OCSP 1 "2015-01-15" "1.0.1l" "OpenSSL"
+.TH OCSP 1 "2015-03-19" "1.0.1m" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -176,6 +176,7 @@ ocsp \- Online Certificate Status Protocol utility
[\fB\-no_cert_verify\fR]
[\fB\-no_chain\fR]
[\fB\-no_cert_checks\fR]
+[\fB\-no_explicit\fR]
[\fB\-port num\fR]
[\fB\-index file\fR]
[\fB\-CA file\fR]
@@ -299,6 +300,9 @@ testing purposes.
.IX Item "-no_chain"
do not use certificates in the response as additional untrusted \s-1CA\s0
certificates.
+.IP "\fB\-no_explicit\fR" 4
+.IX Item "-no_explicit"
+do not explicitly trust the root \s-1CA\s0 if it is set to be trusted for \s-1OCSP\s0 signing.
.IP "\fB\-no_cert_checks\fR" 4
.IX Item "-no_cert_checks"
don't perform any additional checks on the \s-1OCSP\s0 response signers certificate.
@@ -392,8 +396,9 @@ Otherwise the \s-1OCSP\s0 responder certificate's \s-1CA\s0 is checked against t
extended key usage is present in the \s-1OCSP\s0 responder certificate then the
\&\s-1OCSP\s0 verify succeeds.
.PP
-Otherwise the root \s-1CA\s0 of the \s-1OCSP\s0 responders \s-1CA\s0 is checked to see if it
-is trusted for \s-1OCSP\s0 signing. If it is the \s-1OCSP\s0 verify succeeds.
+Otherwise, if \fB\-no_explicit\fR is \fBnot\fR set the root \s-1CA\s0 of the \s-1OCSP\s0 responders
+\&\s-1CA\s0 is checked to see if it is trusted for \s-1OCSP\s0 signing. If it is the \s-1OCSP\s0
+verify succeeds.
.PP
If none of these checks is successful then the \s-1OCSP\s0 verify fails.
.PP
OpenPOWER on IntegriCloud