RT3940: For now, just document the issue.

Reviewed-by: Richard Levitte <levitte@openssl.org> (cherry picked from commit 2a9afa4046592d44af84644cd89fe1a0d6d46889)
author: Rich Salz <rsalz@openssl.org> 2016-08-13 10:47:50 -0400
committer: Rich Salz <rsalz@openssl.org> 2016-08-19 11:45:57 -0400
commit: 19fca4cafc4eafa3fe3562074aab4352bd421eff (patch)
tree: 56fc055b165887647894617e86d2a7d5b532785d
parent: 5802758eb480c5f14a768f6a061df1dd20aec8c4 (diff)
2 files changed, 6 insertions, 0 deletions
diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 9a24082ba2..25b19d5cc5 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -85,6 +85,9 @@ encrypt mail for the given recipient certificates. Input file is the message
 to be encrypted. The output file is the encrypted mail in MIME format. The
 actual CMS type is <B>EnvelopedData<B>.
 
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
 =item B<-decrypt>
 
 decrypt mail using the supplied certificate and private key. Expects an
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index 94a8823852..acc38be674 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -53,6 +53,9 @@ The meaning of the other options varies according to the operation type.
 encrypt mail for the given recipient certificates. Input file is the message
 to be encrypted. The output file is the encrypted mail in MIME format.
 
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
 =item B<-decrypt>
 
 decrypt mail using the supplied certificate and private key. Expects an
author	Rich Salz <rsalz@openssl.org>	2016-08-13 10:47:50 -0400
committer	Rich Salz <rsalz@openssl.org>	2016-08-19 11:45:57 -0400
commit	19fca4cafc4eafa3fe3562074aab4352bd421eff (patch)
tree	56fc055b165887647894617e86d2a7d5b532785d
parent	5802758eb480c5f14a768f6a061df1dd20aec8c4 (diff)