diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2023-05-30 21:09:57 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-06-01 10:03:06 +0200 |
| commit | 168d93a21d512028572777ea5bc96994f2df6c36 (patch) | |
| tree | b9dcfcaf096cb8dfba5bf95d97d256b934b68080 | |
| parent | 5def4bbb4be5477146a0fbb4f14ee02df026419c (diff) | |
openssl-cmp.pod.in: tweak doc of -subject, -issuer, -keep_alive, and -untrusted
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
| -rw-r--r-- | doc/man1/openssl-cmp.pod.in | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 2c8a8b2540..252d2a82eb 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -271,8 +271,8 @@ L<openssl-passphrase-options(1)>. =item B<-subject> I<name> -X509 Distinguished Name (DN) of subject to use in the requested certificate -template. +X.509 Distinguished Name (DN) to use as subject field +in the requested certificate template in IR/CR/KUR messages. If the NULL-DN (C</>) is given then no subject is placed in the template. Default is the subject DN of any PKCS#10 CSR given with the B<-csr> option. For KUR, a further fallback is the subject DN @@ -294,8 +294,8 @@ C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe> =item B<-issuer> I<name> -X509 issuer Distinguished Name (DN) of the CA server -to place in the requested certificate template in IR/CR/KUR. +X.509 Distinguished Name (DN) use as issuer field +in the requested certificate template in IR/CR/KUR messages. If the NULL-DN (C</>) is given then no issuer is placed in the template. If provided and neither B<-recipient> nor B<-srvcert> is given, @@ -513,11 +513,13 @@ Defaults to any path given with B<-server>, else C<"/">. =item B<-keep_alive> I<value> -If the given value is 0 then HTTP connections are not kept open -after receiving a response, which is the default behavior for HTTP 1.0. -If the value is 1 or 2 then persistent connections are requested. -If the value is 2 then persistent connections are required, -i.e., in case the server does not grant them an error occurs. +If the given value is 0 then HTTP connections are closed after each response +(which would be the default behavior of HTTP 1.0) +even if a CMP transaction needs more than one round trip. +If the value is 1 or 2 +then for each transaction a persistent connection is requested. +If the value is 2 then a persistent connection is required, +i.e., an error occurs if the server does not grant it. The default value is 1, which means preferring to keep the connection open. =item B<-msg_timeout> I<seconds> @@ -571,7 +573,8 @@ as well as for chain building when validating server certificates (checking signature-based CMP message protection) and when validating newly enrolled certificates. -Multiple filenames or URLs may be given, separated by commas and/or whitespace. +Multiple sources may be given, separated by commas and/or whitespace +(where in the latter case the whole argument must be enclosed in "..."). Each source may contain multiple certificates. =item B<-srvcert> I<filename>|I<uri> |