diff options
author | Matt Caswell <matt@openssl.org> | 2015-01-27 10:50:38 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-02-25 09:15:02 +0000 |
commit | 25690b7f5f3d78a52c1377b823b40c6a0e12022b (patch) | |
tree | 7ec3978b77d913ea6b4af6a3da6efb4acaf1e0cc /apps/ocsp.c | |
parent | 15dba5be6a4482a9ad7e5b846291f31e97e338ca (diff) |
Add -no_alt_chains option to apps to implement the new
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'apps/ocsp.c')
-rw-r--r-- | apps/ocsp.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/apps/ocsp.c b/apps/ocsp.c index 4b9d6f6b33..b0b3069676 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -538,6 +538,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-trusted_first use locally trusted CA's first when building trust chain\n"); BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); + BIO_printf(bio_err, "-VAfile file validator certificates file\n"); BIO_printf(bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); |