diff options
author | Matt Caswell <matt@openssl.org> | 2015-01-27 10:50:38 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-02-25 09:15:02 +0000 |
commit | 25690b7f5f3d78a52c1377b823b40c6a0e12022b (patch) | |
tree | 7ec3978b77d913ea6b4af6a3da6efb4acaf1e0cc /apps/s_server.c | |
parent | 15dba5be6a4482a9ad7e5b846291f31e97e338ca (diff) |
Add -no_alt_chains option to apps to implement the new
X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
certificate chains, the first chain found will be the one used. Without this
flag, if the first chain found is not trusted then we will keep looking to
see if we can build an alternative chain instead.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 573bc873bf..4311d6d6fb 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -509,6 +509,8 @@ static void sv_usage(void) BIO_printf(bio_err, " -trusted_first - Use locally trusted CA's first when building trust chain\n"); BIO_printf(bio_err, + " -no_alt_chains - only ever use the first certificate chain found\n"); + BIO_printf(bio_err, " -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n"); |