Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve

Use default algorithms for OCSP request and response signing. New command line option to support other digest use for OCSP certificate IDs.
author: Dr. Stephen Henson <steve@openssl.org> 2007-12-04 12:41:28 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2007-12-04 12:41:28 +0000
commit: cec2538ca9d053eb905069ea65e4925e9288558c (patch)
tree: 58faec8d97d2f3b2f66ffffa0840d20ed19d2863 /doc/apps/ocsp.pod
parent: 28f7e60d474242aebea6d964f32521e2e27eadeb (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index 4f266058e5..a6a7d80c6e 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -51,6 +51,7 @@ B<openssl> B<ocsp>
 [B<-ndays n>]
 [B<-resp_key_id>]
 [B<-nrequest n>]
+[B<-md5|-sha1|...>]
 
 =head1 DESCRIPTION
 
@@ -206,6 +207,11 @@ information is immediately available. In this case the age of the B<notBefore> f
 is checked to see it is not older than B<age> seconds old. By default this additional
 check is not performed.
 
+=item B<-md5|-sha1|-sha256|-ripemod160|...>
+
+this option sets digest algorithm to use for certificate identification
+in the OCSP request. By default SHA-1 is used. 
+
 =back
 
 =head1 OCSP SERVER OPTIONS
author	Dr. Stephen Henson <steve@openssl.org>	2007-12-04 12:41:28 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2007-12-04 12:41:28 +0000
commit	cec2538ca9d053eb905069ea65e4925e9288558c (patch)
tree	58faec8d97d2f3b2f66ffffa0840d20ed19d2863 /doc/apps/ocsp.pod
parent	28f7e60d474242aebea6d964f32521e2e27eadeb (diff)