Document "openssl s_server" -crl_check* options

Submitted by: Daniel Black <daniel.subs@internode.on.net>
author: Lutz Jänicke <jaenicke@openssl.org> 2008-05-19 07:52:17 +0000
committer: Lutz Jänicke <jaenicke@openssl.org> 2008-05-19 07:52:17 +0000
commit: 2a7ac69ee49945cf1518783da76ec97db01732de (patch)
tree: 79aea90527685108525a396a9b5c49da86049711 /doc/apps
parent: d13ea8e1844ee9e25b9a3c02831c8d749cb0abf0 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index 57c2adfb9f..fdcc170e28 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -12,6 +12,8 @@ B<openssl> B<s_server>
 [B<-context id>]
 [B<-verify depth>]
 [B<-Verify depth>]
+[B<-crl_check>]
+[B<-crl_check_all>]
 [B<-cert filename>]
 [B<-certform DER|PEM>]
 [B<-key keyfile>]
@@ -142,6 +144,12 @@ the client. With the B<-verify> option a certificate is requested but the
 client does not have to send one, with the B<-Verify> option the client
 must supply a certificate or an error occurs.
 
+=item B<-crl_check>, B<-crl_check_all>
+
+Check the peer certificate has not been revoked by its CA.
+The CRL(s) are appended to the certificate file. With the B<-crl_check_all>
+option all CRLs of all CAs in the chain are checked.
+
 =item B<-CApath directory>
 
 The directory to use for client certificate verification. This directory
author	Lutz Jänicke <jaenicke@openssl.org>	2008-05-19 07:52:17 +0000
committer	Lutz Jänicke <jaenicke@openssl.org>	2008-05-19 07:52:17 +0000
commit	2a7ac69ee49945cf1518783da76ec97db01732de (patch)
tree	79aea90527685108525a396a9b5c49da86049711 /doc/apps
parent	d13ea8e1844ee9e25b9a3c02831c8d749cb0abf0 (diff)