diff options
author | Matt Caswell <matt@openssl.org> | 2015-01-27 11:15:15 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2015-04-20 13:42:17 +0100 |
commit | be856c0391d65c8c179721ffa8f35374fddf5892 (patch) | |
tree | e01443736137c636ce161b2479b4b1f87a694436 /doc/crypto | |
parent | 017a06c7d1ed92a5dfbe2586ca96bef268c04895 (diff) |
Add documentation for the -no_alt_chains option for various apps, as well as
the X509_V_FLAG_NO_ALT_CHAINS flag.
Conflicts:
doc/apps/cms.pod
doc/apps/ocsp.pod
doc/apps/s_client.pod
doc/apps/s_server.pod
doc/apps/smime.pod
doc/apps/verify.pod
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'doc/crypto')
-rw-r--r-- | doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 347d48dfec..44792f91a1 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -197,6 +197,12 @@ verification. If this flag is set then additional status codes will be sent to the verification callback and it B<must> be prepared to handle such cases without assuming they are hard errors. +The B<X509_V_FLAG_NO_ALT_CHAINS> flag suppresses checking for alternative +chains. By default, when building a certificate chain, if the first certificate +chain found is not trusted, then OpenSSL will continue to check to see if an +alternative chain can be found that is trusted. With this flag set the behaviour +will match that of OpenSSL versions prior to 1.0.2b. + =head1 NOTES The above functions should be used to manipulate verification parameters @@ -233,6 +239,6 @@ L<X509_check_ip(3)|X509_check_ip(3)> =head1 HISTORY -TBA +The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.0.2b =cut |