Add documentation for the -no_alt_chains option for various apps, as well as

the X509_V_FLAG_NO_ALT_CHAINS flag. Conflicts: doc/apps/cms.pod doc/apps/ocsp.pod doc/apps/s_client.pod doc/apps/s_server.pod doc/apps/smime.pod doc/apps/verify.pod Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-01-27 11:15:15 +0000
committer: Matt Caswell <matt@openssl.org> 2015-04-20 13:42:17 +0100
commit: be856c0391d65c8c179721ffa8f35374fddf5892 (patch)
tree: e01443736137c636ce161b2479b4b1f87a694436 /doc/crypto
parent: 017a06c7d1ed92a5dfbe2586ca96bef268c04895 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
index 347d48dfec..44792f91a1 100644
--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -197,6 +197,12 @@ verification. If this flag is set then additional status codes will be sent
 to the verification callback and it B<must> be prepared to handle such cases
 without assuming they are hard errors.
 
+The B<X509_V_FLAG_NO_ALT_CHAINS> flag suppresses checking for alternative
+chains. By default, when building a certificate chain, if the first certificate
+chain found is not trusted, then OpenSSL will continue to check to see if an
+alternative chain can be found that is trusted. With this flag set the behaviour
+will match that of OpenSSL versions prior to 1.0.2b.
+
 =head1 NOTES
 
 The above functions should be used to manipulate verification parameters
@@ -233,6 +239,6 @@ L<X509_check_ip(3)|X509_check_ip(3)>
 
 =head1 HISTORY
 
-TBA
+The B<X509_V_FLAG_NO_ALT_CHAINS> flag was added in OpenSSL 1.0.2b
 
 =cut
author	Matt Caswell <matt@openssl.org>	2015-01-27 11:15:15 +0000
committer	Matt Caswell <matt@openssl.org>	2015-04-20 13:42:17 +0100
commit	be856c0391d65c8c179721ffa8f35374fddf5892 (patch)
tree	e01443736137c636ce161b2479b4b1f87a694436 /doc/crypto
parent	017a06c7d1ed92a5dfbe2586ca96bef268c04895 (diff)