diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-08-01 20:34:19 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2022-08-24 11:29:40 +0200 |
commit | 7af110f9f5fb9b039cc09b63768a0b989a7bf5ad (patch) | |
tree | 3d5ee51498f2e93b4cc7b040a3540930e969abdb /doc/man1/openssl-cmp.pod.in | |
parent | aeadd2981b214d5e2a8f578179c17b0dccc77042 (diff) |
CMP: correct handling of fallback subject in OSSL_CMP_CTX_setup_CRM() and its doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18929)
Diffstat (limited to 'doc/man1/openssl-cmp.pod.in')
-rw-r--r-- | doc/man1/openssl-cmp.pod.in | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 1fa2e99842..a27af9f645 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -268,11 +268,11 @@ L<openssl-passphrase-options(1)>. X509 Distinguished Name (DN) of subject to use in the requested certificate template. -For KUR, it defaults to the public key -in the PKCS#10 CSR given with the B<-csr> option, if provided, -or of the reference certificate (see B<-oldcert>) if provided. -This default is used for IR and CR only if no SANs are set. If the NULL-DN (C<"/">) is given then no subject is placed in the template. +Default is the subject DN of any PKCS#10 CSR given with the B<-csr> option. +For KUR, a further fallback is the subject DN +of the reference certificate (see B<-oldcert>) if provided. +This fallback is used for IR and CR only if no SANs are set. If provided and neither of B<-cert>, B<-oldcert>, or B<-csr> is given, the subject DN is used as fallback sender of outgoing CMP messages. @@ -357,8 +357,9 @@ is provided via the B<-newkey> or B<-key> options. PKCS#10 CSR in PEM or DER format containing a certificate request. With B<-cmd> I<p10cr> it is used directly in a legacy P10CR message. -When used with B<-cmd> I<ir>, I<cr>, or I<kur>, it is transformed into the -respective regular CMP request. +When used with B<-cmd> I<ir>, I<cr>, or I<kur>, +it is transformed into the respective regular CMP request, +while its public key is ignored if I<-newkey> is given. It may also be used with B<-cmd> I<rr> to specify the certificate to be revoked via the included subject name and public key. Its subject is used as fallback sender in CMP message headers |