diff options
author | Rich Salz <rsalz@akamai.com> | 2019-10-12 17:45:56 -0400 |
---|---|---|
committer | Dr. Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> | 2020-01-23 23:18:33 +0100 |
commit | 21d08b9ee9c0f7fabcad27b5d0b0c8c16f7dd1e9 (patch) | |
tree | 41077d218df34536e5b057a8e8f5c984e4c9f66f /doc/man1/openssl-ts.pod.in | |
parent | cf0843c09101fa7a1718c4423543358b7fe1876a (diff) |
Update man3/verify documentation, error text
Move the x509_V_ERR_xxx definitions from openssl-verify to
X509_STORE_CTX_get_error.pod. Add some missing ones. Consistently
start with a lowercase letter, unless it's an acronym.
Fix some markup mistakes in X509_verify_cert.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10132)
Diffstat (limited to 'doc/man1/openssl-ts.pod.in')
-rw-r--r-- | doc/man1/openssl-ts.pod.in | 63 |
1 files changed, 10 insertions, 53 deletions
diff --git a/doc/man1/openssl-ts.pod.in b/doc/man1/openssl-ts.pod.in index 53781126fa..b9c3692c62 100644 --- a/doc/man1/openssl-ts.pod.in +++ b/doc/man1/openssl-ts.pod.in @@ -33,6 +33,7 @@ B<-reply> [B<-chain> I<certs_file.pem>] [B<-tspolicy> I<object_id>] [B<-in> I<response.tsr>] +[B<-untrusted> I<file>] [B<-token_in>] [B<-out> I<response.tsr>] [B<-token_out>] @@ -46,42 +47,8 @@ B<-verify> [B<-queryfile> I<request.tsq>] [B<-in> I<response.tsr>] [B<-token_in>] -[B<-CApath> I<trusted_cert_path>] -[B<-CAfile> I<trusted_certs.pem>] -[B<-CAstore> I<trusted_certs_uri>] -[B<-untrusted> I<cert_file.pem>] -[I<verify options>] - -I<verify options:> -[B<-attime> I<timestamp>] -[B<-check_ss_sig>] -[B<-crl_check>] -[B<-crl_check_all>] -[B<-explicit_policy>] -[B<-extended_crl>] -[B<-ignore_critical>] -[B<-inhibit_any>] -[B<-inhibit_map>] -[B<-issuer_checks>] -[B<-no_alt_chains>] -[B<-no_check_time>] -[B<-partial_chain>] -[B<-policy> I<arg>] -[B<-policy_check>] -[B<-policy_print>] -[B<-purpose> I<purpose>] -[B<-suiteB_128>] -[B<-suiteB_128_only>] -[B<-suiteB_192>] -[B<-trusted_first>] -[B<-use_deltas>] -[B<-auth_level> I<num>] -[B<-verify_depth> I<num>] -[B<-verify_email> I<email>] -[B<-verify_hostname> I<hostname>] -[B<-verify_ip> I<ip>] -[B<-verify_name> I<name>] -[B<-x509_strict>] +{- $OpenSSL::safe::opt_trust_synopsis -} +{- $OpenSSL::safe::opt_v_synopsis -} =for openssl ifdef engine @@ -344,12 +311,6 @@ This flag can be used together with the B<-in> option and indicates that the input is a DER encoded timestamp token (ContentInfo) instead of a timestamp response (TimeStampResp). (Optional) -=item B<-CAfile> I<file>, B<-CApath> I<dir>, B<-CAstore> I<uri> - -See L<openssl(1)/Trusted Certificate Options> for more information. - -At least one of B<-CApath>, B<-CAfile> or B<-CAstore> must be specified. - =item B<-untrusted> I<cert_file.pem> Set of additional untrusted certificates in PEM format which may be @@ -358,17 +319,13 @@ certificate. This file must contain the TSA signing certificate and all intermediate CA certificates unless the response includes them. (Optional) -=item I<verify options> - -The options B<-attime>, B<-check_ss_sig>, B<-crl_check>, -B<-crl_check_all>, B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, -B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, B<-no_alt_chains>, -B<-no_check_time>, B<-partial_chain>, B<-policy>, B<-policy_check>, -B<-policy_print>, B<-purpose>, B<-suiteB_128>, B<-suiteB_128_only>, -B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, B<-auth_level>, -B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>, -B<-verify_name>, and B<-x509_strict> can be used to control timestamp -verification. See L<openssl-verify(1)>. +{- $OpenSSL::safe::opt_trust_item -} + +At least one of B<-CApath>, B<-CAfile> or B<-CAstore> must be specified. + +{- $OpenSSL::safe::opt_v_item -} + +Any verification errors cause the command to exit. =back |