Improve CMP documentation regarding use of untrusted certs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)

2 files changed, 5 insertions, 5 deletions

diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index b746d26c33..a99391ac6d 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -889,7 +889,7 @@ Trusted certificates for client authentication.
 
 =item B<-srv_untrusted> I<filenames>
 
-Intermediate certs for constructing chains for CMP protection by client.
+Intermediate CA certs that may be useful when verifying client certificates.
 
 =item B<-rsp_cert> I<filename>
 
diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod
index 1bc9ef8cd0..b9b8ffb2e0 100644
--- a/doc/man3/OSSL_CMP_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_CTX_new.pod
@@ -403,13 +403,13 @@ parameter the entry is cleared.
 OSSL_CMP_CTX_get0_trustedStore() returns a pointer to the certificate store
 containing trusted root CA certificates, which may be empty if unset.
 
-OSSL_CMP_CTX_set1_untrusted_certs() takes over a list of certificates containing
-non-trusted intermediate certs used for path construction in authentication
-of the CMP server and potentially others (TLS server, newly enrolled cert).
+OSSL_CMP_CTX_set1_untrusted_certs() sets up a list of non-trusted certificates
+of intermediate CAs that may be useful for path construction when authenticating
+the CMP server and when verifying newly enrolled certificates.
 The reference counts of those certificates handled successfully are increased.
 
 OSSL_CMP_CTX_get0_untrusted_certs(OSSL_CMP_CTX *ctx) returns a pointer to the
-list of untrusted certs, which my be empty if unset.
+list of untrusted certs, which may be empty if unset.
 
 OSSL_CMP_CTX_set1_clCert() sets the client certificate in the given B<ctx>.
 The public key of this B<clCert> must correspond to