diff options
author | Hubert Kario <hkario@redhat.com> | 2014-06-18 19:55:03 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2014-06-19 23:09:21 +0100 |
commit | 6d3d5793673b225b2347ef45b74d0d9994f3132c (patch) | |
tree | f3d093e41ba970c6d7dcc634f463ed02277f8767 /doc | |
parent | 2d7153e8f9bb27d0a0f8199116ec454b396b87a8 (diff) |
Document -trusted_first option in man pages and help.
Add -trusted_first description to help messages and man pages
of tools that deal with certificate verification.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/apps/cms.pod | 5 | ||||
-rw-r--r-- | doc/apps/ocsp.pod | 6 | ||||
-rw-r--r-- | doc/apps/s_client.pod | 5 | ||||
-rw-r--r-- | doc/apps/s_server.pod | 6 | ||||
-rw-r--r-- | doc/apps/smime.pod | 3 | ||||
-rw-r--r-- | doc/apps/verify.pod | 7 |
6 files changed, 27 insertions, 5 deletions
diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index a1c896c1e3..66be0bf2a5 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -35,6 +35,7 @@ B<openssl> B<cms> [B<-print>] [B<-CAfile file>] [B<-CApath dir>] +[B<-trusted_first>] [B<-md digest>] [B<-[cipher]>] [B<-nointern>] @@ -429,9 +430,9 @@ portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first> -Set various certificate chain valiadition option. See the +Set various certificate chain valiadition options. See the L<B<verify>|verify(1)> manual page for details. =back diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index af2e12e418..6939e55a2a 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -29,6 +29,7 @@ B<openssl> B<ocsp> [B<-path>] [B<-CApath dir>] [B<-CAfile file>] +[B<-trusted_first>] [B<-VAfile file>] [B<-validity_period n>] [B<-status_age n>] @@ -138,6 +139,11 @@ or "/" by default. file or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response. +=item B<-trusted_first> + +Set certificate verification option. +See L<B<verify>|verify(1)> manual page for details. + =item B<-verify_other file> file containing additional certificates to search when attempting to locate diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 8964032cde..55c501e29d 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -18,6 +18,7 @@ B<openssl> B<s_client> [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-trusted_first>] [B<-reconnect>] [B<-pause>] [B<-showcerts>] @@ -116,9 +117,9 @@ also used when building the client certificate chain. A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first> -Set various certificate chain valiadition option. See the +Set various certificate chain valiadition options. See the L<B<verify>|verify(1)> manual page for details. =item B<-reconnect> diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index ad8dcdacef..1de307a0ff 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -34,6 +34,7 @@ B<openssl> B<s_server> [B<-state>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-trusted_first>] [B<-nocert>] [B<-cipher cipherlist>] [B<-quiet>] @@ -183,6 +184,11 @@ and to use when attempting to build the server certificate chain. The list is also used in the list of acceptable client CAs passed to the client when a certificate is requested. +=item B<-trusted_first> + +Set certificate verification option. +See the L<B<verify>|verify(1)> manual page for details. + =item B<-state> prints out the SSL session states. diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index d39a59a90d..cc6f3aeaa4 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -15,6 +15,7 @@ B<openssl> B<smime> [B<-pk7out>] [B<-[cipher]>] [B<-in file>] +[B<-trusted_first>] [B<-certfile file>] [B<-signer file>] [B<-recip file>] @@ -259,7 +260,7 @@ portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first> Set various options of certificate chain verification. See L<B<verify>|verify(1)> manual page for details. diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index f35d402950..764e617c34 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -9,6 +9,7 @@ verify - Utility to verify certificates. B<openssl> B<verify> [B<-CApath directory>] [B<-CAfile file>] +[B<-trusted_first>] [B<-purpose purpose>] [B<-policy arg>] [B<-ignore_critical>] @@ -57,6 +58,12 @@ in PEM format concatenated together. A file of untrusted certificates. The file should contain multiple certificates in PEM format concatenated together. +=item B<-trusted_first> + +Use certificates in CA file or CA directory before certificates in untrusted +file when building the trust chain to verify certificates. +This is mainly useful in environments with Bridge CA or Cross-Certified CAs. + =item B<-purpose purpose> The intended use for the certificate. If this option is not specified, |