diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-08-28 14:55:38 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-11 12:17:58 +0200 |
| commit | 7a7d6b514fb2c95570896e512e165a38c9ecac46 (patch) | |
| tree | edd6e0f71932c9633a0f6930741df473457094ff /doc | |
| parent | ef2d3588e8d4dea8910ab1f7dfec768403efb265 (diff) | |
apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man1/openssl-cmp.pod.in | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 2d484805b3..97a03798a8 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -499,11 +499,14 @@ Each source may contain multiple certificates. =item B<-untrusted> I<sources> -Non-trusted intermediate CA certificate(s) that may be useful for cert path -construction for the CMP client certificate (to include in the extraCerts field -of outgoing messages), for the TLS client certificate (if TLS is enabled), +Non-trusted intermediate CA certificate(s). +Any extra certificates given with the B<-cert> option are appended to it. +All these certificates may be useful for cert path construction +for the CMP client certificate (to include in the extraCerts field of outgoing +messages) and for the TLS client certificate (if TLS is enabled) +as well as for chain building when verifying the CMP server certificate (checking signature-based -CMP message protection), and when verifying newly enrolled certificates. +CMP message protection) and when verifying newly enrolled certificates. Multiple filenames may be given, separated by commas and/or whitespace. Each file may contain multiple certificates. @@ -713,8 +716,9 @@ The only value with effect is B<ENGINE>. =item B<-otherpass> I<arg> Pass phrase source for certificate given with the B<-trusted>, B<-untrusted>, -B<-own_trusted>, -B<-out_trusted>, B<-extracerts>, B<-tls_extra>, or B<-tls_trusted> options. +B<-own_trusted>, B<-srvcert>, B<-out_trusted>, B<-extracerts>, +B<-srv_trusted>, B<-srv_untrusted>, B<-rsp_extracerts>, B<-rsp_capubs>, +B<-tls_extra>, and B<-tls_trusted> options. If not given here, the password will be prompted for if needed. For more information about the format of B<arg> see the |