diff options
Diffstat (limited to 'apps/cmp.c')
| -rw-r--r-- | apps/cmp.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/apps/cmp.c b/apps/cmp.c index 72ebe34d26..ef780f7e22 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -347,16 +347,16 @@ const OPTIONS cmp_options[] = { OPT_SECTION("Server authentication"), {"trusted", OPT_TRUSTED, 's', - "Trusted certs used for CMP server authentication when verifying responses"}, + "Certificates to trust as chain roots when verifying signed CMP responses"}, {OPT_MORE_STR, 0, 0, "unless -srvcert is given"}, {"untrusted", OPT_UNTRUSTED, 's', "Intermediate certs for chain construction verifying CMP/TLS/enrolled certs"}, {"srvcert", OPT_SRVCERT, 's', - "Specific CMP server cert to use and trust directly when verifying responses"}, + "Server cert to pin and trust directly when verifying signed CMP responses"}, {"recipient", OPT_RECIPIENT, 's', - "Distinguished Name (DN) of the recipient to use unless -srvcert is given"}, + "Distinguished Name (DN) to use as msg recipient; see man page for defaults"}, {"expect_sender", OPT_EXPECT_SENDER, 's', - "DN of expected response sender. Defaults to DN of -srvcert, if provided"}, + "DN of expected sender of responses. Defaults to subject of -srvcert, if any"}, {"ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-', "Ignore CMP signer cert key usage, else 'digitalSignature' must be allowed"}, {"unprotected_errors", OPT_UNPROTECTED_ERRORS, '-', |