diff options
Diffstat (limited to 'doc/man3/OSSL_CMP_CTX_new.pod')
-rw-r--r-- | doc/man3/OSSL_CMP_CTX_new.pod | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 8109970171..874174c3ac 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -340,6 +340,11 @@ RFC 4210. Allow retrieving a trust anchor from extraCerts and using that to validate the certificate chain of an IP message. + This is a quirk option added to support 3GPP TS 33.310. + + Note that using this option is dangerous as the certificate obtained + this way has not been authenticated (at least not at CMP level). + Taking it over as a trust anchor implements trust-on-first-use (TOFU). =back |