mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

openssl-cmp.pod.in: tweak doc of -subject, -issuer, -keep_alive, and -untrusted

Browse Source 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21086)
This commit is contained in:
Dr. David von Oheimb 2023-05-30 21:09:57 +02:00 committed by Dr. David von Oheimb
parent 5def4bbb4b
commit 168d93a21d
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
doc/man1/openssl-cmp.pod.in
View File

@ -271,8 +271,8 @@ L<openssl-passphrase-options(1)>.
=item B<-subject> I<name>
X509 Distinguished Name (DN) of subject to use in the requested certificate
template.
X.509 Distinguished Name (DN) to use as subject field
in the requested certificate template in IR/CR/KUR messages.
If the NULL-DN (C</>) is given then no subject is placed in the template.
Default is the subject DN of any PKCS#10 CSR given with the B<-csr> option.
For KUR, a further fallback is the subject DN
@ -294,8 +294,8 @@ C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
=item B<-issuer> I<name>
X509 issuer Distinguished Name (DN) of the CA server
to place in the requested certificate template in IR/CR/KUR.
X.509 Distinguished Name (DN) use as issuer field
in the requested certificate template in IR/CR/KUR messages.
If the NULL-DN (C</>) is given then no issuer is placed in the template.
If provided and neither B<-recipient> nor B<-srvcert> is given,
@ -513,11 +513,13 @@ Defaults to any path given with B<-server>, else C<"/">.
=item B<-keep_alive> I<value>
If the given value is 0 then HTTP connections are not kept open
after receiving a response, which is the default behavior for HTTP 1.0.
If the value is 1 or 2 then persistent connections are requested.
If the value is 2 then persistent connections are required,
i.e., in case the server does not grant them an error occurs.
If the given value is 0 then HTTP connections are closed after each response
(which would be the default behavior of HTTP 1.0)
even if a CMP transaction needs more than one round trip.
If the value is 1 or 2
then for each transaction a persistent connection is requested.
If the value is 2 then a persistent connection is required,
i.e., an error occurs if the server does not grant it.
The default value is 1, which means preferring to keep the connection open.
=item B<-msg_timeout> I<seconds>
@ -571,7 +573,8 @@ as well as for chain building
when validating server certificates (checking signature-based
CMP message protection) and when validating newly enrolled certificates.
Multiple filenames or URLs may be given, separated by commas and/or whitespace.
Multiple sources may be given, separated by commas and/or whitespace
(where in the latter case the whole argument must be enclosed in "...").
Each source may contain multiple certificates.
=item B<-srvcert> I<filename>|I<uri>