mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass

Browse Source 
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12825)
This commit is contained in:
Dr. David von Oheimb 2020-08-28 14:55:38 +02:00
parent ef2d3588e8
commit 7a7d6b514f
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/cmp.c
View File

@ -395,7 +395,9 @@ const OPTIONS cmp_options[] = {
{"mac", OPT_MAC, 's',
"MAC algorithm to use in PBM-based message protection. Default \"hmac-sha1\""},
{"extracerts", OPT_EXTRACERTS, 's',
"Certificates to append in extraCerts field of outgoing messages"},
"Certificates to append in extraCerts field of outgoing messages."},
{OPT_MORE_STR, 0, 0,
"This can be used as the default CMP signer cert chain to include"},
{"unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-',
"Send messages without CMP-level protection"},

16
doc/man1/openssl-cmp.pod.in
View File

@ -499,11 +499,14 @@ Each source may contain multiple certificates.
=item B<-untrusted> I<sources>
Non-trusted intermediate CA certificate(s) that may be useful for cert path
construction for the CMP client certificate (to include in the extraCerts field
of outgoing messages), for the TLS client certificate (if TLS is enabled),
Non-trusted intermediate CA certificate(s).
Any extra certificates given with the B<-cert> option are appended to it.
All these certificates may be useful for cert path construction
for the CMP client certificate (to include in the extraCerts field of outgoing
messages) and for the TLS client certificate (if TLS is enabled)
as well as for chain building
when verifying the CMP server certificate (checking signature-based
CMP message protection), and when verifying newly enrolled certificates.
CMP message protection) and when verifying newly enrolled certificates.
Multiple filenames may be given, separated by commas and/or whitespace.
Each file may contain multiple certificates.
@ -713,8 +716,9 @@ The only value with effect is B<ENGINE>.
=item B<-otherpass> I<arg>
Pass phrase source for certificate given with the B<-trusted>, B<-untrusted>,
B<-own_trusted>,
B<-out_trusted>, B<-extracerts>, B<-tls_extra>, or B<-tls_trusted> options.
B<-own_trusted>, B<-srvcert>, B<-out_trusted>, B<-extracerts>,
B<-srv_trusted>, B<-srv_untrusted>, B<-rsp_extracerts>, B<-rsp_capubs>,
B<-tls_extra>, and B<-tls_trusted> options.
If not given here, the password will be prompted for if needed.
For more information about the format of B<arg> see the