mirror of
https://github.com/openssl/openssl.git
synced 2025-01-18 13:44:20 +08:00
Update ocsp usage message and docs.
This commit is contained in:
Dr. Stephen Henson
parent
c4d00669a0
commit
e5b0508a14
@ -524,7 +524,7 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-serial n serial number to check\n");
|
||||
BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n");
|
||||
BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n");
|
||||
BIO_printf (bio_err, "-sign_certs file additional certificates to include in signed request\n");
|
||||
BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n");
|
||||
BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n");
|
||||
BIO_printf (bio_err, "-req_text print text form of request\n");
|
||||
BIO_printf (bio_err, "-resp_text print text form of response\n");
|
||||
@ -544,10 +544,10 @@ int MAIN(int argc, char **argv)
|
||||
BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
|
||||
BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
|
||||
BIO_printf (bio_err, "-noverify don't verify response at all\n");
|
||||
BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n");
|
||||
BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
|
||||
BIO_printf (bio_err, "-trust_other don't verify additional certificates\n");
|
||||
BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n");
|
||||
BIO_printf (bio_err, "-no_sig_verify don't check signature on response\n");
|
||||
BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
|
||||
BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
|
||||
BIO_printf (bio_err, "-no_chain don't chain verify response\n");
|
||||
BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
|
||||
|
||||
@ -11,6 +11,10 @@ B<openssl> B<ocsp>
|
||||
[B<-issuer file>]
|
||||
[B<-cert file>]
|
||||
[B<-serial n>]
|
||||
[B<-signer file>]
|
||||
[B<-signkey file>]
|
||||
[B<-sign_other file>]
|
||||
[B<-no_certs>]
|
||||
[B<-req_text>]
|
||||
[B<-resp_text>]
|
||||
[B<-text>]
|
||||
@ -20,27 +24,36 @@ B<openssl> B<ocsp>
|
||||
[B<-respin file>]
|
||||
[B<-nonce>]
|
||||
[B<-no_nonce>]
|
||||
[B<-url responder_url>]
|
||||
[B<-url URL>]
|
||||
[B<-host host:n>]
|
||||
[B<-path>]
|
||||
[B<-CApath file>]
|
||||
[B<-CApath dir>]
|
||||
[B<-CAfile file>]
|
||||
[B<-VAfile file>]
|
||||
[B<-verify_certs file>]
|
||||
[B<-validity_period n>]
|
||||
[B<-status_age n>]
|
||||
[B<-noverify>]
|
||||
[B<-verify_other file>]
|
||||
[B<-trust_other>]
|
||||
[B<-no_intern>]
|
||||
[B<-no_sig_verify>]
|
||||
[B<-no_signature_verify>]
|
||||
[B<-no_cert_verify>]
|
||||
[B<-no_chain>]
|
||||
[B<-no_cert_checks>]
|
||||
[B<-validity_period nsec>]
|
||||
[B<-status_age nsec>]
|
||||
[B<-port num>]
|
||||
[B<-index file>]
|
||||
[B<-CA file>]
|
||||
[B<-rsigner file>]
|
||||
[B<-rkey file>]
|
||||
[B<-rother file>]
|
||||
[B<-resp_no_certs>]
|
||||
[B<-nmin n>]
|
||||
[B<-ndays n>]
|
||||
[B<-resp_key_id>]
|
||||
[B<-nrequest n>]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
B<WARNING: this documentation is preliminary and subject to change.>
|
||||
|
||||
The Online Certificate Status Protocol (OCSP) enables applications to
|
||||
determine the (revocation) state of an identified certificate (RFC 2560).
|
||||
|
||||
@ -83,6 +96,10 @@ the B<signkey> option is not present then the private key is read
|
||||
from the same file as the certificate. If neither option is specified then
|
||||
the OCSP request is not signed.
|
||||
|
||||
=item B<-sign_other filename>
|
||||
|
||||
Additional certificates to include in the signed request.
|
||||
|
||||
=item B<-nonce>, B<-no_nonce>
|
||||
|
||||
Add an OCSP nonce extension to a request or disable OCSP nonce addition.
|
||||
@ -120,7 +137,7 @@ or "/" by default.
|
||||
file or pathname containing trusted CA certificates. These are used to verify
|
||||
the signature on the OCSP response.
|
||||
|
||||
=item B<-verify_certs file>
|
||||
=item B<-verify_other file>
|
||||
|
||||
file containing additional certificates to search when attempting to locate
|
||||
the OCSP response signing certificate. Some responders omit the actual signer's
|
||||
@ -151,7 +168,7 @@ ignore certificates contained in the OCSP response when searching for the
|
||||
signers certificate. With this option the signers certificate must be specified
|
||||
with either the B<-verify_certs> or B<-VAfile> options.
|
||||
|
||||
=item B<-no_sig_verify>
|
||||
=item B<-no_signature_verify>
|
||||
|
||||
don't check the signature on the OCSP response. Since this option tolerates invalid
|
||||
signatures on OCSP responses it will normally only be used for testing purposes.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user