diff --git a/apps/s_server.c b/apps/s_server.c index 5cc7d15af..a7a728c26 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -408,6 +408,11 @@ static void sv_usage(void) BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); BIO_printf(bio_err," -cert arg - certificate file to use\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); + BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ + " The CRL(s) are appended to the certificate file\n"); + BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ + " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ + " the certificate file.\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index b58687464..7f159a39e 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -12,6 +12,8 @@ B B [B<-context id>] [B<-verify depth>] [B<-Verify depth>] +[B<-crl_check>] +[B<-crl_check_all>] [B<-cert filename>] [B<-certform DER|PEM>] [B<-key keyfile>] @@ -142,6 +144,12 @@ the client. With the B<-verify> option a certificate is requested but the client does not have to send one, with the B<-Verify> option the client must supply a certificate or an error occurs. +=item B<-crl_check>, B<-crl_check_all> + +Check the peer certificate has not been revoked by its CA. +The CRL(s) are appended to the certificate file. With the B<-crl_check_all> +option all CRLs of all CAs in the chain are checked. + =item B<-CApath directory> The directory to use for client certificate verification. This directory