Document -trusted_first option in man pages and help.
Add -trusted_first description to help messages and man pages of tools that deal with certificate verification.
This commit is contained in:
Hubert Kario
committed by
Matt Caswell
Matt Caswell
parent
2d7153e8f9
commit
6d3d579367
@@ -35,6 +35,7 @@ B<openssl> B<cms>
|
||||
[B<-print>]
|
||||
[B<-CAfile file>]
|
||||
[B<-CApath dir>]
|
||||
[B<-trusted_first>]
|
||||
[B<-md digest>]
|
||||
[B<-[cipher]>]
|
||||
[B<-nointern>]
|
||||
@@ -429,9 +430,9 @@ portion of a message so they may be included manually. If signing
|
||||
then many S/MIME mail clients check the signers certificate's email
|
||||
address matches that specified in the From: address.
|
||||
|
||||
=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
|
||||
=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first>
|
||||
|
||||
Set various certificate chain valiadition option. See the
|
||||
Set various certificate chain valiadition options. See the
|
||||
L<B<verify>|verify(1)> manual page for details.
|
||||
|
||||
=back
|
||||
|
||||
@@ -29,6 +29,7 @@ B<openssl> B<ocsp>
|
||||
[B<-path>]
|
||||
[B<-CApath dir>]
|
||||
[B<-CAfile file>]
|
||||
[B<-trusted_first>]
|
||||
[B<-VAfile file>]
|
||||
[B<-validity_period n>]
|
||||
[B<-status_age n>]
|
||||
@@ -138,6 +139,11 @@ or "/" by default.
|
||||
file or pathname containing trusted CA certificates. These are used to verify
|
||||
the signature on the OCSP response.
|
||||
|
||||
=item B<-trusted_first>
|
||||
|
||||
Set certificate verification option.
|
||||
See L<B<verify>|verify(1)> manual page for details.
|
||||
|
||||
=item B<-verify_other file>
|
||||
|
||||
file containing additional certificates to search when attempting to locate
|
||||
|
||||
@@ -18,6 +18,7 @@ B<openssl> B<s_client>
|
||||
[B<-pass arg>]
|
||||
[B<-CApath directory>]
|
||||
[B<-CAfile filename>]
|
||||
[B<-trusted_first>]
|
||||
[B<-reconnect>]
|
||||
[B<-pause>]
|
||||
[B<-showcerts>]
|
||||
@@ -116,9 +117,9 @@ also used when building the client certificate chain.
|
||||
A file containing trusted certificates to use during server authentication
|
||||
and to use when attempting to build the client certificate chain.
|
||||
|
||||
=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
|
||||
=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first>
|
||||
|
||||
Set various certificate chain valiadition option. See the
|
||||
Set various certificate chain valiadition options. See the
|
||||
L<B<verify>|verify(1)> manual page for details.
|
||||
|
||||
=item B<-reconnect>
|
||||
|
||||
@@ -34,6 +34,7 @@ B<openssl> B<s_server>
|
||||
[B<-state>]
|
||||
[B<-CApath directory>]
|
||||
[B<-CAfile filename>]
|
||||
[B<-trusted_first>]
|
||||
[B<-nocert>]
|
||||
[B<-cipher cipherlist>]
|
||||
[B<-quiet>]
|
||||
@@ -183,6 +184,11 @@ and to use when attempting to build the server certificate chain. The list
|
||||
is also used in the list of acceptable client CAs passed to the client when
|
||||
a certificate is requested.
|
||||
|
||||
=item B<-trusted_first>
|
||||
|
||||
Set certificate verification option.
|
||||
See the L<B<verify>|verify(1)> manual page for details.
|
||||
|
||||
=item B<-state>
|
||||
|
||||
prints out the SSL session states.
|
||||
|
||||
@@ -15,6 +15,7 @@ B<openssl> B<smime>
|
||||
[B<-pk7out>]
|
||||
[B<-[cipher]>]
|
||||
[B<-in file>]
|
||||
[B<-trusted_first>]
|
||||
[B<-certfile file>]
|
||||
[B<-signer file>]
|
||||
[B<-recip file>]
|
||||
@@ -259,7 +260,7 @@ portion of a message so they may be included manually. If signing
|
||||
then many S/MIME mail clients check the signers certificate's email
|
||||
address matches that specified in the From: address.
|
||||
|
||||
=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>
|
||||
=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first>
|
||||
|
||||
Set various options of certificate chain verification. See
|
||||
L<B<verify>|verify(1)> manual page for details.
|
||||
|
||||
@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
|
||||
B<openssl> B<verify>
|
||||
[B<-CApath directory>]
|
||||
[B<-CAfile file>]
|
||||
[B<-trusted_first>]
|
||||
[B<-purpose purpose>]
|
||||
[B<-policy arg>]
|
||||
[B<-ignore_critical>]
|
||||
@@ -57,6 +58,12 @@ in PEM format concatenated together.
|
||||
A file of untrusted certificates. The file should contain multiple certificates
|
||||
in PEM format concatenated together.
|
||||
|
||||
=item B<-trusted_first>
|
||||
|
||||
Use certificates in CA file or CA directory before certificates in untrusted
|
||||
file when building the trust chain to verify certificates.
|
||||
This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
|
||||
|
||||
=item B<-purpose purpose>
|
||||
|
||||
The intended use for the certificate. If this option is not specified,
|
||||
|
||||
Reference in New Issue
Block a user