Submitted by: Victor B. Wagner <vitus@cryptocom.ru>, steve
Use default algorithms for OCSP request and response signing. New command line option to support other digest use for OCSP certificate IDs.
This commit is contained in:
Dr. Stephen Henson
@@ -51,6 +51,7 @@ B<openssl> B<ocsp>
|
||||
[B<-ndays n>]
|
||||
[B<-resp_key_id>]
|
||||
[B<-nrequest n>]
|
||||
[B<-md5|-sha1|...>]
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
@@ -206,6 +207,11 @@ information is immediately available. In this case the age of the B<notBefore> f
|
||||
is checked to see it is not older than B<age> seconds old. By default this additional
|
||||
check is not performed.
|
||||
|
||||
=item B<-md5|-sha1|-sha256|-ripemod160|...>
|
||||
|
||||
this option sets digest algorithm to use for certificate identification
|
||||
in the OCSP request. By default SHA-1 is used.
|
||||
|
||||
=back
|
||||
|
||||
=head1 OCSP SERVER OPTIONS
|
||||
|
||||
Reference in New Issue
Block a user