Commit 1c687ff4 authored by Matt Caswell's avatar Matt Caswell Committed by Kurt Roeckx
Browse files

Add documentation for the -no_alt_chains option for various apps, as well as... 


Add documentation for the -no_alt_chains option for various apps, as well as the X509_V_FLAG_NO_ALT_CHAINS flag.

Reviewed-by: default avatarDr. Stephen Henson <steve@openssl.org>
Reviewed-by: default avatarKurt Roeckx <kurt@roeckx.be>

Conflicts:
	doc/apps/cms.pod
	doc/apps/ocsp.pod
	doc/apps/s_client.pod
	doc/apps/s_server.pod
	doc/apps/smime.pod
	doc/apps/verify.pod
parent c6a39046

doc/apps/cms.pod

+4 −1
Original line number Diff line number Diff line
@@ -35,6 +35,7 @@ B<openssl> B<cms> 
[B<-print>]

[B<-CAfile file>]

[B<-CApath dir>]

[B<-no_alt_chains>]

[B<-md digest>]

[B<-[cipher]>]

[B<-nointern>]
@@ -406,7 +407,7 @@ portion of a message so they may be included manually. If signing 
then many S/MIME mail clients check the signers certificate's email

address matches that specified in the From: address.



=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>

=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>



Set various certificate chain valiadition option. See the

L<B<verify>|verify(1)> manual page for details.
@@ -614,4 +615,6 @@ The use of multiple B<-signer> options and the B<-resign> command were first 
added in OpenSSL 1.0.0





The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.



=cut

doc/apps/ocsp.pod

+11 −0
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ B<openssl> B<ocsp> 
[B<-path>]

[B<-CApath dir>]

[B<-CAfile file>]

[B<-no_alt_chains>]]

[B<-VAfile file>]

[B<-validity_period n>]

[B<-status_age n>]
@@ -143,6 +144,10 @@ connection timeout to the OCSP responder in seconds 
file or pathname containing trusted CA certificates. These are used to verify

the signature on the OCSP response.



=item B<-no_alt_chains>



See L<B<verify>|verify(1)> manual page for details.



=item B<-verify_other file>



file containing additional certificates to search when attempting to locate
@@ -379,3 +384,9 @@ second file. 


 openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem

     -reqin req.der -respout resp.der



=head1 HISTORY



The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.



=cut

doc/apps/s_client.pod

+6 −1
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ B<openssl> B<s_client> 
[B<-pass arg>]

[B<-CApath directory>]

[B<-CAfile filename>]

[B<-no_alt_chains>]

[B<-reconnect>]

[B<-pause>]

[B<-showcerts>]
@@ -116,7 +117,7 @@ also used when building the client certificate chain. 
A file containing trusted certificates to use during server authentication

and to use when attempting to build the client certificate chain.



=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>

=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>



Set various certificate chain valiadition option. See the

L<B<verify>|verify(1)> manual page for details.
@@ -347,4 +348,8 @@ information whenever a session is renegotiated. 


L<sess_id(1)|sess_id(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>



=head1 HISTORY



The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.



=cut

doc/apps/s_server.pod

+9 −0
Original line number Diff line number Diff line
@@ -33,6 +33,7 @@ B<openssl> B<s_server> 
[B<-state>]

[B<-CApath directory>]

[B<-CAfile filename>]

[B<-no_alt_chains>]

[B<-nocert>]

[B<-cipher cipherlist>]

[B<-serverpref>]
@@ -178,6 +179,10 @@ and to use when attempting to build the server certificate chain. The list 
is also used in the list of acceptable client CAs passed to the client when

a certificate is requested.



=item B<-no_alt_chains>



See the L<B<verify>|verify(1)> manual page for details.



=item B<-state>



prints out the SSL session states.
@@ -398,4 +403,8 @@ unknown cipher suites a client says it supports. 


L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>



=head1 HISTORY



The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.



=cut

doc/apps/smime.pod

+3 −1
Original line number Diff line number Diff line
@@ -15,6 +15,7 @@ B<openssl> B<smime> 
[B<-pk7out>]

[B<-[cipher]>]

[B<-in file>]

[B<-no_alt_chains>]

[B<-certfile file>]

[B<-signer file>]

[B<-recip  file>]
@@ -259,7 +260,7 @@ portion of a message so they may be included manually. If signing 
then many S/MIME mail clients check the signers certificate's email

address matches that specified in the From: address.



=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig>

=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains>



Set various options of certificate chain verification. See

L<B<verify>|verify(1)> manual page for details.
@@ -441,5 +442,6 @@ structures may cause parsing errors. 
The use of multiple B<-signer> options and the B<-resign> command were first

added in OpenSSL 1.0.0



The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b.



=cut