Update ocsp usage message and docs.

		BIO_printf (bio_err, "-serial n          serial number to check\n");

		BIO_printf (bio_err, "-signer file       certificate to sign OCSP request with\n");

		BIO_printf (bio_err, "-signkey file      private key to sign OCSP request with\n");

		BIO_printf (bio_err, "-sign_certs file   additional certificates to include in signed request\n");

		BIO_printf (bio_err, "-sign_other file   additional certificates to include in signed request\n");

		BIO_printf (bio_err, "-no_certs          don't include any certificates in signed request\n");

		BIO_printf (bio_err, "-req_text          print text form of request\n");

		BIO_printf (bio_err, "-resp_text         print text form of response\n");

		BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");

		BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");

		BIO_printf (bio_err, "-noverify          don't verify response at all\n");

		BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n");

		BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");

		BIO_printf (bio_err, "-trust_other       don't verify additional certificates\n");

		BIO_printf (bio_err, "-no_intern         don't search certificates contained in response for signer\n");

		BIO_printf (bio_err, "-no_sig_verify     don't check signature on response\n");

		BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");

		BIO_printf (bio_err, "-no_cert_verify    don't check signing certificate\n");

		BIO_printf (bio_err, "-no_chain          don't chain verify response\n");

		BIO_printf (bio_err, "-no_cert_checks    don't do additional checks on signing certificate\n");

[B<-issuer file>]

[B<-cert file>]

[B<-serial n>]

[B<-signer file>]

[B<-signkey file>]

[B<-sign_other file>]

[B<-no_certs>]

[B<-req_text>]

[B<-resp_text>]

[B<-text>]

[B<-respin file>]

[B<-nonce>]

[B<-no_nonce>]

[B<-url responder_url>]

[B<-url URL>]

[B<-host host:n>]

[B<-path>]

[B<-CApath file>]

[B<-CApath dir>]

[B<-CAfile file>]

[B<-VAfile file>]

[B<-verify_certs file>]

[B<-validity_period n>]

[B<-status_age n>]

[B<-noverify>]

[B<-verify_other file>]

[B<-trust_other>]

[B<-no_intern>]

[B<-no_sig_verify>]

[B<-no_signature_verify>]

[B<-no_cert_verify>]

[B<-no_chain>]

[B<-no_cert_checks>]

[B<-validity_period nsec>]

[B<-status_age nsec>]

[B<-port num>]

[B<-index file>]

[B<-CA file>]

[B<-rsigner file>]

[B<-rkey file>]

[B<-rother file>]

[B<-resp_no_certs>]

[B<-nmin n>]

[B<-ndays n>]

[B<-resp_key_id>]

[B<-nrequest n>]

=head1 DESCRIPTION

B<WARNING: this documentation is preliminary and subject to change.>

The Online Certificate Status Protocol (OCSP) enables applications to

determine the (revocation) state of an identified certificate (RFC 2560).

from the same file as the certificate. If neither option is specified then

the OCSP request is not signed.

=item B<-sign_other filename>

Additional certificates to include in the signed request.

=item B<-nonce>, B<-no_nonce>

Add an OCSP nonce extension to a request or disable OCSP nonce addition.

file or pathname containing trusted CA certificates. These are used to verify

the signature on the OCSP response.

=item B<-verify_certs file>

=item B<-verify_other file>

file containing additional certificates to search when attempting to locate

the OCSP response signing certificate. Some responders omit the actual signer's

signers certificate. With this option the signers certificate must be specified

with either the B<-verify_certs> or B<-VAfile> options.

=item B<-no_sig_verify>

=item B<-no_signature_verify>

don't check the signature on the OCSP response. Since this option tolerates invalid

signatures on OCSP responses it will normally only be used for testing purposes.