Add documentation for the -no_alt_chains option for various apps, as well as (fa7b0111) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

doc/apps/cms.pod

+7 −4

Original line number	Diff line number	Diff line
		@@ -54,6 +54,7 @@ B<openssl> B<cms>
		[B<-suiteB_128_only>]
		[B<-suiteB_192>]
		[B<-trusted_first>]
		[B<-no_alt_chains>]
		[B<-use_deltas>]
		[B<-verify_depth num>]
		[B<-verify_email email>]
		@@ -459,11 +460,11 @@ address matches that specified in the From: address.
		B<explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
		B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>,
		B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
		B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
		B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>,
		B<-verify_name>, B<-x509_strict>
		B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-no_alt_chains>,
		B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
		B<-verify_ip>, B<-verify_name>, B<-x509_strict>

		Set various certificate chain valiadition options. See the
		Set various certificate chain validation options. See the
		L<B<verify>\|verify(1)> manual page for details.

		=back
		@@ -697,4 +698,6 @@ Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0.
		The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
		to OpenSSL 1.1.0.

		The -no_alt_chains options was first added to OpenSSL 1.1.0.

		=cut

+10 −3

Original line number	Diff line number	Diff line
		@@ -48,6 +48,7 @@ B<openssl> B<ocsp>
		[B<-suiteB_128_only>]
		[B<-suiteB_192>]
		[B<-trusted_first>]
		[B<-no_alt_chains>]
		[B<-use_deltas>]
		[B<-verify_depth num>]
		[B<-verify_email email>]
		@@ -173,9 +174,9 @@ the signature on the OCSP response.
		B<explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
		B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>,
		B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
		B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
		B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>,
		B<-verify_name>, B<-x509_strict>
		B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-no_alt_chains>,
		B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
		B<-verify_ip>, B<-verify_name>, B<-x509_strict>

		Set different certificate verification options.
		See L<B<verify>\|verify(1)> manual page for details.
		@@ -416,3 +417,9 @@ second file.

		openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
		-reqin req.der -respout resp.der

		=head1 HISTORY

		The -no_alt_chains options was first added to OpenSSL 1.1.0.

		=cut

+9 −5

Original line number	Diff line number	Diff line
		@@ -19,7 +19,6 @@ B<openssl> B<s_client>
		[B<-pass arg>]
		[B<-CApath directory>]
		[B<-CAfile filename>]
		[B<-trusted_first>]
		[B<-attime timestamp>]
		[B<-check_ss_sig>]
		[B<-crl_check>]
		@@ -39,6 +38,7 @@ B<openssl> B<s_client>
		[B<-suiteB_128_only>]
		[B<-suiteB_192>]
		[B<-trusted_first>]
		[B<-no_alt_chains>]
		[B<-use_deltas>]
		[B<-verify_depth num>]
		[B<-verify_email email>]
		@@ -155,11 +155,11 @@ and to use when attempting to build the client certificate chain.
		B<explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
		B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>,
		B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
		B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
		B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>,
		B<-verify_name>, B<-x509_strict>
		B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-no_alt_chains>,
		B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
		B<-verify_ip>, B<-verify_name>, B<-x509_strict>

		Set various certificate chain valiadition options. See the
		Set various certificate chain validation options. See the
		L<B<verify>\|verify(1)> manual page for details.

		=item B<-reconnect>
		@@ -411,4 +411,8 @@ information whenever a session is renegotiated.

		L<sess_id(1)\|sess_id(1)>, L<s_server(1)\|s_server(1)>, L<ciphers(1)\|ciphers(1)>

		=head1 HISTORY

		The -no_alt_chains options was first added to OpenSSL 1.1.0.

		=cut

+7 −2

Original line number	Diff line number	Diff line
		@@ -51,6 +51,7 @@ B<openssl> B<s_server>
		[B<-suiteB_128_only>]
		[B<-suiteB_192>]
		[B<-trusted_first>]
		[B<-no_alt_chains>]
		[B<-use_deltas>]
		[B<-verify_depth num>]
		[B<-verify_return_error>]
		@@ -218,8 +219,8 @@ anonymous ciphersuite or PSK) this option has no effect.
		B<-ignore_critical>, B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>,
		B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>,
		B<-suiteB_128>, B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>,
		B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
		B<-verify_ip>, B<-verify_name>, B<-x509_strict>
		B<-no_alt_chains>, B<-use_deltas>, B<-verify_depth>, B<-verify_email>,
		B<-verify_hostname>, B<-verify_ip>, B<-verify_name>, B<-x509_strict>

		Set different peer certificate verification options.
		See the L<B<verify>\|verify(1)> manual page for details.
		@@ -481,4 +482,8 @@ unknown cipher suites a client says it supports.

		L<sess_id(1)\|sess_id(1)>, L<s_client(1)\|s_client(1)>, L<ciphers(1)\|ciphers(1)>

		=head1 HISTORY

		The -no_alt_chains options was first added to OpenSSL 1.1.0.

		=cut

+5 −3

Original line number	Diff line number	Diff line
		@@ -36,6 +36,7 @@ B<openssl> B<smime>
		[B<-suiteB_128_only>]
		[B<-suiteB_192>]
		[B<-trusted_first>]
		[B<-no_alt_chains>]
		[B<-use_deltas>]
		[B<-verify_depth num>]
		[B<-verify_email email>]
		@@ -291,9 +292,9 @@ address matches that specified in the From: address.
		B<explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
		B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>,
		B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
		B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
		B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>,
		B<-verify_name>, B<-x509_strict>
		B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-no_alt_chains>,
		B<-use_deltas>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
		B<-verify_ip>, B<-verify_name>, B<-x509_strict>

		Set various options of certificate chain verification. See
		L<B<verify>\|verify(1)> manual page for details.
		@@ -475,5 +476,6 @@ structures may cause parsing errors.
		The use of multiple B<-signer> options and the B<-resign> command were first
		added in OpenSSL 1.0.0

		The -no_alt_chains options was first added to OpenSSL 1.1.0.

		=cut