summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-08-28 14:55:38 +0200
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-09-11 12:17:58 +0200
commit7a7d6b514fb2c95570896e512e165a38c9ecac46 (patch)
treeedd6e0f71932c9633a0f6930741df473457094ff /doc
parentapps/cmp.c: Improve documentation of -secret, -cert, and -key options (diff)
downloadopenssl-7a7d6b514fb2c95570896e512e165a38c9ecac46.tar.xz
openssl-7a7d6b514fb2c95570896e512e165a38c9ecac46.zip
apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12825)
Diffstat (limited to 'doc')
-rw-r--r--doc/man1/openssl-cmp.pod.in16
1 files changed, 10 insertions, 6 deletions
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index 2d484805b3..97a03798a8 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -499,11 +499,14 @@ Each source may contain multiple certificates.
=item B<-untrusted> I<sources>
-Non-trusted intermediate CA certificate(s) that may be useful for cert path
-construction for the CMP client certificate (to include in the extraCerts field
-of outgoing messages), for the TLS client certificate (if TLS is enabled),
+Non-trusted intermediate CA certificate(s).
+Any extra certificates given with the B<-cert> option are appended to it.
+All these certificates may be useful for cert path construction
+for the CMP client certificate (to include in the extraCerts field of outgoing
+messages) and for the TLS client certificate (if TLS is enabled)
+as well as for chain building
when verifying the CMP server certificate (checking signature-based
-CMP message protection), and when verifying newly enrolled certificates.
+CMP message protection) and when verifying newly enrolled certificates.
Multiple filenames may be given, separated by commas and/or whitespace.
Each file may contain multiple certificates.
@@ -713,8 +716,9 @@ The only value with effect is B<ENGINE>.
=item B<-otherpass> I<arg>
Pass phrase source for certificate given with the B<-trusted>, B<-untrusted>,
-B<-own_trusted>,
-B<-out_trusted>, B<-extracerts>, B<-tls_extra>, or B<-tls_trusted> options.
+B<-own_trusted>, B<-srvcert>, B<-out_trusted>, B<-extracerts>,
+B<-srv_trusted>, B<-srv_untrusted>, B<-rsp_extracerts>, B<-rsp_capubs>,
+B<-tls_extra>, and B<-tls_trusted> options.
If not given here, the password will be prompted for if needed.
For more information about the format of B<arg> see the