diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-08-28 13:37:04 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-08 23:24:42 +0200 |
commit | b434b2c08d2025936fb8b7ece3a5908613333f6b (patch) | |
tree | df6b0138916fd32ad87797f5af867aeab83d3b98 /doc | |
parent | Add 4 new OIDs for PKIX key purposes and 3 new CMP information types (diff) | |
download | openssl-b434b2c08d2025936fb8b7ece3a5908613333f6b.tar.xz openssl-b434b2c08d2025936fb8b7ece3a5908613333f6b.zip |
Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12806)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/openssl-cmp.pod.in | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 46c5059d84..623e3f7dee 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -174,6 +174,7 @@ Default filename is from the environment variable C<OPENSSL_CONF>. Section(s) to use within config file defining CMP options. An empty string C<""> means no specific section. Default is C<cmp>. + Multiple section names may be given, separated by commas and/or whitespace (where in the latter case the whole argument must be enclosed in "..."). Contents of sections named later may override contents of sections named before. @@ -485,6 +486,9 @@ This option gives more flexibility than the B<-srvcert> option because the protection certificate is not pinned but may be any certificate for which a chain to one of the given trusted certificates can be constructed. +If no B<-trusted>, B<-srvcert>, and B<-secret> option is given +then protected response messages from the server are not authenticated. + Multiple filenames may be given, separated by commas and/or whitespace (where in the latter case the whole argument must be enclosed in "..."). Each source may contain multiple certificates. @@ -809,6 +813,7 @@ Default is one invocation. =item B<-reqin> I<filenames> Take sequence of CMP requests from file(s). + Multiple filenames may be given, separated by commas and/or whitespace (where in the latter case the whole argument must be enclosed in "..."). As many files are read as needed for a complete transaction. @@ -823,18 +828,21 @@ and the CMP server complains that the transaction ID has already been used. =item B<-reqout> I<filenames> Save sequence of CMP requests to file(s). + Multiple filenames may be given, separated by commas and/or whitespace. As many files are written as needed to store the complete transaction. =item B<-rspin> I<filenames> Process sequence of CMP responses provided in file(s), skipping server. + Multiple filenames may be given, separated by commas and/or whitespace. As many files are read as needed for the complete transaction. =item B<-rspout> I<filenames> Save sequence of CMP responses to file(s). + Multiple filenames may be given, separated by commas and/or whitespace. As many files are written as needed to store the complete transaction. |