summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-08-28 13:37:04 +0200
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>2020-09-08 23:24:42 +0200
commitb434b2c08d2025936fb8b7ece3a5908613333f6b (patch)
treedf6b0138916fd32ad87797f5af867aeab83d3b98 /doc
parentAdd 4 new OIDs for PKIX key purposes and 3 new CMP information types (diff)
downloadopenssl-b434b2c08d2025936fb8b7ece3a5908613333f6b.tar.xz
openssl-b434b2c08d2025936fb8b7ece3a5908613333f6b.zip
Allow unauthenticated CMP server if missing -trusted, -srvcert, and -secret options
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12806)
Diffstat (limited to 'doc')
-rw-r--r--doc/man1/openssl-cmp.pod.in8
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index 46c5059d84..623e3f7dee 100644
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -174,6 +174,7 @@ Default filename is from the environment variable C<OPENSSL_CONF>.
Section(s) to use within config file defining CMP options.
An empty string C<""> means no specific section.
Default is C<cmp>.
+
Multiple section names may be given, separated by commas and/or whitespace
(where in the latter case the whole argument must be enclosed in "...").
Contents of sections named later may override contents of sections named before.
@@ -485,6 +486,9 @@ This option gives more flexibility than the B<-srvcert> option because the
protection certificate is not pinned but may be any certificate
for which a chain to one of the given trusted certificates can be constructed.
+If no B<-trusted>, B<-srvcert>, and B<-secret> option is given
+then protected response messages from the server are not authenticated.
+
Multiple filenames may be given, separated by commas and/or whitespace
(where in the latter case the whole argument must be enclosed in "...").
Each source may contain multiple certificates.
@@ -809,6 +813,7 @@ Default is one invocation.
=item B<-reqin> I<filenames>
Take sequence of CMP requests from file(s).
+
Multiple filenames may be given, separated by commas and/or whitespace
(where in the latter case the whole argument must be enclosed in "...").
As many files are read as needed for a complete transaction.
@@ -823,18 +828,21 @@ and the CMP server complains that the transaction ID has already been used.
=item B<-reqout> I<filenames>
Save sequence of CMP requests to file(s).
+
Multiple filenames may be given, separated by commas and/or whitespace.
As many files are written as needed to store the complete transaction.
=item B<-rspin> I<filenames>
Process sequence of CMP responses provided in file(s), skipping server.
+
Multiple filenames may be given, separated by commas and/or whitespace.
As many files are read as needed for the complete transaction.
=item B<-rspout> I<filenames>
Save sequence of CMP responses to file(s).
+
Multiple filenames may be given, separated by commas and/or whitespace.
As many files are written as needed to store the complete transaction.