Document -no-CApath and -no-CAfile

Add documentation to all the appropriate apps for the new -no-CApath and -no-CAfile options. Reviewed-by: Andy Polyakov <appro@openssl.org>
author: Matt Caswell <matt@openssl.org> 2015-09-22 19:43:59 +0100
committer: Matt Caswell <matt@openssl.org> 2015-09-25 14:49:59 +0100
commit: 40e2d76becd095c7cb2749ee1b33a7a336c8c17d (patch)
tree: 784a418e406af79c1f9f390d5daf24131baed111
parent: 2b6bcb702d237171ec5217956a42c8dce031ea51 (diff)
download: openssl-40e2d76becd095c7cb2749ee1b33a7a336c8c17d.tar.gz
8 files changed, 80 insertions, 0 deletions
diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 6b4beb4c27..cb7fc5972c 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -35,6 +35,8 @@ B<openssl> B<cms>
 [B<-print>]
 [B<-CAfile file>]
 [B<-CApath dir>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-crl_check>]
@@ -272,6 +274,14 @@ B<-verify>. This directory must be a standard certificate directory: that
 is a hash of each subject name (using B<x509 -hash>) should be linked
 to each certificate.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-md digest>
 
 digest algorithm to use when signing or resigning. If not present then the
diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index 256696665a..2399134ad3 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -30,6 +30,8 @@ B<openssl> B<ocsp>
 [B<-path>]
 [B<-CApath dir>]
 [B<-CAfile file>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-crl_check>]
@@ -177,6 +179,14 @@ connection timeout to the OCSP responder in seconds
 file or pathname containing trusted CA certificates. These are used to verify
 the signature on the OCSP response.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
 B<explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
 B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>,
diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
index f956c8ed64..f8162d0c1c 100644
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -39,6 +39,8 @@ B<openssl> B<pkcs12>
 [B<-rand file(s)>]
 [B<-CAfile file>]
 [B<-CApath dir>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-CSP name>]
 
 =head1 DESCRIPTION
@@ -281,6 +283,14 @@ CA storage as a directory. This directory must be a standard certificate
 directory: that is a hash of each subject name (using B<x509 -hash>) should be
 linked to each certificate.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-CSP name>
 
 write B<name> as a Microsoft CSP name.
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index 04982e6414..4d23dc9e89 100644
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -20,6 +20,8 @@ B<openssl> B<s_client>
 [B<-pass arg>]
 [B<-CApath directory>]
 [B<-CAfile filename>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-crl_check>]
@@ -158,6 +160,14 @@ also used when building the client certificate chain.
 A file containing trusted certificates to use during server authentication
 and to use when attempting to build the client certificate chain.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
 B<explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
 B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>,
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index 3fd9a81562..cd8a3ef747 100644
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -34,6 +34,8 @@ B<openssl> B<s_server>
 [B<-state>]
 [B<-CApath directory>]
 [B<-CAfile filename>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-explicit_policy>]
@@ -207,6 +209,14 @@ and to use when attempting to build the server certificate chain. The list
 is also used in the list of acceptable client CAs passed to the client when
 a certificate is requested.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-verify depth>, B<-Verify depth>
 
 The verify depth to use. This specifies the maximum length of the
diff --git a/doc/apps/s_time.pod b/doc/apps/s_time.pod
index 50ac0e09fa..2c244c83c1 100644
--- a/doc/apps/s_time.pod
+++ b/doc/apps/s_time.pod
@@ -14,6 +14,8 @@ B<openssl> B<s_time>
 [B<-key filename>]
 [B<-CApath directory>]
 [B<-CAfile filename>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-reuse>]
 [B<-new>]
 [B<-verify depth>]
@@ -75,6 +77,14 @@ also used when building the client certificate chain.
 A file containing trusted certificates to use during server authentication
 and to use when attempting to build the client certificate chain.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-new>
 
 performs the timing test using a new session ID for each connection.
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index e9fbfda422..d6f3de2005 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -17,6 +17,8 @@ B<openssl> B<smime>
 [B<-in file>]
 [B<-CAfile file>]
 [B<-CApath dir>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-crl_check>]
@@ -175,6 +177,14 @@ B<-verify>. This directory must be a standard certificate directory: that
 is a hash of each subject name (using B<x509 -hash>) should be linked
 to each certificate.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-md digest>
 
 digest algorithm to use when signing or resigning. If not present then the
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
index f7364f3e7d..afd1b95689 100644
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -9,6 +9,8 @@ verify - Utility to verify certificates.
 B<openssl> B<verify>
 [B<-CAfile file>]
 [B<-CApath directory>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-CRLfile file>]
@@ -68,6 +70,14 @@ form ("hash" is the hashed certificate subject name: see the B<-hash> option
 of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
 create symbolic links to a directory of certificates.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-attime timestamp>
 
 Perform validation checks using time specified by B<timestamp> and not
author	Matt Caswell <matt@openssl.org>	2015-09-22 19:43:59 +0100
committer	Matt Caswell <matt@openssl.org>	2015-09-25 14:49:59 +0100
commit	40e2d76becd095c7cb2749ee1b33a7a336c8c17d (patch)
tree	784a418e406af79c1f9f390d5daf24131baed111
parent	2b6bcb702d237171ec5217956a42c8dce031ea51 (diff)
download	openssl-40e2d76becd095c7cb2749ee1b33a7a336c8c17d.tar.gz