diff options
| author | Matt Caswell <matt@openssl.org> | 2015-01-27 11:15:15 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2015-02-25 09:15:10 +0000 |
| commit | fa7b01115bc33d9b40936688bb3c952dc93b645a (patch) | |
| tree | c9543477cbbba73f0ce84a3c190279e7a2bfb7c0 /doc/apps/verify.pod | |
| parent | 25690b7f5f3d78a52c1377b823b40c6a0e12022b (diff) | |
| download | openssl-fa7b01115bc33d9b40936688bb3c952dc93b645a.tar.gz | |
Add documentation for the -no_alt_chains option for various apps, as well as
the X509_V_FLAG_NO_ALT_CHAINS flag.
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
Diffstat (limited to 'doc/apps/verify.pod')
| -rw-r--r-- | doc/apps/verify.pod | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index a5a00638be..d422913c08 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -30,6 +30,7 @@ B<openssl> B<verify> [B<-suiteB_128_only>] [B<-suiteB_192>] [B<-trusted_first>] +[B<-no_alt_chains>] [B<-untrusted file>] [B<-use_deltas>] [B<-verbose>] @@ -164,6 +165,14 @@ Use certificates in CA file or CA directory before certificates in untrusted file when building the trust chain to verify certificates. This is mainly useful in environments with Bridge CA or Cross-Certified CAs. +=item B<-no_alt_chains> + +When building a certificate chain, if the first certificate chain found is not +trusted, then OpenSSL will continue to check to see if an alternative chain can +be found that is trusted. With this option that behaviour is suppressed so that +only the first chain found is ever used. Using this option will force the +behaviour to match that of OpenSSL versions prior to 1.1.0. + =item B<-untrusted file> A file of untrusted certificates. The file should contain multiple certificates @@ -469,4 +478,8 @@ B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. L<x509(1)|x509(1)> +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.1.0. + =cut |