diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-08-28 12:11:31 +0200 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-10 07:07:55 +0200 |
commit | a0745e2be6635ffdf286ba5bc3bd867c8d4152a9 (patch) | |
tree | 00d93474fb208fba1ce021a5a82d1effb933535b /doc/man1 | |
parent | 474853c39a2b631f9f401df32834043500081b7c (diff) | |
download | openssl-a0745e2be6635ffdf286ba5bc3bd867c8d4152a9.tar.gz |
Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs
* Use strenghtened cert chain building, verifying chain using optional trust store
while making sure that no certificate status (e.g., CRL) checks are done
* Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod
* Simplify certificate and cert store loading in apps/cmp.c
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12741)
Diffstat (limited to 'doc/man1')
-rw-r--r-- | doc/man1/openssl-cmp.pod.in | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 623e3f7dee..75ee82211d 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -681,6 +681,7 @@ Defaults to C<hmac-sha1> as per RFC 4210. =item B<-extracerts> I<sources> Certificates to append in the extraCerts field when sending messages. +They can be used as the default CMP signer certificate chain to include. Multiple filenames or URLs may be given, separated by commas and/or whitespace (where in the latter case the whole argument must be enclosed in "..."). |