Clarify CLI OCSP documentation

This fixes issue #3043, which ultimately was reported because documentation was not clear on the meaning of the "-ignore_err" option. Update both command line documentation and add this option to manpage. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4143)
author: Johannes Bauer <joe@johannes-bauer.com> 2017-08-11 19:00:21 -0400
committer: Rich Salz <rsalz@openssl.org> 2017-08-11 19:00:21 -0400
commit: bbe9c3d51afa33d883abed3700d33c256afff46b (patch)
tree: 6863d2da4e709f55b76e34801fc826f9f036587f /doc
parent: 44e699515568abcae0e77d7315f9b5e393daa6d9 (diff)
download: openssl-bbe9c3d51afa33d883abed3700d33c256afff46b.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/man1/ocsp.pod b/doc/man1/ocsp.pod
index 058462f318..42621df336 100644
--- a/doc/man1/ocsp.pod
+++ b/doc/man1/ocsp.pod
@@ -74,6 +74,7 @@ B<openssl> B<ocsp>
 [B<-no_cert_checks>]
 [B<-no_explicit>]
 [B<-port num>]
+[B<-ignore_err>]
 [B<-index file>]
 [B<-CA file>]
 [B<-rsigner file>]
@@ -343,6 +344,12 @@ specified in the B<rsigner> option is used.
 Port to listen for OCSP requests on. The port may also be specified
 using the B<url> option.
 
+=item B<-ignore_err>
+
+Ignore malformed requests or responses: When acting as an OCSP client, retry if
+a malformed response is received. When acting as an OCSP responder, continue
+running instead of terminating upon receiving a malformed request.
+
 =item B<-nrequest number>
 
 The OCSP server will exit after receiving B<number> requests, default unlimited.
author	Johannes Bauer <joe@johannes-bauer.com>	2017-08-11 19:00:21 -0400
committer	Rich Salz <rsalz@openssl.org>	2017-08-11 19:00:21 -0400
commit	bbe9c3d51afa33d883abed3700d33c256afff46b (patch)
tree	6863d2da4e709f55b76e34801fc826f9f036587f /doc
parent	44e699515568abcae0e77d7315f9b5e393daa6d9 (diff)
download	openssl-bbe9c3d51afa33d883abed3700d33c256afff46b.tar.gz