diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/OCSP_resp_find_status.pod | 9 | ||||
| -rw-r--r-- | doc/man3/X509_VERIFY_PARAM_set_flags.pod | 2 |
2 files changed, 8 insertions, 3 deletions
diff --git a/doc/man3/OCSP_resp_find_status.pod b/doc/man3/OCSP_resp_find_status.pod index 179f303a77..7dd90837b6 100644 --- a/doc/man3/OCSP_resp_find_status.pod +++ b/doc/man3/OCSP_resp_find_status.pod @@ -120,7 +120,7 @@ OCSP_basic_verify() checks that the basic response message B<bs> is correctly signed and that the signer certificate can be validated. It takes B<st> as the trusted store and B<certs> as a set of untrusted intermediate certificates. The function first tries to find the signer certificate of the response -in <certs>. It also searches the certificates the responder may have included +in B<certs>. It also searches the certificates the responder may have included in B<bs> unless the B<flags> contain B<OCSP_NOINTERN>. It fails if the signer certificate cannot be found. Next, the function checks the signature of B<bs> and fails on error @@ -128,6 +128,10 @@ unless the B<flags> contain B<OCSP_NOSIGS>. Then the function already returns success if the B<flags> contain B<OCSP_NOVERIFY> or if the signer certificate was found in B<certs> and the B<flags> contain B<OCSP_TRUSTOTHER>. Otherwise the function continues by validating the signer certificate. +If B<flags> contains B<OCSP_PARTIAL_CHAIN>, intermediate CA certificates +in B<st> are trust-anchors. +For more details, see the description of B<X509_V_FLAG_PARTIAL_CHAIN> +in L<X509_VERIFY_PARAM_set_flags(3)/VERIFICATION FLAGS>. To this end, all certificates in B<cert> and in B<bs> are considered as untrusted certificates for the construction of the validation path for the signer certificate unless the B<OCSP_NOCHAIN> flag is set. After successful path @@ -185,7 +189,8 @@ L<OCSP_cert_to_id(3)>, L<OCSP_request_add1_nonce(3)>, L<OCSP_REQUEST_new(3)>, L<OCSP_response_status(3)>, -L<OCSP_sendreq_new(3)> +L<OCSP_sendreq_new(3)>, +L<X509_VERIFY_PARAM_set_flags(3)> =head1 COPYRIGHT diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 4f067c877c..6265915d9c 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -75,7 +75,7 @@ These functions manipulate the B<X509_VERIFY_PARAM> structure associated with a certificate verification operation. The X509_VERIFY_PARAM_set_flags() function sets the flags in B<param> by oring -it with B<flags>. See the B<VERIFICATION FLAGS> section for a complete +it with B<flags>. See L</VERIFICATION FLAGS> for a complete description of values the B<flags> parameter can take. X509_VERIFY_PARAM_get_flags() returns the flags in B<param>. |