From 2a9afa4046592d44af84644cd89fe1a0d6d46889 Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@openssl.org>
Date: Sat, 13 Aug 2016 10:47:50 -0400
Subject: RT3940: For now, just document the issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>
---
 doc/apps/cms.pod   | 3 +++
 doc/apps/smime.pod | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index b6546133cf..d5529bea6b 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -122,6 +122,9 @@ encrypt mail for the given recipient certificates. Input file is the message
 to be encrypted. The output file is the encrypted mail in MIME format. The
 actual CMS type is <B>EnvelopedData<B>.
 
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
 =item B<-decrypt>
 
 decrypt mail using the supplied certificate and private key. Expects an
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index 2c7661daf0..ba59eda26f 100644
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -90,6 +90,9 @@ Print out a usage message.
 encrypt mail for the given recipient certificates. Input file is the message
 to be encrypted. The output file is the encrypted mail in MIME format.
 
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+
 =item B<-decrypt>
 
 decrypt mail using the supplied certificate and private key. Expects an
-- 
cgit v1.2.3