From 25690b7f5f3d78a52c1377b823b40c6a0e12022b Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 27 Jan 2015 10:50:38 +0000
Subject: Add -no_alt_chains option to apps to implement the new
 X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building
 certificate chains, the first chain found will be the one used. Without this
 flag, if the first chain found is not trusted then we will keep looking to
 see if we can build an alternative chain instead.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
---
 apps/smime.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'apps/smime.c')

diff --git a/apps/smime.c b/apps/smime.c
index 5efe51f7d7..930978fd9b 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -443,6 +443,8 @@ int MAIN(int argc, char **argv)
         BIO_printf(bio_err, "-CAfile file   trusted certificates file\n");
         BIO_printf(bio_err,
                    "-trusted_first use locally trusted CA's first when building trust chain\n");
+        BIO_printf(bio_err,
+                   "-no_alt_chains only ever use the first certificate chain found\n");
         BIO_printf(bio_err,
                    "-crl_check     check revocation status of signer's certificate using CRLs\n");
         BIO_printf(bio_err,
-- 
cgit v1.2.3