From bbe9c3d51afa33d883abed3700d33c256afff46b Mon Sep 17 00:00:00 2001
From: Johannes Bauer <joe@johannes-bauer.com>
Date: Fri, 11 Aug 2017 19:00:21 -0400
Subject: Clarify CLI OCSP documentation

This fixes issue #3043, which ultimately was reported because
documentation was not clear on the meaning of the "-ignore_err" option.
Update both command line documentation and add this option to manpage.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4143)
---
 doc/man1/ocsp.pod | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'doc')

diff --git a/doc/man1/ocsp.pod b/doc/man1/ocsp.pod
index 058462f318..42621df336 100644
--- a/doc/man1/ocsp.pod
+++ b/doc/man1/ocsp.pod
@@ -74,6 +74,7 @@ B<openssl> B<ocsp>
 [B<-no_cert_checks>]
 [B<-no_explicit>]
 [B<-port num>]
+[B<-ignore_err>]
 [B<-index file>]
 [B<-CA file>]
 [B<-rsigner file>]
@@ -343,6 +344,12 @@ specified in the B<rsigner> option is used.
 Port to listen for OCSP requests on. The port may also be specified
 using the B<url> option.
 
+=item B<-ignore_err>
+
+Ignore malformed requests or responses: When acting as an OCSP client, retry if
+a malformed response is received. When acting as an OCSP responder, continue
+running instead of terminating upon receiving a malformed request.
+
 =item B<-nrequest number>
 
 The OCSP server will exit after receiving B<number> requests, default unlimited.
-- 
cgit v1.2.3