diff options
author | Mike DePaulo <mikedep333@gmail.com> | 2015-03-28 09:50:31 -0400 |
---|---|---|
committer | Mike DePaulo <mikedep333@gmail.com> | 2015-03-28 13:13:13 -0400 |
commit | 91e3957fb0e38a5d5649f82e5d9f89dd0e85666f (patch) | |
tree | fe0992fb4cf6f3c2a5d597557552ae69caccbe70 /openssl/doc/apps/ocsp.pod | |
parent | 9073d97eff3f6d3b33450ef3532a826674c7e1e8 (diff) | |
download | vcxsrv-91e3957fb0e38a5d5649f82e5d9f89dd0e85666f.tar.gz vcxsrv-91e3957fb0e38a5d5649f82e5d9f89dd0e85666f.tar.bz2 vcxsrv-91e3957fb0e38a5d5649f82e5d9f89dd0e85666f.zip |
Update openssl to version openssl-1.0.1m
Conflicts:
openssl/Makefile
openssl/Makefile.bak
openssl/crypto/cryptlib.c
Diffstat (limited to 'openssl/doc/apps/ocsp.pod')
-rw-r--r-- | openssl/doc/apps/ocsp.pod | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/openssl/doc/apps/ocsp.pod b/openssl/doc/apps/ocsp.pod index 38f026afc..2372b373c 100644 --- a/openssl/doc/apps/ocsp.pod +++ b/openssl/doc/apps/ocsp.pod @@ -40,6 +40,7 @@ B<openssl> B<ocsp> [B<-no_cert_verify>] [B<-no_chain>] [B<-no_cert_checks>] +[B<-no_explicit>] [B<-port num>] [B<-index file>] [B<-CA file>] @@ -189,6 +190,10 @@ testing purposes. do not use certificates in the response as additional untrusted CA certificates. +=item B<-no_explicit> + +do not explicitly trust the root CA if it is set to be trusted for OCSP signing. + =item B<-no_cert_checks> don't perform any additional checks on the OCSP response signers certificate. @@ -301,8 +306,9 @@ CA certificate in the request. If there is a match and the OCSPSigning extended key usage is present in the OCSP responder certificate then the OCSP verify succeeds. -Otherwise the root CA of the OCSP responders CA is checked to see if it -is trusted for OCSP signing. If it is the OCSP verify succeeds. +Otherwise, if B<-no_explicit> is B<not> set the root CA of the OCSP responders +CA is checked to see if it is trusted for OCSP signing. If it is the OCSP +verify succeeds. If none of these checks is successful then the OCSP verify fails. |