aboutsummaryrefslogtreecommitdiff
path: root/openssl/doc/apps/verify.pod
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/doc/apps/verify.pod')
-rw-r--r--openssl/doc/apps/verify.pod13
1 files changed, 13 insertions, 0 deletions
diff --git a/openssl/doc/apps/verify.pod b/openssl/doc/apps/verify.pod
index df0153435..df1b86dfe 100644
--- a/openssl/doc/apps/verify.pod
+++ b/openssl/doc/apps/verify.pod
@@ -25,6 +25,7 @@ B<openssl> B<verify>
[B<-extended_crl>]
[B<-use_deltas>]
[B<-policy_print>]
+[B<-no_alt_chains>]
[B<-untrusted file>]
[B<-help>]
[B<-issuer_checks>]
@@ -124,6 +125,14 @@ Set policy variable inhibit-any-policy (see RFC5280).
Set policy variable inhibit-policy-mapping (see RFC5280).
+=item B<-no_alt_chains>
+
+When building a certificate chain, if the first certificate chain found is not
+trusted, then OpenSSL will continue to check to see if an alternative chain can
+be found that is trusted. With this option that behaviour is suppressed so that
+only the first chain found is ever used. Using this option will force the
+behaviour to match that of previous OpenSSL versions.
+
=item B<-policy_print>
Print out diagnostics related to policy processing.
@@ -425,4 +434,8 @@ B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes.
L<x509(1)|x509(1)>
+=head1 HISTORY
+
+The -no_alt_chains options was first added to OpenSSL 1.0.2b.
+
=cut