From 36da4a2e0e43928a29ac2ee5c55bf681e90e2f42 Mon Sep 17 00:00:00 2001 From: marha Date: Mon, 15 Jun 2015 20:18:50 +0200 Subject: Update to openssl-1.0.2c --- openssl/doc/apps/verify.pod | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'openssl/doc/apps/verify.pod') diff --git a/openssl/doc/apps/verify.pod b/openssl/doc/apps/verify.pod index df0153435..df1b86dfe 100644 --- a/openssl/doc/apps/verify.pod +++ b/openssl/doc/apps/verify.pod @@ -25,6 +25,7 @@ B B [B<-extended_crl>] [B<-use_deltas>] [B<-policy_print>] +[B<-no_alt_chains>] [B<-untrusted file>] [B<-help>] [B<-issuer_checks>] @@ -124,6 +125,14 @@ Set policy variable inhibit-any-policy (see RFC5280). Set policy variable inhibit-policy-mapping (see RFC5280). +=item B<-no_alt_chains> + +When building a certificate chain, if the first certificate chain found is not +trusted, then OpenSSL will continue to check to see if an alternative chain can +be found that is trusted. With this option that behaviour is suppressed so that +only the first chain found is ever used. Using this option will force the +behaviour to match that of previous OpenSSL versions. + =item B<-policy_print> Print out diagnostics related to policy processing. @@ -425,4 +434,8 @@ B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.2b. + =cut -- cgit v1.2.3