CMP docs: clarify behavior on message/total timeout values given

Clarify behavior of OSSL_CMP_CTX_set_option() when given (negative)
values for OSSL_CMP_OPT_MSG_TIMEOUT or OSSL_CMP_OPT_TOTAL_TIMEOUT.
Fix doc of -msg_timeout and -total_timeout in openssl-cmp.pod.in

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)

diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
index f3bdb55e24bd35a8bb44a1378faa69dbd3a31ab0..2d7a57eb122db3e458d132e521ad9b49418b2f73 100644 (file)
--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -508,15 +508,17 @@ The default value is 1, which means preferring to keep the connection open.
 
 =item B<-msg_timeout> I<seconds>
 
-Number of seconds (or 0 for infinite) a CMP request-response message round trip
+Number of seconds a CMP request-response message round trip
 is allowed to take before a timeout error is returned.
+A value <= 0 means no limitation (waiting indefinitely).
 Default is to use the B<-total_timeout> setting.
 
 =item B<-total_timeout> I<seconds>
 
-Maximum number seconds an overall enrollment transaction may take,
-including attempts polling for certificates on C<waiting> PKIStatus.
-Default is 0 (infinite).
+Maximum total number of seconds a transaction may take,
+including polling etc.
+A value <= 0 means no limitation (waiting indefinitely).
+Default is 0.
 
 =back
 

diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod
index d3bcf63d5e40719c1dd88d64262fea732327b8bd..3a07a2aee7c277872d182e5b29e985d14247f8ed 100644 (file)
--- a/doc/man3/OSSL_CMP_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_CTX_new.pod
@@ -223,14 +223,17 @@ The following options can be set:
 
 =item B<OSSL_CMP_OPT_MSG_TIMEOUT>
 
-        Number of seconds (or 0 for infinite) a CMP message round trip is
-        allowed to take before a timeout error is returned.
-        Default is to use the B<OSSL_CMP_OPT_MSG_TIMEOUT> setting.
+        Number of seconds a CMP request-response message round trip
+        is allowed to take before a timeout error is returned.
+        A value <= 0 means no limitation (waiting indefinitely).
+        Default is to use the B<OSSL_CMP_OPT_TOTAL_TIMEOUT> setting.
 
 =item B<OSSL_CMP_OPT_TOTAL_TIMEOUT>
 
-        Maximum total number of seconds an enrollment (including polling)
-        may take. Default is 0 (infinite).
+        Maximum total number of seconds a transaction may take,
+        including polling etc.
+        A value <= 0 means no limitation (waiting indefinitely).
+        Default is 0.
 
 =item B<OSSL_CMP_OPT_VALIDITY_DAYS>