Prevent confusion as described in trac #422 by better explaining the
behaviour of --capath, and providing pointers to relevant openssl man
pages.
Attached are patches for the master and release/2.3 branches. The only
difference is that in the master patch, a line referencing the
requirement for OpenSSL 0.9.7 is removed, since master already requires
OpenSSL >= 0.9.8.
-Steffan
Content-Type: text/x-patch;
name="2.3-Clarify-capath-option-in-manpage.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="2.3-Clarify-capath-option-in-manpage.patch"
>From
3626088e146dbf959d7ec73f4e7cc5ab24c1ad57 Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan@karger.me>
Date: Sun, 24 May 2015 11:18:34 +0200
Subject: [PATCH] Clarify --capath option in manpage
Prevent confusion as described in trac #422 by better explaining the
behaviour of --capath, and providing pointers to relevant openssl man
pages.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
55619DC4.
2020108@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9732
Signed-off-by: Gert Doering <gert@greenie.muc.de>
.TP
.B \-\-capath dir
Directory containing trusted certificates (CAs and CRLs).
-Available with OpenSSL version >= 0.9.7 dev.
Not available with PolarSSL.
+
+When using the
+.B \-\-capath
+option, you are required to supply valid CRLs for the CAs too. CAs in the
+capath directory are expected to be named <hash>.<n>. CRLs are expected to
+be named <hash>.r<n>. See the
+.B -CApath
+option of
+.B openssl verify
+, and the
+.B -hash
+option of
+.B openssl x509
+and
+.B openssl crl
+for more information.
.\"*********************************************************
.TP
.B \-\-dh file
projects / thirdparty / openvpn.git / commitdiff
