From: Dr. David von Oheimb Date: Sat, 11 Jul 2020 09:21:06 +0000 (+0200) Subject: apps/cmp.c: Improve documentation of -recipient option X-Git-Tag: openssl-3.0.0-alpha6~34 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87d20a96510ecc78068865423e0fa127d17486de;p=thirdparty%2Fopenssl.git apps/cmp.c: Improve documentation of -recipient option Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12421) --- diff --git a/apps/cmp.c b/apps/cmp.c index 17b5bed6ff4..102146a2755 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -321,7 +321,7 @@ const OPTIONS cmp_options[] = { {OPT_MORE_STR, 0, 0, "also used as reference (defaulting to -cert) for subject DN and SANs."}, {OPT_MORE_STR, 0, 0, - "Its issuer is used as recipient unless -srvcert, -recipient or -issuer given"}, + "Its issuer is used as recipient unless -recipient, -srvcert, or -issuer given"}, {"revreason", OPT_REVREASON, 'n', "Reason code to include in revocation request (rr); possible values:"}, {OPT_MORE_STR, 0, 0, @@ -354,7 +354,7 @@ const OPTIONS cmp_options[] = { {"srvcert", OPT_SRVCERT, 's', "Server cert to pin and trust directly when verifying signed CMP responses"}, {"recipient", OPT_RECIPIENT, 's', - "Distinguished Name (DN) to use as msg recipient; see man page for defaults"}, + "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"}, {"expect_sender", OPT_EXPECT_SENDER, 's', "DN of expected sender of responses. Defaults to subject of -srvcert, if any"}, {"ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-', diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 216db0cb1f9..45355cbdb32 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -506,10 +506,11 @@ and as default value for the expected sender of incoming CMP messages. =item B<-recipient> I Distinguished Name (DN) to use in the recipient field of CMP request messages, -i.e., the CMP server (usually a CA or RA entity). +i.e., the CMP server (usually the addressed CA). The argument must be formatted as I, characters may be escaped by C<\>E(backslash), no spaces are skipped. +The empty name (NULL-DN) can be given explicitly as a single slash: 'I'. The recipient field in the header of a CMP message is mandatory. If not given explicitly the recipient is determined in the following order: