From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 27 Jun 2014 14:12:26 +0000 (+0200)
Subject: pki: Document --online option for pki --verify and all exit codes
X-Git-Tag: 5.2.0~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba2805c106c9a4e15a77d3416d073a72ad16ae53;p=thirdparty%2Fstrongswan.git

pki: Document --online option for pki --verify and all exit codes
---

diff --git a/src/pki/man/pki---verify.1.in b/src/pki/man/pki---verify.1.in
index de34acad43..dd0c0e9284 100644
--- a/src/pki/man/pki---verify.1.in
+++ b/src/pki/man/pki---verify.1.in
@@ -10,6 +10,7 @@ pki \-\-verify \- Verify a certificate using a CA certificate
 .OP \-\-in file
 .OP \-\-cacert file
 .OP \-\-debug level
+.OP \-\-online
 .YS
 .
 .SY pki\ \-\-verify
@@ -44,13 +45,18 @@ Read command line options from \fIfile\fR.
 X.509 certificate to verify. If not given it is read from \fISTDIN\fR.
 .TP
 .BI "\-c, \-\-cacert " file
-CA certificate to use. If not given the certificate is assumed to be
-self-signed.
+CA certificate to use for trustchain verification. If not given the certificate
+is assumed to be self\-signed.
+.TP
+.BI "\-o, \-\-online
+Enable online CRL/OCSP revocation checking.
 .
 .SH "EXIT STATUS"
-The exit status is 0 if the certificate was verified successfully, and 2 if
-the verification failed.
+The exit status is 0 if the certificate was verified successfully, 1 if the
+certificate is untrusted, 2 if the certificate's lifetimes are invalid, and 3
+if the certificate was verified successfully but the online revocation check
+indicated that it has been revoked.
 .
 .SH "SEE ALSO"
 .
-.BR pki (1)
\ No newline at end of file
+.BR pki (1)