From: Dr. David von Oheimb Date: Fri, 28 Aug 2020 12:55:38 +0000 (+0200) Subject: apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass X-Git-Tag: openssl-3.0.0-alpha7~307 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7a7d6b514fb2c95570896e512e165a38c9ecac46;p=thirdparty%2Fopenssl.git apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12825) --- diff --git a/apps/cmp.c b/apps/cmp.c index d0f3c020c1b..9f1f1154367 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -395,7 +395,9 @@ const OPTIONS cmp_options[] = { {"mac", OPT_MAC, 's', "MAC algorithm to use in PBM-based message protection. Default \"hmac-sha1\""}, {"extracerts", OPT_EXTRACERTS, 's', - "Certificates to append in extraCerts field of outgoing messages"}, + "Certificates to append in extraCerts field of outgoing messages."}, + {OPT_MORE_STR, 0, 0, + "This can be used as the default CMP signer cert chain to include"}, {"unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-', "Send messages without CMP-level protection"}, diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in index 2d484805b3f..97a03798a86 100644 --- a/doc/man1/openssl-cmp.pod.in +++ b/doc/man1/openssl-cmp.pod.in @@ -499,11 +499,14 @@ Each source may contain multiple certificates. =item B<-untrusted> I -Non-trusted intermediate CA certificate(s) that may be useful for cert path -construction for the CMP client certificate (to include in the extraCerts field -of outgoing messages), for the TLS client certificate (if TLS is enabled), +Non-trusted intermediate CA certificate(s). +Any extra certificates given with the B<-cert> option are appended to it. +All these certificates may be useful for cert path construction +for the CMP client certificate (to include in the extraCerts field of outgoing +messages) and for the TLS client certificate (if TLS is enabled) +as well as for chain building when verifying the CMP server certificate (checking signature-based -CMP message protection), and when verifying newly enrolled certificates. +CMP message protection) and when verifying newly enrolled certificates. Multiple filenames may be given, separated by commas and/or whitespace. Each file may contain multiple certificates. @@ -713,8 +716,9 @@ The only value with effect is B. =item B<-otherpass> I Pass phrase source for certificate given with the B<-trusted>, B<-untrusted>, -B<-own_trusted>, -B<-out_trusted>, B<-extracerts>, B<-tls_extra>, or B<-tls_trusted> options. +B<-own_trusted>, B<-srvcert>, B<-out_trusted>, B<-extracerts>, +B<-srv_trusted>, B<-srv_untrusted>, B<-rsp_extracerts>, B<-rsp_capubs>, +B<-tls_extra>, and B<-tls_trusted> options. If not given here, the password will be prompted for if needed. For more information about the format of B see the