{"CApath", OPT_CAPATH, '/', "A directory of trusted certificates"},
{"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"},
{"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"},
- {"trusted", OPT_TRUSTED, '<', "A file of additional trusted certificates"},
+ {"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"},
{"CRLfile", OPT_CRLFILE, '<',
"File containing one or more CRL's (in PEM format) to load"},
{"crl_download", OPT_CRL_DOWNLOAD, '-',
}
argc = opt_num_rest();
argv = opt_rest();
+ if (trustfile && (CAfile || CApath)) {
+ BIO_printf(bio_err,
+ "%s: Cannot use -trusted with -CAfile or -CApath\n",
+ prog);
+ goto end;
+ }
if (!app_load_modules(NULL))
goto end;
=item B<-untrusted file>
-A file of untrusted certificates. The file should contain multiple certificates
-in PEM format concatenated together.
+A file of untrusted certificates. The file should contain one or more
+certificates in PEM format.
=item B<-trusted file>
-A file of additional trusted certificates. The file should contain multiple
-certificates in PEM format concatenated together.
+A file of trusted certificates. The file contain one or more
+certificates in PEM format.
+With this option, no additional (e.g., default) certificate lists
+are consulted. That is, the only trusted issuers are those listed
+in B<file>.
+This option cannot be used with the B<-CAfile> or B<-CApath> options.
=item B<-use_deltas>
projects / openssl.git / commitdiff