BIO_printf (bio_err, "-serial n serial number to check\n");
BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n");
BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n");
- BIO_printf (bio_err, "-sign_certs file additional certificates to include in signed request\n");
+ BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n");
BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n");
BIO_printf (bio_err, "-req_text print text form of request\n");
BIO_printf (bio_err, "-resp_text print text form of response\n");
BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
BIO_printf (bio_err, "-noverify don't verify response at all\n");
- BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n");
+ BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
BIO_printf (bio_err, "-trust_other don't verify additional certificates\n");
BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n");
- BIO_printf (bio_err, "-no_sig_verify don't check signature on response\n");
+ BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
BIO_printf (bio_err, "-no_chain don't chain verify response\n");
BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
[B<-issuer file>]
[B<-cert file>]
[B<-serial n>]
+[B<-signer file>]
+[B<-signkey file>]
+[B<-sign_other file>]
+[B<-no_certs>]
[B<-req_text>]
[B<-resp_text>]
[B<-text>]
[B<-respin file>]
[B<-nonce>]
[B<-no_nonce>]
-[B<-url responder_url>]
+[B<-url URL>]
[B<-host host:n>]
[B<-path>]
-[B<-CApath file>]
+[B<-CApath dir>]
[B<-CAfile file>]
[B<-VAfile file>]
-[B<-verify_certs file>]
+[B<-validity_period n>]
+[B<-status_age n>]
[B<-noverify>]
+[B<-verify_other file>]
[B<-trust_other>]
[B<-no_intern>]
-[B<-no_sig_verify>]
+[B<-no_signature_verify>]
[B<-no_cert_verify>]
[B<-no_chain>]
[B<-no_cert_checks>]
-[B<-validity_period nsec>]
-[B<-status_age nsec>]
+[B<-port num>]
+[B<-index file>]
+[B<-CA file>]
+[B<-rsigner file>]
+[B<-rkey file>]
+[B<-rother file>]
+[B<-resp_no_certs>]
+[B<-nmin n>]
+[B<-ndays n>]
+[B<-resp_key_id>]
+[B<-nrequest n>]
=head1 DESCRIPTION
-B<WARNING: this documentation is preliminary and subject to change.>
-
The Online Certificate Status Protocol (OCSP) enables applications to
determine the (revocation) state of an identified certificate (RFC 2560).
from the same file as the certificate. If neither option is specified then
the OCSP request is not signed.
+=item B<-sign_other filename>
+
+Additional certificates to include in the signed request.
+
=item B<-nonce>, B<-no_nonce>
Add an OCSP nonce extension to a request or disable OCSP nonce addition.
file or pathname containing trusted CA certificates. These are used to verify
the signature on the OCSP response.
-=item B<-verify_certs file>
+=item B<-verify_other file>
file containing additional certificates to search when attempting to locate
the OCSP response signing certificate. Some responders omit the actual signer's
signers certificate. With this option the signers certificate must be specified
with either the B<-verify_certs> or B<-VAfile> options.
-=item B<-no_sig_verify>
+=item B<-no_signature_verify>
don't check the signature on the OCSP response. Since this option tolerates invalid
signatures on OCSP responses it will normally only be used for testing purposes.
projects / openssl.git / commitdiff