projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Document -trusted_first option in man pages and help.
[openssl.git] / doc / apps / verify.pod
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
index f35d4029506aa44e45742bc716ea0be544054b22..764e617c3419593e010565f84c6d43b66629dfef 100644 (file)
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -9,6 +9,7 @@ verify - Utility to verify certificates.
 B<openssl> B<verify>
 [B<-CApath directory>]
 [B<-CAfile file>]
+[B<-trusted_first>]
 [B<-purpose purpose>]
 [B<-policy arg>]
 [B<-ignore_critical>]
@@ -57,6 +58,12 @@ in PEM format concatenated together.
 A file of untrusted certificates. The file should contain multiple certificates
 in PEM format concatenated together.
 
+=item B<-trusted_first>
+
+Use certificates in CA file or CA directory before certificates in untrusted
+file when building the trust chain to verify certificates.
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
+
 =item B<-purpose purpose>
 
 The intended use for the certificate. If this option is not specified,
Unnamed repository; edit this file 'description' to name the repository.