projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Document -trusted_first option in man pages and help.
[openssl.git]
/
doc
/
apps
/
verify.pod
diff --git
a/doc/apps/verify.pod
b/doc/apps/verify.pod
index f35d4029506aa44e45742bc716ea0be544054b22..764e617c3419593e010565f84c6d43b66629dfef 100644
(file)
--- a/
doc/apps/verify.pod
+++ b/
doc/apps/verify.pod
@@
-9,6
+9,7
@@
verify - Utility to verify certificates.
B<openssl> B<verify>
[B<-CApath directory>]
[B<-CAfile file>]
B<openssl> B<verify>
[B<-CApath directory>]
[B<-CAfile file>]
+[B<-trusted_first>]
[B<-purpose purpose>]
[B<-policy arg>]
[B<-ignore_critical>]
[B<-purpose purpose>]
[B<-policy arg>]
[B<-ignore_critical>]
@@
-57,6
+58,12
@@
in PEM format concatenated together.
A file of untrusted certificates. The file should contain multiple certificates
in PEM format concatenated together.
A file of untrusted certificates. The file should contain multiple certificates
in PEM format concatenated together.
+=item B<-trusted_first>
+
+Use certificates in CA file or CA directory before certificates in untrusted
+file when building the trust chain to verify certificates.
+This is mainly useful in environments with Bridge CA or Cross-Certified CAs.
+
=item B<-purpose purpose>
The intended use for the certificate. If this option is not specified,
=item B<-purpose purpose>
The intended use for the certificate. If this option is not specified,