projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Check chain extensions also for trusted certificates
[openssl.git] / doc / apps / x509.pod
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
index 1c98e9decfd9861d4efe1007cd8e7cafd2b0267e..637eedc947b9370995137b3708994599242bb72d 100644 (file)
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@@ -289,9 +289,12 @@ clears all the prohibited or rejected uses of the certificate.
 
 =item B<-addtrust arg>
 
-adds a trusted certificate use. Any object name can be used here
-but currently only B<clientAuth> (SSL client use), B<serverAuth>
-(SSL server use) and B<emailProtection> (S/MIME email) are used.
+adds a trusted certificate use.
+Any object name can be used here but currently only B<clientAuth> (SSL client
+use), B<serverAuth> (SSL server use), B<emailProtection> (S/MIME email) and
+B<anyExtendedKeyUsage> are used.
+As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or
+enables all purposes when trusted.
 Other OpenSSL applications may define additional uses.
 
 =item B<-addreject arg>
Unnamed repository; edit this file 'description' to name the repository.