{OPT_MORE_STR, 0, 0,
"also used as reference (defaulting to -cert) for subject DN and SANs."},
{OPT_MORE_STR, 0, 0,
- "Its issuer is used as recipient unless -srvcert, -recipient or -issuer given"},
+ "Its issuer is used as recipient unless -recipient, -srvcert, or -issuer given"},
{"revreason", OPT_REVREASON, 'n',
"Reason code to include in revocation request (rr); possible values:"},
{OPT_MORE_STR, 0, 0,
{"srvcert", OPT_SRVCERT, 's',
"Server cert to pin and trust directly when verifying signed CMP responses"},
{"recipient", OPT_RECIPIENT, 's',
- "Distinguished Name (DN) to use as msg recipient; see man page for defaults"},
+ "DN of CA. Default: subject of -srvcert, -issuer, issuer of -oldcert or -cert"},
{"expect_sender", OPT_EXPECT_SENDER, 's',
"DN of expected sender of responses. Defaults to subject of -srvcert, if any"},
{"ignore_keyusage", OPT_IGNORE_KEYUSAGE, '-',
=item B<-recipient> I<name>
Distinguished Name (DN) to use in the recipient field of CMP request messages,
-i.e., the CMP server (usually a CA or RA entity).
+i.e., the CMP server (usually the addressed CA).
The argument must be formatted as I</type0=value0/type1=value1/type2=...>,
characters may be escaped by C<\>E<nbsp>(backslash), no spaces are skipped.
+The empty name (NULL-DN) can be given explicitly as a single slash: 'I</>'.
The recipient field in the header of a CMP message is mandatory.
If not given explicitly the recipient is determined in the following order: