From: Dr. Stephen Henson Date: Wed, 6 Nov 2002 01:28:55 +0000 (+0000) Subject: CRL reason code docs. X-Git-Tag: OpenSSL_0_9_7-beta4~18^2~82 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=d618f703ec18f1012a096a110637f8769d1e6cb3;hp=896e4fef30ab773fd06f531276ac954992d11657 CRL reason code docs. --- diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index c2ca8f2400..f50fe9c8ed 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -13,6 +13,10 @@ B B [B<-name section>] [B<-gencrl>] [B<-revoke file>] +[B<-crl_reason reason>] +[B<-crl_hold instruction>] +[B<-crl_compromise time>] +[B<-crl_CA_compromise time>] [B<-subj arg>] [B<-crldays days>] [B<-crlhours hours>] @@ -74,7 +78,7 @@ a single self signed certificate to be signed by the CA. =item B<-spkac filename> a file containing a single Netscape signed public key and challenge -and additional field values to be signed by the CA. See the B +and additional field values to be signed by the CA. See the B section for information on the required format. =item B<-infiles> @@ -214,6 +218,33 @@ the number of hours before the next CRL is due. a filename containing a certificate to revoke. +=item B<-crl_reason reason> + +revocation reason, where B is one of: B, B, +B, B, B, B, +B or B. The matching of B is case +insensitive. Setting any revocation reason will make the CRL v2. + +In practive B is not particularly useful because it is only used +in delta CRLs which are not currently implemented. + +=item B<-crl_hold instruction> + +This sets the CRL revocation reason code to B and the hold +instruction to B which must be an OID. Although any OID can be +used only B (the use of which is discouraged by RFC2459) +B or B will normally be used. + +=item B<-crl_compromise time> + +This sets the revocation reason to B and the compromise time to +B