X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman1%2Focsp.pod;h=4c0aaac17b57b66e9ac507f4ff0515172f1698a9;hp=e32a68c53b718e73e186bc7693b1b1ceb5c2f749;hb=7312ef3fc4a7d391272f3ba8075eabf81a229ad2;hpb=6738bf1417289a14758590fca5a26b62c9b2c0be diff --git a/doc/man1/ocsp.pod b/doc/man1/ocsp.pod index e32a68c53b..4c0aaac17b 100644 --- a/doc/man1/ocsp.pod +++ b/doc/man1/ocsp.pod @@ -28,6 +28,7 @@ B B [B<-no_nonce>] [B<-url URL>] [B<-host host:port>] +[B<-multi process-count>] [B<-header>] [B<-path>] [B<-CApath dir>] @@ -87,6 +88,7 @@ B B [B<-ndays n>] [B<-resp_key_id>] [B<-nrequest n>] +[B<-rcid I>] [B<-I>] =head1 DESCRIPTION @@ -187,7 +189,22 @@ This may be repeated. =item B<-timeout seconds> -Connection timeout to the OCSP responder in seconds +Connection timeout to the OCSP responder in seconds. +On POSIX systems, when running as an OCSP responder, this option also limits +the time that the responder is willing to wait for the client request. +This time is measured from the time the responder accepts the connection until +the complete request is received. + +=item B<-multi process-count> + +Run the specified number of OCSP responder child processes, with the parent +process respawning child processes as needed. +Child processes will detect changes in the CA index file and automatically +reload it. +When running as a responder B<-timeout> option is recommended to limit the time +each child is willing to wait for the client's OCSP response. +This option is available on POSIX systems (that support the fork() and other +required unix system-calls). =item B<-CAfile file>, B<-CApath pathname> @@ -288,6 +305,12 @@ status information is immediately available. In this case the age of the B field is checked to see it is not older than B seconds old. By default this additional check is not performed. +=item B<-rcid I> + +This option sets the digest algorithm to use for certificate identification +in the OCSP response. Any digest supported by the OpenSSL B command can +be used. The default is the same digest algorithm used in the request. + =item B<-I> This option sets digest algorithm to use for certificate identification in the @@ -470,13 +493,13 @@ to a second file. =head1 HISTORY -The -no_alt_chains options was first added to OpenSSL 1.1.0. +The -no_alt_chains option was added in OpenSSL 1.1.0. =head1 COPYRIGHT Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. -Licensed under the OpenSSL license (the "License"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L.