RT3940: For now, just document the issue.

Reviewed-by: Richard Levitte <levitte@openssl.org>

diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index b6546133cf72dccfa5f76170b57b7f105afbb289..d5529bea6bc91ea8fdcc100600be57acc6b8af66 100644 (file)
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -122,6 +122,9 @@ encrypt mail for the given recipient certificates. Input file is the message
 to be encrypted. The output file is the encrypted mail in MIME format. The
 actual CMS type is <B>EnvelopedData<B>.
 
 to be encrypted. The output file is the encrypted mail in MIME format. The
 actual CMS type is <B>EnvelopedData<B>.
 

+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+

 =item B<-decrypt>
 
 decrypt mail using the supplied certificate and private key. Expects an
 =item B<-decrypt>
 
 decrypt mail using the supplied certificate and private key. Expects an

diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index 2c7661daf082ebbc8b14574a2ef24597589417c2..ba59eda26feff6379ed6e053196b78fea3c21fb6 100644 (file)
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -90,6 +90,9 @@ Print out a usage message.
 encrypt mail for the given recipient certificates. Input file is the message
 to be encrypted. The output file is the encrypted mail in MIME format.
 
 encrypt mail for the given recipient certificates. Input file is the message
 to be encrypted. The output file is the encrypted mail in MIME format.
 

+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+

 =item B<-decrypt>
 
 decrypt mail using the supplied certificate and private key. Expects an
 =item B<-decrypt>
 
 decrypt mail using the supplied certificate and private key. Expects an