QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-04 13:39:38 +00:00
Code Issues Projects Releases Wiki Activity

openssl-cmp.pod.in: Clean up doc of -verify_email, -verify_hostname, and -verify_ip

Browse Source 
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12932)
This commit is contained in:
Dr. David von Oheimb 2020-09-28 12:01:04 +02:00
parent d3d6f49dd0
commit acb934ff55
1 changed files with 27 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
doc/man1/openssl-cmp.pod.in
View File

@ -35,9 +35,6 @@ Certificate enrollment options:
[B<-popo> I<number>] [B<-popo> I<number>]
[B<-csr> I<filename>] [B<-csr> I<filename>]
[B<-out_trusted> I<filenames>] [B<-out_trusted> I<filenames>]
[B<-verify_hostname> I<cn>]
[B<-verify_ip> I<ip>]
[B<-verify_email> I<email>]
[B<-implicit_confirm>] [B<-implicit_confirm>]
[B<-disable_confirm>] [B<-disable_confirm>]
[B<-certout> I<filename>] [B<-certout> I<filename>]
@ -140,33 +137,7 @@ Mock server options:
Certificate verification options, for both CMP and TLS: Certificate verification options, for both CMP and TLS:
[B<-policy> I<arg>] {- $OpenSSL::safe::opt_v_synopsis -}
[B<-purpose> I<purpose>]
[B<-verify_name> I<name>]
[B<-verify_depth> I<num>]
[B<-auth_level> I<level>]
[B<-attime> I<timestamp>]
[B<-ignore_critical>]
[B<-issuer_checks>]
[B<-policy_check>]
[B<-explicit_policy>]
[B<-inhibit_any>]
[B<-inhibit_map>]
[B<-x509_strict>]
[B<-extended_crl>]
[B<-use_deltas>]
[B<-policy_print>]
[B<-check_ss_sig>]
[B<-crl_check>]
[B<-crl_check_all>]
[B<-trusted_first>]
[B<-suiteB_128_only>]
[B<-suiteB_128>]
[B<-suiteB_192>]
[B<-partial_chain>]
[B<-no_alt_chains>]
[B<-no_check_time>]
[B<-allow_proxy_certs>]
=head1 DESCRIPTION =head1 DESCRIPTION
@ -378,23 +349,9 @@ Multiple filenames may be given, separated by commas and/or whitespace
(where in the latter case the whole argument must be enclosed in "..."). (where in the latter case the whole argument must be enclosed in "...").
Each source may contain multiple certificates. Each source may contain multiple certificates.
=item B<-verify_hostname> I<name> The certificate verification options
B<-verify_hostname>, B<-verify_ip>, and B<-verify_email>
When verification of the newly enrolled certificate is enabled (with the only affect the certificate verification enabled via this option.
B<-out_trusted> option), check if any DNS Subject Alternative Name (or if no
DNS SAN is included, the Common Name in the subject) equals the given B<name>.
=item B<-verify_ip> I<ip>
When verification of the newly enrolled certificate is enabled (with the
B<-out_trusted> option), check if there is
an IP address Subject Alternative Name matching the given IP address.
=item B<-verify_email> I<email>
When verification of the newly enrolled certificate is enabled (with the
B<-out_trusted> option), check if there is
an email address Subject Alternative Name matching the given email address.
=item B<-implicit_confirm> =item B<-implicit_confirm>
@ -511,7 +468,7 @@ When verifying signature-based protection of CMP response messages,
these are the CA certificate(s) to trust while checking certificate chains these are the CA certificate(s) to trust while checking certificate chains
during CMP server authentication. during CMP server authentication.
This option gives more flexibility than the B<-srvcert> option because the This option gives more flexibility than the B<-srvcert> option because the
protection certificate is not pinned but may be any certificate server-side CMP signer certificate is not pinned but may be any certificate
for which a chain to one of the given trusted certificates can be constructed. for which a chain to one of the given trusted certificates can be constructed.
If no B<-trusted>, B<-srvcert>, and B<-secret> option is given If no B<-trusted>, B<-srvcert>, and B<-secret> option is given
@ -521,6 +478,10 @@ Multiple filenames may be given, separated by commas and/or whitespace
(where in the latter case the whole argument must be enclosed in "..."). (where in the latter case the whole argument must be enclosed in "...").
Each source may contain multiple certificates. Each source may contain multiple certificates.
The certificate verification options
B<-verify_hostname>, B<-verify_ip>, and B<-verify_email>
have no effect on the certificate verification enabled via this option.
=item B<-untrusted> I<sources> =item B<-untrusted> I<sources>
Non-trusted intermediate CA certificate(s). Non-trusted intermediate CA certificate(s).
@ -666,13 +627,17 @@ is included in the extraCerts field in signature-protected request messages.
=item B<-own_trusted> I<filenames> =item B<-own_trusted> I<filenames>
If this list of certificates is provided then the chain built for If this list of certificates is provided then the chain built for
the CMP signer certificate given with the B<-cert> option is verified the client-side CMP signer certificate given with the B<-cert> option
using the given certificates as trust anchors. is verified using the given certificates as trust anchors.
Multiple filenames may be given, separated by commas and/or whitespace Multiple filenames may be given, separated by commas and/or whitespace
(where in the latter case the whole argument must be enclosed in "..."). (where in the latter case the whole argument must be enclosed in "...").
Each source may contain multiple certificates. Each source may contain multiple certificates.
The certificate verification options
B<-verify_hostname>, B<-verify_ip>, and B<-verify_email>
have no effect on the certificate verification enabled via this option.
=item B<-key> I<filename> =item B<-key> I<filename>
The corresponding private key file for the client's current certificate given in The corresponding private key file for the client's current certificate given in
@ -808,6 +773,10 @@ Multiple filenames may be given, separated by commas and/or whitespace
(where in the latter case the whole argument must be enclosed in "..."). (where in the latter case the whole argument must be enclosed in "...").
Each source may contain multiple certificates. Each source may contain multiple certificates.
The certificate verification options
B<-verify_hostname>, B<-verify_ip>, and B<-verify_email>
have no effect on the certificate verification enabled via this option.
=item B<-tls_host> I<name> =item B<-tls_host> I<name>
Address to be checked during hostname validation. Address to be checked during hostname validation.
@ -913,6 +882,10 @@ Server private key (and cert) file pass phrase source.
Trusted certificates for client authentication. Trusted certificates for client authentication.
The certificate verification options
B<-verify_hostname>, B<-verify_ip>, and B<-verify_email>
have no effect on the certificate verification enabled via this option.
=item B<-srv_untrusted> I<filenames> =item B<-srv_untrusted> I<filenames>
Intermediate CA certs that may be useful when verifying client certificates. Intermediate CA certs that may be useful when verifying client certificates.
@ -991,21 +964,11 @@ Accept RAVERIFED as proof-of-possession (POPO).
=over 4 =over 4
=item B<-policy>, B<-purpose>, B<-verify_name>, B<-verify_depth>, {- $OpenSSL::safe::opt_v_item -}
B<-attime>,
B<-ignore_critical>, B<-issuer_checks>,
B<-policy_check>,
B<-explicit_policy>, B<-inhibit_any>, B<-inhibit_map>,
B<-x509_strict>, B<-extended_crl>, B<-use_deltas>,
B<-policy_print>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
B<-trusted_first>,
B<-suiteB_128_only>, B<-suiteB_128>, B<-suiteB_192>,
B<-partial_chain>, B<-no_alt_chains>, B<-no_check_time>,
B<-auth_level>,
B<-allow_proxy_certs>
Set various options of certificate chain verification. The certificate verification options
See L<openssl(1)/Verification Options> for details. B<-verify_hostname>, B<-verify_ip>, and B<-verify_email>
only affect the certificate verification enabled via the B<-out_trusted> option.
=back =back