diff options
| author | Lutz Jänicke <jaenicke@openssl.org> | 2008-05-19 09:52:15 +0200 |
|---|---|---|
| committer | Lutz Jänicke <jaenicke@openssl.org> | 2008-05-19 09:52:15 +0200 |
| commit | 51e00db226cab1d69d464e03996a554afbce800a (patch) | |
| tree | 3059d29a2b7d59ffcd1e7c358c274d85571b1c92 | |
| parent | Provide information about "openssl dgst" -hmac option. (diff) | |
| download | openssl-51e00db226cab1d69d464e03996a554afbce800a.tar.xz openssl-51e00db226cab1d69d464e03996a554afbce800a.zip | |
Document "openssl s_server" -crl_check* options
Submitted by: Daniel Black <daniel.subs@internode.on.net>
| -rw-r--r-- | apps/s_server.c | 5 | ||||
| -rw-r--r-- | doc/apps/s_server.pod | 8 |
2 files changed, 13 insertions, 0 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 5cc7d15af7..a7a728c268 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -408,6 +408,11 @@ static void sv_usage(void) BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); BIO_printf(bio_err," -cert arg - certificate file to use\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); + BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ + " The CRL(s) are appended to the certificate file\n"); + BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ + " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ + " the certificate file.\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index b586874645..7f159a39ed 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -12,6 +12,8 @@ B<openssl> B<s_server> [B<-context id>] [B<-verify depth>] [B<-Verify depth>] +[B<-crl_check>] +[B<-crl_check_all>] [B<-cert filename>] [B<-certform DER|PEM>] [B<-key keyfile>] @@ -142,6 +144,12 @@ the client. With the B<-verify> option a certificate is requested but the client does not have to send one, with the B<-Verify> option the client must supply a certificate or an error occurs. +=item B<-crl_check>, B<-crl_check_all> + +Check the peer certificate has not been revoked by its CA. +The CRL(s) are appended to the certificate file. With the B<-crl_check_all> +option all CRLs of all CAs in the chain are checked. + =item B<-CApath directory> The directory to use for client certificate verification. This directory |