diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-02-16 11:17:07 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-06-26 15:38:40 +0200 |
| commit | 4acda8635ed55ddf831d1bb3dc6086054f01cc61 (patch) | |
| tree | f366f096ef49946d775a738463cc7d89f12858e0 /doc/man1/openssl-x509.pod.in | |
| parent | Fix 'openssl req' to correctly use the algorithm from '-newkey algo:nnnn' (diff) | |
| download | openssl-4acda8635ed55ddf831d1bb3dc6086054f01cc61.tar.xz openssl-4acda8635ed55ddf831d1bb3dc6086054f01cc61.zip | |
DOC: Clarify the role of EKUs including defaults for TLS client and server use
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14199)
Diffstat (limited to 'doc/man1/openssl-x509.pod.in')
| -rw-r--r-- | doc/man1/openssl-x509.pod.in | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index 0e073d6b05..9c77a216c2 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -551,10 +551,12 @@ Clears all the permitted or trusted uses of the certificate. =item B<-addtrust> I<arg> -Adds an allowed trust anchor purpose. -Any object name can be used here but currently only those -listed in L<openssl-verification-options(1)/Trust Anchors> are supported. -Other OpenSSL applications may define additional purposes. +Adds a trusted certificate use. +Any object name can be used here but currently only B<clientAuth>, +B<serverAuth>, B<emailProtection>, and B<anyExtendedKeyUsage> are defined. +As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or +enables all purposes when trusted. +Other OpenSSL applications may define additional uses. =item B<-clrreject> |