diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-06-26 11:28:52 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-06-26 11:28:52 +0000 |
commit | 710c1c34d1e81cfae1c1a86f188d911af300daad (patch) | |
tree | ea0faba98add8325438b512fa2e1fc61a38656a4 /doc | |
parent | e16818108f2fb851930789f29622c0cb2d574398 (diff) | |
download | openssl-new-710c1c34d1e81cfae1c1a86f188d911af300daad.tar.gz |
Allow checking of self-signed certifictes if a flag is set.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/apps/cms.pod | 2 | ||||
-rw-r--r-- | doc/apps/s_client.pod | 2 | ||||
-rw-r--r-- | doc/apps/smime.pod | 2 | ||||
-rw-r--r-- | doc/apps/verify.pod | 5 |
4 files changed, 8 insertions, 3 deletions
diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 520279eeab..d62961a023 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -401,7 +401,7 @@ portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> Set various certificate chain valiadition option. See the L<B<verify>|verify(1)> manual page for details. diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index f61b80c720..4ebf7b5854 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -101,7 +101,7 @@ also used when building the client certificate chain. A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> Set various certificate chain valiadition option. See the L<B<verify>|verify(1)> manual page for details. diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index 97cc0dc789..e0258b5648 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -259,7 +259,7 @@ portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> Set various options of certificate chain verification. See L<B<verify>|verify(1)> manual page for details. diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index dad3d17c83..bd399dc772 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -135,6 +135,11 @@ signing keys. Enable support for delta CRLs. +=item B<-check_ss_sig> + +Verify the signature on the self-signed root CA. This is disabled by default +because it doesn't add any security. + =item B<-> marks the last option. All arguments following this are assumed to be |