diff options
| author | jaenicke <jaenicke> | 2008-05-19 07:52:17 +0000 |
|---|---|---|
| committer | jaenicke <jaenicke> | 2008-05-19 07:52:17 +0000 |
| commit | bb70fdfe57511226d24828916ea95780f6bdb4c9 (patch) | |
| tree | d73f22c341c27065c3162ddea35cdb9e7ad027fa | |
| parent | 5fafbc850f1f1f026f333e749746726e4db7b037 (diff) | |
| download | openssl-bb70fdfe57511226d24828916ea95780f6bdb4c9.tar.gz | |
Document "openssl s_server" -crl_check* options
Submitted by: Daniel Black <daniel.subs@internode.on.net>
| -rw-r--r-- | apps/s_server.c | 5 | ||||
| -rw-r--r-- | doc/apps/s_server.pod | 8 |
2 files changed, 13 insertions, 0 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index df02e8b38..7919c437c 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -333,6 +333,11 @@ static void sv_usage(void) BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n"); BIO_printf(bio_err," -cert arg - certificate file to use\n"); BIO_printf(bio_err," (default is %s)\n",TEST_CERT); + BIO_printf(bio_err," -crl_check - check the peer certificate has not been revoked by its CA.\n" \ + " The CRL(s) are appended to the certificate file\n"); + BIO_printf(bio_err," -crl_check_all - check the peer certificate has not been revoked by its CA\n" \ + " or any other CRL in the CA chain. CRL(s) are appened to the\n" \ + " the certificate file.\n"); BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n"); BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n"); BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT); diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 57c2adfb9..fdcc170e2 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -12,6 +12,8 @@ B<openssl> B<s_server> [B<-context id>] [B<-verify depth>] [B<-Verify depth>] +[B<-crl_check>] +[B<-crl_check_all>] [B<-cert filename>] [B<-certform DER|PEM>] [B<-key keyfile>] @@ -142,6 +144,12 @@ the client. With the B<-verify> option a certificate is requested but the client does not have to send one, with the B<-Verify> option the client must supply a certificate or an error occurs. +=item B<-crl_check>, B<-crl_check_all> + +Check the peer certificate has not been revoked by its CA. +The CRL(s) are appended to the certificate file. With the B<-crl_check_all> +option all CRLs of all CAs in the chain are checked. + =item B<-CApath directory> The directory to use for client certificate verification. This directory |