Update ocsp usage message and docs.

diff --git a/apps/ocsp.c b/apps/ocsp.c
index f05ec0e65540dffa0c32cc4f83189ee7e0e32a40..17e84366d974c29a55286abfe07e24fd7e09a748 100644 (file)
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -524,7 +524,7 @@ int MAIN(int argc, char **argv)
                BIO_printf (bio_err, "-serial n          serial number to check\n");
                BIO_printf (bio_err, "-signer file       certificate to sign OCSP request with\n");
                BIO_printf (bio_err, "-signkey file      private key to sign OCSP request with\n");
                BIO_printf (bio_err, "-serial n          serial number to check\n");
                BIO_printf (bio_err, "-signer file       certificate to sign OCSP request with\n");
                BIO_printf (bio_err, "-signkey file      private key to sign OCSP request with\n");

-               BIO_printf (bio_err, "-sign_certs file   additional certificates to include in signed request\n");
+               BIO_printf (bio_err, "-sign_other file   additional certificates to include in signed request\n");

                BIO_printf (bio_err, "-no_certs          don't include any certificates in signed request\n");
                BIO_printf (bio_err, "-req_text          print text form of request\n");
                BIO_printf (bio_err, "-resp_text         print text form of response\n");
                BIO_printf (bio_err, "-no_certs          don't include any certificates in signed request\n");
                BIO_printf (bio_err, "-req_text          print text form of request\n");
                BIO_printf (bio_err, "-resp_text         print text form of response\n");


@@ -544,10 +544,10 @@ int MAIN(int argc, char **argv)
                BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
                BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");
                BIO_printf (bio_err, "-noverify          don't verify response at all\n");
                BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
                BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");
                BIO_printf (bio_err, "-noverify          don't verify response at all\n");

-               BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n");
+               BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");

                BIO_printf (bio_err, "-trust_other       don't verify additional certificates\n");
                BIO_printf (bio_err, "-no_intern         don't search certificates contained in response for signer\n");
                BIO_printf (bio_err, "-trust_other       don't verify additional certificates\n");
                BIO_printf (bio_err, "-no_intern         don't search certificates contained in response for signer\n");

-               BIO_printf (bio_err, "-no_sig_verify     don't check signature on response\n");
+               BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");

                BIO_printf (bio_err, "-no_cert_verify    don't check signing certificate\n");
                BIO_printf (bio_err, "-no_chain          don't chain verify response\n");
                BIO_printf (bio_err, "-no_cert_checks    don't do additional checks on signing certificate\n");
                BIO_printf (bio_err, "-no_cert_verify    don't check signing certificate\n");
                BIO_printf (bio_err, "-no_chain          don't chain verify response\n");
                BIO_printf (bio_err, "-no_cert_checks    don't do additional checks on signing certificate\n");

diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index da201b95e64f3496cc5e813f7feca623a40e8b49..4f266058e536502b559ad4d083437328d97f82b4 100644 (file)
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -11,6 +11,10 @@ B<openssl> B<ocsp>
 [B<-issuer file>]
 [B<-cert file>]
 [B<-serial n>]
 [B<-issuer file>]
 [B<-cert file>]
 [B<-serial n>]

+[B<-signer file>]
+[B<-signkey file>]
+[B<-sign_other file>]
+[B<-no_certs>]

 [B<-req_text>]
 [B<-resp_text>]
 [B<-text>]
 [B<-req_text>]
 [B<-resp_text>]
 [B<-text>]


@@ -20,27 +24,36 @@ B<openssl> B<ocsp>
 [B<-respin file>]
 [B<-nonce>]
 [B<-no_nonce>]
 [B<-respin file>]
 [B<-nonce>]
 [B<-no_nonce>]

-[B<-url responder_url>]
+[B<-url URL>]

 [B<-host host:n>]
 [B<-path>]
 [B<-host host:n>]
 [B<-path>]

-[B<-CApath file>]
+[B<-CApath dir>]

 [B<-CAfile file>]
 [B<-VAfile file>]
 [B<-CAfile file>]
 [B<-VAfile file>]

-[B<-verify_certs file>]
+[B<-validity_period n>]
+[B<-status_age n>]

 [B<-noverify>]
 [B<-noverify>]

+[B<-verify_other file>]

 [B<-trust_other>]
 [B<-no_intern>]
 [B<-trust_other>]
 [B<-no_intern>]

-[B<-no_sig_verify>]
+[B<-no_signature_verify>]

 [B<-no_cert_verify>]
 [B<-no_chain>]
 [B<-no_cert_checks>]
 [B<-no_cert_verify>]
 [B<-no_chain>]
 [B<-no_cert_checks>]

-[B<-validity_period nsec>]
-[B<-status_age nsec>]
+[B<-port num>]
+[B<-index file>]
+[B<-CA file>]
+[B<-rsigner file>]
+[B<-rkey file>]
+[B<-rother file>]
+[B<-resp_no_certs>]
+[B<-nmin n>]
+[B<-ndays n>]
+[B<-resp_key_id>]
+[B<-nrequest n>]

 
 =head1 DESCRIPTION
 
 
 =head1 DESCRIPTION
 

-B<WARNING: this documentation is preliminary and subject to change.>
-

 The Online Certificate Status Protocol (OCSP) enables applications to
 determine the (revocation) state of an identified certificate (RFC 2560).
 
 The Online Certificate Status Protocol (OCSP) enables applications to
 determine the (revocation) state of an identified certificate (RFC 2560).
 


@@ -83,6 +96,10 @@ the B<signkey> option is not present then the private key is read
 from the same file as the certificate. If neither option is specified then
 the OCSP request is not signed.
 
 from the same file as the certificate. If neither option is specified then
 the OCSP request is not signed.
 

+=item B<-sign_other filename>
+
+Additional certificates to include in the signed request.
+

 =item B<-nonce>, B<-no_nonce>
 
 Add an OCSP nonce extension to a request or disable OCSP nonce addition.
 =item B<-nonce>, B<-no_nonce>
 
 Add an OCSP nonce extension to a request or disable OCSP nonce addition.


@@ -120,7 +137,7 @@ or "/" by default.
 file or pathname containing trusted CA certificates. These are used to verify
 the signature on the OCSP response.
 
 file or pathname containing trusted CA certificates. These are used to verify
 the signature on the OCSP response.
 

-=item B<-verify_certs file>
+=item B<-verify_other file>

 
 file containing additional certificates to search when attempting to locate
 the OCSP response signing certificate. Some responders omit the actual signer's
 
 file containing additional certificates to search when attempting to locate
 the OCSP response signing certificate. Some responders omit the actual signer's


@@ -151,7 +168,7 @@ ignore certificates contained in the OCSP response when searching for the
 signers certificate. With this option the signers certificate must be specified
 with either the B<-verify_certs> or B<-VAfile> options.
 
 signers certificate. With this option the signers certificate must be specified
 with either the B<-verify_certs> or B<-VAfile> options.
 

-=item B<-no_sig_verify>
+=item B<-no_signature_verify>

 
 don't check the signature on the OCSP response. Since this option tolerates invalid
 signatures on OCSP responses it will normally only be used for testing purposes.
 
 don't check the signature on the OCSP response. Since this option tolerates invalid
 signatures on OCSP responses it will normally only be used for testing purposes.