Document -no-CApath and -no-CAfile

Add documentation to all the appropriate apps for the new -no-CApath and
-no-CAfile options.

Reviewed-by: Andy Polyakov <appro@openssl.org>

diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 6b4beb4c277e1aa484d9227f03200c959115ecc7..cb7fc5972c74a9fd9558ec26c3a0bfbef25d78d2 100644 (file)
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -35,6 +35,8 @@ B<openssl> B<cms>
 [B<-print>]
 [B<-CAfile file>]
 [B<-CApath dir>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-crl_check>]
@@ -272,6 +274,14 @@ B<-verify>. This directory must be a standard certificate directory: that
 is a hash of each subject name (using B<x509 -hash>) should be linked
 to each certificate.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-md digest>
 
 digest algorithm to use when signing or resigning. If not present then the

diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index 256696665aa2e95e5be84097139822819c921066..2399134ad3d8e8cef4ed7def61cebe62430f7942 100644 (file)
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -30,6 +30,8 @@ B<openssl> B<ocsp>
 [B<-path>]
 [B<-CApath dir>]
 [B<-CAfile file>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-crl_check>]
@@ -177,6 +179,14 @@ connection timeout to the OCSP responder in seconds
 file or pathname containing trusted CA certificates. These are used to verify
 the signature on the OCSP response.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
 B<explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
 B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>,

diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
index f956c8ed64679d058f56da0c1fd545b829bbbf8f..f8162d0c1c3a2de9387bda1d8cee4fbf2f92648b 100644 (file)
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -39,6 +39,8 @@ B<openssl> B<pkcs12>
 [B<-rand file(s)>]
 [B<-CAfile file>]
 [B<-CApath dir>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-CSP name>]
 
 =head1 DESCRIPTION
@@ -281,6 +283,14 @@ CA storage as a directory. This directory must be a standard certificate
 directory: that is a hash of each subject name (using B<x509 -hash>) should be
 linked to each certificate.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-CSP name>
 
 write B<name> as a Microsoft CSP name.

diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
index 04982e64141753858feaae31aaf780da6760f966..4d23dc9e89642b6a501213e8168c78fd35ec3764 100644 (file)
--- a/doc/apps/s_client.pod
+++ b/doc/apps/s_client.pod
@@ -20,6 +20,8 @@ B<openssl> B<s_client>
 [B<-pass arg>]
 [B<-CApath directory>]
 [B<-CAfile filename>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-crl_check>]
@@ -158,6 +160,14 @@ also used when building the client certificate chain.
 A file containing trusted certificates to use during server authentication
 and to use when attempting to build the client certificate chain.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
 B<explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
 B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>,

diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
index 3fd9a81562c27c28ba658f39e2d6b15ac11b9464..cd8a3ef74747d7ed23968126d8545d06a0faf1f6 100644 (file)
--- a/doc/apps/s_server.pod
+++ b/doc/apps/s_server.pod
@@ -34,6 +34,8 @@ B<openssl> B<s_server>
 [B<-state>]
 [B<-CApath directory>]
 [B<-CAfile filename>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-explicit_policy>]
@@ -207,6 +209,14 @@ and to use when attempting to build the server certificate chain. The list
 is also used in the list of acceptable client CAs passed to the client when
 a certificate is requested.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-verify depth>, B<-Verify depth>
 
 The verify depth to use. This specifies the maximum length of the

diff --git a/doc/apps/s_time.pod b/doc/apps/s_time.pod
index 50ac0e09fa718dec32e967b036785f75f2ee2a89..2c244c83c10815a23392c829be0284c13bbf3564 100644 (file)
--- a/doc/apps/s_time.pod
+++ b/doc/apps/s_time.pod
@@ -14,6 +14,8 @@ B<openssl> B<s_time>
 [B<-key filename>]
 [B<-CApath directory>]
 [B<-CAfile filename>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-reuse>]
 [B<-new>]
 [B<-verify depth>]
@@ -75,6 +77,14 @@ also used when building the client certificate chain.
 A file containing trusted certificates to use during server authentication
 and to use when attempting to build the client certificate chain.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-new>
 
 performs the timing test using a new session ID for each connection.

diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
index e9fbfda42299b33d3b587b706c47cf29d4b7de8b..d6f3de20051cb705e7a356985375955a17869d7d 100644 (file)
--- a/doc/apps/smime.pod
+++ b/doc/apps/smime.pod
@@ -17,6 +17,8 @@ B<openssl> B<smime>
 [B<-in file>]
 [B<-CAfile file>]
 [B<-CApath dir>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-crl_check>]
@@ -175,6 +177,14 @@ B<-verify>. This directory must be a standard certificate directory: that
 is a hash of each subject name (using B<x509 -hash>) should be linked
 to each certificate.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-md digest>
 
 digest algorithm to use when signing or resigning. If not present then the

diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
index f7364f3e7d566e59311682a38ece46db419bf8c5..afd1b95689887cb9509d35bd5006d865702431e5 100644 (file)
--- a/doc/apps/verify.pod
+++ b/doc/apps/verify.pod
@@ -9,6 +9,8 @@ verify - Utility to verify certificates.
 B<openssl> B<verify>
 [B<-CAfile file>]
 [B<-CApath directory>]
+[B<-no-CAfile>]
+[B<-no-CApath>]
 [B<-attime timestamp>]
 [B<-check_ss_sig>]
 [B<-CRLfile file>]
@@ -68,6 +70,14 @@ form ("hash" is the hashed certificate subject name: see the B<-hash> option
 of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
 create symbolic links to a directory of certificates.
 
+=item B<-no-CAfile>
+
+Do not load the trusted CA certificates from the default file location
+
+=item B<-no-CApath>
+
+Do not load the trusted CA certificates from the default directory location
+
 =item B<-attime timestamp>
 
 Perform validation checks using time specified by B<timestamp> and not