From 40e2d76becd095c7cb2749ee1b33a7a336c8c17d Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 22 Sep 2015 19:43:59 +0100 Subject: [PATCH] Document -no-CApath and -no-CAfile Add documentation to all the appropriate apps for the new -no-CApath and -no-CAfile options. Reviewed-by: Andy Polyakov --- doc/apps/cms.pod | 10 ++++++++++ doc/apps/ocsp.pod | 10 ++++++++++ doc/apps/pkcs12.pod | 10 ++++++++++ doc/apps/s_client.pod | 10 ++++++++++ doc/apps/s_server.pod | 10 ++++++++++ doc/apps/s_time.pod | 10 ++++++++++ doc/apps/smime.pod | 10 ++++++++++ doc/apps/verify.pod | 10 ++++++++++ 8 files changed, 80 insertions(+) diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 6b4beb4c27..cb7fc5972c 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -35,6 +35,8 @@ B B [B<-print>] [B<-CAfile file>] [B<-CApath dir>] +[B<-no-CAfile>] +[B<-no-CApath>] [B<-attime timestamp>] [B<-check_ss_sig>] [B<-crl_check>] @@ -272,6 +274,14 @@ B<-verify>. This directory must be a standard certificate directory: that is a hash of each subject name (using B) should be linked to each certificate. +=item B<-no-CAfile> + +Do not load the trusted CA certificates from the default file location + +=item B<-no-CApath> + +Do not load the trusted CA certificates from the default directory location + =item B<-md digest> digest algorithm to use when signing or resigning. If not present then the diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 256696665a..2399134ad3 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -30,6 +30,8 @@ B B [B<-path>] [B<-CApath dir>] [B<-CAfile file>] +[B<-no-CAfile>] +[B<-no-CApath>] [B<-attime timestamp>] [B<-check_ss_sig>] [B<-crl_check>] @@ -177,6 +179,14 @@ connection timeout to the OCSP responder in seconds file or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response. +=item B<-no-CAfile> + +Do not load the trusted CA certificates from the default file location + +=item B<-no-CApath> + +Do not load the trusted CA certificates from the default directory location + =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, B, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>, diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod index f956c8ed64..f8162d0c1c 100644 --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -39,6 +39,8 @@ B B [B<-rand file(s)>] [B<-CAfile file>] [B<-CApath dir>] +[B<-no-CAfile>] +[B<-no-CApath>] [B<-CSP name>] =head1 DESCRIPTION @@ -281,6 +283,14 @@ CA storage as a directory. This directory must be a standard certificate directory: that is a hash of each subject name (using B) should be linked to each certificate. +=item B<-no-CAfile> + +Do not load the trusted CA certificates from the default file location + +=item B<-no-CApath> + +Do not load the trusted CA certificates from the default directory location + =item B<-CSP name> write B as a Microsoft CSP name. diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 04982e6414..4d23dc9e89 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -20,6 +20,8 @@ B B [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-no-CAfile>] +[B<-no-CApath>] [B<-attime timestamp>] [B<-check_ss_sig>] [B<-crl_check>] @@ -158,6 +160,14 @@ also used when building the client certificate chain. A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. +=item B<-no-CAfile> + +Do not load the trusted CA certificates from the default file location + +=item B<-no-CApath> + +Do not load the trusted CA certificates from the default directory location + =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, B, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, B<-partial_chain>, B<-policy>, diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 3fd9a81562..cd8a3ef747 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -34,6 +34,8 @@ B B [B<-state>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-no-CAfile>] +[B<-no-CApath>] [B<-attime timestamp>] [B<-check_ss_sig>] [B<-explicit_policy>] @@ -207,6 +209,14 @@ and to use when attempting to build the server certificate chain. The list is also used in the list of acceptable client CAs passed to the client when a certificate is requested. +=item B<-no-CAfile> + +Do not load the trusted CA certificates from the default file location + +=item B<-no-CApath> + +Do not load the trusted CA certificates from the default directory location + =item B<-verify depth>, B<-Verify depth> The verify depth to use. This specifies the maximum length of the diff --git a/doc/apps/s_time.pod b/doc/apps/s_time.pod index 50ac0e09fa..2c244c83c1 100644 --- a/doc/apps/s_time.pod +++ b/doc/apps/s_time.pod @@ -14,6 +14,8 @@ B B [B<-key filename>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-no-CAfile>] +[B<-no-CApath>] [B<-reuse>] [B<-new>] [B<-verify depth>] @@ -75,6 +77,14 @@ also used when building the client certificate chain. A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. +=item B<-no-CAfile> + +Do not load the trusted CA certificates from the default file location + +=item B<-no-CApath> + +Do not load the trusted CA certificates from the default directory location + =item B<-new> performs the timing test using a new session ID for each connection. diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index e9fbfda422..d6f3de2005 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -17,6 +17,8 @@ B B [B<-in file>] [B<-CAfile file>] [B<-CApath dir>] +[B<-no-CAfile>] +[B<-no-CApath>] [B<-attime timestamp>] [B<-check_ss_sig>] [B<-crl_check>] @@ -175,6 +177,14 @@ B<-verify>. This directory must be a standard certificate directory: that is a hash of each subject name (using B) should be linked to each certificate. +=item B<-no-CAfile> + +Do not load the trusted CA certificates from the default file location + +=item B<-no-CApath> + +Do not load the trusted CA certificates from the default directory location + =item B<-md digest> digest algorithm to use when signing or resigning. If not present then the diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index f7364f3e7d..afd1b95689 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -9,6 +9,8 @@ verify - Utility to verify certificates. B B [B<-CAfile file>] [B<-CApath directory>] +[B<-no-CAfile>] +[B<-no-CApath>] [B<-attime timestamp>] [B<-check_ss_sig>] [B<-CRLfile file>] @@ -68,6 +70,14 @@ form ("hash" is the hashed certificate subject name: see the B<-hash> option of the B utility). Under Unix the B script will automatically create symbolic links to a directory of certificates. +=item B<-no-CAfile> + +Do not load the trusted CA certificates from the default file location + +=item B<-no-CApath> + +Do not load the trusted CA certificates from the default directory location + =item B<-attime timestamp> Perform validation checks using time specified by B and not -- 2.25.1