apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass

Reviewed-by: N Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12825)

apps/cmp.c: Improve documentation of -extracerts, -untrusted, and -otherpass
Reviewed-by: N Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: N Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12825)
7a7d6b51 · Dr. David von Oheimb · ef2d3588 · 7a7d6b51 · 7a7d6b51
显示空白变更内容
内联并排

Showing with 13 addition and 7 deletion

apps/cmp.c apps/cmp.c +3 -1

doc/man1/openssl-cmp.pod.in doc/man1/openssl-cmp.pod.in +10 -6

未找到文件。
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -395,7 +395,9 @@ const OPTIONS cmp_options[] = {
    {"mac", OPT_MAC, 's',
     "MAC algorithm to use in PBM-based message protection. Default \"hmac-sha1\""},
    {"extracerts", OPT_EXTRACERTS, 's',
-     "Certificates to append in extraCerts field of outgoing messages"},
+     "Certificates to append in extraCerts field of outgoing messages."},
+    {OPT_MORE_STR, 0, 0,
+     "This can be used as the default CMP signer cert chain to include"},
    {"unprotected_requests", OPT_UNPROTECTED_REQUESTS, '-',
     "Send messages without CMP-level protection"},


--- a/doc/man1/openssl-cmp.pod.in
+++ b/doc/man1/openssl-cmp.pod.in
@@ -499,11 +499,14 @@ Each source may contain multiple certificates.

 =item B<-untrusted> I<sources>

-Non-trusted intermediate CA certificate(s) that may be useful for cert path
-construction for the CMP client certificate (to include in the extraCerts field
-of outgoing messages), for the TLS client certificate (if TLS is enabled),
+Non-trusted intermediate CA certificate(s).
+Any extra certificates given with the B<-cert> option are appended to it.
+All these certificates may be useful for cert path construction
+for the CMP client certificate (to include in the extraCerts field of outgoing
+messages) and for the TLS client certificate (if TLS is enabled)
+as well as for chain building
 when verifying the CMP server certificate (checking signature-based
-CMP message protection), and when verifying newly enrolled certificates.
+CMP message protection) and when verifying newly enrolled certificates.

 Multiple filenames may be given, separated by commas and/or whitespace.
 Each file may contain multiple certificates.
@@ -713,8 +716,9 @@ The only value with effect is B<ENGINE>.
 =item B<-otherpass> I<arg>

 Pass phrase source for certificate given with the B<-trusted>, B<-untrusted>,
-B<-own_trusted>,
-B<-out_trusted>, B<-extracerts>, B<-tls_extra>, or B<-tls_trusted> options.
+B<-own_trusted>, B<-srvcert>, B<-out_trusted>, B<-extracerts>,
+B<-srv_trusted>, B<-srv_untrusted>, B<-rsp_extracerts>, B<-rsp_capubs>,
+B<-tls_extra>, and B<-tls_trusted> options.
 If not given here, the password will be prompted for if needed.

 For more information about the format of B<arg> see the