diff options
Diffstat (limited to 'upstream/debian-unstable/man1/openssl-ocsp.1ssl')
| -rw-r--r-- | upstream/debian-unstable/man1/openssl-ocsp.1ssl | 51 |
1 files changed, 32 insertions, 19 deletions
diff --git a/upstream/debian-unstable/man1/openssl-ocsp.1ssl b/upstream/debian-unstable/man1/openssl-ocsp.1ssl index 6451725f..052765f6 100644 --- a/upstream/debian-unstable/man1/openssl-ocsp.1ssl +++ b/upstream/debian-unstable/man1/openssl-ocsp.1ssl @@ -55,7 +55,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL-OCSP 1SSL" -.TH OPENSSL-OCSP 1SSL 2024-02-03 3.1.5 OpenSSL +.TH OPENSSL-OCSP 1SSL 2024-04-04 3.2.2-dev OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -87,7 +87,7 @@ openssl\-ocsp \- Online Certificate Status Protocol command [\fB\-respin\fR \fIfile\fR] [\fB\-url\fR \fIURL\fR] [\fB\-host\fR \fIhost\fR:\fIport\fR] -[\fB\-path\fR] +[\fB\-path\fR \fIpathname\fR] [\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path]\fR] [\fB\-no_proxy\fR \fIaddresses\fR] [\fB\-header\fR] @@ -187,14 +187,19 @@ Print out a usage message. specify output filename, default is standard output. .IP "\fB\-issuer\fR \fIfilename\fR" 4 .IX Item "-issuer filename" -This specifies the current issuer certificate. This option can be used -multiple times. +This specifies the current issuer certificate. +The input can be in PEM, DER, or PKCS#12 format. +.Sp +This option can be used multiple times. This option \fBMUST\fR come before any \fB\-cert\fR options. .IP "\fB\-cert\fR \fIfilename\fR" 4 .IX Item "-cert filename" -Add the certificate \fIfilename\fR to the request. The issuer certificate -is taken from the previous \fB\-issuer\fR option, or an error occurs if no -issuer certificate is specified. +Add the certificate \fIfilename\fR to the request. +The input can be in PEM, DER, or PKCS#12 format. +.Sp +This option can be used multiple times. +The issuer certificate is taken from the previous \fB\-issuer\fR option, +or an error occurs if no issuer certificate is specified. .IP \fB\-no_certs\fR 4 .IX Item "-no_certs" Don't include any certificates in signed request. @@ -207,8 +212,10 @@ be specified by preceding the value by a \f(CW\*(C`\-\*(C'\fR sign. .IP "\fB\-signer\fR \fIfilename\fR, \fB\-signkey\fR \fIfilename\fR" 4 .IX Item "-signer filename, -signkey filename" Sign the OCSP request using the certificate specified in the \fB\-signer\fR -option and the private key specified by the \fB\-signkey\fR option. If -the \fB\-signkey\fR option is not present then the private key is read +option and the private key specified by the \fB\-signkey\fR option. +The input can be in PEM, DER, or PKCS#12 format. +.Sp +If the \fB\-signkey\fR option is not present then the private key is read from the same file as the certificate. If neither option is specified then the OCSP request is not signed. .IP "\fB\-sign_other\fR \fIfilename\fR" 4 @@ -235,15 +242,20 @@ if OCSP request or response creation is implied by other options (for example with \fB\-serial\fR, \fB\-cert\fR and \fB\-host\fR options). .IP "\fB\-url\fR \fIresponder_url\fR" 4 .IX Item "-url responder_url" -Specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified. +Specify the responder host and optionally port and path via a URL. + Both HTTP and HTTPS (SSL/TLS) URLs can be specified. The optional userinfo and fragment components are ignored. Any given query component is handled as part of the path component. -.IP "\fB\-host\fR \fIhostname\fR:\fIport\fR, \fB\-path\fR \fIpathname\fR" 4 -.IX Item "-host hostname:port, -path pathname" +For details, see the \fB\-host\fR and \fB\-path\fR options described next. +.IP "\fB\-host\fR \fIhost\fR:\fIport\fR, \fB\-path\fR \fIpathname\fR" 4 +.IX Item "-host host:port, -path pathname" If the \fB\-host\fR option is present then the OCSP request is sent to the host -\&\fIhostname\fR on port \fIport\fR. The \fB\-path\fR option specifies the HTTP pathname -to use or "/" by default. This is equivalent to specifying \fB\-url\fR with scheme -http:// and the given hostname, port, and pathname. +\&\fIhost\fR on port \fIport\fR. +The \fIhost\fR may be a domain name or an IP (v4 or v6) address, +such as \f(CW127.0.0.1\fR or \f(CW\*(C`[::1]\*(C'\fR for localhost. +The \fB\-path\fR option specifies the HTTP pathname to use or "/" by default. +This is equivalent to specifying \fB\-url\fR with scheme +http:// and the given \fIhost\fR, \fIport\fR, and optional \fIpathname\fR. .IP "\fB\-proxy\fR \fI[http[s]://][userinfo@]host[:port][/path]\fR" 4 .IX Item "-proxy [http[s]://][userinfo@]host[:port][/path]" The HTTP(S) proxy server to use for reaching the OCSP server unless \fB\-no_proxy\fR @@ -382,12 +394,13 @@ If the \fB\-index\fR option is present then the \fB\-CA\fR and \fB\-rsigner\fR o must also be present. .IP "\fB\-CA\fR \fIfile\fR" 4 .IX Item "-CA file" -CA certificate corresponding to the revocation information in the index +CA certificates corresponding to the revocation information in the index file given with \fB\-index\fR. The input can be in PEM, DER, or PKCS#12 format. .IP "\fB\-rsigner\fR \fIfile\fR" 4 .IX Item "-rsigner file" The certificate to sign OCSP responses with. +The input can be in PEM, DER, or PKCS#12 format. .IP "\fB\-rkey\fR \fIfile\fR" 4 .IX Item "-rkey file" The private key to sign OCSP responses with: if not present the file @@ -420,8 +433,8 @@ Identify the signer certificate using the key ID, default is to use the subject name. .IP "\fB\-port\fR \fIportnum\fR" 4 .IX Item "-port portnum" -Port to listen for OCSP requests on. The port may also be specified -using the \fBurl\fR option. +Port to listen for OCSP requests on. Both IPv4 and IPv6 are possible. +The port may also be specified using the \fB\-url\fR option. A \f(CW0\fR argument indicates that any available port shall be chosen automatically. .IP \fB\-ignore_err\fR 4 .IX Item "-ignore_err" @@ -563,7 +576,7 @@ to a second file. The \-no_alt_chains option was added in OpenSSL 1.1.0. .SH COPYRIGHT .IX Header "COPYRIGHT" -Copyright 2001\-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001\-2023 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy |