[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Fri Aug 11 23:10:46 UTC 2017

The branch master has been updated
       via  bbe9c3d51afa33d883abed3700d33c256afff46b (commit)
      from  44e699515568abcae0e77d7315f9b5e393daa6d9 (commit)

- Log -----------------------------------------------------------------
commit bbe9c3d51afa33d883abed3700d33c256afff46b
Author: Johannes Bauer <joe at johannes-bauer.com>
Date:   Fri Aug 11 19:00:21 2017 -0400

    Clarify CLI OCSP documentation
    This fixes issue #3043, which ultimately was reported because
    documentation was not clear on the meaning of the "-ignore_err" option.
    Update both command line documentation and add this option to manpage.
    Reviewed-by: Andy Polyakov <appro at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4143)


Summary of changes:
 apps/ocsp.c       | 2 +-
 doc/man1/ocsp.pod | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 0b93832..3e1201f 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -108,7 +108,7 @@ const OPTIONS ocsp_options[] = {
     {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
     {"port", OPT_PORT, 'p', "Port to run responder on"},
     {"ignore_err", OPT_IGNORE_ERR, '-',
-     "Ignore Error response from OCSP responder, and retry "},
+     "Ignore error on OCSP request or response and continue running"},
     {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"},
     {"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"},
     {"no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request"},
diff --git a/doc/man1/ocsp.pod b/doc/man1/ocsp.pod
index 058462f..42621df 100644
--- a/doc/man1/ocsp.pod
+++ b/doc/man1/ocsp.pod
@@ -74,6 +74,7 @@ B<openssl> B<ocsp>
 [B<-port num>]
 [B<-index file>]
 [B<-CA file>]
 [B<-rsigner file>]
@@ -343,6 +344,12 @@ specified in the B<rsigner> option is used.
 Port to listen for OCSP requests on. The port may also be specified
 using the B<url> option.
+=item B<-ignore_err>
+Ignore malformed requests or responses: When acting as an OCSP client, retry if
+a malformed response is received. When acting as an OCSP responder, continue
+running instead of terminating upon receiving a malformed request.
 =item B<-nrequest number>
 The OCSP server will exit after receiving B<number> requests, default unlimited.

More information about the openssl-commits mailing list