[openssl] master update

matthias.st.pierre at ncp-e.com matthias.st.pierre at ncp-e.com
Sat Feb 29 00:33:30 UTC 2020 

The branch master has been updated
       via  49119647639b0b3ecd4db3d99b653653b41d1d20 (commit)
      from  6103f39c0d79e86b58ae9437bc4c55a513a5e1dd (commit)


- Log -----------------------------------------------------------------
commit 49119647639b0b3ecd4db3d99b653653b41d1d20
Author: Dr. Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
Date:   Thu Feb 6 15:24:07 2020 +0100

    man: openssl-ocsp: separate client and server options
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/11033)

-----------------------------------------------------------------------

Summary of changes:
 doc/man1/openssl-ocsp.pod.in | 63 ++++++++++++++++++++++++--------------------
 1 file changed, 35 insertions(+), 28 deletions(-)

diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in
index c04d3659b9..6b4c25cda9 100644
--- a/doc/man1/openssl-ocsp.pod.in
+++ b/doc/man1/openssl-ocsp.pod.in
@@ -7,6 +7,8 @@ openssl-ocsp - Online Certificate Status Protocol utility
 
 =head1 SYNOPSIS
 
+=head2 OCSP Client
+
 B<openssl> B<ocsp>
 [B<-help>]
 [B<-out> I<file>]
@@ -16,19 +18,18 @@ B<openssl> B<ocsp>
 [B<-signer> I<file>]
 [B<-signkey> I<file>]
 [B<-sign_other> I<file>]
-[B<-no_certs>]
+[B<-nonce>]
+[B<-no_nonce>]
 [B<-req_text>]
 [B<-resp_text>]
 [B<-text>]
+[B<-no_certs>]
 [B<-reqout> I<file>]
 [B<-respout> I<file>]
 [B<-reqin> I<file>]
 [B<-respin> I<file>]
-[B<-nonce>]
-[B<-no_nonce>]
 [B<-url> I<URL>]
 [B<-host> I<host>:I<port>]
-[B<-multi> I<process-count>]
 [B<-header>]
 [B<-timeout> I<seconds>]
 [B<-path>]
@@ -46,6 +47,10 @@ B<openssl> B<ocsp>
 [B<-no_explicit>]
 [B<-port> I<num>]
 [B<-ignore_err>]
+
+=head2 OCSP Server
+
+B<openssl> B<ocsp>
 [B<-index> I<file>]
 [B<-CA> I<file>]
 [B<-rsigner> I<file>]
@@ -60,6 +65,7 @@ B<openssl> B<ocsp>
 [B<-ndays> I<n>]
 [B<-resp_key_id>]
 [B<-nrequest> I<n>]
+[B<-multi> I<process-count>]
 [B<-rcid> I<digest>]
 [B<-I<digest>>]
 {- $OpenSSL::safe::opt_trust_synopsis -}
@@ -171,17 +177,6 @@ the time that the responder is willing to wait for the client request.
 This time is measured from the time the responder accepts the connection until
 the complete request is received.
 
-=item B<-multi> I<process-count>
-
-Run the specified number of OCSP responder child processes, with the parent
-process respawning child processes as needed.
-Child processes will detect changes in the CA index file and automatically
-reload it.
-When running as a responder B<-timeout> option is recommended to limit the time
-each child is willing to wait for the client's OCSP response.
-This option is available on POSIX systems (that support the fork() and other
-required unix system-calls).
-
 =item B<-verify_other> I<file>
 
 File containing additional certificates to search when attempting to locate
@@ -303,19 +298,6 @@ file given with B<-index>.
 
 The certificate to sign OCSP responses with.
 
-=item B<-rother> I<file>
-
-Additional certificates to include in the OCSP response.
-
-=item B<-resp_no_certs>
-
-Don't include any certificates in the OCSP response.
-
-=item B<-resp_key_id>
-
-Identify the signer certificate using the key ID, default is to use the
-subject name.
-
 =item B<-rkey> I<file>
 
 The private key to sign OCSP responses with: if not present the file
@@ -326,6 +308,10 @@ specified in the B<-rsigner> option is used.
 The private key password source. For more information about the format of I<arg>
 see L<openssl(1)/Pass Phrase Options>.
 
+=item B<-rother> I<file>
+
+Additional certificates to include in the OCSP response.
+
 =item B<-rsigopt> I<nm>:I<v>
 
 Pass options to the signature algorithm when signing OCSP responses.
@@ -340,6 +326,15 @@ The digest to use when signing the response.
 Corrupt the response signature before writing it; this can be useful
 for testing.
 
+=item B<-resp_no_certs>
+
+Don't include any certificates in the OCSP response.
+
+=item B<-resp_key_id>
+
+Identify the signer certificate using the key ID, default is to use the
+subject name.
+
 =item B<-port> I<portnum>
 
 Port to listen for OCSP requests on. The port may also be specified
@@ -355,6 +350,18 @@ running instead of terminating upon receiving a malformed request.
 
 The OCSP server will exit after receiving I<number> requests, default unlimited.
 
+=item B<-multi> I<process-count>
+
+Run the specified number of OCSP responder child processes, with the parent
+process respawning child processes as needed.
+Child processes will detect changes in the CA index file and automatically
+reload it.
+When running as a responder B<-timeout> option is recommended to limit the time
+each child is willing to wait for the client's OCSP response.
+This option is available on POSIX systems (that support the fork() and other
+required unix system-calls).
+
+
 =item B<-nmin> I<minutes>, B<-ndays> I<days>
 
 Number of minutes or days when fresh revocation information is available:

More information about the openssl-commits mailing list