[openssl-dev] [openssl.org #3719] Bug report: Documentation for -no_explicit option of "openssl ocsp" missing
Stephan Mühlstrasser via RT
rt at openssl.org
Tue Feb 24 16:22:19 UTC 2015
There's no documentation available for the -no_explicit option of
"openssl ocsp":
https://www.openssl.org/docs/apps/ocsp.html
Dr. Henson explained the meaning of the option and of the corresponding
flag OCSP_NOEXPLICIT for OCSP_basic_verify() like this on the
openssl-users list:
> If the responder root CA is set to be trusted for OCSP signing then it can be
> used to sign OCSP responses for any certificate (aka a global responder). This
> comes under:
>
> 1. Matches a local configuration of OCSP signing authority for the
> certificate in question
>
> or alternatively:
>
> Additional acceptance or rejection criteria may apply to either the
> response itself or to the certificate used to validate the signature
> on the response.
>
> from RFC2560 et al.
>
> If the -no_explicit flag is set or OCSP_NOEXPLICIT is set then this behaviour
> is disabled.
--
Stephan
More information about the openssl-dev
mailing list