Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ximi1970:Toolchains:Qt:MinGW:latest:win32
mingw32-openssl
openssl-1.0.2h-trusted-first-doc.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-1.0.2h-trusted-first-doc.patch of Package mingw32-openssl
diff --git a/apps/cms.c b/apps/cms.c index 6047937..f30ee8d 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -646,6 +646,8 @@ int MAIN(int argc, char **argv) "-CApath dir trusted certificates directory\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, + "-trusted_first use trusted certificates first when building the trust chain\n"); + BIO_printf(bio_err, "-no_alt_chains only ever use the first certificate chain found\n"); BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); diff --git a/apps/ocsp.c b/apps/ocsp.c index 5da51df..178b8a1 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -537,6 +537,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, + "-trusted_first use trusted certificates first when building the trust chain\n"); + BIO_printf(bio_err, "-no_alt_chains only ever use the first certificate chain found\n"); BIO_printf(bio_err, "-VAfile file validator certificates file\n"); diff --git a/apps/s_client.c b/apps/s_client.c index 0c1102b..43e5a8a 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -332,6 +332,8 @@ static void sc_usage(void) BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err, + " -trusted_first - Use trusted CA's first when building the trust chain\n"); + BIO_printf(bio_err, " -no_alt_chains - only ever use the first certificate chain found\n"); BIO_printf(bio_err, " -reconnect - Drop and re-make the connection with the same Session-ID\n"); diff --git a/apps/s_server.c b/apps/s_server.c index 09c755b..e9e44ba 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -578,6 +578,8 @@ static void sv_usage(void) BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err, + " -trusted_first - Use trusted CA's first when building the trust chain\n"); + BIO_printf(bio_err, " -no_alt_chains - only ever use the first certificate chain found\n"); BIO_printf(bio_err, " -nocert - Don't use any certificates (Anon-DH)\n"); diff --git a/apps/s_time.c b/apps/s_time.c index 38788f7..afe9d33 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -182,6 +182,7 @@ static void s_time_usage(void) file if not specified by this option\n\ -CApath arg - PEM format directory of CA's\n\ -CAfile arg - PEM format file of CA's\n\ +-trusted_first - Use trusted CA's first when building the trust chain\n\ -cipher - preferred cipher to use, play with 'openssl ciphers'\n\n"; printf("usage: s_time <args>\n\n"); diff --git a/apps/smime.c b/apps/smime.c index 6044ccf..a310e8f 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -442,6 +442,8 @@ int MAIN(int argc, char **argv) "-CApath dir trusted certificates directory\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, + "-trusted_first use trusted certificates first when building the trust chain\n"); + BIO_printf(bio_err, "-no_alt_chains only ever use the first certificate chain found\n"); BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); diff --git a/apps/ts.c b/apps/ts.c index 341a42b..002ed9c 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -352,7 +352,7 @@ int MAIN(int argc, char **argv) "ts -verify [-data file_to_hash] [-digest digest_bytes] " "[-queryfile request.tsq] " "-in response.tsr [-token_in] " - "-CApath ca_path -CAfile ca_file.pem " + "-CApath ca_path -CAfile ca_file.pem -trusted_first" "-untrusted cert_file.pem\n"); cleanup: /* Clean up. */ diff --git a/apps/verify.c b/apps/verify.c index 78e729f..0acff90 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -231,7 +231,7 @@ int MAIN(int argc, char **argv) end: if (ret == 1) { BIO_printf(bio_err, - "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); + "usage: verify [-verbose] [-CApath path] [-CAfile file] [-trusted_first] [-purpose purpose] [-crl_check]"); BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " [-engine e]"); diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 4eaedbc..8074253 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -35,6 +35,7 @@ B<openssl> B<cms> [B<-print>] [B<-CAfile file>] [B<-CApath dir>] +[B<-trusted_first>] [B<-no_alt_chains>] [B<-md digest>] [B<-[cipher]>] @@ -245,6 +246,12 @@ B<-verify>. This directory must be a standard certificate directory: that is a hash of each subject name (using B<x509 -hash>) should be linked to each certificate. +=item B<-trusted_first> + +Use certificates in CA file or CA directory before untrusted certificates +from the message when building the trust chain to verify certificates. +This is mainly useful in environments with Bridge CA or Cross-Certified CAs. + =item B<-md digest> digest algorithm to use when signing or resigning. If not present then the diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 9833f08..48a78f1 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -29,6 +29,7 @@ B<openssl> B<ocsp> [B<-path>] [B<-CApath dir>] [B<-CAfile file>] +[B<-trusted_first>] [B<-no_alt_chains>] [B<-VAfile file>] [B<-validity_period n>] @@ -144,6 +145,13 @@ connection timeout to the OCSP responder in seconds file or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response. +=item B<-trusted_first> + +Use certificates in CA file or CA directory over certificates provided +in the response or residing in other certificates file when building the trust +chain to verify responder certificate. +This is mainly useful in environments with Bridge CA or Cross-Certified CAs. + =item B<-no_alt_chains> See L<B<verify>|verify(1)> manual page for details. diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 618df96..a5d8982 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -19,6 +19,7 @@ B<openssl> B<s_client> [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-trusted_first>] [B<-no_alt_chains>] [B<-reconnect>] [B<-pause>] @@ -121,7 +122,7 @@ also used when building the client certificate chain. A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig, -trusted_first -no_alt_chains> Set various certificate chain valiadition option. See the L<B<verify>|verify(1)> manual page for details. diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 6f4acb7..c2e2859 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -33,6 +33,7 @@ B<openssl> B<s_server> [B<-state>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-trusted_first>] [B<-no_alt_chains>] [B<-nocert>] [B<-cipher cipherlist>] @@ -175,6 +176,12 @@ and to use when attempting to build the server certificate chain. The list is also used in the list of acceptable client CAs passed to the client when a certificate is requested. +=item B<-trusted_first> + +Use certificates in CA file or CA directory before other certificates +when building the trust chain to verify client certificates. +This is mainly useful in environments with Bridge CA or Cross-Certified CAs. + =item B<-no_alt_chains> See the L<B<verify>|verify(1)> manual page for details. diff --git a/doc/apps/s_time.pod b/doc/apps/s_time.pod index 9082d87..7c0315a 100644 --- a/doc/apps/s_time.pod +++ b/doc/apps/s_time.pod @@ -14,6 +14,7 @@ B<openssl> B<s_time> [B<-key filename>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-trusted_first>] [B<-reuse>] [B<-new>] [B<-verify depth>] @@ -76,6 +77,12 @@ also used when building the client certificate chain. A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. +=item B<-trusted_first> + +Use certificates in CA file or CA directory over the certificates provided +by the server when building the trust chain to verify server certificate. +This is mainly useful in environments with Bridge CA or Cross-Certified CAs. + =item B<-new> performs the timing test using a new session ID for each connection. diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index d5618c8..b05139b 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -15,6 +15,9 @@ B<openssl> B<smime> [B<-pk7out>] [B<-[cipher]>] [B<-in file>] +[B<-CAfile file>] +[B<-CApath dir>] +[B<-trusted_first>] [B<-no_alt_chains>] [B<-certfile file>] [B<-signer file>] @@ -147,6 +150,12 @@ B<-verify>. This directory must be a standard certificate directory: that is a hash of each subject name (using B<x509 -hash>) should be linked to each certificate. +=item B<-trusted_first> + +Use certificates in CA file or CA directory over certificates provided +in the message when building the trust chain to verify a certificate. +This is mainly useful in environments with Bridge CA or Cross-Certified CAs. + =item B<-md digest> digest algorithm to use when signing or resigning. If not present then the diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod index d6aa47d..c512346 100644 --- a/doc/apps/ts.pod +++ b/doc/apps/ts.pod @@ -46,6 +46,7 @@ B<-verify> [B<-token_in>] [B<-CApath> trusted_cert_path] [B<-CAfile> trusted_certs.pem] +[B<-trusted_first>] [B<-untrusted> cert_file.pem] =head1 DESCRIPTION @@ -324,6 +325,12 @@ L<verify(1)|verify(1)> for additional details. Either this option or B<-CApath> must be specified. (Optional) +=item B<-trusted_first> + +Use certificates in CA file or CA directory before other certificates +when building the trust chain to verify certificates. +This is mainly useful in environments with Bridge CA or Cross-Certified CAs. + =item B<-untrusted> cert_file.pem Set of additional untrusted certificates in PEM format which may be diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index bffa6c0..145be60 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -9,6 +9,7 @@ verify - Utility to verify certificates. B<openssl> B<verify> [B<-CApath directory>] [B<-CAfile file>] +[B<-trusted_first>] [B<-purpose purpose>] [B<-policy arg>] [B<-ignore_critical>] @@ -85,6 +86,12 @@ If a valid CRL cannot be found an error occurs. A file of untrusted certificates. The file should contain multiple certificates in PEM format concatenated together. +=item B<-trusted_first> + +Use certificates in CA file or CA directory before the certificates in the untrusted +file when building the trust chain to verify certificates. +This is mainly useful in environments with Bridge CA or Cross-Certified CAs. + =item B<-purpose purpose> The intended use for the certificate. If this option is not specified,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor