From 5a1f853b9870fc32a2e8960763d62209108ff519 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Mon, 2 May 2016 17:03:55 -0400 Subject: [PATCH] GH875: Document -no_check_time Date: Tue Mar 15 15:19:44 2016 +0100 This commit updates the documentation of cms, ocsp, s_client, s_server, and verify to reflect the new "-no_check_time" option introduced in commit d35ff2c0ade0a12e84aaa2e9841b4983a2f3cf45 on 2015-07-31. Reviewed-by: Richard Levitte Reviewed-by: Rich Salz --- doc/apps/cms.pod | 3 ++- doc/apps/ocsp.pod | 3 ++- doc/apps/s_client.pod | 3 ++- doc/apps/s_server.pod | 3 ++- doc/apps/verify.pod | 7 +++++++ 5 files changed, 15 insertions(+), 4 deletions(-) diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 42c351489c..e0e8e7d18e 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -47,6 +47,7 @@ B B [B<-ignore_critical>] [B<-inhibit_any>] [B<-inhibit_map>] +[B<-no_check_time>] [B<-partial_chain>] [B<-policy arg>] [B<-policy_check>] @@ -473,7 +474,7 @@ address matches that specified in the From: address. =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, -B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>, +B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index c796fd5966..3e667e678e 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -42,6 +42,7 @@ B B [B<-ignore_critical>] [B<-inhibit_any>] [B<-inhibit_map>] +[B<-no_check_time>] [B<-partial_chain>] [B<-policy arg>] [B<-policy_check>] @@ -195,7 +196,7 @@ Do not load the trusted CA certificates from the default directory location =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, -B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>, +B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index e06af14ec9..2a62656c41 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -34,6 +34,7 @@ B B [B<-ignore_critical>] [B<-inhibit_any>] [B<-inhibit_map>] +[B<-no_check_time>] [B<-partial_chain>] [B<-policy arg>] [B<-policy_check>] @@ -227,7 +228,7 @@ whitespace is ignored in the associated data field. For example: =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, -B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>, +B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 08554f4530..ef2786756e 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -44,6 +44,7 @@ B B [B<-ignore_critical>] [B<-inhibit_any>] [B<-inhibit_map>] +[B<-no_check_time>] [B<-partial_chain>] [B<-policy arg>] [B<-policy_check>] @@ -232,7 +233,7 @@ anonymous ciphersuite or PSK) this option has no effect. =item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>, B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>, -B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>, +B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>, B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>, B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index 96d6be4a4d..673a05a34a 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -24,6 +24,7 @@ B B [B<-ignore_critical>] [B<-inhibit_any>] [B<-inhibit_map>] +[B<-no_check_time>] [B<-partial_chain>] [B<-policy arg>] [B<-policy_check>] @@ -145,6 +146,12 @@ Set policy variable inhibit-any-policy (see RFC5280). Set policy variable inhibit-policy-mapping (see RFC5280). +=item B<-no_check_time> + +This option suppresses checking the validity period of certificates and CRLs +against the current time. If option B<-attime timestamp> is used to specify +a verification time, the check is not suppressed. + =item B<-partial_chain> Allow verification to succeed even if a I chain cannot be built to a -- 2.50.1