-.\" $OpenBSD: ocspcheck.8,v 1.8 2017/11/28 23:32:00 beck Exp $
+.\" $OpenBSD: ocspcheck.8,v 1.9 2017/11/29 21:15:45 jmc Exp $
.\"
.\" Copyright (c) 2017 Bob Beck <beck@openbsd.org>
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: November 28 2017 $
+.Dd $Mdocdate: November 29 2017 $
.Dt OCSPCHECK 8
.Os
.Sh NAME
.Nm
.Op Fl Nv
.Op Fl C Ar CAfile
+.Op Fl i Ar staplefile
.Op Fl o Ar staplefile
.Ar file
.Sh DESCRIPTION
.Ar file
argument.
.It Fl i Ar staplefile
-Specify an input filename from which a DER encoded OCSP response
+Specify an input filename from which a DER-encoded OCSP response
will be read instead of fetching it from the OCSP server.
A filename
of
Do not use a nonce value in the OCSP request, or validate that the
nonce was returned in the OCSP response.
By default a nonce is always used and validated when retrieving
-a response from an OCSP server.
+a response from an OCSP server.
The use of this flag is a security risk as it will allow OCSP
responses to be replayed.
It should not be used unless the OCSP server does not support the
-/* $OpenBSD: ocspcheck.c,v 1.22 2017/11/28 23:32:00 beck Exp $ */
+/* $OpenBSD: ocspcheck.c,v 1.23 2017/11/29 21:15:45 jmc Exp $ */
/*
* Copyright (c) 2017 Bob Beck <beck@openbsd.org>
usage(void)
{
fprintf(stderr,
- "usage: ocspcheck [-Nv] [-C CAfile] [-o staplefile] file\n");
+ "usage: ocspcheck [-Nv] [-C CAfile] [-i staplefile] "
+ "[-o staplefile] file\n");
exit(1);
}
projects / openbsd / commitdiff