diff options
-rw-r--r-- | usr.sbin/ocspcheck/ocspcheck.8 | 9 | ||||
-rw-r--r-- | usr.sbin/ocspcheck/ocspcheck.c | 5 |
2 files changed, 8 insertions, 6 deletions
diff --git a/usr.sbin/ocspcheck/ocspcheck.8 b/usr.sbin/ocspcheck/ocspcheck.8 index 2a3f2d61871..19f55fb8388 100644 --- a/usr.sbin/ocspcheck/ocspcheck.8 +++ b/usr.sbin/ocspcheck/ocspcheck.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ocspcheck.8,v 1.8 2017/11/28 23:32:00 beck Exp $ +.\" $OpenBSD: ocspcheck.8,v 1.9 2017/11/29 21:15:45 jmc Exp $ .\" .\" Copyright (c) 2017 Bob Beck <beck@openbsd.org> .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 28 2017 $ +.Dd $Mdocdate: November 29 2017 $ .Dt OCSPCHECK 8 .Os .Sh NAME @@ -24,6 +24,7 @@ .Nm .Op Fl Nv .Op Fl C Ar CAfile +.Op Fl i Ar staplefile .Op Fl o Ar staplefile .Ar file .Sh DESCRIPTION @@ -46,7 +47,7 @@ certificate chain provided by the .Ar file argument. .It Fl i Ar staplefile -Specify an input filename from which a DER encoded OCSP response +Specify an input filename from which a DER-encoded OCSP response will be read instead of fetching it from the OCSP server. A filename of @@ -56,7 +57,7 @@ will read the response from standard input. Do not use a nonce value in the OCSP request, or validate that the nonce was returned in the OCSP response. By default a nonce is always used and validated when retrieving -a response from an OCSP server. +a response from an OCSP server. The use of this flag is a security risk as it will allow OCSP responses to be replayed. It should not be used unless the OCSP server does not support the diff --git a/usr.sbin/ocspcheck/ocspcheck.c b/usr.sbin/ocspcheck/ocspcheck.c index 6038f8817d1..133401003e5 100644 --- a/usr.sbin/ocspcheck/ocspcheck.c +++ b/usr.sbin/ocspcheck/ocspcheck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocspcheck.c,v 1.22 2017/11/28 23:32:00 beck Exp $ */ +/* $OpenBSD: ocspcheck.c,v 1.23 2017/11/29 21:15:45 jmc Exp $ */ /* * Copyright (c) 2017 Bob Beck <beck@openbsd.org> @@ -498,7 +498,8 @@ static void usage(void) { fprintf(stderr, - "usage: ocspcheck [-Nv] [-C CAfile] [-o staplefile] file\n"); + "usage: ocspcheck [-Nv] [-C CAfile] [-i staplefile] " + "[-o staplefile] file\n"); exit(1); } |