2 files changed, 8 insertions, 6 deletions
diff --git a/src/usr.sbin/ocspcheck/ocspcheck.8 b/src/usr.sbin/ocspcheck/ocspcheck.8
index 2a3f2d6187..19f55fb838 100644
--- a/src/usr.sbin/ocspcheck/ocspcheck.8
+++ b/src/usr.sbin/ocspcheck/ocspcheck.8
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ocspcheck.8,v 1.8 2017/11/28 23:32:00 beck Exp $
+.\"     $OpenBSD: ocspcheck.8,v 1.9 2017/11/29 21:15:45 jmc Exp $
 .\"
 .\" Copyright (c) 2017 Bob Beck <beck@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: November 28 2017 $
+.Dd $Mdocdate: November 29 2017 $
 .Dt OCSPCHECK 8
 .Os
 .Sh NAME
@@ -24,6 +24,7 @@
 .Nm
 .Op Fl Nv
 .Op Fl C Ar CAfile
+.Op Fl i Ar staplefile
 .Op Fl o Ar staplefile
 .Ar file
 .Sh DESCRIPTION
@@ -46,7 +47,7 @@ certificate chain provided by the
 .Ar file
 argument.
 .It Fl i Ar staplefile
-Specify an input filename from which a DER encoded OCSP response
+Specify an input filename from which a DER-encoded OCSP response
 will be read instead of fetching it from the OCSP server.
 A filename
 of
@@ -56,7 +57,7 @@ will read the response from standard input.
 Do not use a nonce value in the OCSP request, or validate that the
 nonce was returned in the OCSP response.
 By default a nonce is always used and validated when retrieving
-a response from an OCSP server. 
+a response from an OCSP server.
 The use of this flag is a security risk as it will allow OCSP
 responses to be replayed.
 It should not be used unless the OCSP server does not support the
diff --git a/src/usr.sbin/ocspcheck/ocspcheck.c b/src/usr.sbin/ocspcheck/ocspcheck.c
index 6038f8817d..133401003e 100644
--- a/src/usr.sbin/ocspcheck/ocspcheck.c
+++ b/src/usr.sbin/ocspcheck/ocspcheck.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocspcheck.c,v 1.22 2017/11/28 23:32:00 beck Exp $ */
+/* $OpenBSD: ocspcheck.c,v 1.23 2017/11/29 21:15:45 jmc Exp $ */
 /*
 * Copyright (c) 2017 Bob Beck <beck@openbsd.org>
@@ -498,7 +498,8 @@ static void
 usage(void)
 {
        fprintf(stderr,
-            "usage: ocspcheck [-Nv] [-C CAfile] [-o staplefile] file\n");
+            "usage: ocspcheck [-Nv] [-C CAfile] [-i staplefile] "
+            "[-o staplefile] file\n");
        exit(1);
 }

diff --git a/src/usr.sbin/ocspcheck/ocspcheck.8 b/src/usr.sbin/ocspcheck/ocspcheck.8 index 2a3f2d6187..19f55fb838 100644 --- a/src/usr.sbin/ocspcheck/ocspcheck.8 +++ b/src/usr.sbin/ocspcheck/ocspcheck.8
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ocspcheck.8,v 1.8 2017/11/28 23:32:00 beck Exp $	1	.\" $OpenBSD: ocspcheck.8,v 1.9 2017/11/29 21:15:45 jmc Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2017 Bob Beck <beck@openbsd.org>	3	.\" Copyright (c) 2017 Bob Beck <beck@openbsd.org>
4	.\"	4	.\"
@@ -14,7 +14,7 @@
14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF	14	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	.\"	16	.\"
17	.Dd $Mdocdate: November 28 2017 $	17	.Dd $Mdocdate: November 29 2017 $
18	.Dt OCSPCHECK 8	18	.Dt OCSPCHECK 8
19	.Os	19	.Os
20	.Sh NAME	20	.Sh NAME
@@ -24,6 +24,7 @@
24	.Nm	24	.Nm
25	.Op Fl Nv	25	.Op Fl Nv
26	.Op Fl C Ar CAfile	26	.Op Fl C Ar CAfile
		27	.Op Fl i Ar staplefile
27	.Op Fl o Ar staplefile	28	.Op Fl o Ar staplefile
28	.Ar file	29	.Ar file
29	.Sh DESCRIPTION	30	.Sh DESCRIPTION
@@ -46,7 +47,7 @@ certificate chain provided by the
46	.Ar file	47	.Ar file
47	argument.	48	argument.
48	.It Fl i Ar staplefile	49	.It Fl i Ar staplefile
49	Specify an input filename from which a DER encoded OCSP response	50	Specify an input filename from which a DER-encoded OCSP response
50	will be read instead of fetching it from the OCSP server.	51	will be read instead of fetching it from the OCSP server.
51	A filename	52	A filename
52	of	53	of
@@ -56,7 +57,7 @@ will read the response from standard input.
56	Do not use a nonce value in the OCSP request, or validate that the	57	Do not use a nonce value in the OCSP request, or validate that the
57	nonce was returned in the OCSP response.	58	nonce was returned in the OCSP response.
58	By default a nonce is always used and validated when retrieving	59	By default a nonce is always used and validated when retrieving
59	a response from an OCSP server.	60	a response from an OCSP server.
60	The use of this flag is a security risk as it will allow OCSP	61	The use of this flag is a security risk as it will allow OCSP
61	responses to be replayed.	62	responses to be replayed.
62	It should not be used unless the OCSP server does not support the	63	It should not be used unless the OCSP server does not support the


diff --git a/src/usr.sbin/ocspcheck/ocspcheck.c b/src/usr.sbin/ocspcheck/ocspcheck.c index 6038f8817d..133401003e 100644 --- a/src/usr.sbin/ocspcheck/ocspcheck.c +++ b/src/usr.sbin/ocspcheck/ocspcheck.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ocspcheck.c,v 1.22 2017/11/28 23:32:00 beck Exp $ */	1	/* $OpenBSD: ocspcheck.c,v 1.23 2017/11/29 21:15:45 jmc Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2017 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2017 Bob Beck <beck@openbsd.org>
@@ -498,7 +498,8 @@ static void
498	usage(void)	498	usage(void)
499	{	499	{
500	fprintf(stderr,	500	fprintf(stderr,
501	"usage: ocspcheck [-Nv] [-C CAfile] [-o staplefile] file\n");	501	"usage: ocspcheck [-Nv] [-C CAfile] [-i staplefile] "
		502	"[-o staplefile] file\n");
502	exit(1);	503	exit(1);
503	}	504	}
504		505