From e52a64d54a35f07cf3ec8d6e1d172633a1b67aea Mon Sep 17 00:00:00 2001
From: job <>
Date: Mon, 12 Aug 2024 15:34:58 +0000
Subject: Add -CRLfile option to 'cms' sub command

This option allows to verify certs in a CMS object against additional
CRLs.

Ported from work by Tom Harrison from APNIC

OK tb@
---
 src/usr.bin/openssl/openssl.1 | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src/usr.bin/openssl/openssl.1')

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 9033309802..c185c7ebf7 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.157 2024/07/08 06:00:09 tb Exp $
+.\" $OpenBSD: openssl.1,v 1.158 2024/08/12 15:34:58 job Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -110,7 +110,7 @@
 .\" copied and put under another distribution licence
 .\" [including the GNU Public Licence.]
 .\"
-.Dd $Mdocdate: July 8 2024 $
+.Dd $Mdocdate: August 12 2024 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -943,6 +943,7 @@ but without cipher suite codes.
 .Oc
 .Op Fl CAfile Ar file
 .Op Fl CApath Ar directory
+.Op Fl CRLfile Ar file
 .Op Fl binary
 .Op Fl certfile Ar file
 .Op Fl certsout Ar file
@@ -1133,6 +1134,9 @@ This directory must be a standard certificate directory: that is a hash
 of each subject name (using
 .Nm x509 Fl hash )
 should be linked to each certificate.
+.It Fl CRLfile Ar file
+Allows additional certificate revocation lists to be specified for verification.
+The CRLs should be in PEM format.
 .It Ar cert.pem ...
 One or more certificates of message recipients: used when encrypting a message.
 .It Fl certfile Ar file
-- 
cgit v1.2.3-55-g6feb