From c6fd1f3146d18e788d976c587c1cc38d1ff98d89 Mon Sep 17 00:00:00 2001 From: jmc <> Date: Wed, 29 Nov 2017 21:15:45 +0000 Subject: add -i to SYNOPSIS/usage() and sundry tweaks; ok beck --- src/usr.sbin/ocspcheck/ocspcheck.8 | 9 +++++---- src/usr.sbin/ocspcheck/ocspcheck.c | 5 +++-- 2 files changed, 8 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/usr.sbin/ocspcheck/ocspcheck.8 b/src/usr.sbin/ocspcheck/ocspcheck.8 index 2a3f2d6187..19f55fb838 100644 --- a/src/usr.sbin/ocspcheck/ocspcheck.8 +++ b/src/usr.sbin/ocspcheck/ocspcheck.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ocspcheck.8,v 1.8 2017/11/28 23:32:00 beck Exp $ +.\" $OpenBSD: ocspcheck.8,v 1.9 2017/11/29 21:15:45 jmc Exp $ .\" .\" Copyright (c) 2017 Bob Beck .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 28 2017 $ +.Dd $Mdocdate: November 29 2017 $ .Dt OCSPCHECK 8 .Os .Sh NAME @@ -24,6 +24,7 @@ .Nm .Op Fl Nv .Op Fl C Ar CAfile +.Op Fl i Ar staplefile .Op Fl o Ar staplefile .Ar file .Sh DESCRIPTION @@ -46,7 +47,7 @@ certificate chain provided by the .Ar file argument. .It Fl i Ar staplefile -Specify an input filename from which a DER encoded OCSP response +Specify an input filename from which a DER-encoded OCSP response will be read instead of fetching it from the OCSP server. A filename of @@ -56,7 +57,7 @@ will read the response from standard input. Do not use a nonce value in the OCSP request, or validate that the nonce was returned in the OCSP response. By default a nonce is always used and validated when retrieving -a response from an OCSP server. +a response from an OCSP server. The use of this flag is a security risk as it will allow OCSP responses to be replayed. It should not be used unless the OCSP server does not support the diff --git a/src/usr.sbin/ocspcheck/ocspcheck.c b/src/usr.sbin/ocspcheck/ocspcheck.c index 6038f8817d..133401003e 100644 --- a/src/usr.sbin/ocspcheck/ocspcheck.c +++ b/src/usr.sbin/ocspcheck/ocspcheck.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocspcheck.c,v 1.22 2017/11/28 23:32:00 beck Exp $ */ +/* $OpenBSD: ocspcheck.c,v 1.23 2017/11/29 21:15:45 jmc Exp $ */ /* * Copyright (c) 2017 Bob Beck @@ -498,7 +498,8 @@ static void usage(void) { fprintf(stderr, - "usage: ocspcheck [-Nv] [-C CAfile] [-o staplefile] file\n"); + "usage: ocspcheck [-Nv] [-C CAfile] [-i staplefile] " + "[-o staplefile] file\n"); exit(1); } -- cgit v1.2.3-55-g6feb