aboutsummaryrefslogtreecommitdiff
path: root/doc/apps/ocsp.pod
diff options
context:
space:
mode:
Diffstat (limited to 'doc/apps/ocsp.pod')
-rw-r--r--doc/apps/ocsp.pod8
1 files changed, 4 insertions, 4 deletions
diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
index 4f266058e536..b58ddc1788cb 100644
--- a/doc/apps/ocsp.pod
+++ b/doc/apps/ocsp.pod
@@ -73,7 +73,7 @@ specify output filename, default is standard output.
This specifies the current issuer certificate. This option can be used
multiple times. The certificate specified in B<filename> must be in
-PEM format.
+PEM format. This option B<MUST> come before any B<-cert> options.
=item B<-cert filename>
@@ -146,7 +146,7 @@ certificate in such cases.
=item B<-trust_other>
-the certificates specified by the B<-verify_certs> option should be explicitly
+the certificates specified by the B<-verify_other> option should be explicitly
trusted and no additional checks will be performed on them. This is useful
when the complete responder certificate chain is not available or trusting a
root CA is not appropriate.
@@ -154,7 +154,7 @@ root CA is not appropriate.
=item B<-VAfile file>
file containing explicitly trusted responder certificates. Equivalent to the
-B<-verify_certs> and B<-trust_other> options.
+B<-verify_other> and B<-trust_other> options.
=item B<-noverify>
@@ -166,7 +166,7 @@ of the responders certificate.
ignore certificates contained in the OCSP response when searching for the
signers certificate. With this option the signers certificate must be specified
-with either the B<-verify_certs> or B<-VAfile> options.
+with either the B<-verify_other> or B<-VAfile> options.
=item B<-no_signature_verify>
generated by cgit v1.3 (git 2.53.0) at 2026-04-19 10:59:18 +0000