[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_8-51-g5bf513d
From: |
Simon Josefsson |
Subject: |
[SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_8-51-g5bf513d |
Date: |
Thu, 15 Dec 2011 14:35:04 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5bf513de19808079537ba49e90d534e99974f3de
The branch, ocsp has been updated
via 5bf513de19808079537ba49e90d534e99974f3de (commit)
from 5269104c4ef577c4957b0bff762100233795765e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5bf513de19808079537ba49e90d534e99974f3de
Author: Simon Josefsson <address@hidden>
Date: Thu Dec 15 15:34:54 2011 +0100
Add ocsptool docs.
-----------------------------------------------------------------------
Summary of changes:
doc/cha-cert-auth2.texi | 84 ++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 83 insertions(+), 1 deletions(-)
diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
index f5d2f4d..93236b8 100644
--- a/doc/cha-cert-auth2.texi
+++ b/doc/cha-cert-auth2.texi
@@ -8,6 +8,7 @@
* OCSP certificate status checking::
* Managing encrypted keys::
* The certtool application::
+* The ocsptool application::
* Hardware tokens::
* Abstract key types::
@end menu
@@ -113,7 +114,7 @@ CRL number extension and the authority key identifier.
@showfuncB{gnutls_x509_crl_set_number,gnutls_x509_crl_set_authority_key_id}
@node OCSP certificate status checking
address@hidden OCSP certificate status checking
address@hidden @acronym{OCSP} certificate status checking
@cindex certificate status
@cindex Online Certificate Status Protocol
@cindex OCSP
@@ -685,6 +686,87 @@ signing_key
@end example
address@hidden The ocsptool application
address@hidden The ocsptool application
address@hidden ocsptool
+
+This is a program that can parse and print information about
address@hidden requests/responses, generate requests and verify
+responses.
+
address@hidden
+Ocsptool help
+Usage : ocsptool [options]
+ -e, --verify-response Verify response.
+ -i, --request-info Print information on a OCSP request.
+ -j, --response-info Print information on a OCSP response.
+ -q, --generate-request Generate a OCSP request.
+ --no-nonce don't add nonce to OCSP request.
+ --load-issuer FILE read issuer certificate from FILE.
+ --load-cert FILE read certificate to check from FILE.
+ --load-trust FILE read trust anchors from FILE.
+ --inder Use DER format for input certificates.
+ -Q, --load-request FILE
+ read DER encoded OCSP request from
+ FILE.
+ -S, --load-response FILE
+ read DER encoded OCSP response from
+ FILE.
+ --outfile FILE Output file.
+ --infile FILE Input file.
+ -V, --verbose More verbose output.
+ -d, --debug integer Enable debugging
+ -v, --version prints the program's version number
+ -h, --help shows this help text
address@hidden example
+
address@hidden Print information about OCSP requests
+
+To parse an OCSP request and print information about the content, the
address@hidden or @code{--request-info} parameter may be used as follows.
+The @code{-Q} parameter specify the name of the file containing the
+OCSP request, and it should contain the OCSP request in binary DER
+format.
+
address@hidden
+$ ocsptool -i -Q ocsp-request.der
address@hidden smallexample
+
+The input file may also be sent to standard input like this:
+
address@hidden
+$ cat ocsp-request.der | ocsptool --request-info
address@hidden smallexample
+
address@hidden Print information about OCSP responses
+
+Similar to parsing OCSP requests, OCSP responses can be parsed using
+the @code{-j} or @code{--response-info} as follows.
+
address@hidden
+$ ocsptool -j -Q ocsp-response.der
+$ cat ocsp-response.der | ocsptool --response-info
address@hidden smallexample
+
address@hidden Generate an OCSP request
+
+The @code{-q} or @code{--generate-request} parameters are used to
+generate an OCSP request. By default the OCSP request is written to
+standard output in binary DER format, but can be stored in a file
+using @code{--outfile}. To generate an OCSP request the issuer of the
+certificate to check needs to be specified with @code{--load-issuer}
+and the certificate to check with @code{--load-cert}. By default PEM
+format is used for these files, although @code{--inder} can be used to
+specify that the input files are in DER format.
+
address@hidden
+$ ocsptool -q --load-issuer issuer.pem --load-cert client.pem --outfile
ocsp-request.der
address@hidden smallexample
+
+When generating OCSP requests, the tool will add an OCSP extension
+containing a nonce. This behaviour can be disabled by specifying
address@hidden
+
@node Hardware tokens
@section Security modules
@cindex PKCS #11 tokens
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_8-51-g5bf513d,
Simon Josefsson <=