[SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_8-51-g5bf513d

From:	Simon Josefsson
Subject:	[SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_8-51-g5bf513d
Date:	Thu, 15 Dec 2011 14:35:04 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5bf513de19808079537ba49e90d534e99974f3de

The branch, ocsp has been updated
       via  5bf513de19808079537ba49e90d534e99974f3de (commit)
      from  5269104c4ef577c4957b0bff762100233795765e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 5bf513de19808079537ba49e90d534e99974f3de
Author: Simon Josefsson <address@hidden>
Date:   Thu Dec 15 15:34:54 2011 +0100

    Add ocsptool docs.

-----------------------------------------------------------------------

Summary of changes:
 doc/cha-cert-auth2.texi |   84 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 83 insertions(+), 1 deletions(-)

diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi
index f5d2f4d..93236b8 100644
--- a/doc/cha-cert-auth2.texi
+++ b/doc/cha-cert-auth2.texi
@@ -8,6 +8,7 @@
 * OCSP certificate status checking::
 * Managing encrypted keys::
 * The certtool application::
+* The ocsptool application::
 * Hardware tokens::
 * Abstract key types::
 @end menu
@@ -113,7 +114,7 @@ CRL number extension and the authority key identifier.
 @showfuncB{gnutls_x509_crl_set_number,gnutls_x509_crl_set_authority_key_id}
 
 @node OCSP certificate status checking
address@hidden OCSP certificate status checking
address@hidden @acronym{OCSP} certificate status checking
 @cindex certificate status
 @cindex Online Certificate Status Protocol
 @cindex OCSP
@@ -685,6 +686,87 @@ signing_key
 @end example
 
 
address@hidden The ocsptool application
address@hidden The ocsptool application
address@hidden ocsptool
+
+This is a program that can parse and print information about
address@hidden requests/responses, generate requests and verify
+responses.
+
address@hidden
+Ocsptool help
+Usage : ocsptool [options]
+     -e, --verify-response    Verify response.
+     -i, --request-info       Print information on a OCSP request.
+     -j, --response-info      Print information on a OCSP response.
+     -q, --generate-request   Generate a OCSP request.
+     --no-nonce               don't add nonce to OCSP request.
+     --load-issuer FILE       read issuer certificate from FILE.
+     --load-cert FILE         read certificate to check from FILE.
+     --load-trust FILE        read trust anchors from FILE.
+     --inder                  Use DER format for input certificates.
+     -Q, --load-request FILE
+                              read DER encoded OCSP request from
+                              FILE.
+     -S, --load-response FILE
+                              read DER encoded OCSP response from
+                              FILE.
+     --outfile FILE           Output file.
+     --infile FILE            Input file.
+     -V, --verbose            More verbose output.
+     -d, --debug integer      Enable debugging
+     -v, --version            prints the program's version number
+     -h, --help               shows this help text
address@hidden example
+
address@hidden Print information about OCSP requests
+
+To parse an OCSP request and print information about the content, the
address@hidden or @code{--request-info} parameter may be used as follows.
+The @code{-Q} parameter specify the name of the file containing the
+OCSP request, and it should contain the OCSP request in binary DER
+format.
+
address@hidden
+$ ocsptool -i -Q ocsp-request.der
address@hidden smallexample
+
+The input file may also be sent to standard input like this:
+
address@hidden
+$ cat ocsp-request.der | ocsptool --request-info
address@hidden smallexample
+
address@hidden Print information about OCSP responses
+
+Similar to parsing OCSP requests, OCSP responses can be parsed using
+the @code{-j} or @code{--response-info} as follows.
+
address@hidden
+$ ocsptool -j -Q ocsp-response.der
+$ cat ocsp-response.der | ocsptool --response-info
address@hidden smallexample
+
address@hidden Generate an OCSP request
+
+The @code{-q} or @code{--generate-request} parameters are used to
+generate an OCSP request.  By default the OCSP request is written to
+standard output in binary DER format, but can be stored in a file
+using @code{--outfile}.  To generate an OCSP request the issuer of the
+certificate to check needs to be specified with @code{--load-issuer}
+and the certificate to check with @code{--load-cert}.  By default PEM
+format is used for these files, although @code{--inder} can be used to
+specify that the input files are in DER format.
+
address@hidden
+$ ocsptool -q --load-issuer issuer.pem --load-cert client.pem --outfile 
ocsp-request.der
address@hidden smallexample
+
+When generating OCSP requests, the tool will add an OCSP extension
+containing a nonce.  This behaviour can be disabled by specifying
address@hidden
+
 @node Hardware tokens
 @section Security modules
 @cindex PKCS #11 tokens


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_8-51-g5bf513d, Simon Josefsson <=

Prev by Date: [SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_8-50-g5269104
Next by Date: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_9-2-g7daf230
Previous by thread: [SCM] GNU gnutls branch, ocsp, updated. gnutls_3_0_8-50-g5269104
Next by thread: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_9-2-g7daf230
Index(es):
- Date
- Thread