|
Packit |
aea12f |
.de1 NOP
|
|
Packit |
aea12f |
. it 1 an-trap
|
|
Packit |
aea12f |
. if \\n[.$] \,\\$*\/
|
|
Packit |
aea12f |
..
|
|
Packit |
aea12f |
.ie t \
|
|
Packit |
aea12f |
.ds B-Font [CB]
|
|
Packit |
aea12f |
.ds I-Font [CI]
|
|
Packit |
aea12f |
.ds R-Font [CR]
|
|
Packit |
aea12f |
.el \
|
|
Packit |
aea12f |
.ds B-Font B
|
|
Packit |
aea12f |
.ds I-Font I
|
|
Packit |
aea12f |
.ds R-Font R
|
|
Packit Service |
991b93 |
.TH ocsptool 1 "03 Jun 2020" "3.6.14" "User Commands"
|
|
Packit |
aea12f |
.\"
|
|
Packit |
aea12f |
.\" DO NOT EDIT THIS FILE (in-mem file)
|
|
Packit |
aea12f |
.\"
|
|
Packit |
aea12f |
.\" It has been AutoGen-ed
|
|
Packit |
aea12f |
.\" From the definitions ../../src/ocsptool-args.def.tmp
|
|
Packit |
aea12f |
.\" and the template file agman-cmd.tpl
|
|
Packit |
aea12f |
.SH NAME
|
|
Packit |
aea12f |
\f\*[B-Font]ocsptool\fP
|
|
Packit |
aea12f |
\- GnuTLS OCSP tool
|
|
Packit |
aea12f |
.SH SYNOPSIS
|
|
Packit |
aea12f |
\f\*[B-Font]ocsptool\fP
|
|
Packit |
aea12f |
.\" Mixture of short (flag) options and long options
|
|
Packit |
aea12f |
[\f\*[B-Font]\-flags\f[]]
|
|
Packit |
aea12f |
[\f\*[B-Font]\-flag\f[] [\f\*[I-Font]value\f[]]]
|
|
Packit |
aea12f |
[\f\*[B-Font]\-\-option-name\f[][[=| ]\f\*[I-Font]value\f[]]]
|
|
Packit |
aea12f |
.sp \n(Ppu
|
|
Packit |
aea12f |
.ne 2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
All arguments must be options.
|
|
Packit |
aea12f |
.sp \n(Ppu
|
|
Packit |
aea12f |
.ne 2
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
.SH DESCRIPTION
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
\fBOn verification\fP
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
Responses are typically signed/issued by designated certificates or
|
|
Packit |
aea12f |
certificate authorities and thus this tool requires on verification
|
|
Packit |
aea12f |
the certificate of the issuer or the full certificate chain in order to
|
|
Packit |
aea12f |
determine the appropriate signing authority. The specified certificate
|
|
Packit |
aea12f |
of the issuer is assumed trusted.
|
|
Packit |
aea12f |
.SH "OPTIONS"
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-d\f[] \f\*[I-Font]number\f[], \f\*[B-Font]\-\-debug\f[]=\f\*[I-Font]number\f[]
|
|
Packit |
aea12f |
Enable debugging.
|
|
Packit |
aea12f |
This option takes an integer number as its argument.
|
|
Packit |
aea12f |
The value of
|
|
Packit |
aea12f |
\f\*[I-Font]number\f[]
|
|
Packit |
aea12f |
is constrained to being:
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
.na
|
|
Packit |
aea12f |
in the range 0 through 9999
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
Specifies the debug level.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-V\f[], \f\*[B-Font]\-\-verbose\f[]
|
|
Packit |
aea12f |
More verbose output.
|
|
Packit |
aea12f |
This option may appear an unlimited number of times.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-infile\f[]=\f\*[I-Font]file\f[]
|
|
Packit |
aea12f |
Input file.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-outfile\f[]=\f\*[I-Font]string\f[]
|
|
Packit |
aea12f |
Output file.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-ask\f[] [=\f\*[I-Font]server\f[] \f\*[I-Font]name|url\f[]]
|
|
Packit |
aea12f |
Ask an OCSP/HTTP server on a certificate validity.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
Connects to the specified HTTP OCSP server and queries on the validity of the loaded certificate.
|
|
Packit |
aea12f |
Its argument can be a URL or a plain server name. It can be combined with \--load-chain, where it checks
|
|
Packit |
aea12f |
all certificates in the provided chain, or with \--load-cert and
|
|
Packit |
aea12f |
--load-issuer options. The latter checks the provided certificate
|
|
Packit |
aea12f |
against its specified issuer certificate.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-e\f[], \f\*[B-Font]\-\-verify\-response\f[]
|
|
Packit |
aea12f |
Verify response.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
Verifies the provided OCSP response against the system trust
|
|
Packit |
aea12f |
anchors (unless \--load-trust is provided). It requires the \--load-signer
|
|
Packit |
aea12f |
or \--load-chain options to obtain the signer of the OCSP response.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-i\f[], \f\*[B-Font]\-\-request\-info\f[]
|
|
Packit |
aea12f |
Print information on a OCSP request.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
Display detailed information on the provided OCSP request.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-j\f[], \f\*[B-Font]\-\-response\-info\f[]
|
|
Packit |
aea12f |
Print information on a OCSP response.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
Display detailed information on the provided OCSP response.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-q\f[], \f\*[B-Font]\-\-generate\-request\f[]
|
|
Packit |
aea12f |
Generates an OCSP request.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-nonce\f[], \f\*[B-Font]\-\-no\-nonce\f[]
|
|
Packit |
aea12f |
Use (or not) a nonce to OCSP request.
|
|
Packit |
aea12f |
The \fIno\-nonce\fP form will disable the option.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-load\-chain\f[]=\f\*[I-Font]file\f[]
|
|
Packit |
aea12f |
Reads a set of certificates forming a chain from file.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-load\-issuer\f[]=\f\*[I-Font]file\f[]
|
|
Packit |
aea12f |
Reads issuer's certificate from file.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-load\-cert\f[]=\f\*[I-Font]file\f[]
|
|
Packit |
aea12f |
Reads the certificate to check from file.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-load\-trust\f[]=\f\*[I-Font]file\f[]
|
|
Packit |
aea12f |
Read OCSP trust anchors from file.
|
|
Packit |
aea12f |
This option must not appear in combination with any of the following options:
|
|
Packit |
aea12f |
load-signer.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
When verifying an OCSP response read the trust anchors from the
|
|
Packit |
aea12f |
provided file. When this is not provided, the system's trust anchors will be
|
|
Packit |
aea12f |
used.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-load\-signer\f[]=\f\*[I-Font]file\f[]
|
|
Packit |
aea12f |
Reads the OCSP response signer from file.
|
|
Packit |
aea12f |
This option must not appear in combination with any of the following options:
|
|
Packit |
aea12f |
load-trust.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-inder\f[], \f\*[B-Font]\-\-no\-inder\f[]
|
|
Packit |
aea12f |
Use DER format for input certificates and private keys.
|
|
Packit |
aea12f |
The \fIno\-inder\fP form will disable the option.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-outder\f[]
|
|
Packit |
aea12f |
Use DER format for output of responses (this is the default).
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
The output will be in DER encoded format. Unlike other GnuTLS tools, this is the default for this tool
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-outpem\f[]
|
|
Packit |
aea12f |
Use PEM format for output of responses.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
The output will be in PEM format.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-Q\f[] \f\*[I-Font]file\f[], \f\*[B-Font]\-\-load\-request\f[]=\f\*[I-Font]file\f[]
|
|
Packit |
aea12f |
Reads the DER encoded OCSP request from file.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-S\f[] \f\*[I-Font]file\f[], \f\*[B-Font]\-\-load\-response\f[]=\f\*[I-Font]file\f[]
|
|
Packit |
aea12f |
Reads the DER encoded OCSP response from file.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-ignore\-errors\f[]
|
|
Packit |
aea12f |
Ignore any verification errors.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\-verify\-allow\-broken\f[]
|
|
Packit |
aea12f |
Allow broken algorithms, such as MD5 for verification.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
This can be combined with \--verify-response.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-h\f[], \f\*[B-Font]\-\-help\f[]
|
|
Packit |
aea12f |
Display usage information and exit.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-\&!\f[], \f\*[B-Font]\-\-more-help\f[]
|
|
Packit |
aea12f |
Pass the extended usage information through a pager.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP \f\*[B-Font]\-v\f[] [{\f\*[I-Font]v|c|n\f[] \f\*[B-Font]\-\-version\f[] [{\f\*[I-Font]v|c|n\f[]}]}]
|
|
Packit |
aea12f |
Output version of program and exit. The default mode is `v', a simple
|
|
Packit |
aea12f |
version. The `c' mode will print copyright information and `n' will
|
|
Packit |
aea12f |
print the full copyright notice.
|
|
Packit |
aea12f |
.PP
|
|
Packit |
aea12f |
.SH EXAMPLES
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
\fBPrint information about an OCSP request\fP
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
To parse an OCSP request and print information about the content, the
|
|
Packit |
aea12f |
\fB\-i\fP or \fB\-\-request\-info\fP parameter may be used as follows.
|
|
Packit |
aea12f |
The \fB\-Q\fP parameter specify the name of the file containing the
|
|
Packit |
aea12f |
OCSP request, and it should contain the OCSP request in binary DER
|
|
Packit |
aea12f |
format.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
$ ocsptool \-i \-Q ocsp\-request.der
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
The input file may also be sent to standard input like this:
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
$ cat ocsp\-request.der | ocsptool \-\-request\-info
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
\fBPrint information about an OCSP response\fP
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
Similar to parsing OCSP requests, OCSP responses can be parsed using
|
|
Packit |
aea12f |
the \fB\-j\fP or \fB\-\-response\-info\fP as follows.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
$ ocsptool \-j \-Q ocsp\-response.der
|
|
Packit |
aea12f |
$ cat ocsp\-response.der | ocsptool \-\-response\-info
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
\fBGenerate an OCSP request\fP
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
The \fB\-q\fP or \fB\-\-generate\-request\fP parameters are used to
|
|
Packit |
aea12f |
generate an OCSP request. By default the OCSP request is written to
|
|
Packit |
aea12f |
standard output in binary DER format, but can be stored in a file
|
|
Packit |
aea12f |
using \fB\-\-outfile\fP. To generate an OCSP request the issuer of the
|
|
Packit |
aea12f |
certificate to check needs to be specified with \fB\-\-load\-issuer\fP
|
|
Packit |
aea12f |
and the certificate to check with \fB\-\-load\-cert\fP. By default PEM
|
|
Packit |
aea12f |
format is used for these files, although \fB\-\-inder\fP can be used to
|
|
Packit |
aea12f |
specify that the input files are in DER format.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
$ ocsptool \-q \-\-load\-issuer issuer.pem \-\-load\-cert client.pem \
|
|
Packit |
aea12f |
\-\-outfile ocsp\-request.der
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
When generating OCSP requests, the tool will add an OCSP extension
|
|
Packit |
aea12f |
containing a nonce. This behaviour can be disabled by specifying
|
|
Packit |
aea12f |
\fB\-\-no\-nonce\fP.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
\fBVerify signature in OCSP response\fP
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
To verify the signature in an OCSP response the \fB\-e\fP or
|
|
Packit |
aea12f |
\fB\-\-verify\-response\fP parameter is used. The tool will read an
|
|
Packit |
aea12f |
OCSP response in DER format from standard input, or from the file
|
|
Packit |
aea12f |
specified by \fB\-\-load\-response\fP. The OCSP response is verified
|
|
Packit |
aea12f |
against a set of trust anchors, which are specified using
|
|
Packit |
aea12f |
\fB\-\-load\-trust\fP. The trust anchors are concatenated certificates
|
|
Packit |
aea12f |
in PEM format. The certificate that signed the OCSP response needs to
|
|
Packit |
aea12f |
be in the set of trust anchors, or the issuer of the signer
|
|
Packit |
aea12f |
certificate needs to be in the set of trust anchors and the OCSP
|
|
Packit |
aea12f |
Extended Key Usage bit has to be asserted in the signer certificate.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
$ ocsptool \-e \-\-load\-trust issuer.pem \
|
|
Packit |
aea12f |
\-\-load\-response ocsp\-response.der
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
The tool will print status of verification.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
\fBVerify signature in OCSP response against given certificate\fP
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
It is possible to override the normal trust logic if you know that a
|
|
Packit |
aea12f |
certain certificate is supposed to have signed the OCSP response, and
|
|
Packit |
aea12f |
you want to use it to check the signature. This is achieved using
|
|
Packit |
aea12f |
\fB\-\-load\-signer\fP instead of \fB\-\-load\-trust\fP. This will load
|
|
Packit |
aea12f |
one certificate and it will be used to verify the signature in the
|
|
Packit |
aea12f |
OCSP response. It will not check the Extended Key Usage bit.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
$ ocsptool \-e \-\-load\-signer ocsp\-signer.pem \
|
|
Packit |
aea12f |
\-\-load\-response ocsp\-response.der
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
This approach is normally only relevant in two situations. The first
|
|
Packit |
aea12f |
is when the OCSP response does not contain a copy of the signer
|
|
Packit |
aea12f |
certificate, so the \fB\-\-load\-trust\fP code would fail. The second
|
|
Packit |
aea12f |
is if you want to avoid the indirect mode where the OCSP response
|
|
Packit |
aea12f |
signer certificate is signed by a trust anchor.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
\fBReal\-world example\fP
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
Here is an example of how to generate an OCSP request for a
|
|
Packit |
aea12f |
certificate and to verify the response. For illustration we'll use
|
|
Packit |
aea12f |
the \fBblog.josefsson.org\fP host, which (as of writing) uses a
|
|
Packit |
aea12f |
certificate from CACert. First we'll use \fBgnutls\-cli\fP to get a
|
|
Packit |
aea12f |
copy of the server certificate chain. The server is not required to
|
|
Packit |
aea12f |
send this information, but this particular one is configured to do so.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
$ echo | gnutls\-cli \-p 443 blog.josefsson.org \-\-save\-cert chain.pem
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
The saved certificates normally contain a pointer to where the OCSP
|
|
Packit |
aea12f |
responder is located, in the Authority Information Access Information
|
|
Packit |
aea12f |
extension. For example, from \fBcerttool \-i < chain.pem\fP there is
|
|
Packit |
aea12f |
this information:
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
Authority Information Access Information (not critical):
|
|
Packit |
aea12f |
Access Method: 1.3.6.1.5.5.7.48.1 (id\-ad\-ocsp)
|
|
Packit |
aea12f |
Access Location URI: https://ocsp.CAcert.org/
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
This means that ocsptool can discover the servers to contact over HTTP.
|
|
Packit |
aea12f |
We can now request information on the chain certificates.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
$ ocsptool \-\-ask \-\-load\-chain chain.pem
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
The request is sent via HTTP to the OCSP server address found in
|
|
Packit |
aea12f |
the certificates. It is possible to override the address of the
|
|
Packit |
aea12f |
OCSP server as well as ask information on a particular certificate
|
|
Packit |
aea12f |
using \-\-load\-cert and \-\-load\-issuer.
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.br
|
|
Packit |
aea12f |
.in +4
|
|
Packit |
aea12f |
.nf
|
|
Packit |
aea12f |
$ ocsptool \-\-ask https://ocsp.CAcert.org/ \-\-load\-chain chain.pem
|
|
Packit |
aea12f |
.in -4
|
|
Packit |
aea12f |
.fi
|
|
Packit |
aea12f |
.sp
|
|
Packit |
aea12f |
.SH "EXIT STATUS"
|
|
Packit |
aea12f |
One of the following exit values will be returned:
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP 0 " (EXIT_SUCCESS)"
|
|
Packit |
aea12f |
Successful program execution.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP 1 " (EXIT_FAILURE)"
|
|
Packit |
aea12f |
The operation failed or the command syntax was not valid.
|
|
Packit |
aea12f |
.TP
|
|
Packit |
aea12f |
.NOP 70 " (EX_SOFTWARE)"
|
|
Packit |
aea12f |
libopts had an internal operational error. Please report
|
|
Packit |
aea12f |
it to autogen-users@lists.sourceforge.net. Thank you.
|
|
Packit |
aea12f |
.PP
|
|
Packit |
aea12f |
.SH "SEE ALSO"
|
|
Packit |
aea12f |
certtool (1)
|
|
Packit |
aea12f |
.SH "AUTHORS"
|
|
Packit |
aea12f |
Nikos Mavrogiannopoulos, Simon Josefsson and others; see /usr/share/doc/gnutls/AUTHORS for a complete list.
|
|
Packit |
aea12f |
.SH "COPYRIGHT"
|
|
Packit Service |
991b93 |
Copyright (C) 2000-2020 Free Software Foundation, and others all rights reserved.
|
|
Packit |
aea12f |
This program is released under the terms of the GNU General Public License, version 3 or later.
|
|
Packit |
aea12f |
.SH "BUGS"
|
|
Packit |
aea12f |
Please send bug reports to: bugs@gnutls.org
|
|
Packit |
aea12f |
.SH "NOTES"
|
|
Packit |
aea12f |
This manual page was \fIAutoGen\fP-erated from the \fBocsptool\fP
|
|
Packit |
aea12f |
option definitions.
|