> On Dec 15, 2015, at 5:30 PM, Blumenthal, Uri - 0553 - MITLL <u...@ll.mit.edu> > wrote: > > Also, in your next email you mention “openssl verify -partial_chain”. > Alas, I don’t see this option: > > $ openssl version > OpenSSL 1.0.2e 3 Dec 2015 > $ openssl verify --help > usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] > [-crl_check] [-no_alt_chains] [-attime timestamp] [-engine e] cert1 cert2 > ... > recognized usages: > sslclient SSL client > sslserver SSL server > nssslserver Netscape SSL server > smimesign S/MIME signing > smimeencrypt S/MIME encryption > crlsign CRL signing > any Any Purpose > ocsphelper OCSP helper > timestampsign Time Stamp signing
That's fine, but have you tried it? > $ man verify > > NAME > verify - Utility to verify certificates. > > > SYNOPSIS > openssl verify [-CApath directory] [-CAfile file] [-purpose purpose] > [-policy arg] > [-ignore_critical] [-attime timestamp] [-check_ss_sig] [-crlfile file] > [-crl_download] > [-crl_check] [-crl_check_all] [-policy_check] [-explicit_policy] > [-inhibit_any] [-inhibit_map] > [-x509_strict] [-extended_crl] [-use_deltas] [-policy_print] > [-no_alt_chains] [-untrusted > file] [-help] [-issuer_checks] [-trusted file] [-verbose] [-] > [certificates] That's fine, but have you tried it? The option is documented in 1.1.0, and not 1.0.2, and yet it is available in both. -- Viktor. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev