There's no documentation available for the -no_explicit option of "openssl ocsp":
https://www.openssl.org/docs/apps/ocsp.html Dr. Henson explained the meaning of the option and of the corresponding flag OCSP_NOEXPLICIT for OCSP_basic_verify() like this on the openssl-users list: > If the responder root CA is set to be trusted for OCSP signing then it can be > used to sign OCSP responses for any certificate (aka a global responder). This > comes under: > > 1. Matches a local configuration of OCSP signing authority for the > certificate in question > > or alternatively: > > Additional acceptance or rejection criteria may apply to either the > response itself or to the certificate used to validate the signature > on the response. > > from RFC2560 et al. > > If the -no_explicit flag is set or OCSP_NOEXPLICIT is set then this behaviour > is disabled. -- Stephan _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
