diff options
| -rw-r--r-- | src/pki/man/pki---issue.1.in | 3 | ||||
| -rw-r--r-- | src/pki/man/pki---self.1.in | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in index 3f9382e9a..d1fa3473f 100644 --- a/src/pki/man/pki---issue.1.in +++ b/src/pki/man/pki---issue.1.in @@ -153,6 +153,9 @@ Set path length constraint. RFC 3779 address block to include in certificate. \fIblock\fR is either a CIDR subnet (such as \fI10.0.0.0/8\fR) or an arbitrary address range (\fI192.168.1.7-192.168.1.13\fR). Can be repeated to include multiple blocks. +Please note that the supplied blocks are included in the certificate as is, +so for standards compliance, multiple blocks must be supplied in correct +order and adjacent blocks must be combined. Refer to RFC 3779 for details. .TP .BI "\-n, \-\-nc-permitted " name Add permitted NameConstraint extension to certificate. For DNS or email diff --git a/src/pki/man/pki---self.1.in b/src/pki/man/pki---self.1.in index ec38e6d48..4384fa72d 100644 --- a/src/pki/man/pki---self.1.in +++ b/src/pki/man/pki---self.1.in @@ -132,6 +132,9 @@ Set path length constraint. RFC 3779 address block to include in certificate. \fIblock\fR is either a CIDR subnet (such as \fI10.0.0.0/8\fR) or an arbitrary address range (\fI192.168.1.7-192.168.1.13\fR). Can be repeated to include multiple blocks. +Please note that the supplied blocks are included in the certificate as is, +so for standards compliance, multiple blocks must be supplied in correct +order and adjacent blocks must be combined. Refer to RFC 3779 for details. .TP .BI "\-n, \-\-nc-permitted " name Add permitted NameConstraint extension to certificate. For DNS or email |