aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/pki/man/pki---verify.1.in16
1 files changed, 11 insertions, 5 deletions
diff --git a/src/pki/man/pki---verify.1.in b/src/pki/man/pki---verify.1.in
index de34acad4..dd0c0e928 100644
--- a/src/pki/man/pki---verify.1.in
+++ b/src/pki/man/pki---verify.1.in
@@ -10,6 +10,7 @@ pki \-\-verify \- Verify a certificate using a CA certificate
.OP \-\-in file
.OP \-\-cacert file
.OP \-\-debug level
+.OP \-\-online
.YS
.
.SY pki\ \-\-verify
@@ -44,13 +45,18 @@ Read command line options from \fIfile\fR.
X.509 certificate to verify. If not given it is read from \fISTDIN\fR.
.TP
.BI "\-c, \-\-cacert " file
-CA certificate to use. If not given the certificate is assumed to be
-self-signed.
+CA certificate to use for trustchain verification. If not given the certificate
+is assumed to be self\-signed.
+.TP
+.BI "\-o, \-\-online
+Enable online CRL/OCSP revocation checking.
.
.SH "EXIT STATUS"
-The exit status is 0 if the certificate was verified successfully, and 2 if
-the verification failed.
+The exit status is 0 if the certificate was verified successfully, 1 if the
+certificate is untrusted, 2 if the certificate's lifetimes are invalid, and 3
+if the certificate was verified successfully but the online revocation check
+indicated that it has been revoked.
.
.SH "SEE ALSO"
.
-.BR pki (1) \ No newline at end of file
+.BR pki (1)
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-19 15:40:56 +0000