diff --git a/doc/man3/CMS_verify.pod b/doc/man3/CMS_verify.pod index 97ccf535e41ca..744325569edb8 100644 --- a/doc/man3/CMS_verify.pod +++ b/doc/man3/CMS_verify.pod @@ -63,8 +63,9 @@ the I parameter (if it is not NULL). Then they are looked up in any certificates contained in the I structure unless B is set. If any signing certificate cannot be located the operation fails. -Each signing certificate is chain verified using the I purpose and -using the trusted certificate store I if supplied. +Each signing certificate is chain verified using by default the I +purpose and using the trusted certificate store I if supplied. +The default purpose may be overridden using L. Any internal certificates in the message, which may have been added using L, are used as untrusted CAs. If CRL checking is enabled in I and B is not set, @@ -151,7 +152,7 @@ be held in memory if it is not detached. =head1 SEE ALSO L, L, L, -L, +L, L, L, L =head1 HISTORY diff --git a/doc/man3/PKCS7_verify.pod b/doc/man3/PKCS7_verify.pod index fb759118397fb..b1b08ed568e6e 100644 --- a/doc/man3/PKCS7_verify.pod +++ b/doc/man3/PKCS7_verify.pod @@ -50,8 +50,9 @@ the I parameter (if it is not NULL). Then they are looked up in any certificates contained in the I structure unless B is set. If any signer's certificates cannot be located the operation fails. -Each signer's certificate is chain verified using the B purpose and -using the trusted certificate store I if supplied. +Each signer certificate is chain verified using by default the C +purpose and using the trusted certificate store I if supplied. +The default purpose may be overridden using L. Any internal certificates in the message, which may have been added using L, are used as untrusted CAs unless B is set. @@ -126,6 +127,7 @@ be held in memory if it is not detached. =head1 SEE ALSO L, L, L, +L, L, L =head1 COPYRIGHT