Added supported version of OpenSSL to README.md

Alerted to this by issue #5 'OpenSSL option -no-CAstore only seems to be supported on OpenSSL 3.0' Currently do not see any harm in a simple removal of '-no-CAstore' for openssl-verify toward older version. For 'openssl verify' command, according to this man page website (https://www.openssl.org/docs/man1.1.1/man1/openssl-verify.html ): In v1.0.2, there is no '-no-CAstore' option In v1.1.1b, strangely, '-no-CAstore' is there, where I based my work on. In v1.1.1k, there is no '-no-CAstore' option In v3.0, oops, THERE IT IS! Both of us must be getting ahead of ourselves here.
egberts · Mar 10, 2022 · 97b4074 · 97b4074
1 parent 8c0229d
commit 97b4074
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -23,7 +23,6 @@ Certificate Authority Management tool is witten in bash shell.  Runs on any plat
 
 If you have ANY of the following:
 
-* at least version 1.1.1b of OpenSSL
 * befuddle by myriad of OpenSSL CLI options, particularly encryption
 * perplex by how to cross-set the numerous settings between sections within and between the OpenSSL configuration files.
 * a white lab or clean room

diff --git a/tls-ca-manage.sh b/tls-ca-manage.sh
@@ -1787,7 +1787,7 @@ function cmd_verify_ca {
     fi
 
     # Verify the Certificate
-    openssl verify -no-CApath -no-CAstore \
+    openssl verify -no-CApath \
         -CAfile "$PARENT_IA_CERT_PEM" "$IA_CERT_PEM"
     RETSTS=$?
     if [[ ${RETSTS} -ne 0 ]]; then

diff --git a/tls-cert-manage.sh b/tls-cert-manage.sh
@@ -1572,7 +1572,7 @@ function cmd_verify_cert {
     fi
 
     # Verify the Certificate
-    ${OPENSSL_VERIFY} -no-CApath -no-CAstore \
+    ${OPENSSL_VERIFY} -no-CApath \
         -CAfile "$PARENT_IA_CERT_PEM" "$CERT_CERT_PEM"
     RETSTS=$?
     if [[ ${RETSTS} -ne 0 ]]; then