Loading doc/apps/verify.pod +30 −30 Original line number Original line Diff line number Diff line Loading @@ -54,35 +54,37 @@ in PEM format concatenated together. =item B<-untrusted file> =item B<-untrusted file> A file of untrusted certificates. The file should contain multiple certificates A file of untrusted certificates. The file should contain multiple certificates in PEM format concatenated together. =item B<-purpose purpose> =item B<-purpose purpose> the intended use for the certificate. Without this option no chain verification The intended use for the certificate. If this option is not specified, will be done. Currently accepted uses are B<sslclient>, B<sslserver>, B<verify> will not consider certificate purpose during chain verification. B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>, section for more information. B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more information. =item B<-help> =item B<-help> prints out a usage message. Print out a usage message. =item B<-verbose> =item B<-verbose> print extra information about the operations being performed. Print extra information about the operations being performed. =item B<-issuer_checks> =item B<-issuer_checks> print out diagnostics relating to searches for the issuer certificate Print out diagnostics relating to searches for the issuer certificate of the of the current certificate. This shows why each candidate issuer current certificate. This shows why each candidate issuer certificate was certificate was rejected. However the presence of rejection messages rejected. The presence of rejection messages does not itself imply that does not itself imply that anything is wrong: during the normal anything is wrong; during the normal verification process, several verify process several rejections may take place. rejections may take place. =item B<-policy arg> =item B<-policy arg> Enable policy processing and add B<arg> to the user-initial-policy-set Enable policy processing and add B<arg> to the user-initial-policy-set (see (see RFC3280 et al). The policy B<arg> can be an object name an OID in numeric RFC5280). The policy B<arg> can be an object name an OID in numeric form. form. This argument can appear more than once. This argument can appear more than once. =item B<-policy_check> =item B<-policy_check> Loading @@ -90,19 +92,19 @@ Enables certificate policy processing. =item B<-explicit_policy> =item B<-explicit_policy> Set policy variable require-explicit-policy (see RFC3280 et al). Set policy variable require-explicit-policy (see RFC5280). =item B<-inhibit_any> =item B<-inhibit_any> Set policy variable inhibit-any-policy (see RFC3280 et al). Set policy variable inhibit-any-policy (see RFC5280). =item B<-inhibit_map> =item B<-inhibit_map> Set policy variable inhibit-policy-mapping (see RFC3280 et al). Set policy variable inhibit-policy-mapping (see RFC5280). =item B<-policy_print> =item B<-policy_print> Print out diagnostics, related to policy checking Print out diagnostics related to policy processing. =item B<-crl_check> =item B<-crl_check> Loading @@ -117,14 +119,13 @@ to lookup valid CRLs. =item B<-ignore_critical> =item B<-ignore_critical> Normally if an unhandled critical extension is present which is not Normally if an unhandled critical extension is present which is not supported by OpenSSL the certificate is rejected (as required by supported by OpenSSL the certificate is rejected (as required by RFC5280). RFC3280 et al). If this option is set critical extensions are If this option is set critical extensions are ignored. ignored. =item B<-x509_strict> =item B<-x509_strict> Disable workarounds for broken certificates which have to be disabled For strict X.509 compliance, disable non-compliant workarounds for broken for strict X.509 compliance. certificates. =item B<-extended_crl> =item B<-extended_crl> Loading @@ -142,16 +143,15 @@ because it doesn't add any security. =item B<-> =item B<-> marks the last option. All arguments following this are assumed to be Indicates the last option. All arguments following this are assumed to be certificate files. This is useful if the first certificate filename begins certificate files. This is useful if the first certificate filename begins with a B<->. with a B<->. =item B<certificates> =item B<certificates> one or more certificates to verify. If no certificate filenames are included One or more certificates to verify. If no certificates are given, B<verify> then an attempt is made to read a certificate from standard input. They should will attempt to read a certificate from standard input. Certificates must be all be in PEM format. in PEM format. =back =back Loading Loading
doc/apps/verify.pod +30 −30 Original line number Original line Diff line number Diff line Loading @@ -54,35 +54,37 @@ in PEM format concatenated together. =item B<-untrusted file> =item B<-untrusted file> A file of untrusted certificates. The file should contain multiple certificates A file of untrusted certificates. The file should contain multiple certificates in PEM format concatenated together. =item B<-purpose purpose> =item B<-purpose purpose> the intended use for the certificate. Without this option no chain verification The intended use for the certificate. If this option is not specified, will be done. Currently accepted uses are B<sslclient>, B<sslserver>, B<verify> will not consider certificate purpose during chain verification. B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>, section for more information. B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more information. =item B<-help> =item B<-help> prints out a usage message. Print out a usage message. =item B<-verbose> =item B<-verbose> print extra information about the operations being performed. Print extra information about the operations being performed. =item B<-issuer_checks> =item B<-issuer_checks> print out diagnostics relating to searches for the issuer certificate Print out diagnostics relating to searches for the issuer certificate of the of the current certificate. This shows why each candidate issuer current certificate. This shows why each candidate issuer certificate was certificate was rejected. However the presence of rejection messages rejected. The presence of rejection messages does not itself imply that does not itself imply that anything is wrong: during the normal anything is wrong; during the normal verification process, several verify process several rejections may take place. rejections may take place. =item B<-policy arg> =item B<-policy arg> Enable policy processing and add B<arg> to the user-initial-policy-set Enable policy processing and add B<arg> to the user-initial-policy-set (see (see RFC3280 et al). The policy B<arg> can be an object name an OID in numeric RFC5280). The policy B<arg> can be an object name an OID in numeric form. form. This argument can appear more than once. This argument can appear more than once. =item B<-policy_check> =item B<-policy_check> Loading @@ -90,19 +92,19 @@ Enables certificate policy processing. =item B<-explicit_policy> =item B<-explicit_policy> Set policy variable require-explicit-policy (see RFC3280 et al). Set policy variable require-explicit-policy (see RFC5280). =item B<-inhibit_any> =item B<-inhibit_any> Set policy variable inhibit-any-policy (see RFC3280 et al). Set policy variable inhibit-any-policy (see RFC5280). =item B<-inhibit_map> =item B<-inhibit_map> Set policy variable inhibit-policy-mapping (see RFC3280 et al). Set policy variable inhibit-policy-mapping (see RFC5280). =item B<-policy_print> =item B<-policy_print> Print out diagnostics, related to policy checking Print out diagnostics related to policy processing. =item B<-crl_check> =item B<-crl_check> Loading @@ -117,14 +119,13 @@ to lookup valid CRLs. =item B<-ignore_critical> =item B<-ignore_critical> Normally if an unhandled critical extension is present which is not Normally if an unhandled critical extension is present which is not supported by OpenSSL the certificate is rejected (as required by supported by OpenSSL the certificate is rejected (as required by RFC5280). RFC3280 et al). If this option is set critical extensions are If this option is set critical extensions are ignored. ignored. =item B<-x509_strict> =item B<-x509_strict> Disable workarounds for broken certificates which have to be disabled For strict X.509 compliance, disable non-compliant workarounds for broken for strict X.509 compliance. certificates. =item B<-extended_crl> =item B<-extended_crl> Loading @@ -142,16 +143,15 @@ because it doesn't add any security. =item B<-> =item B<-> marks the last option. All arguments following this are assumed to be Indicates the last option. All arguments following this are assumed to be certificate files. This is useful if the first certificate filename begins certificate files. This is useful if the first certificate filename begins with a B<->. with a B<->. =item B<certificates> =item B<certificates> one or more certificates to verify. If no certificate filenames are included One or more certificates to verify. If no certificates are given, B<verify> then an attempt is made to read a certificate from standard input. They should will attempt to read a certificate from standard input. Certificates must be all be in PEM format. in PEM format. =back =back Loading
