path: root/doc/man1
diff options
authorJung-uk Kim <jkim@FreeBSD.org>2020-12-08 18:10:16 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2020-12-08 18:10:16 +0000
commit970a464089066970886f0bce6d1c9dcfbcb2e8ea (patch)
tree655c2eb8197c7c07b52e3246e4f63157f928f13d /doc/man1
parent92f02b3b0f21350e7c92a16ca9b594ad7682c717 (diff)
Import OpenSSL 1.1.1i.vendor/openssl/1.1.1i
Notes: svn path=/vendor-crypto/openssl/dist/; revision=368456 svn path=/vendor-crypto/openssl/1.1.1i/; revision=368457; tag=vendor/openssl/1.1.1i
Diffstat (limited to 'doc/man1')
1 files changed, 8 insertions, 4 deletions
diff --git a/doc/man1/verify.pod b/doc/man1/verify.pod
index 71288be40d4c..da2b7024821d 100644
--- a/doc/man1/verify.pod
+++ b/doc/man1/verify.pod
@@ -382,10 +382,14 @@ should be trusted for the supplied purpose.
For compatibility with previous versions of OpenSSL, a certificate with no
trust settings is considered to be valid for all purposes.
-The final operation is to check the validity of the certificate chain. The validity
-period is checked against the current system time and the notBefore and notAfter
-dates in the certificate. The certificate signatures are also checked at this
+The final operation is to check the validity of the certificate chain.
+For each element in the chain, including the root CA certificate,
+the validity period as specified by the C<notBefore> and C<notAfter> fields
+is checked against the current system time.
+The B<-attime> flag may be used to use a reference time other than "now."
+The certificate signature is checked as well
+(except for the signature of the typically self-signed root CA certificate,
+which is verified only if the B<-check_ss_sig> option is given).
If all operations complete successfully then certificate is considered valid. If
any operation fails then the certificate is not valid.