diff options
Diffstat (limited to 'doc/apps/verify.pod')
| -rw-r--r-- | doc/apps/verify.pod | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index 18eeee04b932..bffa6c0ec403 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -12,6 +12,10 @@ B<openssl> B<verify> [B<-purpose purpose>] [B<-policy arg>] [B<-ignore_critical>] +[B<-attime timestamp>] +[B<-check_ss_sig>] +[B<-crlfile file>] +[B<-crl_download>] [B<-crl_check>] [B<-crl_check_all>] [B<-policy_check>] @@ -26,7 +30,7 @@ B<openssl> B<verify> [B<-untrusted file>] [B<-help>] [B<-issuer_checks>] -[B<-attime timestamp>] +[B<-trusted file>] [B<-verbose>] [B<->] [certificates] @@ -52,6 +56,30 @@ create symbolic links to a directory of certificates. A file of trusted certificates. The file should contain multiple certificates in PEM format concatenated together. +=item B<-attime timestamp> + +Perform validation checks using time specified by B<timestamp> and not +current system time. B<timestamp> is the number of seconds since +01.01.1970 (UNIX time). + +=item B<-check_ss_sig> + +Verify the signature on the self-signed root CA. This is disabled by default +because it doesn't add any security. + +=item B<-crlfile file> + +File containing one or more CRL's (in PEM format) to load. + +=item B<-crl_download> + +Attempt to download CRL information for this certificate. + +=item B<-crl_check> + +Checks end entity certificate validity by attempting to look up a valid CRL. +If a valid CRL cannot be found an error occurs. + =item B<-untrusted file> A file of untrusted certificates. The file should contain multiple certificates @@ -81,12 +109,6 @@ rejected. The presence of rejection messages does not itself imply that anything is wrong; during the normal verification process, several rejections may take place. -=item B<-attime timestamp> - -Perform validation checks using time specified by B<timestamp> and not -current system time. B<timestamp> is the number of seconds since -01.01.1970 (UNIX time). - =item B<-policy arg> Enable policy processing and add B<arg> to the user-initial-policy-set (see @@ -117,6 +139,11 @@ be found that is trusted. With this option that behaviour is suppressed so that only the first chain found is ever used. Using this option will force the behaviour to match that of previous OpenSSL versions. +=item B<-trusted file> + +A file of additional trusted certificates. The file should contain multiple +certificates in PEM format concatenated together. + =item B<-policy_print> Print out diagnostics related to policy processing. @@ -420,6 +447,6 @@ L<x509(1)|x509(1)> =head1 HISTORY -The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. +The -no_alt_chains options was first added to OpenSSL 1.0.2b. =cut |