diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/verify.1')
-rw-r--r-- | secure/usr.bin/openssl/man/verify.1 | 63 |
1 files changed, 32 insertions, 31 deletions
diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index 3c970f7..fd4477b 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.22) +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.23) .\" .\" Standard preamble: .\" ======================================================================== @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2012-05-10" "1.0.1c" "OpenSSL" +.TH VERIFY 1 "2013-02-11" "1.0.1e" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -174,63 +174,64 @@ in \s-1PEM\s0 format concatenated together. .IP "\fB\-untrusted file\fR" 4 .IX Item "-untrusted file" A file of untrusted certificates. The file should contain multiple certificates +in \s-1PEM\s0 format concatenated together. .IP "\fB\-purpose purpose\fR" 4 .IX Item "-purpose purpose" -the intended use for the certificate. Without this option no chain verification -will be done. Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, -\&\fBnssslserver\fR, \fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY\s0 \s-1OPERATION\s0\fR -section for more information. +The intended use for the certificate. If this option is not specified, +\&\fBverify\fR will not consider certificate purpose during chain verification. +Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, \fBnssslserver\fR, +\&\fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY\s0 \s-1OPERATION\s0\fR section for more +information. .IP "\fB\-help\fR" 4 .IX Item "-help" -prints out a usage message. +Print out a usage message. .IP "\fB\-verbose\fR" 4 .IX Item "-verbose" -print extra information about the operations being performed. +Print extra information about the operations being performed. .IP "\fB\-issuer_checks\fR" 4 .IX Item "-issuer_checks" -print out diagnostics relating to searches for the issuer certificate -of the current certificate. This shows why each candidate issuer -certificate was rejected. However the presence of rejection messages -does not itself imply that anything is wrong: during the normal -verify process several rejections may take place. +Print out diagnostics relating to searches for the issuer certificate of the +current certificate. This shows why each candidate issuer certificate was +rejected. The presence of rejection messages does not itself imply that +anything is wrong; during the normal verification process, several +rejections may take place. .IP "\fB\-policy arg\fR" 4 .IX Item "-policy arg" -Enable policy processing and add \fBarg\fR to the user-initial-policy-set -(see \s-1RFC3280\s0 et al). The policy \fBarg\fR can be an object name an \s-1OID\s0 in numeric -form. This argument can appear more than once. +Enable policy processing and add \fBarg\fR to the user-initial-policy-set (see +\&\s-1RFC5280\s0). The policy \fBarg\fR can be an object name an \s-1OID\s0 in numeric form. +This argument can appear more than once. .IP "\fB\-policy_check\fR" 4 .IX Item "-policy_check" Enables certificate policy processing. .IP "\fB\-explicit_policy\fR" 4 .IX Item "-explicit_policy" -Set policy variable require-explicit-policy (see \s-1RFC3280\s0 et al). +Set policy variable require-explicit-policy (see \s-1RFC5280\s0). .IP "\fB\-inhibit_any\fR" 4 .IX Item "-inhibit_any" -Set policy variable inhibit-any-policy (see \s-1RFC3280\s0 et al). +Set policy variable inhibit-any-policy (see \s-1RFC5280\s0). .IP "\fB\-inhibit_map\fR" 4 .IX Item "-inhibit_map" -Set policy variable inhibit-policy-mapping (see \s-1RFC3280\s0 et al). +Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0). .IP "\fB\-policy_print\fR" 4 .IX Item "-policy_print" -Print out diagnostics, related to policy checking +Print out diagnostics related to policy processing. .IP "\fB\-crl_check\fR" 4 .IX Item "-crl_check" -Checks end entity certificate validity by attempting to lookup a valid \s-1CRL\s0. +Checks end entity certificate validity by attempting to look up a valid \s-1CRL\s0. If a valid \s-1CRL\s0 cannot be found an error occurs. .IP "\fB\-crl_check_all\fR" 4 .IX Item "-crl_check_all" Checks the validity of \fBall\fR certificates in the chain by attempting -to lookup valid CRLs. +to look up valid CRLs. .IP "\fB\-ignore_critical\fR" 4 .IX Item "-ignore_critical" Normally if an unhandled critical extension is present which is not -supported by OpenSSL the certificate is rejected (as required by -\&\s-1RFC3280\s0 et al). If this option is set critical extensions are -ignored. +supported by OpenSSL the certificate is rejected (as required by \s-1RFC5280\s0). +If this option is set critical extensions are ignored. .IP "\fB\-x509_strict\fR" 4 .IX Item "-x509_strict" -Disable workarounds for broken certificates which have to be disabled -for strict X.509 compliance. +For strict X.509 compliance, disable non-compliant workarounds for broken +certificates. .IP "\fB\-extended_crl\fR" 4 .IX Item "-extended_crl" Enable extended \s-1CRL\s0 features such as indirect CRLs and alternate \s-1CRL\s0 @@ -244,14 +245,14 @@ Verify the signature on the self-signed root \s-1CA\s0. This is disabled by defa because it doesn't add any security. .IP "\fB\-\fR" 4 .IX Item "-" -marks the last option. All arguments following this are assumed to be +Indicates the last option. All arguments following this are assumed to be certificate files. This is useful if the first certificate filename begins with a \fB\-\fR. .IP "\fBcertificates\fR" 4 .IX Item "certificates" -one or more certificates to verify. If no certificate filenames are included -then an attempt is made to read a certificate from standard input. They should -all be in \s-1PEM\s0 format. +One or more certificates to verify. If no certificates are given, \fBverify\fR +will attempt to read a certificate from standard input. Certificates must be +in \s-1PEM\s0 format. .SH "VERIFY OPERATION" .IX Header "VERIFY OPERATION" The \fBverify\fR program uses the same functions as the internal \s-1SSL\s0 and S/MIME |