generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Documentation improvements by Chris Palmer (Google).

Browse Source
This commit is contained in:
Ben Laurie 2012-12-14 13:28:49 +00:00
parent 4d2654783c
commit 3a778a2913
1 changed files with 30 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
doc/apps/verify.pod
View File

@ -54,35 +54,37 @@ in PEM format concatenated together.
=item B<-untrusted file> =item B<-untrusted file>
A file of untrusted certificates. The file should contain multiple certificates A file of untrusted certificates. The file should contain multiple certificates
in PEM format concatenated together.
=item B<-purpose purpose> =item B<-purpose purpose>
the intended use for the certificate. Without this option no chain verification The intended use for the certificate. If this option is not specified,
will be done. Currently accepted uses are B<sslclient>, B<sslserver>, B<verify> will not consider certificate purpose during chain verification.
B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>,
section for more information. B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more
information.
=item B<-help> =item B<-help>
prints out a usage message. Print out a usage message.
=item B<-verbose> =item B<-verbose>
print extra information about the operations being performed. Print extra information about the operations being performed.
=item B<-issuer_checks> =item B<-issuer_checks>
print out diagnostics relating to searches for the issuer certificate Print out diagnostics relating to searches for the issuer certificate of the
of the current certificate. This shows why each candidate issuer current certificate. This shows why each candidate issuer certificate was
certificate was rejected. However the presence of rejection messages rejected. The presence of rejection messages does not itself imply that
does not itself imply that anything is wrong: during the normal anything is wrong; during the normal verification process, several
verify process several rejections may take place. rejections may take place.
=item B<-policy arg> =item B<-policy arg>
Enable policy processing and add B<arg> to the user-initial-policy-set Enable policy processing and add B<arg> to the user-initial-policy-set (see
(see RFC3280 et al). The policy B<arg> can be an object name an OID in numeric RFC5280). The policy B<arg> can be an object name an OID in numeric form.
form. This argument can appear more than once. This argument can appear more than once.
=item B<-policy_check> =item B<-policy_check>
@ -90,41 +92,40 @@ Enables certificate policy processing.
=item B<-explicit_policy> =item B<-explicit_policy>
Set policy variable require-explicit-policy (see RFC3280 et al). Set policy variable require-explicit-policy (see RFC5280).
=item B<-inhibit_any> =item B<-inhibit_any>
Set policy variable inhibit-any-policy (see RFC3280 et al). Set policy variable inhibit-any-policy (see RFC5280).
=item B<-inhibit_map> =item B<-inhibit_map>
Set policy variable inhibit-policy-mapping (see RFC3280 et al). Set policy variable inhibit-policy-mapping (see RFC5280).
=item B<-policy_print> =item B<-policy_print>
Print out diagnostics, related to policy checking Print out diagnostics related to policy processing.
=item B<-crl_check> =item B<-crl_check>
Checks end entity certificate validity by attempting to lookup a valid CRL. Checks end entity certificate validity by attempting to look up a valid CRL.
If a valid CRL cannot be found an error occurs. If a valid CRL cannot be found an error occurs.
=item B<-crl_check_all> =item B<-crl_check_all>
Checks the validity of B<all> certificates in the chain by attempting Checks the validity of B<all> certificates in the chain by attempting
to lookup valid CRLs. to look up valid CRLs.
=item B<-ignore_critical> =item B<-ignore_critical>
Normally if an unhandled critical extension is present which is not Normally if an unhandled critical extension is present which is not
supported by OpenSSL the certificate is rejected (as required by supported by OpenSSL the certificate is rejected (as required by RFC5280).
RFC3280 et al). If this option is set critical extensions are If this option is set critical extensions are ignored.
ignored.
=item B<-x509_strict> =item B<-x509_strict>
Disable workarounds for broken certificates which have to be disabled For strict X.509 compliance, disable non-compliant workarounds for broken
for strict X.509 compliance. certificates.
=item B<-extended_crl> =item B<-extended_crl>
@ -142,16 +143,15 @@ because it doesn't add any security.
=item B<-> =item B<->
marks the last option. All arguments following this are assumed to be Indicates the last option. All arguments following this are assumed to be
certificate files. This is useful if the first certificate filename begins certificate files. This is useful if the first certificate filename begins
with a B<->. with a B<->.
=item B<certificates> =item B<certificates>
one or more certificates to verify. If no certificate filenames are included One or more certificates to verify. If no certificates are given, B<verify>
then an attempt is made to read a certificate from standard input. They should will attempt to read a certificate from standard input. Certificates must be
all be in PEM format. in PEM format.
=back =back