openssl-verification-options.1 - OpenGrok cross reference for /freebsd/secure/usr.bin/openssl/man/openssl-verification-options.1

Lines Matching +full:1 +full:- +full:of +full:- +full:4
1 .\" -*- mode: troff; coding: utf-8 -*-
35 .\" entries marked with X<> in POD.  Of course, you'll have to process the
46 .        tm Index:\\$1\t\\n%\t"\\$2"
57 .IX Title "OPENSSL-VERIFICATION-OPTIONS 1ossl"
58 .TH OPENSSL-VERIFICATION-OPTIONS 1ossl 2025-07-01 3.5.1 OpenSSL
64 openssl\-verification\-options \- generic X.509 certificate verification options
77 It is a complicated process consisting of a number of steps
79 The most important of them are detailed in the following sections.
81 In a nutshell, a valid chain of certificates needs to be built up and verified
84 Certificate validation can be performed in the context of a \fIpurpose\fR, which
85 is a high-level specification of the intended use of the target certificate,
88 The details of how each OpenSSL command handles errors
91 DANE support is documented in \fBopenssl\-s_client\fR\|(1),
99 and thus is acceptable as the root of a chain of certificates.
101 In practice, trust anchors are given in the form of certificates,
104 OpenSSL checks the validity period of such certificates
105 and makes use of some further fields.
110 all self-signed "root" CA certificates that are placed in the \fItrust store\fR,
111 which is a collection of certificates that are trusted for certain uses.
112 This is akin to what is used in the trust stores of Mozilla Firefox,
117 uses of a target certificate the certificate may serve as a trust anchor.
119 Such a designation provides a set of positive trust attributes
121 and/or a set of negative trust attributes
124 (EKUs) that may be given in X.509 extensions of end-entity certificates.
132 As of OpenSSL 1.1.0, the last of these blocks all uses when rejected or
135 A certificate, which may be CA certificate or an end-entity certificate,
138 .IP \(bu 4
139 It is an an element of the trust store.
140 .IP \(bu 4
142 .IP \(bu 4
144 or (by default) one of the following compatibility conditions apply:
145 It is self-signed or the \fB\-partial_chain\fR option is given
154 matches as an issuer of the current "subject" certificate as described below.
156 is taken, otherwise the one that expired most recently of all such certificates.
160 When a self-signed certificate has been added, chain construction stops.
164 if all of the following conditions hold:
165 .IP \(bu 4
166 Its subject name matches the issuer name of the subject certificate.
167 .IP \(bu 4
169 each of its sub-fields equals the corresponding subject key identifier, serial
170 number, and issuer field of the candidate issuer certificate,
172 .IP \(bu 4
175 equals the public key algorithm of the candidate issuer certificate.
179 the list of untrusted ("intermediate" CA) certificates, if provided.
185 The first step is to check that each certificate is well-formed.
186 Part of these checks are enabled only if the \fB\-x509_strict\fR option is given.
188 The second step is to check the X.509v3 extensions of every certificate
190 If the \fB\-purpose\fR option is not given then no such checks are done except for
193 The X.509v3 extensions of the target or "leaf" certificate
196 and possibly also further non-standard checks are performed.
201 (which typically is a self-signed root CA certificate).
203 For compatibility with previous versions of OpenSSL, a self-signed certificate
206 The fourth, and final, step is to check the validity of the certificate chain.
210 The \fB\-attime\fR flag may be used to use a reference time other than "now."
212 (except for the signature of the typically self-signed root CA certificate,
213 which is verified only if the \fB\-check_ss_sig\fR option is given).
215 the keyUsage extension (if present) of the candidate issuer certificate
226 As mentioned, a collection of such certificates is called a \fItrust store\fR.
228 Note that OpenSSL does not provide a default set of trust anchors.  Many
231 <https://www.mozilla.org/en\-US/about/governance/policies/security\-group/certs/>.
235 .IP "\fB\-CAfile\fR \fIfile\fR" 4
236 .IX Item "-CAfile file"
238 or potentially several of them in case the input is in PEM format.
239 PEM-encoded certificates may also have trust attributes set.
240 .IP \fB\-no\-CAfile\fR 4
241 .IX Item "-no-CAfile"
242 Do not load the default file of trusted certificates.
243 .IP "\fB\-CApath\fR \fIdir\fR" 4
244 .IX Item "-CApath dir"
245 Use the specified directory as a collection of trusted certificates,
247 Files should be named with the hash value of the X.509 SubjectName of each
250 See \fBopenssl\-rehash\fR\|(1) for information on creating this type of directory.
251 .IP \fB\-no\-CApath\fR 4
252 .IX Item "-no-CApath"
253 Do not use the default directory of trusted certificates.
254 .IP "\fB\-CAstore\fR \fIuri\fR" 4
255 .IX Item "-CAstore uri"
256 Use \fIuri\fR as a store of CA certificates.
257 The URI may indicate a single certificate, as well as a collection of them.
258 With URIs in the \f(CW\*(C`file:\*(C'\fR scheme, this acts as \fB\-CAfile\fR or
259 \&\fB\-CApath\fR, depending on if the URI indicates a single file or
261 See \fBossl_store\-file\fR\|(7) for more information on the \f(CW\*(C`file:\*(C'\fR scheme.
264 chain (for example with \fBopenssl\-s_server\fR\|(1)) or client certificate
265 chain (for example with \fBopenssl\-s_time\fR\|(1)).
266 .IP \fB\-no\-CAstore\fR 4
267 .IX Item "-no-CAstore"
268 Do not use the default store of trusted CA certificates.
271 The certificate verification can be fine-tuned with the following flags.
272 .IP \fB\-verbose\fR 4
273 .IX Item "-verbose"
275 .IP "\fB\-attime\fR \fItimestamp\fR" 4
276 .IX Item "-attime timestamp"
278 current system time. \fItimestamp\fR is the number of seconds since
279 January 1, 1970 (i.e., the Unix Epoch).
280 .IP \fB\-no_check_time\fR 4
281 .IX Item "-no_check_time"
282 This option suppresses checking the validity period of certificates and CRLs
283 against the current time. If option \fB\-attime\fR is used to specify
285 .IP \fB\-x509_strict\fR 4
286 .IX Item "-x509_strict"
287 This disables non-compliant workarounds for broken certificates.
291 among others, the following certificate well-formedness conditions are checked:
292 .RS 4
293 .IP \(bu 4
294 The basicConstraints of CA certificates must be marked critical.
295 .IP \(bu 4
297 .IP \(bu 4
299 .IP \(bu 4
300 The pathlenConstraint must not be given for non-CA certificates.
301 .IP \(bu 4
302 The issuer name of any certificate must not be empty.
303 .IP \(bu 4
304 The subject name of CA certs, certs with keyUsage crlSign, and certs
306 .IP \(bu 4
308 .IP \(bu 4
310 .IP \(bu 4
313 .IP \(bu 4
315 are self-signed.
316 .IP \(bu 4
319 .RS 4
321 .IP \fB\-ignore_critical\fR 4
322 .IX Item "-ignore_critical"
326 .IP \fB\-issuer_checks\fR 4
327 .IX Item "-issuer_checks"
329 .IP \fB\-crl_check\fR 4
330 .IX Item "-crl_check"
333 .IP \fB\-crl_check_all\fR 4
334 .IX Item "-crl_check_all"
335 Checks the validity of \fBall\fR certificates in the chain by attempting
337 .IP \fB\-use_deltas\fR 4
338 .IX Item "-use_deltas"
340 .IP \fB\-extended_crl\fR 4
341 .IX Item "-extended_crl"
344 .IP "\fB\-suiteB_128_only\fR, \fB\-suiteB_128\fR, \fB\-suiteB_192\fR" 4
345 .IX Item "-suiteB_128_only, -suiteB_128, -suiteB_192"
346 Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or
347 192 bit, or only 192 bit Level of Security respectively.
350 P\-256 and P\-384.
351 .IP "\fB\-auth_level\fR \fIlevel\fR" 4
352 .IX Item "-auth_level level"
356 chain to validate, the public keys of all the certificates must meet the
361 definitions of the available levels.  The default security level is \-1,
363 Security level 1 requires at least 80\-bit\-equivalent security and is broadly
366 .IP \fB\-partial_chain\fR 4
367 .IX Item "-partial_chain"
370 (because it has no matching positive trust attributes and is not self-signed)
371 but is an element of the trust store.
372 This certificate may be self-issued or belong to an intermediate CA.
373 .IP \fB\-check_ss_sig\fR 4
374 .IX Item "-check_ss_sig"
375 Verify the signature of
376 the last certificate in a chain if the certificate is supposedly self-signed.
377 This is prohibited and will result in an error if it is a non-conforming CA
380 .IP \fB\-allow_proxy_certs\fR 4
381 .IX Item "-allow_proxy_certs"
382 Allow the verification of proxy certificates.
383 .IP \fB\-trusted_first\fR 4
384 .IX Item "-trusted_first"
385 As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.
388 via \fB\-CAfile\fR, \fB\-CApath\fR, \fB\-CAstore\fR or \fB\-trusted\fR are always used
389 before any certificates specified via \fB\-untrusted\fR.
390 .IP \fB\-no_alt_chains\fR 4
391 .IX Item "-no_alt_chains"
392 As of OpenSSL 1.1.0, since \fB\-trusted_first\fR always on, this option has no
394 .IP "\fB\-trusted\fR \fIfile\fR" 4
395 .IX Item "-trusted file"
396 Parse \fIfile\fR as a set of one or more certificates.
397 Each of them qualifies as trusted if has a suitable positive trust attribute
398 or it is self-signed or the \fB\-partial_chain\fR option is specified.
399 This option implies the \fB\-no\-CAfile\fR, \fB\-no\-CApath\fR, and \fB\-no\-CAstore\fR options
400 and it cannot be used with the \fB\-CAfile\fR, \fB\-CApath\fR or \fB\-CAstore\fR options, so
401 only certificates specified using the \fB\-trusted\fR option are trust anchors.
403 .IP "\fB\-untrusted\fR \fIfile\fR" 4
404 .IX Item "-untrusted file"
405 Parse \fIfile\fR as a set of one or more certificates.
406 All certificates (typically of intermediate CAs) are considered untrusted
410 .IP "\fB\-policy\fR \fIarg\fR" 4
411 .IX Item "-policy arg"
412 Enable policy processing and add \fIarg\fR to the user-initial-policy-set (see
415 .IP \fB\-explicit_policy\fR 4
416 .IX Item "-explicit_policy"
417 Set policy variable require-explicit-policy (see RFC5280).
418 .IP \fB\-policy_check\fR 4
419 .IX Item "-policy_check"
421 .IP \fB\-policy_print\fR 4
422 .IX Item "-policy_print"
424 .IP \fB\-inhibit_any\fR 4
425 .IX Item "-inhibit_any"
426 Set policy variable inhibit-any-policy (see RFC5280).
427 .IP \fB\-inhibit_map\fR 4
428 .IX Item "-inhibit_map"
429 Set policy variable inhibit-policy-mapping (see RFC5280).
430 .IP "\fB\-purpose\fR \fIpurpose\fR" 4
431 .IX Item "-purpose purpose"
432 A high-level specification of the intended use of the target certificate.
437 and thus the commands \fBopenssl\-s_client\fR\|(1) and \fBopenssl\-s_server\fR\|(1)
440 By default, CMS signature validation, which can be done via \fBopenssl\-cms\fR\|(1),
443 While IETF RFC 5280 says that \fBid-kp-serverAuth\fR and \fBid-kp-clientAuth\fR
444 are only for WWW use, in practice they are used for all kinds of TLS clients
446 .IP "\fB\-verify_depth\fR \fInum\fR" 4
447 .IX Item "-verify_depth num"
450 end-entity certificate nor the trust-anchor certificate count against the
451 \&\fB\-verify_depth\fR limit.
452 .IP "\fB\-verify_email\fR \fIemail\fR" 4
453 .IX Item "-verify_email email"
456 .IP "\fB\-verify_hostname\fR \fIhostname\fR" 4
457 .IX Item "-verify_hostname hostname"
460 .IP "\fB\-verify_ip\fR \fIip\fR" 4
461 .IX Item "-verify_ip ip"
462 Verify if \fIip\fR matches the IP address in Subject Alternative Name of
464 .IP "\fB\-verify_name\fR \fIname\fR" 4
465 .IX Item "-verify_name name"
466 Use a set of verification parameters, also known as verification method,
469 These mimic the combinations of purpose and trust settings used in SSL/(D)TLS,
473 partly be set also via other command-line options, and the verification purpose,
478 They can be given using the \fB\-addtrust\fR and \fB\-addreject\fR options
479 for \fBopenssl\-x509\fR\|(1).
483 end-entity certificate.
487 signature formats, such as a SHA\-1 and a SHA\-256 digest.
491 .IP "\fB\-xkey\fR \fIinfile\fR, \fB\-xcert\fR \fIinfile\fR, \fB\-xchain\fR" 4
492 .IX Item "-xkey infile, -xcert infile, -xchain"
494 in the same manner as the \fB\-cert\fR, \fB\-key\fR and \fB\-cert_chain\fR options.  When
497 .IP \fB\-xchain_build\fR 4
498 .IX Item "-xchain_build"
500 provided to the server for the extra certificates via the \fB\-xkey\fR,
501 \&\fB\-xcert\fR, and \fB\-xchain\fR options.
502 .IP "\fB\-xcertform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR" 4
503 .IX Item "-xcertform DER|PEM|P12"
506 .IP "\fB\-xkeyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR" 4
507 .IX Item "-xkeyform DER|PEM|P12"
512 Options like \fB\-purpose\fR and \fB\-verify_name\fR trigger the processing of specific
526 other extensions are checked according to the intended use of the certificate.
527 The treatment of certificates without basicConstraints as a CA
534 made on the uses of the certificate. A CA certificate \fBmust\fR have the
542 in an end-entity certficiate, the key is allowed only for the uses specified,
546 the Extended Key Usage extension will appear only in end-entity certificates,
550 the presence of respective EKUs in subordinate CA certificates (while excluding
554 For historic reasons, OpenSSL has its own way of interpreting and checking
556 It does not require the presence of EKU extensions in CA certificates,
566 A specific description of each check is given below. The comments about
586 ("TLS WWW server authentication") and/or include one of the SGC OIDs.
603 .IP "\fBCommon S/MIME Checks\fR" 4
662 API.  One consequence of this is that trusted certificates with matching
663 subject name must appear in a file (as specified by the \fB\-CAfile\fR option),
664 a directory (as specified by \fB\-CApath\fR),
665 or a store (as specified by \fB\-CAstore\fR).
667 only the first one (in the mentioned order of locations) is recognised.
672 \&\fBopenssl\-verify\fR\|(1),
673 \&\fBopenssl\-ocsp\fR\|(1),
674 \&\fBopenssl\-ts\fR\|(1),
675 \&\fBopenssl\-s_client\fR\|(1),
676 \&\fBopenssl\-s_server\fR\|(1),
677 \&\fBopenssl\-smime\fR\|(1),
678 \&\fBopenssl\-cmp\fR\|(1),
679 \&\fBopenssl\-cms\fR\|(1)
682 The checks enabled by \fB\-x509_strict\fR have been extended in OpenSSL 3.0.
685 Copyright 2000\-2024 The OpenSSL Project Authors. All Rights Reserved.