Lines Matching +full:1 +full:- +full:of +full:- +full:4
18 .\" Set up some character translations and predefined strings. \*(-- will
24 .tr \(*W-
27 . ds -- \(*W-
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
37 . ds -- \|\(em\|
51 .\" entries marked with X<> in POD. Of course, you'll have to process the
62 . tm Index:\\$1\t\\n%\t"\\$2"
71 .\" Fear. Run. Save yourself. No user-serviceable parts.
81 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
97 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
98 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
99 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
100 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
101 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
102 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104 . \" troff and (daisy-wheel) nroff accents
123 . ds d- d\h'-1'\(ga
124 . ds D- D\h'-1'\(hy
133 .IX Title "OPENSSL-VERIFICATION-OPTIONS 1ossl"
134 .TH OPENSSL-VERIFICATION-OPTIONS 1ossl "2023-09-19" "3.0.11" "OpenSSL"
140 openssl\-verification\-options \- generic X.509 certificate verification options
153 It is a complicated process consisting of a number of steps
155 The most important of them are detailed in the following sections.
157 In a nutshell, a valid chain of certificates needs to be built up and verified
161 of the target certificate, such as \s-1SSL\s0 server, or by default for any purpose.
163 The details of how each OpenSSL command handles errors
166 \&\s-1DANE\s0 support is documented in \fBopenssl\-s_client\fR\|(1),
171 In general, according to \s-1RFC 4158\s0 and \s-1RFC 5280,\s0 a \fItrust anchor\fR is
172 any public key and related subject distinguished name (\s-1DN\s0) that
174 and thus is acceptable as the root of a chain of certificates.
176 In practice, trust anchors are given in the form of certificates,
177 where their essential fields are the public key and the subject \s-1DN.\s0
178 In addition to the requirements in \s-1RFC 5280,\s0
179 OpenSSL checks the validity period of such certificates
180 and makes use of some further fields.
185 all self-signed \*(L"root\*(R" \s-1CA\s0 certificates that are placed in the \fItrust store\fR,
186 which is a collection of certificates that are trusted for certain uses.
187 This is akin to what is used in the trust stores of Mozilla Firefox,
192 uses of a target certificate the certificate may serve as a trust anchor.
193 In \s-1PEM\s0 encoding, this is indicated by the \f(CW\*(C`TRUSTED CERTIFICATE\*(C'\fR string.
194 Such a designation provides a set of positive trust attributes
196 and/or a set of negative trust attributes
199 (EKUs) that may be given in X.509 extensions of end-entity certificates.
203 \&\fBclientAuth\fR (\s-1SSL\s0 client use), \fBserverAuth\fR (\s-1SSL\s0 server use),
205 \&\fBOCSPSigning\fR (\s-1OCSP\s0 responder use), \fB\s-1OCSP\s0\fR (\s-1OCSP\s0 request use),
206 \&\fBtimeStamping\fR (\s-1TSA\s0 server use), and \fBanyExtendedKeyUsage\fR.
207 As of OpenSSL 1.1.0, the last of these blocks all uses when rejected or
210 A certificate, which may be \s-1CA\s0 certificate or an end-entity certificate,
213 .IP "\(bu" 4
214 It is an an element of the trust store.
215 .IP "\(bu" 4
217 .IP "\(bu" 4
219 or (by default) one of the following compatibility conditions apply:
220 It is self-signed or the \fB\-partial_chain\fR option is given
229 matches as an issuer of the current \*(L"subject\*(R" certificate as described below.
231 is taken, otherwise the one that expired most recently of all such certificates.
235 When a self-signed certificate has been added, chain construction stops.
239 if all of the following conditions hold:
240 .IP "\(bu" 4
241 Its subject name matches the issuer name of the subject certificate.
242 .IP "\(bu" 4
244 each of its sub-fields equals the corresponding subject key identifier, serial
245 number, and issuer field of the candidate issuer certificate,
247 .IP "\(bu" 4
250 equals the public key algorithm of the candidate issuer certificate.
254 the list of untrusted (\*(L"intermediate\*(R" \s-1CA\s0) certificates, if provided.
260 The first step is to check that each certificate is well-formed.
261 Part of these checks are enabled only if the \fB\-x509_strict\fR option is given.
263 The second step is to check the extensions of every untrusted certificate
265 If the \fB\-purpose\fR option is not given then no such checks are done
266 except for \s-1SSL/TLS\s0 connection setup,
270 All certificates except the target or \*(L"leaf\*(R" must also be valid \s-1CA\s0 certificates.
272 \&\*(L"\s-1CERTIFICATE EXTENSIONS\*(R"\s0 in \fBopenssl\-x509\fR\|(1).
275 (which typically is a self-signed root \s-1CA\s0 certificate).
277 For compatibility with previous versions of OpenSSL, a self-signed certificate
280 The fourth, and final, step is to check the validity of the certificate chain.
281 For each element in the chain, including the root \s-1CA\s0 certificate,
284 The \fB\-attime\fR flag may be used to use a reference time other than \*(L"now.\*(R"
286 (except for the signature of the typically self-signed root \s-1CA\s0 certificate,
287 which is verified only if the \fB\-check_ss_sig\fR option is given).
289 the keyUsage extension (if present) of the candidate issuer certificate
300 As mentioned, a collection of such certificates is called a \fItrust store\fR.
302 Note that OpenSSL does not provide a default set of trust anchors. Many
305 <https://www.mozilla.org/en\-US/about/governance/policies/security\-group/certs/>.
309 .IP "\fB\-CAfile\fR \fIfile\fR" 4
310 .IX Item "-CAfile file"
312 or several of them in case the input is in \s-1PEM\s0 or PKCS#12 format.
313 PEM-encoded certificates may also have trust attributes set.
314 .IP "\fB\-no\-CAfile\fR" 4
315 .IX Item "-no-CAfile"
316 Do not load the default file of trusted certificates.
317 .IP "\fB\-CApath\fR \fIdir\fR" 4
318 .IX Item "-CApath dir"
319 Use the specified directory as a collection of trusted certificates,
321 Files should be named with the hash value of the X.509 SubjectName of each
324 See \fBopenssl\-rehash\fR\|(1) for information on creating this type of directory.
325 .IP "\fB\-no\-CApath\fR" 4
326 .IX Item "-no-CApath"
327 Do not use the default directory of trusted certificates.
328 .IP "\fB\-CAstore\fR \fIuri\fR" 4
329 .IX Item "-CAstore uri"
330 Use \fIuri\fR as a store of \s-1CA\s0 certificates.
331 The \s-1URI\s0 may indicate a single certificate, as well as a collection of them.
332 With URIs in the \f(CW\*(C`file:\*(C'\fR scheme, this acts as \fB\-CAfile\fR or
333 \&\fB\-CApath\fR, depending on if the \s-1URI\s0 indicates a single file or
335 See \fBossl_store\-file\fR\|(7) for more information on the \f(CW\*(C`file:\*(C'\fR scheme.
338 chain (for example with \fBopenssl\-s_server\fR\|(1)) or client certificate
339 chain (for example with \fBopenssl\-s_time\fR\|(1)).
340 .IP "\fB\-no\-CAstore\fR" 4
341 .IX Item "-no-CAstore"
342 Do not use the default store of trusted \s-1CA\s0 certificates.
345 The certificate verification can be fine-tuned with the following flags.
346 .IP "\fB\-verbose\fR" 4
347 .IX Item "-verbose"
349 .IP "\fB\-attime\fR \fItimestamp\fR" 4
350 .IX Item "-attime timestamp"
352 current system time. \fItimestamp\fR is the number of seconds since
353 January 1, 1970 (i.e., the Unix Epoch).
354 .IP "\fB\-no_check_time\fR" 4
355 .IX Item "-no_check_time"
356 This option suppresses checking the validity period of certificates and CRLs
357 against the current time. If option \fB\-attime\fR is used to specify
359 .IP "\fB\-x509_strict\fR" 4
360 .IX Item "-x509_strict"
361 This disables non-compliant workarounds for broken certificates.
362 Thus errors are thrown on certificates not compliant with \s-1RFC 5280.\s0
365 among others, the following certificate well-formedness conditions are checked:
366 .RS 4
367 .IP "\(bu" 4
368 The basicConstraints of \s-1CA\s0 certificates must be marked critical.
369 .IP "\(bu" 4
370 \&\s-1CA\s0 certificates must explicitly include the keyUsage extension.
371 .IP "\(bu" 4
373 .IP "\(bu" 4
374 The pathlenConstraint must not be given for non-CA certificates.
375 .IP "\(bu" 4
376 The issuer name of any certificate must not be empty.
377 .IP "\(bu" 4
378 The subject name of \s-1CA\s0 certs, certs with keyUsage crlSign, and certs
380 .IP "\(bu" 4
382 .IP "\(bu" 4
384 .IP "\(bu" 4
387 .IP "\(bu" 4
389 are self-signed.
390 .IP "\(bu" 4
391 The subjectKeyIdentifier must be given for all X.509v3 \s-1CA\s0 certs.
393 .RS 4
395 .IP "\fB\-ignore_critical\fR" 4
396 .IX Item "-ignore_critical"
398 supported by OpenSSL the certificate is rejected (as required by \s-1RFC5280\s0).
400 .IP "\fB\-issuer_checks\fR" 4
401 .IX Item "-issuer_checks"
403 .IP "\fB\-crl_check\fR" 4
404 .IX Item "-crl_check"
405 Checks end entity certificate validity by attempting to look up a valid \s-1CRL.\s0
406 If a valid \s-1CRL\s0 cannot be found an error occurs.
407 .IP "\fB\-crl_check_all\fR" 4
408 .IX Item "-crl_check_all"
409 Checks the validity of \fBall\fR certificates in the chain by attempting
411 .IP "\fB\-use_deltas\fR" 4
412 .IX Item "-use_deltas"
414 .IP "\fB\-extended_crl\fR" 4
415 .IX Item "-extended_crl"
416 Enable extended \s-1CRL\s0 features such as indirect CRLs and alternate \s-1CRL\s0
418 .IP "\fB\-suiteB_128_only\fR, \fB\-suiteB_128\fR, \fB\-suiteB_192\fR" 4
419 .IX Item "-suiteB_128_only, -suiteB_128, -suiteB_192"
420 Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or
421 192 bit, or only 192 bit Level of Security respectively.
422 See \s-1RFC6460\s0 for details. In particular the supported signature algorithms are
423 reduced to support only \s-1ECDSA\s0 and \s-1SHA256\s0 or \s-1SHA384\s0 and only the elliptic curves
424 P\-256 and P\-384.
425 .IP "\fB\-auth_level\fR \fIlevel\fR" 4
426 .IX Item "-auth_level level"
430 chain to validate, the public keys of all the certificates must meet the
435 definitions of the available levels. The default security level is \-1,
437 Security level 1 requires at least 80\-bit\-equivalent security and is broadly
438 interoperable, though it will, for example, reject \s-1MD5\s0 signatures or \s-1RSA\s0
440 .IP "\fB\-partial_chain\fR" 4
441 .IX Item "-partial_chain"
444 (because it has no matching positive trust attributes and is not self-signed)
445 but is an element of the trust store.
446 This certificate may be self-issued or belong to an intermediate \s-1CA.\s0
447 .IP "\fB\-check_ss_sig\fR" 4
448 .IX Item "-check_ss_sig"
449 Verify the signature of
450 the last certificate in a chain if the certificate is supposedly self-signed.
451 This is prohibited and will result in an error if it is a non-conforming \s-1CA\s0
454 .IP "\fB\-allow_proxy_certs\fR" 4
455 .IX Item "-allow_proxy_certs"
456 Allow the verification of proxy certificates.
457 .IP "\fB\-trusted_first\fR" 4
458 .IX Item "-trusted_first"
459 As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.
462 via \fB\-CAfile\fR, \fB\-CApath\fR, \fB\-CAstore\fR or \fB\-trusted\fR are always used
463 before any certificates specified via \fB\-untrusted\fR.
464 .IP "\fB\-no_alt_chains\fR" 4
465 .IX Item "-no_alt_chains"
466 As of OpenSSL 1.1.0, since \fB\-trusted_first\fR always on, this option has no
468 .IP "\fB\-trusted\fR \fIfile\fR" 4
469 .IX Item "-trusted file"
470 Parse \fIfile\fR as a set of one or more certificates.
471 Each of them qualifies as trusted if has a suitable positive trust attribute
472 or it is self-signed or the \fB\-partial_chain\fR option is specified.
473 This option implies the \fB\-no\-CAfile\fR, \fB\-no\-CApath\fR, and \fB\-no\-CAstore\fR options
474 and it cannot be used with the \fB\-CAfile\fR, \fB\-CApath\fR or \fB\-CAstore\fR options, so
475 only certificates specified using the \fB\-trusted\fR option are trust anchors.
477 .IP "\fB\-untrusted\fR \fIfile\fR" 4
478 .IX Item "-untrusted file"
479 Parse \fIfile\fR as a set of one or more certificates.
480 All certificates (typically of intermediate CAs) are considered untrusted
484 .IP "\fB\-policy\fR \fIarg\fR" 4
485 .IX Item "-policy arg"
486 Enable policy processing and add \fIarg\fR to the user-initial-policy-set (see
487 \&\s-1RFC5280\s0). The policy \fIarg\fR can be an object name an \s-1OID\s0 in numeric form.
489 .IP "\fB\-explicit_policy\fR" 4
490 .IX Item "-explicit_policy"
491 Set policy variable require-explicit-policy (see \s-1RFC5280\s0).
492 .IP "\fB\-policy_check\fR" 4
493 .IX Item "-policy_check"
495 .IP "\fB\-policy_print\fR" 4
496 .IX Item "-policy_print"
498 .IP "\fB\-inhibit_any\fR" 4
499 .IX Item "-inhibit_any"
500 Set policy variable inhibit-any-policy (see \s-1RFC5280\s0).
501 .IP "\fB\-inhibit_map\fR" 4
502 .IX Item "-inhibit_map"
503 Set policy variable inhibit-policy-mapping (see \s-1RFC5280\s0).
504 .IP "\fB\-purpose\fR \fIpurpose\fR" 4
505 .IX Item "-purpose purpose"
510 If peer certificate verification is enabled, by default the \s-1TLS\s0 implementation
512 with \s-1TLS\s0 server or \s-1TLS\s0 client use, respectively.
514 While \s-1IETF RFC 5280\s0 says that \fBid-kp-serverAuth\fR and \fBid-kp-clientAuth\fR
515 are only for \s-1WWW\s0 use, in practice they are used for all kinds of \s-1TLS\s0 clients
517 .IP "\fB\-verify_depth\fR \fInum\fR" 4
518 .IX Item "-verify_depth num"
519 Limit the certificate chain to \fInum\fR intermediate \s-1CA\s0 certificates.
521 end-entity certificate nor the trust-anchor certificate count against the
522 \&\fB\-verify_depth\fR limit.
523 .IP "\fB\-verify_email\fR \fIemail\fR" 4
524 .IX Item "-verify_email email"
527 .IP "\fB\-verify_hostname\fR \fIhostname\fR" 4
528 .IX Item "-verify_hostname hostname"
529 Verify if \fIhostname\fR matches \s-1DNS\s0 name in Subject Alternative Name or
531 .IP "\fB\-verify_ip\fR \fIip\fR" 4
532 .IX Item "-verify_ip ip"
533 Verify if \fIip\fR matches the \s-1IP\s0 address in Subject Alternative Name of
535 .IP "\fB\-verify_name\fR \fIname\fR" 4
536 .IX Item "-verify_name name"
541 They can be given using the \fB\-addtrust\fR and \fB\-addreject\fR options
542 for \fBopenssl\-x509\fR\|(1).
545 These mimics the combinations of purpose and trust settings used in \s-1SSL, CMS\s0
547 As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not
548 specified, so the \fB\-verify_name\fR options are functionally equivalent to the
549 corresponding \fB\-purpose\fR settings.
553 end-entity certificate.
554 This usually happens when a root or intermediate \s-1CA\s0 signs a certificate
555 for another a \s-1CA\s0 in other organization.
556 Another reason is when a \s-1CA\s0 might have intermediates that use two different
557 signature formats, such as a \s-1SHA\-1\s0 and a \s-1SHA\-256\s0 digest.
561 .IP "\fB\-xkey\fR \fIinfile\fR, \fB\-xcert\fR \fIinfile\fR, \fB\-xchain\fR" 4
562 .IX Item "-xkey infile, -xcert infile, -xchain"
564 in the same manner as the \fB\-cert\fR, \fB\-key\fR and \fB\-cert_chain\fR options. When
567 .IP "\fB\-xchain_build\fR" 4
568 .IX Item "-xchain_build"
570 provided to the server for the extra certificates via the \fB\-xkey\fR,
571 \&\fB\-xcert\fR, and \fB\-xchain\fR options.
572 .IP "\fB\-xcertform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR" 4
573 .IX Item "-xcertform DER|PEM|P12"
576 .IP "\fB\-xkeyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR" 4
577 .IX Item "-xkeyform DER|PEM|P12"
582 Options like \fB\-purpose\fR lead to checking the certificate extensions,
583 which determine what the target certificate and intermediate \s-1CA\s0 certificates
589 The basicConstraints extension \s-1CA\s0 flag is used to determine whether the
590 certificate can be used as a \s-1CA.\s0 If the \s-1CA\s0 flag is true then it is a \s-1CA,\s0
591 if the \s-1CA\s0 flag is false then it is not a \s-1CA.\s0 \fBAll\fR CAs should have the
592 \&\s-1CA\s0 flag set to true.
596 then the certificate is considered to be a \*(L"possible \s-1CA\*(R"\s0 and
597 other extensions are checked according to the intended use of the certificate.
598 The treatment of certificates without basicConstraints as a \s-1CA\s0
605 made on the uses of the certificate. A \s-1CA\s0 certificate \fBmust\fR have the
611 The extKeyUsage (\s-1EKU\s0) extension places additional restrictions on the
615 A complete description of each check is given below. The comments about
617 \&\s-1CA\s0 certificates.
618 .IP "\fB\s-1SSL\s0 Client\fR" 4
621 authentication\*(R" \s-1OID.\s0 The keyUsage extension must be absent or it must have the
623 or it must have the \s-1SSL\s0 client bit set.
624 .IP "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4
627 authentication\*(R" \s-1OID.\s0
628 The Netscape certificate type must be absent or it must have the \s-1SSL CA\s0 bit set.
630 .IP "\fB\s-1SSL\s0 Server\fR" 4
633 authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. The keyUsage extension must be
636 The Netscape certificate type must be absent or have the \s-1SSL\s0 server bit set.
637 .IP "\fB\s-1SSL\s0 Server \s-1CA\s0\fR" 4
640 authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. The Netscape certificate type must
641 be absent or the \s-1SSL CA\s0 bit must be set.
643 .IP "\fBNetscape \s-1SSL\s0 Server\fR" 4
645 For Netscape \s-1SSL\s0 clients to connect to an \s-1SSL\s0 server it must have the
648 Otherwise it is the same as a normal \s-1SSL\s0 server.
649 .IP "\fBCommon S/MIME Client Tests\fR" 4
652 protection\*(R" \s-1OID.\s0 The Netscape certificate type must be absent or should have the
654 then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown.
656 .IP "\fBS/MIME Signing\fR" 4
660 .IP "\fBS/MIME Encryption\fR" 4
664 .IP "\fBS/MIME \s-1CA\s0\fR" 4
667 protection\*(R" \s-1OID.\s0 The Netscape certificate type must be absent or must have the
668 S/MIME \s-1CA\s0 bit set.
670 .IP "\fB\s-1CRL\s0 Signing\fR" 4
672 The keyUsage extension must be absent or it must have the \s-1CRL\s0 signing bit
674 .IP "\fB\s-1CRL\s0 Signing \s-1CA\s0\fR" 4
676 The normal \s-1CA\s0 tests apply. Except in this case the basicConstraints extension
681 \&\s-1API.\s0 One consequence of this is that trusted certificates with matching
682 subject name must appear in a file (as specified by the \fB\-CAfile\fR option),
683 a directory (as specified by \fB\-CApath\fR),
684 or a store (as specified by \fB\-CAstore\fR).
686 only the first one (in the mentioned order of locations) is recognised.
690 \&\fBopenssl\-verify\fR\|(1),
691 \&\fBopenssl\-ocsp\fR\|(1),
692 \&\fBopenssl\-ts\fR\|(1),
693 \&\fBopenssl\-s_client\fR\|(1),
694 \&\fBopenssl\-s_server\fR\|(1),
695 \&\fBopenssl\-smime\fR\|(1),
696 \&\fBopenssl\-cmp\fR\|(1),
697 \&\fBopenssl\-cms\fR\|(1)
700 The checks enabled by \fB\-x509_strict\fR have been extended in OpenSSL 3.0.
703 Copyright 2000\-2023 The OpenSSL Project Authors. All Rights Reserved.
707 in the file \s-1LICENSE\s0 in the source distribution or at