]>
Commit | Line | Data |
---|---|---|
13938ace DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
b6b66573 | 5 | openssl-verify - Utility to verify certificates |
13938ace DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl> B<verify> | |
169394d4 | 10 | [B<-help>] |
e8769719 RS |
11 | [B<-CAfile> I<file>] |
12 | [B<-CApath> I<directory>] | |
40e2d76b MC |
13 | [B<-no-CAfile>] |
14 | [B<-no-CApath>] | |
a392ef20 | 15 | [B<-allow_proxy_certs>] |
e8769719 | 16 | [B<-attime> I<timestamp>] |
cd028c8e | 17 | [B<-check_ss_sig>] |
e8769719 | 18 | [B<-CRLfile> I<file>] |
79a55b1f | 19 | [B<-crl_download>] |
e5fa864f DSH |
20 | [B<-crl_check>] |
21 | [B<-crl_check_all>] | |
e8769719 | 22 | [B<-engine> I<id>] |
e5fa864f | 23 | [B<-explicit_policy>] |
e5fa864f | 24 | [B<-extended_crl>] |
2866441a HK |
25 | [B<-ignore_critical>] |
26 | [B<-inhibit_any>] | |
27 | [B<-inhibit_map>] | |
e8769719 | 28 | [B<-nameopt> I<option>] |
5a1f853b | 29 | [B<-no_check_time>] |
cd028c8e | 30 | [B<-partial_chain>] |
e8769719 | 31 | [B<-policy> I<arg>] |
2866441a HK |
32 | [B<-policy_check>] |
33 | [B<-policy_print>] | |
e8769719 | 34 | [B<-purpose> I<purpose>] |
cd028c8e HK |
35 | [B<-suiteB_128>] |
36 | [B<-suiteB_128_only>] | |
37 | [B<-suiteB_192>] | |
2866441a | 38 | [B<-trusted_first>] |
fa7b0111 | 39 | [B<-no_alt_chains>] |
e8769719 RS |
40 | [B<-untrusted> I<file>] |
41 | [B<-trusted> I<file>] | |
2866441a | 42 | [B<-use_deltas>] |
13938ace | 43 | [B<-verbose>] |
e8769719 RS |
44 | [B<-auth_level> I<level>] |
45 | [B<-verify_depth> I<num>] | |
46 | [B<-verify_email> I<email>] | |
47 | [B<-verify_hostname> I<hostname>] | |
48 | [B<-verify_ip> I<ip>] | |
49 | [B<-verify_name> I<name>] | |
2866441a | 50 | [B<-x509_strict>] |
7f3f41d8 | 51 | [B<-show_chain>] |
7eba43e8 PY |
52 | [B<-sm2-id string>] |
53 | [B<-sm2-hex-id hex-string>] | |
13938ace DSH |
54 | [B<->] |
55 | [certificates] | |
56 | ||
1738c0ce RS |
57 | =for comment ifdef engine sm2-id sm2-hex-id |
58 | ||
13938ace DSH |
59 | =head1 DESCRIPTION |
60 | ||
61 | The B<verify> command verifies certificate chains. | |
62 | ||
3dfda1a6 | 63 | =head1 OPTIONS |
13938ace DSH |
64 | |
65 | =over 4 | |
66 | ||
169394d4 MR |
67 | =item B<-help> |
68 | ||
69 | Print out a usage message. | |
70 | ||
e8769719 | 71 | =item B<-CAfile> I<file> |
2866441a | 72 | |
feb2f53e VD |
73 | A B<file> of trusted certificates. |
74 | The file should contain one or more certificates in PEM format. | |
2866441a | 75 | |
e8769719 | 76 | =item B<-CApath> I<directory> |
13938ace DSH |
77 | |
78 | A directory of trusted certificates. The certificates should have names | |
79 | of the form: hash.0 or have symbolic links to them of this | |
80 | form ("hash" is the hashed certificate subject name: see the B<-hash> option | |
81 | of the B<x509> utility). Under Unix the B<c_rehash> script will automatically | |
82 | create symbolic links to a directory of certificates. | |
83 | ||
40e2d76b MC |
84 | =item B<-no-CAfile> |
85 | ||
c4de074e | 86 | Do not load the trusted CA certificates from the default file location. |
40e2d76b MC |
87 | |
88 | =item B<-no-CApath> | |
89 | ||
c4de074e | 90 | Do not load the trusted CA certificates from the default directory location. |
40e2d76b | 91 | |
a392ef20 RL |
92 | =item B<-allow_proxy_certs> |
93 | ||
c4de074e | 94 | Allow the verification of proxy certificates. |
a392ef20 | 95 | |
e8769719 | 96 | =item B<-attime> I<timestamp> |
13938ace | 97 | |
2866441a HK |
98 | Perform validation checks using time specified by B<timestamp> and not |
99 | current system time. B<timestamp> is the number of seconds since | |
100 | 01.01.1970 (UNIX time). | |
13938ace | 101 | |
2866441a | 102 | =item B<-check_ss_sig> |
13938ace | 103 | |
2866441a HK |
104 | Verify the signature on the self-signed root CA. This is disabled by default |
105 | because it doesn't add any security. | |
13938ace | 106 | |
e8769719 | 107 | =item B<-CRLfile> I<file> |
fc1d88f0 | 108 | |
feb2f53e VD |
109 | The B<file> should contain one or more CRLs in PEM format. |
110 | This option can be specified more than once to include CRLs from multiple | |
111 | B<files>. | |
fc1d88f0 | 112 | |
79a55b1f MC |
113 | =item B<-crl_download> |
114 | ||
115 | Attempt to download CRL information for this certificate. | |
116 | ||
2866441a | 117 | =item B<-crl_check> |
6d3d5793 | 118 | |
2866441a HK |
119 | Checks end entity certificate validity by attempting to look up a valid CRL. |
120 | If a valid CRL cannot be found an error occurs. | |
6d3d5793 | 121 | |
2866441a | 122 | =item B<-crl_check_all> |
13938ace | 123 | |
2866441a HK |
124 | Checks the validity of B<all> certificates in the chain by attempting |
125 | to look up valid CRLs. | |
126 | ||
e8769719 | 127 | =item B<-engine> I<id> |
feb2f53e VD |
128 | |
129 | Specifying an engine B<id> will cause L<verify(1)> to attempt to load the | |
130 | specified engine. | |
131 | The engine will then be set as the default for all its supported algorithms. | |
132 | If you want to load certificates or CRLs that require engine support via any of | |
133 | the B<-trusted>, B<-untrusted> or B<-CRLfile> options, the B<-engine> option | |
134 | must be specified before those options. | |
135 | ||
2866441a HK |
136 | =item B<-explicit_policy> |
137 | ||
138 | Set policy variable require-explicit-policy (see RFC5280). | |
139 | ||
140 | =item B<-extended_crl> | |
141 | ||
142 | Enable extended CRL features such as indirect CRLs and alternate CRL | |
143 | signing keys. | |
13938ace | 144 | |
2866441a | 145 | =item B<-ignore_critical> |
13938ace | 146 | |
2866441a HK |
147 | Normally if an unhandled critical extension is present which is not |
148 | supported by OpenSSL the certificate is rejected (as required by RFC5280). | |
149 | If this option is set critical extensions are ignored. | |
150 | ||
151 | =item B<-inhibit_any> | |
152 | ||
153 | Set policy variable inhibit-any-policy (see RFC5280). | |
154 | ||
155 | =item B<-inhibit_map> | |
156 | ||
157 | Set policy variable inhibit-policy-mapping (see RFC5280). | |
13938ace | 158 | |
e8769719 | 159 | =item B<-nameopt> I<option> |
ad39b31c | 160 | |
c4de074e | 161 | Option which determines how the subject or issuer names are displayed. The |
ad39b31c DB |
162 | B<option> argument can be a single option or multiple options separated by |
163 | commas. Alternatively the B<-nameopt> switch may be used more than once to | |
164 | set multiple options. See the L<x509(1)> manual page for details. | |
165 | ||
5a1f853b RS |
166 | =item B<-no_check_time> |
167 | ||
1bc74519 | 168 | This option suppresses checking the validity period of certificates and CRLs |
e8769719 | 169 | against the current time. If option B<-attime> is used to specify |
5a1f853b RS |
170 | a verification time, the check is not suppressed. |
171 | ||
2866441a | 172 | =item B<-partial_chain> |
9ed03faa | 173 | |
feb2f53e VD |
174 | Allow verification to succeed even if a I<complete> chain cannot be built to a |
175 | self-signed trust-anchor, provided it is possible to construct a chain to a | |
176 | trusted certificate that might not be self-signed. | |
9ed03faa | 177 | |
e8769719 | 178 | =item B<-policy> I<arg> |
e5fa864f | 179 | |
3a778a29 BL |
180 | Enable policy processing and add B<arg> to the user-initial-policy-set (see |
181 | RFC5280). The policy B<arg> can be an object name an OID in numeric form. | |
182 | This argument can appear more than once. | |
e5fa864f DSH |
183 | |
184 | =item B<-policy_check> | |
185 | ||
186 | Enables certificate policy processing. | |
187 | ||
e5fa864f DSH |
188 | =item B<-policy_print> |
189 | ||
3a778a29 | 190 | Print out diagnostics related to policy processing. |
e5fa864f | 191 | |
e8769719 | 192 | =item B<-purpose> I<purpose> |
e5fa864f | 193 | |
2866441a HK |
194 | The intended use for the certificate. If this option is not specified, |
195 | B<verify> will not consider certificate purpose during chain verification. | |
196 | Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>, | |
197 | B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more | |
198 | information. | |
e5fa864f | 199 | |
2866441a | 200 | =item B<-suiteB_128_only>, B<-suiteB_128>, B<-suiteB_192> |
e5fa864f | 201 | |
c4de074e | 202 | Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or |
2866441a HK |
203 | 192 bit, or only 192 bit Level of Security respectively. |
204 | See RFC6460 for details. In particular the supported signature algorithms are | |
205 | reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves | |
206 | P-256 and P-384. | |
e5fa864f | 207 | |
2866441a | 208 | =item B<-trusted_first> |
e5fa864f | 209 | |
feb2f53e VD |
210 | When constructing the certificate chain, use the trusted certificates specified |
211 | via B<-CAfile>, B<-CApath> or B<-trusted> before any certificates specified via | |
212 | B<-untrusted>. | |
213 | This can be useful in environments with Bridge or Cross-Certified CAs. | |
0daccd4d | 214 | As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. |
e5fa864f | 215 | |
fa7b0111 MC |
216 | =item B<-no_alt_chains> |
217 | ||
0daccd4d VD |
218 | By default, unless B<-trusted_first> is specified, when building a certificate |
219 | chain, if the first certificate chain found is not trusted, then OpenSSL will | |
220 | attempt to replace untrusted issuer certificates with certificates from the | |
221 | trust store to see if an alternative chain can be found that is trusted. | |
222 | As of OpenSSL 1.1.0, with B<-trusted_first> always on, this option has no | |
223 | effect. | |
fa7b0111 | 224 | |
e8769719 | 225 | =item B<-untrusted> I<file> |
e5fa864f | 226 | |
feb2f53e | 227 | A B<file> of additional untrusted certificates (intermediate issuer CAs) used |
35ed393e | 228 | to construct a certificate chain from the subject certificate to a trust-anchor. |
feb2f53e | 229 | The B<file> should contain one or more certificates in PEM format. |
77a795e4 | 230 | This option can be specified more than once to include untrusted certificates |
feb2f53e | 231 | from multiple B<files>. |
e5fa864f | 232 | |
e8769719 | 233 | =item B<-trusted> I<file> |
79a55b1f | 234 | |
feb2f53e VD |
235 | A B<file> of trusted certificates, which must be self-signed, unless the |
236 | B<-partial_chain> option is specified. | |
77a795e4 | 237 | The B<file> contains one or more certificates in PEM format. |
feb2f53e VD |
238 | With this option, no additional (e.g., default) certificate lists are |
239 | consulted. | |
240 | That is, the only trust-anchors are those listed in B<file>. | |
241 | This option can be specified more than once to include trusted certificates | |
242 | from multiple B<files>. | |
243 | This option implies the B<-no-CAfile> and B<-no-CApath> options. | |
244 | This option cannot be used in combination with either of the B<-CAfile> or | |
245 | B<-CApath> options. | |
79a55b1f | 246 | |
e5fa864f DSH |
247 | =item B<-use_deltas> |
248 | ||
249 | Enable support for delta CRLs. | |
250 | ||
2866441a | 251 | =item B<-verbose> |
cd028c8e | 252 | |
2866441a | 253 | Print extra information about the operations being performed. |
cd028c8e | 254 | |
e8769719 | 255 | =item B<-auth_level> I<level> |
fbb82a60 VD |
256 | |
257 | Set the certificate chain authentication security level to B<level>. | |
258 | The authentication security level determines the acceptable signature and | |
259 | public key strength when verifying certificate chains. | |
260 | For a certificate chain to validate, the public keys of all the certificates | |
261 | must meet the specified security B<level>. | |
262 | The signature algorithm security level is enforced for all the certificates in | |
263 | the chain except for the chain's I<trust anchor>, which is either directly | |
264 | trusted or validated by means other than its signature. | |
265 | See L<SSL_CTX_set_security_level(3)> for the definitions of the available | |
266 | levels. | |
267 | The default security level is -1, or "not set". | |
268 | At security level 0 or lower all algorithms are acceptable. | |
269 | Security level 1 requires at least 80-bit-equivalent security and is broadly | |
270 | interoperable, though it will, for example, reject MD5 signatures or RSA keys | |
271 | shorter than 1024 bits. | |
272 | ||
e8769719 | 273 | =item B<-verify_depth> I<num> |
cd028c8e | 274 | |
fbb82a60 VD |
275 | Limit the certificate chain to B<num> intermediate CA certificates. |
276 | A maximal depth chain can have up to B<num+2> certificates, since neither the | |
277 | end-entity certificate nor the trust-anchor certificate count against the | |
278 | B<-verify_depth> limit. | |
cd028c8e | 279 | |
e8769719 | 280 | =item B<-verify_email> I<email> |
cd028c8e HK |
281 | |
282 | Verify if the B<email> matches the email address in Subject Alternative Name or | |
115e4809 | 283 | the email in the subject Distinguished Name. |
cd028c8e | 284 | |
e8769719 | 285 | =item B<-verify_hostname> I<hostname> |
cd028c8e HK |
286 | |
287 | Verify if the B<hostname> matches DNS name in Subject Alternative Name or | |
288 | Common Name in the subject certificate. | |
289 | ||
e8769719 | 290 | =item B<-verify_ip> I<ip> |
cd028c8e HK |
291 | |
292 | Verify if the B<ip> matches the IP address in Subject Alternative Name of | |
293 | the subject certificate. | |
294 | ||
e8769719 | 295 | =item B<-verify_name> I<name> |
cd028c8e | 296 | |
feb2f53e | 297 | Use default verification policies like trust model and required certificate |
cd028c8e | 298 | policies identified by B<name>. |
0daccd4d VD |
299 | The trust model determines which auxiliary trust or reject OIDs are applicable |
300 | to verifying the given certificate chain. | |
301 | See the B<-addtrust> and B<-addreject> options of the L<x509(1)> command-line | |
302 | utility. | |
feb2f53e VD |
303 | Supported policy names include: B<default>, B<pkcs7>, B<smime_sign>, |
304 | B<ssl_client>, B<ssl_server>. | |
0daccd4d VD |
305 | These mimics the combinations of purpose and trust settings used in SSL, CMS |
306 | and S/MIME. | |
307 | As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not | |
308 | specified, so the B<-verify_name> options are functionally equivalent to the | |
309 | corresponding B<-purpose> settings. | |
cd028c8e | 310 | |
2866441a HK |
311 | =item B<-x509_strict> |
312 | ||
313 | For strict X.509 compliance, disable non-compliant workarounds for broken | |
314 | certificates. | |
315 | ||
7f3f41d8 MC |
316 | =item B<-show_chain> |
317 | ||
318 | Display information about the certificate chain that has been built (if | |
319 | successful). Certificates in the chain that came from the untrusted list will be | |
320 | flagged as "untrusted". | |
321 | ||
7eba43e8 PY |
322 | =item B<-sm2-id> |
323 | ||
324 | Specify the ID string to use when verifying an SM2 certificate. The ID string is | |
325 | required by the SM2 signature algorithm for signing and verification. | |
326 | ||
327 | =item B<-sm2-hex-id> | |
328 | ||
329 | Specify a binary ID string to use when signing or verifying using an SM2 | |
330 | certificate. The argument for this option is string of hexadecimal digits. | |
331 | ||
13938ace DSH |
332 | =item B<-> |
333 | ||
3a778a29 | 334 | Indicates the last option. All arguments following this are assumed to be |
7b418a47 DSH |
335 | certificate files. This is useful if the first certificate filename begins |
336 | with a B<->. | |
13938ace DSH |
337 | |
338 | =item B<certificates> | |
339 | ||
3a778a29 BL |
340 | One or more certificates to verify. If no certificates are given, B<verify> |
341 | will attempt to read a certificate from standard input. Certificates must be | |
342 | in PEM format. | |
13938ace DSH |
343 | |
344 | =back | |
345 | ||
346 | =head1 VERIFY OPERATION | |
347 | ||
348 | The B<verify> program uses the same functions as the internal SSL and S/MIME | |
349 | verification, therefore this description applies to these verify operations | |
350 | too. | |
351 | ||
352 | There is one crucial difference between the verify operations performed | |
353 | by the B<verify> program: wherever possible an attempt is made to continue | |
354 | after an error whereas normally the verify operation would halt on the | |
355 | first error. This allows all the problems with a certificate chain to be | |
356 | determined. | |
357 | ||
358 | The verify operation consists of a number of separate steps. | |
359 | ||
360 | Firstly a certificate chain is built up starting from the supplied certificate | |
feb2f53e VD |
361 | and ending in the root CA. |
362 | It is an error if the whole chain cannot be built up. | |
363 | The chain is built up by looking up the issuers certificate of the current | |
364 | certificate. | |
365 | If a certificate is found which is its own issuer it is assumed to be the root | |
366 | CA. | |
367 | ||
368 | The process of 'looking up the issuers certificate' itself involves a number of | |
369 | steps. | |
77a795e4 | 370 | After all certificates whose subject name matches the issuer name of the current |
feb2f53e VD |
371 | certificate are subject to further tests. |
372 | The relevant authority key identifier components of the current certificate (if | |
373 | present) must match the subject key identifier (if present) and issuer and | |
374 | serial number of the candidate issuer, in addition the keyUsage extension of | |
375 | the candidate issuer (if present) must permit certificate signing. | |
709e8595 | 376 | |
13938ace | 377 | The lookup first looks in the list of untrusted certificates and if no match |
19d2bb57 | 378 | is found the remaining lookups are from the trusted certificates. The root CA |
13938ace DSH |
379 | is always looked up in the trusted certificate list: if the certificate to |
380 | verify is a root certificate then an exact match must be found in the trusted | |
381 | list. | |
382 | ||
383 | The second operation is to check every untrusted certificate's extensions for | |
384 | consistency with the supplied purpose. If the B<-purpose> option is not included | |
385 | then no checks are done. The supplied or "leaf" certificate must have extensions | |
386 | compatible with the supplied purpose and all other certificates must also be valid | |
387 | CA certificates. The precise extensions required are described in more detail in | |
7b418a47 | 388 | the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility. |
13938ace | 389 | |
feb2f53e VD |
390 | The third operation is to check the trust settings on the root CA. The root CA |
391 | should be trusted for the supplied purpose. | |
392 | For compatibility with previous versions of OpenSSL, a certificate with no | |
393 | trust settings is considered to be valid for all purposes. | |
13938ace DSH |
394 | |
395 | The final operation is to check the validity of the certificate chain. The validity | |
396 | period is checked against the current system time and the notBefore and notAfter | |
397 | dates in the certificate. The certificate signatures are also checked at this | |
398 | point. | |
399 | ||
400 | If all operations complete successfully then certificate is considered valid. If | |
401 | any operation fails then the certificate is not valid. | |
402 | ||
7b418a47 DSH |
403 | =head1 DIAGNOSTICS |
404 | ||
405 | When a verify operation fails the output messages can be somewhat cryptic. The | |
406 | general form of the error message is: | |
407 | ||
408 | server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) | |
409 | error 24 at 1 depth lookup:invalid CA certificate | |
410 | ||
411 | The first line contains the name of the certificate being verified followed by | |
412 | the subject name of the certificate. The second line contains the error number | |
413 | and the depth. The depth is number of the certificate being verified when a | |
414 | problem was detected starting with zero for the certificate being verified itself | |
415 | then 1 for the CA that signed the certificate and so on. Finally a text version | |
416 | of the error number is presented. | |
417 | ||
77a795e4 | 418 | A partial list of the error codes and messages is shown below, this also |
7b418a47 DSH |
419 | includes the name of the error code as defined in the header file x509_vfy.h |
420 | Some of the error codes are defined but never returned: these are described | |
421 | as "unused". | |
422 | ||
423 | =over 4 | |
424 | ||
0634424f | 425 | =item B<X509_V_OK> |
7b418a47 | 426 | |
0634424f | 427 | The operation was successful. |
7b418a47 | 428 | |
0634424f | 429 | =item B<X509_V_ERR_UNSPECIFIED> |
d33def66 | 430 | |
0634424f | 431 | Unspecified error; should not happen. |
d33def66 | 432 | |
0634424f | 433 | =item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> |
7b418a47 | 434 | |
0634424f | 435 | The issuer certificate of a looked up certificate could not be found. This |
7d3d1788 | 436 | normally means the list of trusted certificates is not complete. |
7b418a47 | 437 | |
0634424f | 438 | =item B<X509_V_ERR_UNABLE_TO_GET_CRL> |
7b418a47 | 439 | |
0634424f | 440 | The CRL of a certificate could not be found. |
7b418a47 | 441 | |
0634424f | 442 | =item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE> |
7b418a47 | 443 | |
c4de074e P |
444 | The certificate signature could not be decrypted. This means that the |
445 | actual signature value could not be determined rather than it not matching | |
446 | the expected value, this is only meaningful for RSA keys. | |
7b418a47 | 447 | |
0634424f | 448 | =item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE> |
7b418a47 | 449 | |
c4de074e P |
450 | The CRL signature could not be decrypted: this means that the actual |
451 | signature value could not be determined rather than it not matching the | |
452 | expected value. Unused. | |
7b418a47 | 453 | |
0634424f | 454 | =item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY> |
7b418a47 | 455 | |
0634424f | 456 | The public key in the certificate SubjectPublicKeyInfo could not be read. |
7b418a47 | 457 | |
0634424f | 458 | =item B<X509_V_ERR_CERT_SIGNATURE_FAILURE> |
7b418a47 | 459 | |
0634424f | 460 | The signature of the certificate is invalid. |
7b418a47 | 461 | |
0634424f | 462 | =item B<X509_V_ERR_CRL_SIGNATURE_FAILURE> |
7b418a47 | 463 | |
0634424f | 464 | The signature of the certificate is invalid. |
7b418a47 | 465 | |
0634424f | 466 | =item B<X509_V_ERR_CERT_NOT_YET_VALID> |
7b418a47 | 467 | |
c4de074e P |
468 | The certificate is not yet valid: the notBefore date is after the |
469 | current time. | |
7b418a47 | 470 | |
0634424f | 471 | =item B<X509_V_ERR_CERT_HAS_EXPIRED> |
7b418a47 | 472 | |
c4de074e P |
473 | The certificate has expired: that is the notAfter date is before the |
474 | current time. | |
7b418a47 | 475 | |
0634424f | 476 | =item B<X509_V_ERR_CRL_NOT_YET_VALID> |
7b418a47 | 477 | |
0634424f | 478 | The CRL is not yet valid. |
7b418a47 | 479 | |
0634424f | 480 | =item B<X509_V_ERR_CRL_HAS_EXPIRED> |
7b418a47 | 481 | |
0634424f | 482 | The CRL has expired. |
7b418a47 | 483 | |
0634424f | 484 | =item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD> |
7b418a47 | 485 | |
0634424f | 486 | The certificate notBefore field contains an invalid time. |
13938ace | 487 | |
0634424f | 488 | =item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD> |
7b418a47 | 489 | |
0634424f | 490 | The certificate notAfter field contains an invalid time. |
7b418a47 | 491 | |
0634424f | 492 | =item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD> |
7b418a47 | 493 | |
0634424f | 494 | The CRL lastUpdate field contains an invalid time. |
7b418a47 | 495 | |
0634424f | 496 | =item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD> |
7b418a47 | 497 | |
0634424f | 498 | The CRL nextUpdate field contains an invalid time. |
7b418a47 | 499 | |
0634424f | 500 | =item B<X509_V_ERR_OUT_OF_MEM> |
7b418a47 | 501 | |
0634424f | 502 | An error occurred trying to allocate memory. This should never happen. |
7b418a47 | 503 | |
0634424f | 504 | =item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT> |
7b418a47 | 505 | |
c4de074e P |
506 | The passed certificate is self-signed and the same certificate cannot |
507 | be found in the list of trusted certificates. | |
7b418a47 | 508 | |
0634424f | 509 | =item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN> |
7b418a47 | 510 | |
c4de074e P |
511 | The certificate chain could be built up using the untrusted certificates |
512 | but the root could not be found locally. | |
7b418a47 | 513 | |
0634424f | 514 | =item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> |
7b418a47 | 515 | |
0634424f | 516 | The issuer certificate could not be found: this occurs if the issuer |
7d3d1788 | 517 | certificate of an untrusted certificate cannot be found. |
7b418a47 | 518 | |
0634424f | 519 | =item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE> |
7b418a47 | 520 | |
c4de074e P |
521 | No signatures could be verified because the chain contains only one |
522 | certificate and it is not self signed. | |
7b418a47 | 523 | |
0634424f | 524 | =item B<X509_V_ERR_CERT_CHAIN_TOO_LONG> |
7b418a47 | 525 | |
c4de074e P |
526 | The certificate chain length is greater than the supplied maximum |
527 | depth. Unused. | |
7b418a47 | 528 | |
0634424f | 529 | =item B<X509_V_ERR_CERT_REVOKED> |
7b418a47 | 530 | |
0634424f | 531 | The certificate has been revoked. |
7b418a47 | 532 | |
0634424f | 533 | =item B<X509_V_ERR_INVALID_CA> |
7b418a47 | 534 | |
c4de074e P |
535 | A CA certificate is invalid. Either it is not a CA or its extensions |
536 | are not consistent with the supplied purpose. | |
7b418a47 | 537 | |
0634424f | 538 | =item B<X509_V_ERR_PATH_LENGTH_EXCEEDED> |
7b418a47 | 539 | |
0634424f | 540 | The basicConstraints pathlength parameter has been exceeded. |
7b418a47 | 541 | |
0634424f | 542 | =item B<X509_V_ERR_INVALID_PURPOSE> |
7b418a47 | 543 | |
0634424f | 544 | The supplied certificate cannot be used for the specified purpose. |
7b418a47 | 545 | |
0634424f | 546 | =item B<X509_V_ERR_CERT_UNTRUSTED> |
7b418a47 | 547 | |
c4de074e | 548 | The root CA is not marked as trusted for the specified purpose. |
7b418a47 | 549 | |
0634424f | 550 | =item B<X509_V_ERR_CERT_REJECTED> |
7b418a47 | 551 | |
0634424f | 552 | The root CA is marked to reject the specified purpose. |
7b418a47 | 553 | |
0634424f | 554 | =item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH> |
709e8595 | 555 | |
c4de074e | 556 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
d33def66 | 557 | B<-issuer_checks> option. |
709e8595 | 558 | |
0634424f | 559 | =item B<X509_V_ERR_AKID_SKID_MISMATCH> |
709e8595 | 560 | |
d33def66 VD |
561 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
562 | B<-issuer_checks> option. | |
709e8595 | 563 | |
0634424f | 564 | =item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH> |
709e8595 | 565 | |
d33def66 VD |
566 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
567 | B<-issuer_checks> option. | |
568 | ||
0634424f | 569 | =item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN> |
d33def66 VD |
570 | |
571 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the | |
572 | B<-issuer_checks> option. | |
573 | ||
05ea606a | 574 | =item B<X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER> |
d33def66 | 575 | |
05ea606a | 576 | Unable to get CRL issuer certificate. |
d33def66 | 577 | |
05ea606a | 578 | =item B<X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION> |
d33def66 | 579 | |
05ea606a | 580 | Unhandled critical extension. |
d33def66 | 581 | |
05ea606a | 582 | =item B<X509_V_ERR_KEYUSAGE_NO_CRL_SIGN> |
d33def66 | 583 | |
05ea606a | 584 | Key usage does not include CRL signing. |
d33def66 | 585 | |
05ea606a | 586 | =item B<X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION> |
d33def66 | 587 | |
05ea606a | 588 | Unhandled critical CRL extension. |
d33def66 | 589 | |
05ea606a | 590 | =item B<X509_V_ERR_INVALID_NON_CA> |
d33def66 | 591 | |
05ea606a | 592 | Invalid non-CA certificate has CA markings. |
d33def66 | 593 | |
05ea606a | 594 | =item B<X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED> |
d33def66 | 595 | |
05ea606a | 596 | Proxy path length constraint exceeded. |
d33def66 | 597 | |
a392ef20 RL |
598 | =item B<X509_V_ERR_PROXY_SUBJECT_INVALID> |
599 | ||
600 | Proxy certificate subject is invalid. It MUST be the same as the issuer | |
601 | with a single CN component added. | |
602 | ||
05ea606a | 603 | =item B<X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE> |
d33def66 | 604 | |
05ea606a | 605 | Key usage does not include digital signature. |
d33def66 | 606 | |
05ea606a | 607 | =item B<X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED> |
d33def66 | 608 | |
a392ef20 | 609 | Proxy certificates not allowed, please use B<-allow_proxy_certs>. |
d33def66 | 610 | |
05ea606a | 611 | =item B<X509_V_ERR_INVALID_EXTENSION> |
d33def66 | 612 | |
05ea606a | 613 | Invalid or inconsistent certificate extension. |
d33def66 | 614 | |
05ea606a | 615 | =item B<X509_V_ERR_INVALID_POLICY_EXTENSION> |
d33def66 | 616 | |
05ea606a | 617 | Invalid or inconsistent certificate policy extension. |
d33def66 | 618 | |
05ea606a | 619 | =item B<X509_V_ERR_NO_EXPLICIT_POLICY> |
d33def66 | 620 | |
05ea606a | 621 | No explicit policy. |
d33def66 | 622 | |
05ea606a | 623 | =item B<X509_V_ERR_DIFFERENT_CRL_SCOPE> |
d33def66 | 624 | |
05ea606a | 625 | Different CRL scope. |
d33def66 | 626 | |
05ea606a | 627 | =item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE> |
d33def66 | 628 | |
05ea606a | 629 | Unsupported extension feature. |
d33def66 | 630 | |
05ea606a | 631 | =item B<X509_V_ERR_UNNESTED_RESOURCE> |
d33def66 | 632 | |
05ea606a | 633 | RFC 3779 resource not subset of parent's resources. |
d33def66 | 634 | |
05ea606a | 635 | =item B<X509_V_ERR_PERMITTED_VIOLATION> |
709e8595 | 636 | |
05ea606a | 637 | Permitted subtree violation. |
709e8595 | 638 | |
05ea606a | 639 | =item B<X509_V_ERR_EXCLUDED_VIOLATION> |
d33def66 | 640 | |
05ea606a | 641 | Excluded subtree violation. |
d33def66 | 642 | |
05ea606a | 643 | =item B<X509_V_ERR_SUBTREE_MINMAX> |
d33def66 | 644 | |
05ea606a | 645 | Name constraints minimum and maximum not supported. |
709e8595 | 646 | |
05ea606a | 647 | =item B<X509_V_ERR_APPLICATION_VERIFICATION> |
7b418a47 | 648 | |
05ea606a | 649 | Application verification failure. Unused. |
7b418a47 | 650 | |
05ea606a | 651 | =item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE> |
d33def66 | 652 | |
05ea606a | 653 | Unsupported name constraint type. |
d33def66 | 654 | |
05ea606a | 655 | =item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX> |
d33def66 | 656 | |
05ea606a | 657 | Unsupported or invalid name constraint syntax. |
d33def66 | 658 | |
05ea606a | 659 | =item B<X509_V_ERR_UNSUPPORTED_NAME_SYNTAX> |
d33def66 | 660 | |
05ea606a | 661 | Unsupported or invalid name syntax. |
d33def66 | 662 | |
05ea606a | 663 | =item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR> |
d33def66 | 664 | |
05ea606a | 665 | CRL path validation error. |
d33def66 | 666 | |
05ea606a | 667 | =item B<X509_V_ERR_PATH_LOOP> |
d33def66 | 668 | |
05ea606a | 669 | Path loop. |
d33def66 | 670 | |
05ea606a | 671 | =item B<X509_V_ERR_SUITE_B_INVALID_VERSION> |
d33def66 | 672 | |
05ea606a | 673 | Suite B: certificate version invalid. |
d33def66 | 674 | |
05ea606a | 675 | =item B<X509_V_ERR_SUITE_B_INVALID_ALGORITHM> |
d33def66 | 676 | |
05ea606a | 677 | Suite B: invalid public key algorithm. |
d33def66 | 678 | |
05ea606a | 679 | =item B<X509_V_ERR_SUITE_B_INVALID_CURVE> |
d33def66 | 680 | |
05ea606a | 681 | Suite B: invalid ECC curve. |
d33def66 | 682 | |
05ea606a | 683 | =item B<X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM> |
d33def66 | 684 | |
05ea606a | 685 | Suite B: invalid signature algorithm. |
d33def66 | 686 | |
05ea606a | 687 | =item B<X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED> |
d33def66 | 688 | |
05ea606a | 689 | Suite B: curve not allowed for this LOS. |
d33def66 | 690 | |
05ea606a | 691 | =item B<X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256> |
d33def66 | 692 | |
05ea606a | 693 | Suite B: cannot sign P-384 with P-256. |
d33def66 | 694 | |
05ea606a | 695 | =item B<X509_V_ERR_HOSTNAME_MISMATCH> |
d33def66 | 696 | |
05ea606a | 697 | Hostname mismatch. |
d33def66 | 698 | |
05ea606a | 699 | =item B<X509_V_ERR_EMAIL_MISMATCH> |
d33def66 | 700 | |
05ea606a | 701 | Email address mismatch. |
d33def66 | 702 | |
05ea606a | 703 | =item B<X509_V_ERR_IP_ADDRESS_MISMATCH> |
d33def66 | 704 | |
05ea606a | 705 | IP address mismatch. |
d33def66 | 706 | |
05ea606a | 707 | =item B<X509_V_ERR_DANE_NO_MATCH> |
d33def66 VD |
708 | |
709 | DANE TLSA authentication is enabled, but no TLSA records matched the | |
710 | certificate chain. | |
711 | This error is only possible in L<s_client(1)>. | |
712 | ||
3bb0f989 TS |
713 | =item B<X509_V_ERR_EE_KEY_TOO_SMALL> |
714 | ||
715 | EE certificate key too weak. | |
716 | ||
717 | =item B<X509_ERR_CA_KEY_TOO_SMALL> | |
718 | ||
719 | CA certificate key too weak. | |
720 | ||
721 | =item B<X509_ERR_CA_MD_TOO_WEAK> | |
722 | ||
723 | CA signature digest algorithm too weak. | |
724 | ||
725 | =item B<X509_V_ERR_INVALID_CALL> | |
726 | ||
727 | nvalid certificate verification context. | |
728 | ||
729 | =item B<X509_V_ERR_STORE_LOOKUP> | |
730 | ||
731 | Issuer certificate lookup error. | |
732 | ||
733 | =item B<X509_V_ERR_NO_VALID_SCTS> | |
734 | ||
735 | Certificate Transparency required, but no valid SCTs found. | |
736 | ||
737 | =item B<X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION> | |
738 | ||
739 | Proxy subject name violation. | |
740 | ||
741 | =item B<X509_V_ERR_OCSP_VERIFY_NEEDED> | |
742 | ||
743 | Returned by the verify callback to indicate an OCSP verification is needed. | |
744 | ||
745 | =item B<X509_V_ERR_OCSP_VERIFY_FAILED> | |
746 | ||
747 | Returned by the verify callback to indicate OCSP verification failed. | |
748 | ||
749 | =item B<X509_V_ERR_OCSP_CERT_UNKNOWN> | |
750 | ||
751 | Returned by the verify callback to indicate that the certificate is not recognized | |
752 | by the OCSP responder. | |
753 | ||
7b418a47 | 754 | =back |
13938ace | 755 | |
709e8595 DSH |
756 | =head1 BUGS |
757 | ||
c4de074e P |
758 | Although the issuer checks are a considerable improvement over the old |
759 | technique they still suffer from limitations in the underlying X509_LOOKUP | |
760 | API. One consequence of this is that trusted certificates with matching | |
761 | subject name must either appear in a file (as specified by the B<-CAfile> | |
762 | option) or a directory (as specified by B<-CApath>). If they occur in | |
763 | both then only the certificates in the file will be recognised. | |
709e8595 | 764 | |
c4de074e P |
765 | Previous versions of OpenSSL assume certificates with matching subject |
766 | name are identical and mishandled them. | |
709e8595 | 767 | |
7d3d1788 DSH |
768 | Previous versions of this documentation swapped the meaning of the |
769 | B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> and | |
0634424f | 770 | B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. |
7d3d1788 | 771 | |
13938ace DSH |
772 | =head1 SEE ALSO |
773 | ||
b6b66573 DMSP |
774 | L<openssl(1)>, |
775 | L<openssl-x509(1)> | |
13938ace | 776 | |
fa7b0111 MC |
777 | =head1 HISTORY |
778 | ||
fc5ecadd | 779 | The B<-show_chain> option was added in OpenSSL 1.1.0. |
d33def66 VD |
780 | |
781 | The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and | |
782 | is silently ignored. | |
fa7b0111 | 783 | |
4674aaf4 | 784 | The B<-sm2-id> and B<-sm2-hex-id> options were added in OpenSSL 3.0. |
7eba43e8 | 785 | |
e2f92610 RS |
786 | =head1 COPYRIGHT |
787 | ||
7eba43e8 | 788 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 789 | |
449040b4 | 790 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
791 | this file except in compliance with the License. You can obtain a copy |
792 | in the file LICENSE in the source distribution or at | |
793 | L<https://www.openssl.org/source/license.html>. | |
794 | ||
795 | =cut |