]>
Commit | Line | Data |
---|---|---|
13938ace DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
b6b66573 | 5 | openssl-verify - Utility to verify certificates |
13938ace DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl> B<verify> | |
169394d4 | 10 | [B<-help>] |
e8769719 RS |
11 | [B<-CAfile> I<file>] |
12 | [B<-CApath> I<directory>] | |
40e2d76b MC |
13 | [B<-no-CAfile>] |
14 | [B<-no-CApath>] | |
a392ef20 | 15 | [B<-allow_proxy_certs>] |
e8769719 | 16 | [B<-attime> I<timestamp>] |
cd028c8e | 17 | [B<-check_ss_sig>] |
e8769719 | 18 | [B<-CRLfile> I<file>] |
79a55b1f | 19 | [B<-crl_download>] |
e5fa864f DSH |
20 | [B<-crl_check>] |
21 | [B<-crl_check_all>] | |
e8769719 | 22 | [B<-engine> I<id>] |
e5fa864f | 23 | [B<-explicit_policy>] |
e5fa864f | 24 | [B<-extended_crl>] |
2866441a HK |
25 | [B<-ignore_critical>] |
26 | [B<-inhibit_any>] | |
27 | [B<-inhibit_map>] | |
e8769719 | 28 | [B<-nameopt> I<option>] |
5a1f853b | 29 | [B<-no_check_time>] |
cd028c8e | 30 | [B<-partial_chain>] |
e8769719 | 31 | [B<-policy> I<arg>] |
2866441a HK |
32 | [B<-policy_check>] |
33 | [B<-policy_print>] | |
e8769719 | 34 | [B<-purpose> I<purpose>] |
cd028c8e HK |
35 | [B<-suiteB_128>] |
36 | [B<-suiteB_128_only>] | |
37 | [B<-suiteB_192>] | |
2866441a | 38 | [B<-trusted_first>] |
fa7b0111 | 39 | [B<-no_alt_chains>] |
e8769719 RS |
40 | [B<-untrusted> I<file>] |
41 | [B<-trusted> I<file>] | |
2866441a | 42 | [B<-use_deltas>] |
13938ace | 43 | [B<-verbose>] |
e8769719 RS |
44 | [B<-auth_level> I<level>] |
45 | [B<-verify_depth> I<num>] | |
46 | [B<-verify_email> I<email>] | |
47 | [B<-verify_hostname> I<hostname>] | |
48 | [B<-verify_ip> I<ip>] | |
49 | [B<-verify_name> I<name>] | |
2866441a | 50 | [B<-x509_strict>] |
7f3f41d8 | 51 | [B<-show_chain>] |
8dc57d76 RL |
52 | [B<-sm2-id> I<string>] |
53 | [B<-sm2-hex-id> I<hex-string>] | |
54 | [B<-->] | |
2f0ea936 | 55 | [I<certificate> ...] |
13938ace | 56 | |
9f3c076b | 57 | =for openssl ifdef engine sm2-id sm2-hex-id |
1738c0ce | 58 | |
13938ace DSH |
59 | =head1 DESCRIPTION |
60 | ||
35a810bb | 61 | This command verifies certificate chains. |
13938ace | 62 | |
3dfda1a6 | 63 | =head1 OPTIONS |
13938ace DSH |
64 | |
65 | =over 4 | |
66 | ||
169394d4 MR |
67 | =item B<-help> |
68 | ||
69 | Print out a usage message. | |
70 | ||
e8769719 | 71 | =item B<-CAfile> I<file> |
2866441a | 72 | |
2f0ea936 | 73 | A I<file> of trusted certificates. |
feb2f53e | 74 | The file should contain one or more certificates in PEM format. |
2866441a | 75 | |
e8769719 | 76 | =item B<-CApath> I<directory> |
13938ace DSH |
77 | |
78 | A directory of trusted certificates. The certificates should have names | |
35a810bb RL |
79 | of the form: F<I<hash>.0> or have symbolic links to them of this form |
80 | (I<hash> is the hashed certificate subject name: see the L<openssl-x509(1)> | |
81 | B<-hash> option). Under Unix, L<openssl-rehash(1)> will automatically create | |
82 | symbolic links to a directory of certificates. | |
13938ace | 83 | |
40e2d76b MC |
84 | =item B<-no-CAfile> |
85 | ||
c4de074e | 86 | Do not load the trusted CA certificates from the default file location. |
40e2d76b MC |
87 | |
88 | =item B<-no-CApath> | |
89 | ||
c4de074e | 90 | Do not load the trusted CA certificates from the default directory location. |
40e2d76b | 91 | |
a392ef20 RL |
92 | =item B<-allow_proxy_certs> |
93 | ||
c4de074e | 94 | Allow the verification of proxy certificates. |
a392ef20 | 95 | |
e8769719 | 96 | =item B<-attime> I<timestamp> |
13938ace | 97 | |
2f0ea936 RL |
98 | Perform validation checks using time specified by I<timestamp> and not |
99 | current system time. I<timestamp> is the number of seconds since | |
2866441a | 100 | 01.01.1970 (UNIX time). |
13938ace | 101 | |
2866441a | 102 | =item B<-check_ss_sig> |
13938ace | 103 | |
2866441a HK |
104 | Verify the signature on the self-signed root CA. This is disabled by default |
105 | because it doesn't add any security. | |
13938ace | 106 | |
e8769719 | 107 | =item B<-CRLfile> I<file> |
fc1d88f0 | 108 | |
2f0ea936 | 109 | The I<file> should contain one or more CRLs in PEM format. |
feb2f53e | 110 | This option can be specified more than once to include CRLs from multiple |
2f0ea936 | 111 | I<file>s. |
fc1d88f0 | 112 | |
79a55b1f MC |
113 | =item B<-crl_download> |
114 | ||
115 | Attempt to download CRL information for this certificate. | |
116 | ||
2866441a | 117 | =item B<-crl_check> |
6d3d5793 | 118 | |
2866441a HK |
119 | Checks end entity certificate validity by attempting to look up a valid CRL. |
120 | If a valid CRL cannot be found an error occurs. | |
6d3d5793 | 121 | |
2866441a | 122 | =item B<-crl_check_all> |
13938ace | 123 | |
2866441a HK |
124 | Checks the validity of B<all> certificates in the chain by attempting |
125 | to look up valid CRLs. | |
126 | ||
e8769719 | 127 | =item B<-engine> I<id> |
feb2f53e | 128 | |
35a810bb | 129 | Specifying an engine I<id> will cause this command to attempt to load the |
feb2f53e VD |
130 | specified engine. |
131 | The engine will then be set as the default for all its supported algorithms. | |
132 | If you want to load certificates or CRLs that require engine support via any of | |
133 | the B<-trusted>, B<-untrusted> or B<-CRLfile> options, the B<-engine> option | |
134 | must be specified before those options. | |
135 | ||
2866441a HK |
136 | =item B<-explicit_policy> |
137 | ||
138 | Set policy variable require-explicit-policy (see RFC5280). | |
139 | ||
140 | =item B<-extended_crl> | |
141 | ||
142 | Enable extended CRL features such as indirect CRLs and alternate CRL | |
143 | signing keys. | |
13938ace | 144 | |
2866441a | 145 | =item B<-ignore_critical> |
13938ace | 146 | |
2866441a HK |
147 | Normally if an unhandled critical extension is present which is not |
148 | supported by OpenSSL the certificate is rejected (as required by RFC5280). | |
149 | If this option is set critical extensions are ignored. | |
150 | ||
151 | =item B<-inhibit_any> | |
152 | ||
153 | Set policy variable inhibit-any-policy (see RFC5280). | |
154 | ||
155 | =item B<-inhibit_map> | |
156 | ||
157 | Set policy variable inhibit-policy-mapping (see RFC5280). | |
13938ace | 158 | |
e8769719 | 159 | =item B<-nameopt> I<option> |
ad39b31c | 160 | |
c4de074e | 161 | Option which determines how the subject or issuer names are displayed. The |
2f0ea936 | 162 | I<option> argument can be a single option or multiple options separated by |
ad39b31c | 163 | commas. Alternatively the B<-nameopt> switch may be used more than once to |
8bc93d2f | 164 | set multiple options. See the L<openssl-x509(1)> manual page for details. |
ad39b31c | 165 | |
5a1f853b RS |
166 | =item B<-no_check_time> |
167 | ||
1bc74519 | 168 | This option suppresses checking the validity period of certificates and CRLs |
e8769719 | 169 | against the current time. If option B<-attime> is used to specify |
5a1f853b RS |
170 | a verification time, the check is not suppressed. |
171 | ||
2866441a | 172 | =item B<-partial_chain> |
9ed03faa | 173 | |
feb2f53e VD |
174 | Allow verification to succeed even if a I<complete> chain cannot be built to a |
175 | self-signed trust-anchor, provided it is possible to construct a chain to a | |
176 | trusted certificate that might not be self-signed. | |
9ed03faa | 177 | |
e8769719 | 178 | =item B<-policy> I<arg> |
e5fa864f | 179 | |
2f0ea936 RL |
180 | Enable policy processing and add I<arg> to the user-initial-policy-set (see |
181 | RFC5280). The policy I<arg> can be an object name an OID in numeric form. | |
3a778a29 | 182 | This argument can appear more than once. |
e5fa864f DSH |
183 | |
184 | =item B<-policy_check> | |
185 | ||
186 | Enables certificate policy processing. | |
187 | ||
e5fa864f DSH |
188 | =item B<-policy_print> |
189 | ||
3a778a29 | 190 | Print out diagnostics related to policy processing. |
e5fa864f | 191 | |
e8769719 | 192 | =item B<-purpose> I<purpose> |
e5fa864f | 193 | |
2866441a | 194 | The intended use for the certificate. If this option is not specified, |
35a810bb RL |
195 | this command will not consider certificate purpose during chain |
196 | verification. | |
2866441a | 197 | Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>, |
f5c14c63 | 198 | B<smimesign>, B<smimeencrypt>. See the L</VERIFY OPERATION> section for more |
2866441a | 199 | information. |
e5fa864f | 200 | |
2866441a | 201 | =item B<-suiteB_128_only>, B<-suiteB_128>, B<-suiteB_192> |
e5fa864f | 202 | |
c4de074e | 203 | Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or |
2866441a HK |
204 | 192 bit, or only 192 bit Level of Security respectively. |
205 | See RFC6460 for details. In particular the supported signature algorithms are | |
206 | reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves | |
207 | P-256 and P-384. | |
e5fa864f | 208 | |
2866441a | 209 | =item B<-trusted_first> |
e5fa864f | 210 | |
feb2f53e VD |
211 | When constructing the certificate chain, use the trusted certificates specified |
212 | via B<-CAfile>, B<-CApath> or B<-trusted> before any certificates specified via | |
213 | B<-untrusted>. | |
214 | This can be useful in environments with Bridge or Cross-Certified CAs. | |
0daccd4d | 215 | As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. |
e5fa864f | 216 | |
fa7b0111 MC |
217 | =item B<-no_alt_chains> |
218 | ||
0daccd4d VD |
219 | By default, unless B<-trusted_first> is specified, when building a certificate |
220 | chain, if the first certificate chain found is not trusted, then OpenSSL will | |
221 | attempt to replace untrusted issuer certificates with certificates from the | |
222 | trust store to see if an alternative chain can be found that is trusted. | |
223 | As of OpenSSL 1.1.0, with B<-trusted_first> always on, this option has no | |
224 | effect. | |
fa7b0111 | 225 | |
e8769719 | 226 | =item B<-untrusted> I<file> |
e5fa864f | 227 | |
2f0ea936 | 228 | A I<file> of additional untrusted certificates (intermediate issuer CAs) used |
35ed393e | 229 | to construct a certificate chain from the subject certificate to a trust-anchor. |
2f0ea936 | 230 | The I<file> should contain one or more certificates in PEM format. |
77a795e4 | 231 | This option can be specified more than once to include untrusted certificates |
2f0ea936 | 232 | from multiple I<file>s. |
e5fa864f | 233 | |
e8769719 | 234 | =item B<-trusted> I<file> |
79a55b1f | 235 | |
2f0ea936 | 236 | A I<file> of trusted certificates, which must be self-signed, unless the |
feb2f53e | 237 | B<-partial_chain> option is specified. |
2f0ea936 | 238 | The I<file> contains one or more certificates in PEM format. |
feb2f53e VD |
239 | With this option, no additional (e.g., default) certificate lists are |
240 | consulted. | |
2f0ea936 | 241 | That is, the only trust-anchors are those listed in I<file>. |
feb2f53e | 242 | This option can be specified more than once to include trusted certificates |
2f0ea936 | 243 | from multiple I<file>s. |
feb2f53e VD |
244 | This option implies the B<-no-CAfile> and B<-no-CApath> options. |
245 | This option cannot be used in combination with either of the B<-CAfile> or | |
246 | B<-CApath> options. | |
79a55b1f | 247 | |
e5fa864f DSH |
248 | =item B<-use_deltas> |
249 | ||
250 | Enable support for delta CRLs. | |
251 | ||
2866441a | 252 | =item B<-verbose> |
cd028c8e | 253 | |
2866441a | 254 | Print extra information about the operations being performed. |
cd028c8e | 255 | |
e8769719 | 256 | =item B<-auth_level> I<level> |
fbb82a60 | 257 | |
2f0ea936 | 258 | Set the certificate chain authentication security level to I<level>. |
fbb82a60 VD |
259 | The authentication security level determines the acceptable signature and |
260 | public key strength when verifying certificate chains. | |
261 | For a certificate chain to validate, the public keys of all the certificates | |
2f0ea936 | 262 | must meet the specified security I<level>. |
fbb82a60 VD |
263 | The signature algorithm security level is enforced for all the certificates in |
264 | the chain except for the chain's I<trust anchor>, which is either directly | |
265 | trusted or validated by means other than its signature. | |
266 | See L<SSL_CTX_set_security_level(3)> for the definitions of the available | |
267 | levels. | |
268 | The default security level is -1, or "not set". | |
269 | At security level 0 or lower all algorithms are acceptable. | |
270 | Security level 1 requires at least 80-bit-equivalent security and is broadly | |
271 | interoperable, though it will, for example, reject MD5 signatures or RSA keys | |
272 | shorter than 1024 bits. | |
273 | ||
e8769719 | 274 | =item B<-verify_depth> I<num> |
cd028c8e | 275 | |
2f0ea936 RL |
276 | Limit the certificate chain to I<num> intermediate CA certificates. |
277 | A maximal depth chain can have up to I<num>+2 certificates, since neither the | |
fbb82a60 VD |
278 | end-entity certificate nor the trust-anchor certificate count against the |
279 | B<-verify_depth> limit. | |
cd028c8e | 280 | |
e8769719 | 281 | =item B<-verify_email> I<email> |
cd028c8e | 282 | |
2f0ea936 | 283 | Verify if I<email> matches the email address in Subject Alternative Name or |
115e4809 | 284 | the email in the subject Distinguished Name. |
cd028c8e | 285 | |
e8769719 | 286 | =item B<-verify_hostname> I<hostname> |
cd028c8e | 287 | |
2f0ea936 | 288 | Verify if I<hostname> matches DNS name in Subject Alternative Name or |
cd028c8e HK |
289 | Common Name in the subject certificate. |
290 | ||
e8769719 | 291 | =item B<-verify_ip> I<ip> |
cd028c8e | 292 | |
2f0ea936 | 293 | Verify if I<ip> matches the IP address in Subject Alternative Name of |
cd028c8e HK |
294 | the subject certificate. |
295 | ||
e8769719 | 296 | =item B<-verify_name> I<name> |
cd028c8e | 297 | |
feb2f53e | 298 | Use default verification policies like trust model and required certificate |
2f0ea936 | 299 | policies identified by I<name>. |
0daccd4d VD |
300 | The trust model determines which auxiliary trust or reject OIDs are applicable |
301 | to verifying the given certificate chain. | |
35a810bb | 302 | See the B<-addtrust> and B<-addreject> options for L<openssl-x509(1)>. |
feb2f53e VD |
303 | Supported policy names include: B<default>, B<pkcs7>, B<smime_sign>, |
304 | B<ssl_client>, B<ssl_server>. | |
0daccd4d VD |
305 | These mimics the combinations of purpose and trust settings used in SSL, CMS |
306 | and S/MIME. | |
307 | As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not | |
308 | specified, so the B<-verify_name> options are functionally equivalent to the | |
309 | corresponding B<-purpose> settings. | |
cd028c8e | 310 | |
2866441a HK |
311 | =item B<-x509_strict> |
312 | ||
313 | For strict X.509 compliance, disable non-compliant workarounds for broken | |
314 | certificates. | |
315 | ||
7f3f41d8 MC |
316 | =item B<-show_chain> |
317 | ||
318 | Display information about the certificate chain that has been built (if | |
319 | successful). Certificates in the chain that came from the untrusted list will be | |
320 | flagged as "untrusted". | |
321 | ||
7eba43e8 PY |
322 | =item B<-sm2-id> |
323 | ||
324 | Specify the ID string to use when verifying an SM2 certificate. The ID string is | |
325 | required by the SM2 signature algorithm for signing and verification. | |
326 | ||
327 | =item B<-sm2-hex-id> | |
328 | ||
329 | Specify a binary ID string to use when signing or verifying using an SM2 | |
330 | certificate. The argument for this option is string of hexadecimal digits. | |
331 | ||
8dc57d76 | 332 | =item B<--> |
13938ace | 333 | |
3a778a29 | 334 | Indicates the last option. All arguments following this are assumed to be |
7b418a47 | 335 | certificate files. This is useful if the first certificate filename begins |
b2bdfb63 | 336 | with a B<-->. |
13938ace | 337 | |
2f0ea936 | 338 | =item I<certificate> ... |
13938ace | 339 | |
35a810bb RL |
340 | One or more certificates to verify. If no certificates are given, |
341 | this command will attempt to read a certificate from standard input. | |
342 | Certificates must be in PEM format. | |
13938ace DSH |
343 | |
344 | =back | |
345 | ||
346 | =head1 VERIFY OPERATION | |
347 | ||
35a810bb RL |
348 | This command uses the same functions as the internal SSL |
349 | and S/MIME verification, therefore this description applies to these verify | |
350 | operations too. | |
13938ace DSH |
351 | |
352 | There is one crucial difference between the verify operations performed | |
35a810bb RL |
353 | by this command: wherever possible an attempt is made to |
354 | continue after an error whereas normally the verify operation would halt on | |
355 | the first error. This allows all the problems with a certificate chain to be | |
13938ace DSH |
356 | determined. |
357 | ||
358 | The verify operation consists of a number of separate steps. | |
359 | ||
360 | Firstly a certificate chain is built up starting from the supplied certificate | |
feb2f53e VD |
361 | and ending in the root CA. |
362 | It is an error if the whole chain cannot be built up. | |
363 | The chain is built up by looking up the issuers certificate of the current | |
364 | certificate. | |
365 | If a certificate is found which is its own issuer it is assumed to be the root | |
366 | CA. | |
367 | ||
368 | The process of 'looking up the issuers certificate' itself involves a number of | |
369 | steps. | |
77a795e4 | 370 | After all certificates whose subject name matches the issuer name of the current |
feb2f53e VD |
371 | certificate are subject to further tests. |
372 | The relevant authority key identifier components of the current certificate (if | |
373 | present) must match the subject key identifier (if present) and issuer and | |
374 | serial number of the candidate issuer, in addition the keyUsage extension of | |
375 | the candidate issuer (if present) must permit certificate signing. | |
709e8595 | 376 | |
13938ace | 377 | The lookup first looks in the list of untrusted certificates and if no match |
19d2bb57 | 378 | is found the remaining lookups are from the trusted certificates. The root CA |
13938ace DSH |
379 | is always looked up in the trusted certificate list: if the certificate to |
380 | verify is a root certificate then an exact match must be found in the trusted | |
381 | list. | |
382 | ||
383 | The second operation is to check every untrusted certificate's extensions for | |
384 | consistency with the supplied purpose. If the B<-purpose> option is not included | |
385 | then no checks are done. The supplied or "leaf" certificate must have extensions | |
f5c14c63 RL |
386 | compatible with the supplied purpose and all other certificates must also be |
387 | valid CA certificates. The precise extensions required are described in more | |
388 | detail in L<openssl-x509(1)/CERTIFICATE EXTENSIONS>. | |
13938ace | 389 | |
feb2f53e VD |
390 | The third operation is to check the trust settings on the root CA. The root CA |
391 | should be trusted for the supplied purpose. | |
392 | For compatibility with previous versions of OpenSSL, a certificate with no | |
393 | trust settings is considered to be valid for all purposes. | |
13938ace | 394 | |
f5c14c63 RL |
395 | The final operation is to check the validity of the certificate chain. The |
396 | validity period is checked against the current system time and the notBefore | |
397 | and notAfter dates in the certificate. The certificate signatures are also | |
398 | checked at this point. | |
13938ace DSH |
399 | |
400 | If all operations complete successfully then certificate is considered valid. If | |
401 | any operation fails then the certificate is not valid. | |
402 | ||
7b418a47 DSH |
403 | =head1 DIAGNOSTICS |
404 | ||
405 | When a verify operation fails the output messages can be somewhat cryptic. The | |
406 | general form of the error message is: | |
407 | ||
408 | server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) | |
409 | error 24 at 1 depth lookup:invalid CA certificate | |
410 | ||
411 | The first line contains the name of the certificate being verified followed by | |
412 | the subject name of the certificate. The second line contains the error number | |
413 | and the depth. The depth is number of the certificate being verified when a | |
414 | problem was detected starting with zero for the certificate being verified itself | |
415 | then 1 for the CA that signed the certificate and so on. Finally a text version | |
416 | of the error number is presented. | |
417 | ||
77a795e4 | 418 | A partial list of the error codes and messages is shown below, this also |
1948394d RL |
419 | includes the name of the error code as defined in the header file |
420 | F<< <openssl/x509_vfy.h> >>. | |
7b418a47 DSH |
421 | Some of the error codes are defined but never returned: these are described |
422 | as "unused". | |
423 | ||
424 | =over 4 | |
425 | ||
0634424f | 426 | =item B<X509_V_OK> |
7b418a47 | 427 | |
0634424f | 428 | The operation was successful. |
7b418a47 | 429 | |
0634424f | 430 | =item B<X509_V_ERR_UNSPECIFIED> |
d33def66 | 431 | |
0634424f | 432 | Unspecified error; should not happen. |
d33def66 | 433 | |
0634424f | 434 | =item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> |
7b418a47 | 435 | |
0634424f | 436 | The issuer certificate of a looked up certificate could not be found. This |
7d3d1788 | 437 | normally means the list of trusted certificates is not complete. |
7b418a47 | 438 | |
0634424f | 439 | =item B<X509_V_ERR_UNABLE_TO_GET_CRL> |
7b418a47 | 440 | |
0634424f | 441 | The CRL of a certificate could not be found. |
7b418a47 | 442 | |
0634424f | 443 | =item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE> |
7b418a47 | 444 | |
c4de074e P |
445 | The certificate signature could not be decrypted. This means that the |
446 | actual signature value could not be determined rather than it not matching | |
447 | the expected value, this is only meaningful for RSA keys. | |
7b418a47 | 448 | |
0634424f | 449 | =item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE> |
7b418a47 | 450 | |
c4de074e P |
451 | The CRL signature could not be decrypted: this means that the actual |
452 | signature value could not be determined rather than it not matching the | |
453 | expected value. Unused. | |
7b418a47 | 454 | |
0634424f | 455 | =item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY> |
7b418a47 | 456 | |
0634424f | 457 | The public key in the certificate SubjectPublicKeyInfo could not be read. |
7b418a47 | 458 | |
0634424f | 459 | =item B<X509_V_ERR_CERT_SIGNATURE_FAILURE> |
7b418a47 | 460 | |
0634424f | 461 | The signature of the certificate is invalid. |
7b418a47 | 462 | |
0634424f | 463 | =item B<X509_V_ERR_CRL_SIGNATURE_FAILURE> |
7b418a47 | 464 | |
0634424f | 465 | The signature of the certificate is invalid. |
7b418a47 | 466 | |
0634424f | 467 | =item B<X509_V_ERR_CERT_NOT_YET_VALID> |
7b418a47 | 468 | |
c4de074e P |
469 | The certificate is not yet valid: the notBefore date is after the |
470 | current time. | |
7b418a47 | 471 | |
0634424f | 472 | =item B<X509_V_ERR_CERT_HAS_EXPIRED> |
7b418a47 | 473 | |
c4de074e P |
474 | The certificate has expired: that is the notAfter date is before the |
475 | current time. | |
7b418a47 | 476 | |
0634424f | 477 | =item B<X509_V_ERR_CRL_NOT_YET_VALID> |
7b418a47 | 478 | |
0634424f | 479 | The CRL is not yet valid. |
7b418a47 | 480 | |
0634424f | 481 | =item B<X509_V_ERR_CRL_HAS_EXPIRED> |
7b418a47 | 482 | |
0634424f | 483 | The CRL has expired. |
7b418a47 | 484 | |
0634424f | 485 | =item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD> |
7b418a47 | 486 | |
0634424f | 487 | The certificate notBefore field contains an invalid time. |
13938ace | 488 | |
0634424f | 489 | =item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD> |
7b418a47 | 490 | |
0634424f | 491 | The certificate notAfter field contains an invalid time. |
7b418a47 | 492 | |
0634424f | 493 | =item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD> |
7b418a47 | 494 | |
0634424f | 495 | The CRL lastUpdate field contains an invalid time. |
7b418a47 | 496 | |
0634424f | 497 | =item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD> |
7b418a47 | 498 | |
0634424f | 499 | The CRL nextUpdate field contains an invalid time. |
7b418a47 | 500 | |
0634424f | 501 | =item B<X509_V_ERR_OUT_OF_MEM> |
7b418a47 | 502 | |
0634424f | 503 | An error occurred trying to allocate memory. This should never happen. |
7b418a47 | 504 | |
0634424f | 505 | =item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT> |
7b418a47 | 506 | |
c4de074e P |
507 | The passed certificate is self-signed and the same certificate cannot |
508 | be found in the list of trusted certificates. | |
7b418a47 | 509 | |
0634424f | 510 | =item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN> |
7b418a47 | 511 | |
c4de074e P |
512 | The certificate chain could be built up using the untrusted certificates |
513 | but the root could not be found locally. | |
7b418a47 | 514 | |
0634424f | 515 | =item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> |
7b418a47 | 516 | |
0634424f | 517 | The issuer certificate could not be found: this occurs if the issuer |
7d3d1788 | 518 | certificate of an untrusted certificate cannot be found. |
7b418a47 | 519 | |
0634424f | 520 | =item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE> |
7b418a47 | 521 | |
c4de074e P |
522 | No signatures could be verified because the chain contains only one |
523 | certificate and it is not self signed. | |
7b418a47 | 524 | |
0634424f | 525 | =item B<X509_V_ERR_CERT_CHAIN_TOO_LONG> |
7b418a47 | 526 | |
c4de074e P |
527 | The certificate chain length is greater than the supplied maximum |
528 | depth. Unused. | |
7b418a47 | 529 | |
0634424f | 530 | =item B<X509_V_ERR_CERT_REVOKED> |
7b418a47 | 531 | |
0634424f | 532 | The certificate has been revoked. |
7b418a47 | 533 | |
0634424f | 534 | =item B<X509_V_ERR_INVALID_CA> |
7b418a47 | 535 | |
c4de074e P |
536 | A CA certificate is invalid. Either it is not a CA or its extensions |
537 | are not consistent with the supplied purpose. | |
7b418a47 | 538 | |
0634424f | 539 | =item B<X509_V_ERR_PATH_LENGTH_EXCEEDED> |
7b418a47 | 540 | |
0634424f | 541 | The basicConstraints pathlength parameter has been exceeded. |
7b418a47 | 542 | |
0634424f | 543 | =item B<X509_V_ERR_INVALID_PURPOSE> |
7b418a47 | 544 | |
0634424f | 545 | The supplied certificate cannot be used for the specified purpose. |
7b418a47 | 546 | |
0634424f | 547 | =item B<X509_V_ERR_CERT_UNTRUSTED> |
7b418a47 | 548 | |
c4de074e | 549 | The root CA is not marked as trusted for the specified purpose. |
7b418a47 | 550 | |
0634424f | 551 | =item B<X509_V_ERR_CERT_REJECTED> |
7b418a47 | 552 | |
0634424f | 553 | The root CA is marked to reject the specified purpose. |
7b418a47 | 554 | |
0634424f | 555 | =item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH> |
709e8595 | 556 | |
c4de074e | 557 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
d33def66 | 558 | B<-issuer_checks> option. |
709e8595 | 559 | |
0634424f | 560 | =item B<X509_V_ERR_AKID_SKID_MISMATCH> |
709e8595 | 561 | |
d33def66 VD |
562 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
563 | B<-issuer_checks> option. | |
709e8595 | 564 | |
0634424f | 565 | =item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH> |
709e8595 | 566 | |
d33def66 VD |
567 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
568 | B<-issuer_checks> option. | |
569 | ||
0634424f | 570 | =item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN> |
d33def66 VD |
571 | |
572 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the | |
573 | B<-issuer_checks> option. | |
574 | ||
05ea606a | 575 | =item B<X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER> |
d33def66 | 576 | |
05ea606a | 577 | Unable to get CRL issuer certificate. |
d33def66 | 578 | |
05ea606a | 579 | =item B<X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION> |
d33def66 | 580 | |
05ea606a | 581 | Unhandled critical extension. |
d33def66 | 582 | |
05ea606a | 583 | =item B<X509_V_ERR_KEYUSAGE_NO_CRL_SIGN> |
d33def66 | 584 | |
05ea606a | 585 | Key usage does not include CRL signing. |
d33def66 | 586 | |
05ea606a | 587 | =item B<X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION> |
d33def66 | 588 | |
05ea606a | 589 | Unhandled critical CRL extension. |
d33def66 | 590 | |
05ea606a | 591 | =item B<X509_V_ERR_INVALID_NON_CA> |
d33def66 | 592 | |
05ea606a | 593 | Invalid non-CA certificate has CA markings. |
d33def66 | 594 | |
05ea606a | 595 | =item B<X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED> |
d33def66 | 596 | |
05ea606a | 597 | Proxy path length constraint exceeded. |
d33def66 | 598 | |
a392ef20 RL |
599 | =item B<X509_V_ERR_PROXY_SUBJECT_INVALID> |
600 | ||
601 | Proxy certificate subject is invalid. It MUST be the same as the issuer | |
602 | with a single CN component added. | |
603 | ||
05ea606a | 604 | =item B<X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE> |
d33def66 | 605 | |
05ea606a | 606 | Key usage does not include digital signature. |
d33def66 | 607 | |
05ea606a | 608 | =item B<X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED> |
d33def66 | 609 | |
a392ef20 | 610 | Proxy certificates not allowed, please use B<-allow_proxy_certs>. |
d33def66 | 611 | |
05ea606a | 612 | =item B<X509_V_ERR_INVALID_EXTENSION> |
d33def66 | 613 | |
05ea606a | 614 | Invalid or inconsistent certificate extension. |
d33def66 | 615 | |
05ea606a | 616 | =item B<X509_V_ERR_INVALID_POLICY_EXTENSION> |
d33def66 | 617 | |
05ea606a | 618 | Invalid or inconsistent certificate policy extension. |
d33def66 | 619 | |
05ea606a | 620 | =item B<X509_V_ERR_NO_EXPLICIT_POLICY> |
d33def66 | 621 | |
05ea606a | 622 | No explicit policy. |
d33def66 | 623 | |
05ea606a | 624 | =item B<X509_V_ERR_DIFFERENT_CRL_SCOPE> |
d33def66 | 625 | |
05ea606a | 626 | Different CRL scope. |
d33def66 | 627 | |
05ea606a | 628 | =item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE> |
d33def66 | 629 | |
05ea606a | 630 | Unsupported extension feature. |
d33def66 | 631 | |
05ea606a | 632 | =item B<X509_V_ERR_UNNESTED_RESOURCE> |
d33def66 | 633 | |
05ea606a | 634 | RFC 3779 resource not subset of parent's resources. |
d33def66 | 635 | |
05ea606a | 636 | =item B<X509_V_ERR_PERMITTED_VIOLATION> |
709e8595 | 637 | |
05ea606a | 638 | Permitted subtree violation. |
709e8595 | 639 | |
05ea606a | 640 | =item B<X509_V_ERR_EXCLUDED_VIOLATION> |
d33def66 | 641 | |
05ea606a | 642 | Excluded subtree violation. |
d33def66 | 643 | |
05ea606a | 644 | =item B<X509_V_ERR_SUBTREE_MINMAX> |
d33def66 | 645 | |
05ea606a | 646 | Name constraints minimum and maximum not supported. |
709e8595 | 647 | |
05ea606a | 648 | =item B<X509_V_ERR_APPLICATION_VERIFICATION> |
7b418a47 | 649 | |
05ea606a | 650 | Application verification failure. Unused. |
7b418a47 | 651 | |
05ea606a | 652 | =item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE> |
d33def66 | 653 | |
05ea606a | 654 | Unsupported name constraint type. |
d33def66 | 655 | |
05ea606a | 656 | =item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX> |
d33def66 | 657 | |
05ea606a | 658 | Unsupported or invalid name constraint syntax. |
d33def66 | 659 | |
05ea606a | 660 | =item B<X509_V_ERR_UNSUPPORTED_NAME_SYNTAX> |
d33def66 | 661 | |
05ea606a | 662 | Unsupported or invalid name syntax. |
d33def66 | 663 | |
05ea606a | 664 | =item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR> |
d33def66 | 665 | |
05ea606a | 666 | CRL path validation error. |
d33def66 | 667 | |
05ea606a | 668 | =item B<X509_V_ERR_PATH_LOOP> |
d33def66 | 669 | |
05ea606a | 670 | Path loop. |
d33def66 | 671 | |
05ea606a | 672 | =item B<X509_V_ERR_SUITE_B_INVALID_VERSION> |
d33def66 | 673 | |
05ea606a | 674 | Suite B: certificate version invalid. |
d33def66 | 675 | |
05ea606a | 676 | =item B<X509_V_ERR_SUITE_B_INVALID_ALGORITHM> |
d33def66 | 677 | |
05ea606a | 678 | Suite B: invalid public key algorithm. |
d33def66 | 679 | |
05ea606a | 680 | =item B<X509_V_ERR_SUITE_B_INVALID_CURVE> |
d33def66 | 681 | |
05ea606a | 682 | Suite B: invalid ECC curve. |
d33def66 | 683 | |
05ea606a | 684 | =item B<X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM> |
d33def66 | 685 | |
05ea606a | 686 | Suite B: invalid signature algorithm. |
d33def66 | 687 | |
05ea606a | 688 | =item B<X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED> |
d33def66 | 689 | |
05ea606a | 690 | Suite B: curve not allowed for this LOS. |
d33def66 | 691 | |
05ea606a | 692 | =item B<X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256> |
d33def66 | 693 | |
05ea606a | 694 | Suite B: cannot sign P-384 with P-256. |
d33def66 | 695 | |
05ea606a | 696 | =item B<X509_V_ERR_HOSTNAME_MISMATCH> |
d33def66 | 697 | |
05ea606a | 698 | Hostname mismatch. |
d33def66 | 699 | |
05ea606a | 700 | =item B<X509_V_ERR_EMAIL_MISMATCH> |
d33def66 | 701 | |
05ea606a | 702 | Email address mismatch. |
d33def66 | 703 | |
05ea606a | 704 | =item B<X509_V_ERR_IP_ADDRESS_MISMATCH> |
d33def66 | 705 | |
05ea606a | 706 | IP address mismatch. |
d33def66 | 707 | |
05ea606a | 708 | =item B<X509_V_ERR_DANE_NO_MATCH> |
d33def66 VD |
709 | |
710 | DANE TLSA authentication is enabled, but no TLSA records matched the | |
711 | certificate chain. | |
8bc93d2f | 712 | This error is only possible in L<openssl-s_client(1)>. |
d33def66 | 713 | |
3bb0f989 TS |
714 | =item B<X509_V_ERR_EE_KEY_TOO_SMALL> |
715 | ||
716 | EE certificate key too weak. | |
717 | ||
718 | =item B<X509_ERR_CA_KEY_TOO_SMALL> | |
719 | ||
720 | CA certificate key too weak. | |
721 | ||
722 | =item B<X509_ERR_CA_MD_TOO_WEAK> | |
723 | ||
724 | CA signature digest algorithm too weak. | |
725 | ||
726 | =item B<X509_V_ERR_INVALID_CALL> | |
727 | ||
728 | nvalid certificate verification context. | |
729 | ||
730 | =item B<X509_V_ERR_STORE_LOOKUP> | |
731 | ||
732 | Issuer certificate lookup error. | |
733 | ||
734 | =item B<X509_V_ERR_NO_VALID_SCTS> | |
735 | ||
736 | Certificate Transparency required, but no valid SCTs found. | |
737 | ||
738 | =item B<X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION> | |
739 | ||
740 | Proxy subject name violation. | |
741 | ||
742 | =item B<X509_V_ERR_OCSP_VERIFY_NEEDED> | |
743 | ||
744 | Returned by the verify callback to indicate an OCSP verification is needed. | |
745 | ||
746 | =item B<X509_V_ERR_OCSP_VERIFY_FAILED> | |
747 | ||
748 | Returned by the verify callback to indicate OCSP verification failed. | |
749 | ||
750 | =item B<X509_V_ERR_OCSP_CERT_UNKNOWN> | |
751 | ||
752 | Returned by the verify callback to indicate that the certificate is not recognized | |
753 | by the OCSP responder. | |
754 | ||
7b418a47 | 755 | =back |
13938ace | 756 | |
709e8595 DSH |
757 | =head1 BUGS |
758 | ||
c4de074e P |
759 | Although the issuer checks are a considerable improvement over the old |
760 | technique they still suffer from limitations in the underlying X509_LOOKUP | |
761 | API. One consequence of this is that trusted certificates with matching | |
762 | subject name must either appear in a file (as specified by the B<-CAfile> | |
763 | option) or a directory (as specified by B<-CApath>). If they occur in | |
764 | both then only the certificates in the file will be recognised. | |
709e8595 | 765 | |
c4de074e P |
766 | Previous versions of OpenSSL assume certificates with matching subject |
767 | name are identical and mishandled them. | |
709e8595 | 768 | |
7d3d1788 DSH |
769 | Previous versions of this documentation swapped the meaning of the |
770 | B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> and | |
0634424f | 771 | B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. |
7d3d1788 | 772 | |
13938ace DSH |
773 | =head1 SEE ALSO |
774 | ||
b6b66573 DMSP |
775 | L<openssl(1)>, |
776 | L<openssl-x509(1)> | |
13938ace | 777 | |
fa7b0111 MC |
778 | =head1 HISTORY |
779 | ||
fc5ecadd | 780 | The B<-show_chain> option was added in OpenSSL 1.1.0. |
d33def66 VD |
781 | |
782 | The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and | |
783 | is silently ignored. | |
fa7b0111 | 784 | |
4674aaf4 | 785 | The B<-sm2-id> and B<-sm2-hex-id> options were added in OpenSSL 3.0. |
7eba43e8 | 786 | |
e2f92610 RS |
787 | =head1 COPYRIGHT |
788 | ||
7eba43e8 | 789 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 790 | |
449040b4 | 791 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
792 | this file except in compliance with the License. You can obtain a copy |
793 | in the file LICENSE in the source distribution or at | |
794 | L<https://www.openssl.org/source/license.html>. | |
795 | ||
796 | =cut |