]>
Commit | Line | Data |
---|---|---|
13938ace DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
b6b66573 | 5 | openssl-verify - Utility to verify certificates |
13938ace DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl> B<verify> | |
169394d4 | 10 | [B<-help>] |
e8769719 RS |
11 | [B<-CAfile> I<file>] |
12 | [B<-CApath> I<directory>] | |
40e2d76b MC |
13 | [B<-no-CAfile>] |
14 | [B<-no-CApath>] | |
a392ef20 | 15 | [B<-allow_proxy_certs>] |
e8769719 | 16 | [B<-attime> I<timestamp>] |
cd028c8e | 17 | [B<-check_ss_sig>] |
e8769719 | 18 | [B<-CRLfile> I<file>] |
79a55b1f | 19 | [B<-crl_download>] |
e5fa864f DSH |
20 | [B<-crl_check>] |
21 | [B<-crl_check_all>] | |
e8769719 | 22 | [B<-engine> I<id>] |
e5fa864f | 23 | [B<-explicit_policy>] |
e5fa864f | 24 | [B<-extended_crl>] |
2866441a HK |
25 | [B<-ignore_critical>] |
26 | [B<-inhibit_any>] | |
27 | [B<-inhibit_map>] | |
e8769719 | 28 | [B<-nameopt> I<option>] |
5a1f853b | 29 | [B<-no_check_time>] |
cd028c8e | 30 | [B<-partial_chain>] |
e8769719 | 31 | [B<-policy> I<arg>] |
2866441a HK |
32 | [B<-policy_check>] |
33 | [B<-policy_print>] | |
e8769719 | 34 | [B<-purpose> I<purpose>] |
cd028c8e HK |
35 | [B<-suiteB_128>] |
36 | [B<-suiteB_128_only>] | |
37 | [B<-suiteB_192>] | |
2866441a | 38 | [B<-trusted_first>] |
fa7b0111 | 39 | [B<-no_alt_chains>] |
e8769719 RS |
40 | [B<-untrusted> I<file>] |
41 | [B<-trusted> I<file>] | |
2866441a | 42 | [B<-use_deltas>] |
13938ace | 43 | [B<-verbose>] |
e8769719 RS |
44 | [B<-auth_level> I<level>] |
45 | [B<-verify_depth> I<num>] | |
46 | [B<-verify_email> I<email>] | |
47 | [B<-verify_hostname> I<hostname>] | |
48 | [B<-verify_ip> I<ip>] | |
49 | [B<-verify_name> I<name>] | |
2866441a | 50 | [B<-x509_strict>] |
7f3f41d8 | 51 | [B<-show_chain>] |
7eba43e8 PY |
52 | [B<-sm2-id string>] |
53 | [B<-sm2-hex-id hex-string>] | |
13938ace DSH |
54 | [B<->] |
55 | [certificates] | |
56 | ||
13938ace DSH |
57 | =head1 DESCRIPTION |
58 | ||
59 | The B<verify> command verifies certificate chains. | |
60 | ||
3dfda1a6 | 61 | =head1 OPTIONS |
13938ace DSH |
62 | |
63 | =over 4 | |
64 | ||
169394d4 MR |
65 | =item B<-help> |
66 | ||
67 | Print out a usage message. | |
68 | ||
e8769719 | 69 | =item B<-CAfile> I<file> |
2866441a | 70 | |
feb2f53e VD |
71 | A B<file> of trusted certificates. |
72 | The file should contain one or more certificates in PEM format. | |
2866441a | 73 | |
e8769719 | 74 | =item B<-CApath> I<directory> |
13938ace DSH |
75 | |
76 | A directory of trusted certificates. The certificates should have names | |
77 | of the form: hash.0 or have symbolic links to them of this | |
78 | form ("hash" is the hashed certificate subject name: see the B<-hash> option | |
79 | of the B<x509> utility). Under Unix the B<c_rehash> script will automatically | |
80 | create symbolic links to a directory of certificates. | |
81 | ||
40e2d76b MC |
82 | =item B<-no-CAfile> |
83 | ||
c4de074e | 84 | Do not load the trusted CA certificates from the default file location. |
40e2d76b MC |
85 | |
86 | =item B<-no-CApath> | |
87 | ||
c4de074e | 88 | Do not load the trusted CA certificates from the default directory location. |
40e2d76b | 89 | |
a392ef20 RL |
90 | =item B<-allow_proxy_certs> |
91 | ||
c4de074e | 92 | Allow the verification of proxy certificates. |
a392ef20 | 93 | |
e8769719 | 94 | =item B<-attime> I<timestamp> |
13938ace | 95 | |
2866441a HK |
96 | Perform validation checks using time specified by B<timestamp> and not |
97 | current system time. B<timestamp> is the number of seconds since | |
98 | 01.01.1970 (UNIX time). | |
13938ace | 99 | |
2866441a | 100 | =item B<-check_ss_sig> |
13938ace | 101 | |
2866441a HK |
102 | Verify the signature on the self-signed root CA. This is disabled by default |
103 | because it doesn't add any security. | |
13938ace | 104 | |
e8769719 | 105 | =item B<-CRLfile> I<file> |
fc1d88f0 | 106 | |
feb2f53e VD |
107 | The B<file> should contain one or more CRLs in PEM format. |
108 | This option can be specified more than once to include CRLs from multiple | |
109 | B<files>. | |
fc1d88f0 | 110 | |
79a55b1f MC |
111 | =item B<-crl_download> |
112 | ||
113 | Attempt to download CRL information for this certificate. | |
114 | ||
2866441a | 115 | =item B<-crl_check> |
6d3d5793 | 116 | |
2866441a HK |
117 | Checks end entity certificate validity by attempting to look up a valid CRL. |
118 | If a valid CRL cannot be found an error occurs. | |
6d3d5793 | 119 | |
2866441a | 120 | =item B<-crl_check_all> |
13938ace | 121 | |
2866441a HK |
122 | Checks the validity of B<all> certificates in the chain by attempting |
123 | to look up valid CRLs. | |
124 | ||
e8769719 | 125 | =item B<-engine> I<id> |
feb2f53e VD |
126 | |
127 | Specifying an engine B<id> will cause L<verify(1)> to attempt to load the | |
128 | specified engine. | |
129 | The engine will then be set as the default for all its supported algorithms. | |
130 | If you want to load certificates or CRLs that require engine support via any of | |
131 | the B<-trusted>, B<-untrusted> or B<-CRLfile> options, the B<-engine> option | |
132 | must be specified before those options. | |
133 | ||
2866441a HK |
134 | =item B<-explicit_policy> |
135 | ||
136 | Set policy variable require-explicit-policy (see RFC5280). | |
137 | ||
138 | =item B<-extended_crl> | |
139 | ||
140 | Enable extended CRL features such as indirect CRLs and alternate CRL | |
141 | signing keys. | |
13938ace | 142 | |
2866441a | 143 | =item B<-ignore_critical> |
13938ace | 144 | |
2866441a HK |
145 | Normally if an unhandled critical extension is present which is not |
146 | supported by OpenSSL the certificate is rejected (as required by RFC5280). | |
147 | If this option is set critical extensions are ignored. | |
148 | ||
149 | =item B<-inhibit_any> | |
150 | ||
151 | Set policy variable inhibit-any-policy (see RFC5280). | |
152 | ||
153 | =item B<-inhibit_map> | |
154 | ||
155 | Set policy variable inhibit-policy-mapping (see RFC5280). | |
13938ace | 156 | |
e8769719 | 157 | =item B<-nameopt> I<option> |
ad39b31c | 158 | |
c4de074e | 159 | Option which determines how the subject or issuer names are displayed. The |
ad39b31c DB |
160 | B<option> argument can be a single option or multiple options separated by |
161 | commas. Alternatively the B<-nameopt> switch may be used more than once to | |
162 | set multiple options. See the L<x509(1)> manual page for details. | |
163 | ||
5a1f853b RS |
164 | =item B<-no_check_time> |
165 | ||
1bc74519 | 166 | This option suppresses checking the validity period of certificates and CRLs |
e8769719 | 167 | against the current time. If option B<-attime> is used to specify |
5a1f853b RS |
168 | a verification time, the check is not suppressed. |
169 | ||
2866441a | 170 | =item B<-partial_chain> |
9ed03faa | 171 | |
feb2f53e VD |
172 | Allow verification to succeed even if a I<complete> chain cannot be built to a |
173 | self-signed trust-anchor, provided it is possible to construct a chain to a | |
174 | trusted certificate that might not be self-signed. | |
9ed03faa | 175 | |
e8769719 | 176 | =item B<-policy> I<arg> |
e5fa864f | 177 | |
3a778a29 BL |
178 | Enable policy processing and add B<arg> to the user-initial-policy-set (see |
179 | RFC5280). The policy B<arg> can be an object name an OID in numeric form. | |
180 | This argument can appear more than once. | |
e5fa864f DSH |
181 | |
182 | =item B<-policy_check> | |
183 | ||
184 | Enables certificate policy processing. | |
185 | ||
e5fa864f DSH |
186 | =item B<-policy_print> |
187 | ||
3a778a29 | 188 | Print out diagnostics related to policy processing. |
e5fa864f | 189 | |
e8769719 | 190 | =item B<-purpose> I<purpose> |
e5fa864f | 191 | |
2866441a HK |
192 | The intended use for the certificate. If this option is not specified, |
193 | B<verify> will not consider certificate purpose during chain verification. | |
194 | Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>, | |
195 | B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more | |
196 | information. | |
e5fa864f | 197 | |
2866441a | 198 | =item B<-suiteB_128_only>, B<-suiteB_128>, B<-suiteB_192> |
e5fa864f | 199 | |
c4de074e | 200 | Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or |
2866441a HK |
201 | 192 bit, or only 192 bit Level of Security respectively. |
202 | See RFC6460 for details. In particular the supported signature algorithms are | |
203 | reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves | |
204 | P-256 and P-384. | |
e5fa864f | 205 | |
2866441a | 206 | =item B<-trusted_first> |
e5fa864f | 207 | |
feb2f53e VD |
208 | When constructing the certificate chain, use the trusted certificates specified |
209 | via B<-CAfile>, B<-CApath> or B<-trusted> before any certificates specified via | |
210 | B<-untrusted>. | |
211 | This can be useful in environments with Bridge or Cross-Certified CAs. | |
0daccd4d | 212 | As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. |
e5fa864f | 213 | |
fa7b0111 MC |
214 | =item B<-no_alt_chains> |
215 | ||
0daccd4d VD |
216 | By default, unless B<-trusted_first> is specified, when building a certificate |
217 | chain, if the first certificate chain found is not trusted, then OpenSSL will | |
218 | attempt to replace untrusted issuer certificates with certificates from the | |
219 | trust store to see if an alternative chain can be found that is trusted. | |
220 | As of OpenSSL 1.1.0, with B<-trusted_first> always on, this option has no | |
221 | effect. | |
fa7b0111 | 222 | |
e8769719 | 223 | =item B<-untrusted> I<file> |
e5fa864f | 224 | |
feb2f53e | 225 | A B<file> of additional untrusted certificates (intermediate issuer CAs) used |
35ed393e | 226 | to construct a certificate chain from the subject certificate to a trust-anchor. |
feb2f53e | 227 | The B<file> should contain one or more certificates in PEM format. |
77a795e4 | 228 | This option can be specified more than once to include untrusted certificates |
feb2f53e | 229 | from multiple B<files>. |
e5fa864f | 230 | |
e8769719 | 231 | =item B<-trusted> I<file> |
79a55b1f | 232 | |
feb2f53e VD |
233 | A B<file> of trusted certificates, which must be self-signed, unless the |
234 | B<-partial_chain> option is specified. | |
77a795e4 | 235 | The B<file> contains one or more certificates in PEM format. |
feb2f53e VD |
236 | With this option, no additional (e.g., default) certificate lists are |
237 | consulted. | |
238 | That is, the only trust-anchors are those listed in B<file>. | |
239 | This option can be specified more than once to include trusted certificates | |
240 | from multiple B<files>. | |
241 | This option implies the B<-no-CAfile> and B<-no-CApath> options. | |
242 | This option cannot be used in combination with either of the B<-CAfile> or | |
243 | B<-CApath> options. | |
79a55b1f | 244 | |
e5fa864f DSH |
245 | =item B<-use_deltas> |
246 | ||
247 | Enable support for delta CRLs. | |
248 | ||
2866441a | 249 | =item B<-verbose> |
cd028c8e | 250 | |
2866441a | 251 | Print extra information about the operations being performed. |
cd028c8e | 252 | |
e8769719 | 253 | =item B<-auth_level> I<level> |
fbb82a60 VD |
254 | |
255 | Set the certificate chain authentication security level to B<level>. | |
256 | The authentication security level determines the acceptable signature and | |
257 | public key strength when verifying certificate chains. | |
258 | For a certificate chain to validate, the public keys of all the certificates | |
259 | must meet the specified security B<level>. | |
260 | The signature algorithm security level is enforced for all the certificates in | |
261 | the chain except for the chain's I<trust anchor>, which is either directly | |
262 | trusted or validated by means other than its signature. | |
263 | See L<SSL_CTX_set_security_level(3)> for the definitions of the available | |
264 | levels. | |
265 | The default security level is -1, or "not set". | |
266 | At security level 0 or lower all algorithms are acceptable. | |
267 | Security level 1 requires at least 80-bit-equivalent security and is broadly | |
268 | interoperable, though it will, for example, reject MD5 signatures or RSA keys | |
269 | shorter than 1024 bits. | |
270 | ||
e8769719 | 271 | =item B<-verify_depth> I<num> |
cd028c8e | 272 | |
fbb82a60 VD |
273 | Limit the certificate chain to B<num> intermediate CA certificates. |
274 | A maximal depth chain can have up to B<num+2> certificates, since neither the | |
275 | end-entity certificate nor the trust-anchor certificate count against the | |
276 | B<-verify_depth> limit. | |
cd028c8e | 277 | |
e8769719 | 278 | =item B<-verify_email> I<email> |
cd028c8e HK |
279 | |
280 | Verify if the B<email> matches the email address in Subject Alternative Name or | |
115e4809 | 281 | the email in the subject Distinguished Name. |
cd028c8e | 282 | |
e8769719 | 283 | =item B<-verify_hostname> I<hostname> |
cd028c8e HK |
284 | |
285 | Verify if the B<hostname> matches DNS name in Subject Alternative Name or | |
286 | Common Name in the subject certificate. | |
287 | ||
e8769719 | 288 | =item B<-verify_ip> I<ip> |
cd028c8e HK |
289 | |
290 | Verify if the B<ip> matches the IP address in Subject Alternative Name of | |
291 | the subject certificate. | |
292 | ||
e8769719 | 293 | =item B<-verify_name> I<name> |
cd028c8e | 294 | |
feb2f53e | 295 | Use default verification policies like trust model and required certificate |
cd028c8e | 296 | policies identified by B<name>. |
0daccd4d VD |
297 | The trust model determines which auxiliary trust or reject OIDs are applicable |
298 | to verifying the given certificate chain. | |
299 | See the B<-addtrust> and B<-addreject> options of the L<x509(1)> command-line | |
300 | utility. | |
feb2f53e VD |
301 | Supported policy names include: B<default>, B<pkcs7>, B<smime_sign>, |
302 | B<ssl_client>, B<ssl_server>. | |
0daccd4d VD |
303 | These mimics the combinations of purpose and trust settings used in SSL, CMS |
304 | and S/MIME. | |
305 | As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not | |
306 | specified, so the B<-verify_name> options are functionally equivalent to the | |
307 | corresponding B<-purpose> settings. | |
cd028c8e | 308 | |
2866441a HK |
309 | =item B<-x509_strict> |
310 | ||
311 | For strict X.509 compliance, disable non-compliant workarounds for broken | |
312 | certificates. | |
313 | ||
7f3f41d8 MC |
314 | =item B<-show_chain> |
315 | ||
316 | Display information about the certificate chain that has been built (if | |
317 | successful). Certificates in the chain that came from the untrusted list will be | |
318 | flagged as "untrusted". | |
319 | ||
7eba43e8 PY |
320 | =item B<-sm2-id> |
321 | ||
322 | Specify the ID string to use when verifying an SM2 certificate. The ID string is | |
323 | required by the SM2 signature algorithm for signing and verification. | |
324 | ||
325 | =item B<-sm2-hex-id> | |
326 | ||
327 | Specify a binary ID string to use when signing or verifying using an SM2 | |
328 | certificate. The argument for this option is string of hexadecimal digits. | |
329 | ||
13938ace DSH |
330 | =item B<-> |
331 | ||
3a778a29 | 332 | Indicates the last option. All arguments following this are assumed to be |
7b418a47 DSH |
333 | certificate files. This is useful if the first certificate filename begins |
334 | with a B<->. | |
13938ace DSH |
335 | |
336 | =item B<certificates> | |
337 | ||
3a778a29 BL |
338 | One or more certificates to verify. If no certificates are given, B<verify> |
339 | will attempt to read a certificate from standard input. Certificates must be | |
340 | in PEM format. | |
13938ace DSH |
341 | |
342 | =back | |
343 | ||
344 | =head1 VERIFY OPERATION | |
345 | ||
346 | The B<verify> program uses the same functions as the internal SSL and S/MIME | |
347 | verification, therefore this description applies to these verify operations | |
348 | too. | |
349 | ||
350 | There is one crucial difference between the verify operations performed | |
351 | by the B<verify> program: wherever possible an attempt is made to continue | |
352 | after an error whereas normally the verify operation would halt on the | |
353 | first error. This allows all the problems with a certificate chain to be | |
354 | determined. | |
355 | ||
356 | The verify operation consists of a number of separate steps. | |
357 | ||
358 | Firstly a certificate chain is built up starting from the supplied certificate | |
feb2f53e VD |
359 | and ending in the root CA. |
360 | It is an error if the whole chain cannot be built up. | |
361 | The chain is built up by looking up the issuers certificate of the current | |
362 | certificate. | |
363 | If a certificate is found which is its own issuer it is assumed to be the root | |
364 | CA. | |
365 | ||
366 | The process of 'looking up the issuers certificate' itself involves a number of | |
367 | steps. | |
77a795e4 | 368 | After all certificates whose subject name matches the issuer name of the current |
feb2f53e VD |
369 | certificate are subject to further tests. |
370 | The relevant authority key identifier components of the current certificate (if | |
371 | present) must match the subject key identifier (if present) and issuer and | |
372 | serial number of the candidate issuer, in addition the keyUsage extension of | |
373 | the candidate issuer (if present) must permit certificate signing. | |
709e8595 | 374 | |
13938ace | 375 | The lookup first looks in the list of untrusted certificates and if no match |
19d2bb57 | 376 | is found the remaining lookups are from the trusted certificates. The root CA |
13938ace DSH |
377 | is always looked up in the trusted certificate list: if the certificate to |
378 | verify is a root certificate then an exact match must be found in the trusted | |
379 | list. | |
380 | ||
381 | The second operation is to check every untrusted certificate's extensions for | |
382 | consistency with the supplied purpose. If the B<-purpose> option is not included | |
383 | then no checks are done. The supplied or "leaf" certificate must have extensions | |
384 | compatible with the supplied purpose and all other certificates must also be valid | |
385 | CA certificates. The precise extensions required are described in more detail in | |
7b418a47 | 386 | the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility. |
13938ace | 387 | |
feb2f53e VD |
388 | The third operation is to check the trust settings on the root CA. The root CA |
389 | should be trusted for the supplied purpose. | |
390 | For compatibility with previous versions of OpenSSL, a certificate with no | |
391 | trust settings is considered to be valid for all purposes. | |
13938ace DSH |
392 | |
393 | The final operation is to check the validity of the certificate chain. The validity | |
394 | period is checked against the current system time and the notBefore and notAfter | |
395 | dates in the certificate. The certificate signatures are also checked at this | |
396 | point. | |
397 | ||
398 | If all operations complete successfully then certificate is considered valid. If | |
399 | any operation fails then the certificate is not valid. | |
400 | ||
7b418a47 DSH |
401 | =head1 DIAGNOSTICS |
402 | ||
403 | When a verify operation fails the output messages can be somewhat cryptic. The | |
404 | general form of the error message is: | |
405 | ||
406 | server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) | |
407 | error 24 at 1 depth lookup:invalid CA certificate | |
408 | ||
409 | The first line contains the name of the certificate being verified followed by | |
410 | the subject name of the certificate. The second line contains the error number | |
411 | and the depth. The depth is number of the certificate being verified when a | |
412 | problem was detected starting with zero for the certificate being verified itself | |
413 | then 1 for the CA that signed the certificate and so on. Finally a text version | |
414 | of the error number is presented. | |
415 | ||
77a795e4 | 416 | A partial list of the error codes and messages is shown below, this also |
7b418a47 DSH |
417 | includes the name of the error code as defined in the header file x509_vfy.h |
418 | Some of the error codes are defined but never returned: these are described | |
419 | as "unused". | |
420 | ||
421 | =over 4 | |
422 | ||
0634424f | 423 | =item B<X509_V_OK> |
7b418a47 | 424 | |
0634424f | 425 | The operation was successful. |
7b418a47 | 426 | |
0634424f | 427 | =item B<X509_V_ERR_UNSPECIFIED> |
d33def66 | 428 | |
0634424f | 429 | Unspecified error; should not happen. |
d33def66 | 430 | |
0634424f | 431 | =item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> |
7b418a47 | 432 | |
0634424f | 433 | The issuer certificate of a looked up certificate could not be found. This |
7d3d1788 | 434 | normally means the list of trusted certificates is not complete. |
7b418a47 | 435 | |
0634424f | 436 | =item B<X509_V_ERR_UNABLE_TO_GET_CRL> |
7b418a47 | 437 | |
0634424f | 438 | The CRL of a certificate could not be found. |
7b418a47 | 439 | |
0634424f | 440 | =item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE> |
7b418a47 | 441 | |
c4de074e P |
442 | The certificate signature could not be decrypted. This means that the |
443 | actual signature value could not be determined rather than it not matching | |
444 | the expected value, this is only meaningful for RSA keys. | |
7b418a47 | 445 | |
0634424f | 446 | =item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE> |
7b418a47 | 447 | |
c4de074e P |
448 | The CRL signature could not be decrypted: this means that the actual |
449 | signature value could not be determined rather than it not matching the | |
450 | expected value. Unused. | |
7b418a47 | 451 | |
0634424f | 452 | =item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY> |
7b418a47 | 453 | |
0634424f | 454 | The public key in the certificate SubjectPublicKeyInfo could not be read. |
7b418a47 | 455 | |
0634424f | 456 | =item B<X509_V_ERR_CERT_SIGNATURE_FAILURE> |
7b418a47 | 457 | |
0634424f | 458 | The signature of the certificate is invalid. |
7b418a47 | 459 | |
0634424f | 460 | =item B<X509_V_ERR_CRL_SIGNATURE_FAILURE> |
7b418a47 | 461 | |
0634424f | 462 | The signature of the certificate is invalid. |
7b418a47 | 463 | |
0634424f | 464 | =item B<X509_V_ERR_CERT_NOT_YET_VALID> |
7b418a47 | 465 | |
c4de074e P |
466 | The certificate is not yet valid: the notBefore date is after the |
467 | current time. | |
7b418a47 | 468 | |
0634424f | 469 | =item B<X509_V_ERR_CERT_HAS_EXPIRED> |
7b418a47 | 470 | |
c4de074e P |
471 | The certificate has expired: that is the notAfter date is before the |
472 | current time. | |
7b418a47 | 473 | |
0634424f | 474 | =item B<X509_V_ERR_CRL_NOT_YET_VALID> |
7b418a47 | 475 | |
0634424f | 476 | The CRL is not yet valid. |
7b418a47 | 477 | |
0634424f | 478 | =item B<X509_V_ERR_CRL_HAS_EXPIRED> |
7b418a47 | 479 | |
0634424f | 480 | The CRL has expired. |
7b418a47 | 481 | |
0634424f | 482 | =item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD> |
7b418a47 | 483 | |
0634424f | 484 | The certificate notBefore field contains an invalid time. |
13938ace | 485 | |
0634424f | 486 | =item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD> |
7b418a47 | 487 | |
0634424f | 488 | The certificate notAfter field contains an invalid time. |
7b418a47 | 489 | |
0634424f | 490 | =item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD> |
7b418a47 | 491 | |
0634424f | 492 | The CRL lastUpdate field contains an invalid time. |
7b418a47 | 493 | |
0634424f | 494 | =item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD> |
7b418a47 | 495 | |
0634424f | 496 | The CRL nextUpdate field contains an invalid time. |
7b418a47 | 497 | |
0634424f | 498 | =item B<X509_V_ERR_OUT_OF_MEM> |
7b418a47 | 499 | |
0634424f | 500 | An error occurred trying to allocate memory. This should never happen. |
7b418a47 | 501 | |
0634424f | 502 | =item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT> |
7b418a47 | 503 | |
c4de074e P |
504 | The passed certificate is self-signed and the same certificate cannot |
505 | be found in the list of trusted certificates. | |
7b418a47 | 506 | |
0634424f | 507 | =item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN> |
7b418a47 | 508 | |
c4de074e P |
509 | The certificate chain could be built up using the untrusted certificates |
510 | but the root could not be found locally. | |
7b418a47 | 511 | |
0634424f | 512 | =item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> |
7b418a47 | 513 | |
0634424f | 514 | The issuer certificate could not be found: this occurs if the issuer |
7d3d1788 | 515 | certificate of an untrusted certificate cannot be found. |
7b418a47 | 516 | |
0634424f | 517 | =item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE> |
7b418a47 | 518 | |
c4de074e P |
519 | No signatures could be verified because the chain contains only one |
520 | certificate and it is not self signed. | |
7b418a47 | 521 | |
0634424f | 522 | =item B<X509_V_ERR_CERT_CHAIN_TOO_LONG> |
7b418a47 | 523 | |
c4de074e P |
524 | The certificate chain length is greater than the supplied maximum |
525 | depth. Unused. | |
7b418a47 | 526 | |
0634424f | 527 | =item B<X509_V_ERR_CERT_REVOKED> |
7b418a47 | 528 | |
0634424f | 529 | The certificate has been revoked. |
7b418a47 | 530 | |
0634424f | 531 | =item B<X509_V_ERR_INVALID_CA> |
7b418a47 | 532 | |
c4de074e P |
533 | A CA certificate is invalid. Either it is not a CA or its extensions |
534 | are not consistent with the supplied purpose. | |
7b418a47 | 535 | |
0634424f | 536 | =item B<X509_V_ERR_PATH_LENGTH_EXCEEDED> |
7b418a47 | 537 | |
0634424f | 538 | The basicConstraints pathlength parameter has been exceeded. |
7b418a47 | 539 | |
0634424f | 540 | =item B<X509_V_ERR_INVALID_PURPOSE> |
7b418a47 | 541 | |
0634424f | 542 | The supplied certificate cannot be used for the specified purpose. |
7b418a47 | 543 | |
0634424f | 544 | =item B<X509_V_ERR_CERT_UNTRUSTED> |
7b418a47 | 545 | |
c4de074e | 546 | The root CA is not marked as trusted for the specified purpose. |
7b418a47 | 547 | |
0634424f | 548 | =item B<X509_V_ERR_CERT_REJECTED> |
7b418a47 | 549 | |
0634424f | 550 | The root CA is marked to reject the specified purpose. |
7b418a47 | 551 | |
0634424f | 552 | =item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH> |
709e8595 | 553 | |
c4de074e | 554 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
d33def66 | 555 | B<-issuer_checks> option. |
709e8595 | 556 | |
0634424f | 557 | =item B<X509_V_ERR_AKID_SKID_MISMATCH> |
709e8595 | 558 | |
d33def66 VD |
559 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
560 | B<-issuer_checks> option. | |
709e8595 | 561 | |
0634424f | 562 | =item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH> |
709e8595 | 563 | |
d33def66 VD |
564 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
565 | B<-issuer_checks> option. | |
566 | ||
0634424f | 567 | =item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN> |
d33def66 VD |
568 | |
569 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the | |
570 | B<-issuer_checks> option. | |
571 | ||
05ea606a | 572 | =item B<X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER> |
d33def66 | 573 | |
05ea606a | 574 | Unable to get CRL issuer certificate. |
d33def66 | 575 | |
05ea606a | 576 | =item B<X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION> |
d33def66 | 577 | |
05ea606a | 578 | Unhandled critical extension. |
d33def66 | 579 | |
05ea606a | 580 | =item B<X509_V_ERR_KEYUSAGE_NO_CRL_SIGN> |
d33def66 | 581 | |
05ea606a | 582 | Key usage does not include CRL signing. |
d33def66 | 583 | |
05ea606a | 584 | =item B<X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION> |
d33def66 | 585 | |
05ea606a | 586 | Unhandled critical CRL extension. |
d33def66 | 587 | |
05ea606a | 588 | =item B<X509_V_ERR_INVALID_NON_CA> |
d33def66 | 589 | |
05ea606a | 590 | Invalid non-CA certificate has CA markings. |
d33def66 | 591 | |
05ea606a | 592 | =item B<X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED> |
d33def66 | 593 | |
05ea606a | 594 | Proxy path length constraint exceeded. |
d33def66 | 595 | |
a392ef20 RL |
596 | =item B<X509_V_ERR_PROXY_SUBJECT_INVALID> |
597 | ||
598 | Proxy certificate subject is invalid. It MUST be the same as the issuer | |
599 | with a single CN component added. | |
600 | ||
05ea606a | 601 | =item B<X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE> |
d33def66 | 602 | |
05ea606a | 603 | Key usage does not include digital signature. |
d33def66 | 604 | |
05ea606a | 605 | =item B<X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED> |
d33def66 | 606 | |
a392ef20 | 607 | Proxy certificates not allowed, please use B<-allow_proxy_certs>. |
d33def66 | 608 | |
05ea606a | 609 | =item B<X509_V_ERR_INVALID_EXTENSION> |
d33def66 | 610 | |
05ea606a | 611 | Invalid or inconsistent certificate extension. |
d33def66 | 612 | |
05ea606a | 613 | =item B<X509_V_ERR_INVALID_POLICY_EXTENSION> |
d33def66 | 614 | |
05ea606a | 615 | Invalid or inconsistent certificate policy extension. |
d33def66 | 616 | |
05ea606a | 617 | =item B<X509_V_ERR_NO_EXPLICIT_POLICY> |
d33def66 | 618 | |
05ea606a | 619 | No explicit policy. |
d33def66 | 620 | |
05ea606a | 621 | =item B<X509_V_ERR_DIFFERENT_CRL_SCOPE> |
d33def66 | 622 | |
05ea606a | 623 | Different CRL scope. |
d33def66 | 624 | |
05ea606a | 625 | =item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE> |
d33def66 | 626 | |
05ea606a | 627 | Unsupported extension feature. |
d33def66 | 628 | |
05ea606a | 629 | =item B<X509_V_ERR_UNNESTED_RESOURCE> |
d33def66 | 630 | |
05ea606a | 631 | RFC 3779 resource not subset of parent's resources. |
d33def66 | 632 | |
05ea606a | 633 | =item B<X509_V_ERR_PERMITTED_VIOLATION> |
709e8595 | 634 | |
05ea606a | 635 | Permitted subtree violation. |
709e8595 | 636 | |
05ea606a | 637 | =item B<X509_V_ERR_EXCLUDED_VIOLATION> |
d33def66 | 638 | |
05ea606a | 639 | Excluded subtree violation. |
d33def66 | 640 | |
05ea606a | 641 | =item B<X509_V_ERR_SUBTREE_MINMAX> |
d33def66 | 642 | |
05ea606a | 643 | Name constraints minimum and maximum not supported. |
709e8595 | 644 | |
05ea606a | 645 | =item B<X509_V_ERR_APPLICATION_VERIFICATION> |
7b418a47 | 646 | |
05ea606a | 647 | Application verification failure. Unused. |
7b418a47 | 648 | |
05ea606a | 649 | =item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE> |
d33def66 | 650 | |
05ea606a | 651 | Unsupported name constraint type. |
d33def66 | 652 | |
05ea606a | 653 | =item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX> |
d33def66 | 654 | |
05ea606a | 655 | Unsupported or invalid name constraint syntax. |
d33def66 | 656 | |
05ea606a | 657 | =item B<X509_V_ERR_UNSUPPORTED_NAME_SYNTAX> |
d33def66 | 658 | |
05ea606a | 659 | Unsupported or invalid name syntax. |
d33def66 | 660 | |
05ea606a | 661 | =item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR> |
d33def66 | 662 | |
05ea606a | 663 | CRL path validation error. |
d33def66 | 664 | |
05ea606a | 665 | =item B<X509_V_ERR_PATH_LOOP> |
d33def66 | 666 | |
05ea606a | 667 | Path loop. |
d33def66 | 668 | |
05ea606a | 669 | =item B<X509_V_ERR_SUITE_B_INVALID_VERSION> |
d33def66 | 670 | |
05ea606a | 671 | Suite B: certificate version invalid. |
d33def66 | 672 | |
05ea606a | 673 | =item B<X509_V_ERR_SUITE_B_INVALID_ALGORITHM> |
d33def66 | 674 | |
05ea606a | 675 | Suite B: invalid public key algorithm. |
d33def66 | 676 | |
05ea606a | 677 | =item B<X509_V_ERR_SUITE_B_INVALID_CURVE> |
d33def66 | 678 | |
05ea606a | 679 | Suite B: invalid ECC curve. |
d33def66 | 680 | |
05ea606a | 681 | =item B<X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM> |
d33def66 | 682 | |
05ea606a | 683 | Suite B: invalid signature algorithm. |
d33def66 | 684 | |
05ea606a | 685 | =item B<X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED> |
d33def66 | 686 | |
05ea606a | 687 | Suite B: curve not allowed for this LOS. |
d33def66 | 688 | |
05ea606a | 689 | =item B<X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256> |
d33def66 | 690 | |
05ea606a | 691 | Suite B: cannot sign P-384 with P-256. |
d33def66 | 692 | |
05ea606a | 693 | =item B<X509_V_ERR_HOSTNAME_MISMATCH> |
d33def66 | 694 | |
05ea606a | 695 | Hostname mismatch. |
d33def66 | 696 | |
05ea606a | 697 | =item B<X509_V_ERR_EMAIL_MISMATCH> |
d33def66 | 698 | |
05ea606a | 699 | Email address mismatch. |
d33def66 | 700 | |
05ea606a | 701 | =item B<X509_V_ERR_IP_ADDRESS_MISMATCH> |
d33def66 | 702 | |
05ea606a | 703 | IP address mismatch. |
d33def66 | 704 | |
05ea606a | 705 | =item B<X509_V_ERR_DANE_NO_MATCH> |
d33def66 VD |
706 | |
707 | DANE TLSA authentication is enabled, but no TLSA records matched the | |
708 | certificate chain. | |
709 | This error is only possible in L<s_client(1)>. | |
710 | ||
3bb0f989 TS |
711 | =item B<X509_V_ERR_EE_KEY_TOO_SMALL> |
712 | ||
713 | EE certificate key too weak. | |
714 | ||
715 | =item B<X509_ERR_CA_KEY_TOO_SMALL> | |
716 | ||
717 | CA certificate key too weak. | |
718 | ||
719 | =item B<X509_ERR_CA_MD_TOO_WEAK> | |
720 | ||
721 | CA signature digest algorithm too weak. | |
722 | ||
723 | =item B<X509_V_ERR_INVALID_CALL> | |
724 | ||
725 | nvalid certificate verification context. | |
726 | ||
727 | =item B<X509_V_ERR_STORE_LOOKUP> | |
728 | ||
729 | Issuer certificate lookup error. | |
730 | ||
731 | =item B<X509_V_ERR_NO_VALID_SCTS> | |
732 | ||
733 | Certificate Transparency required, but no valid SCTs found. | |
734 | ||
735 | =item B<X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION> | |
736 | ||
737 | Proxy subject name violation. | |
738 | ||
739 | =item B<X509_V_ERR_OCSP_VERIFY_NEEDED> | |
740 | ||
741 | Returned by the verify callback to indicate an OCSP verification is needed. | |
742 | ||
743 | =item B<X509_V_ERR_OCSP_VERIFY_FAILED> | |
744 | ||
745 | Returned by the verify callback to indicate OCSP verification failed. | |
746 | ||
747 | =item B<X509_V_ERR_OCSP_CERT_UNKNOWN> | |
748 | ||
749 | Returned by the verify callback to indicate that the certificate is not recognized | |
750 | by the OCSP responder. | |
751 | ||
7b418a47 | 752 | =back |
13938ace | 753 | |
709e8595 DSH |
754 | =head1 BUGS |
755 | ||
c4de074e P |
756 | Although the issuer checks are a considerable improvement over the old |
757 | technique they still suffer from limitations in the underlying X509_LOOKUP | |
758 | API. One consequence of this is that trusted certificates with matching | |
759 | subject name must either appear in a file (as specified by the B<-CAfile> | |
760 | option) or a directory (as specified by B<-CApath>). If they occur in | |
761 | both then only the certificates in the file will be recognised. | |
709e8595 | 762 | |
c4de074e P |
763 | Previous versions of OpenSSL assume certificates with matching subject |
764 | name are identical and mishandled them. | |
709e8595 | 765 | |
7d3d1788 DSH |
766 | Previous versions of this documentation swapped the meaning of the |
767 | B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> and | |
0634424f | 768 | B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. |
7d3d1788 | 769 | |
13938ace DSH |
770 | =head1 SEE ALSO |
771 | ||
b6b66573 DMSP |
772 | L<openssl(1)>, |
773 | L<openssl-x509(1)> | |
13938ace | 774 | |
fa7b0111 MC |
775 | =head1 HISTORY |
776 | ||
fc5ecadd | 777 | The B<-show_chain> option was added in OpenSSL 1.1.0. |
d33def66 VD |
778 | |
779 | The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and | |
780 | is silently ignored. | |
fa7b0111 | 781 | |
4674aaf4 | 782 | The B<-sm2-id> and B<-sm2-hex-id> options were added in OpenSSL 3.0. |
7eba43e8 | 783 | |
e2f92610 RS |
784 | =head1 COPYRIGHT |
785 | ||
7eba43e8 | 786 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 787 | |
449040b4 | 788 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
789 | this file except in compliance with the License. You can obtain a copy |
790 | in the file LICENSE in the source distribution or at | |
791 | L<https://www.openssl.org/source/license.html>. | |
792 | ||
793 | =cut |