]>
Commit | Line | Data |
---|---|---|
13938ace DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
bb9ad09e | 5 | verify - Utility to verify certificates |
13938ace DSH |
6 | |
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl> B<verify> | |
169394d4 | 10 | [B<-help>] |
13938ace | 11 | [B<-CAfile file>] |
2866441a | 12 | [B<-CApath directory>] |
40e2d76b MC |
13 | [B<-no-CAfile>] |
14 | [B<-no-CApath>] | |
a392ef20 | 15 | [B<-allow_proxy_certs>] |
2866441a | 16 | [B<-attime timestamp>] |
cd028c8e | 17 | [B<-check_ss_sig>] |
8332f91c | 18 | [B<-CRLfile file>] |
79a55b1f | 19 | [B<-crl_download>] |
e5fa864f DSH |
20 | [B<-crl_check>] |
21 | [B<-crl_check_all>] | |
feb2f53e | 22 | [B<-engine id>] |
e5fa864f | 23 | [B<-explicit_policy>] |
e5fa864f | 24 | [B<-extended_crl>] |
2866441a HK |
25 | [B<-ignore_critical>] |
26 | [B<-inhibit_any>] | |
27 | [B<-inhibit_map>] | |
ad39b31c | 28 | [B<-nameopt option>] |
5a1f853b | 29 | [B<-no_check_time>] |
cd028c8e | 30 | [B<-partial_chain>] |
2866441a HK |
31 | [B<-policy arg>] |
32 | [B<-policy_check>] | |
33 | [B<-policy_print>] | |
34 | [B<-purpose purpose>] | |
cd028c8e HK |
35 | [B<-suiteB_128>] |
36 | [B<-suiteB_128_only>] | |
37 | [B<-suiteB_192>] | |
2866441a | 38 | [B<-trusted_first>] |
fa7b0111 | 39 | [B<-no_alt_chains>] |
2866441a | 40 | [B<-untrusted file>] |
79a55b1f | 41 | [B<-trusted file>] |
2866441a | 42 | [B<-use_deltas>] |
13938ace | 43 | [B<-verbose>] |
fbb82a60 | 44 | [B<-auth_level level>] |
cd028c8e HK |
45 | [B<-verify_depth num>] |
46 | [B<-verify_email email>] | |
47 | [B<-verify_hostname hostname>] | |
48 | [B<-verify_ip ip>] | |
49 | [B<-verify_name name>] | |
2866441a | 50 | [B<-x509_strict>] |
7f3f41d8 | 51 | [B<-show_chain>] |
13938ace DSH |
52 | [B<->] |
53 | [certificates] | |
54 | ||
13938ace DSH |
55 | =head1 DESCRIPTION |
56 | ||
57 | The B<verify> command verifies certificate chains. | |
58 | ||
3dfda1a6 | 59 | =head1 OPTIONS |
13938ace DSH |
60 | |
61 | =over 4 | |
62 | ||
169394d4 MR |
63 | =item B<-help> |
64 | ||
65 | Print out a usage message. | |
66 | ||
2866441a HK |
67 | =item B<-CAfile file> |
68 | ||
feb2f53e VD |
69 | A B<file> of trusted certificates. |
70 | The file should contain one or more certificates in PEM format. | |
2866441a | 71 | |
13938ace DSH |
72 | =item B<-CApath directory> |
73 | ||
74 | A directory of trusted certificates. The certificates should have names | |
75 | of the form: hash.0 or have symbolic links to them of this | |
76 | form ("hash" is the hashed certificate subject name: see the B<-hash> option | |
77 | of the B<x509> utility). Under Unix the B<c_rehash> script will automatically | |
78 | create symbolic links to a directory of certificates. | |
79 | ||
40e2d76b MC |
80 | =item B<-no-CAfile> |
81 | ||
c4de074e | 82 | Do not load the trusted CA certificates from the default file location. |
40e2d76b MC |
83 | |
84 | =item B<-no-CApath> | |
85 | ||
c4de074e | 86 | Do not load the trusted CA certificates from the default directory location. |
40e2d76b | 87 | |
a392ef20 RL |
88 | =item B<-allow_proxy_certs> |
89 | ||
c4de074e | 90 | Allow the verification of proxy certificates. |
a392ef20 | 91 | |
2866441a | 92 | =item B<-attime timestamp> |
13938ace | 93 | |
2866441a HK |
94 | Perform validation checks using time specified by B<timestamp> and not |
95 | current system time. B<timestamp> is the number of seconds since | |
96 | 01.01.1970 (UNIX time). | |
13938ace | 97 | |
2866441a | 98 | =item B<-check_ss_sig> |
13938ace | 99 | |
2866441a HK |
100 | Verify the signature on the self-signed root CA. This is disabled by default |
101 | because it doesn't add any security. | |
13938ace | 102 | |
8332f91c | 103 | =item B<-CRLfile file> |
fc1d88f0 | 104 | |
feb2f53e VD |
105 | The B<file> should contain one or more CRLs in PEM format. |
106 | This option can be specified more than once to include CRLs from multiple | |
107 | B<files>. | |
fc1d88f0 | 108 | |
79a55b1f MC |
109 | =item B<-crl_download> |
110 | ||
111 | Attempt to download CRL information for this certificate. | |
112 | ||
2866441a | 113 | =item B<-crl_check> |
6d3d5793 | 114 | |
2866441a HK |
115 | Checks end entity certificate validity by attempting to look up a valid CRL. |
116 | If a valid CRL cannot be found an error occurs. | |
6d3d5793 | 117 | |
2866441a | 118 | =item B<-crl_check_all> |
13938ace | 119 | |
2866441a HK |
120 | Checks the validity of B<all> certificates in the chain by attempting |
121 | to look up valid CRLs. | |
122 | ||
feb2f53e VD |
123 | =item B<-engine id> |
124 | ||
125 | Specifying an engine B<id> will cause L<verify(1)> to attempt to load the | |
126 | specified engine. | |
127 | The engine will then be set as the default for all its supported algorithms. | |
128 | If you want to load certificates or CRLs that require engine support via any of | |
129 | the B<-trusted>, B<-untrusted> or B<-CRLfile> options, the B<-engine> option | |
130 | must be specified before those options. | |
131 | ||
2866441a HK |
132 | =item B<-explicit_policy> |
133 | ||
134 | Set policy variable require-explicit-policy (see RFC5280). | |
135 | ||
136 | =item B<-extended_crl> | |
137 | ||
138 | Enable extended CRL features such as indirect CRLs and alternate CRL | |
139 | signing keys. | |
13938ace | 140 | |
2866441a | 141 | =item B<-ignore_critical> |
13938ace | 142 | |
2866441a HK |
143 | Normally if an unhandled critical extension is present which is not |
144 | supported by OpenSSL the certificate is rejected (as required by RFC5280). | |
145 | If this option is set critical extensions are ignored. | |
146 | ||
147 | =item B<-inhibit_any> | |
148 | ||
149 | Set policy variable inhibit-any-policy (see RFC5280). | |
150 | ||
151 | =item B<-inhibit_map> | |
152 | ||
153 | Set policy variable inhibit-policy-mapping (see RFC5280). | |
13938ace | 154 | |
ad39b31c DB |
155 | =item B<-nameopt option> |
156 | ||
c4de074e | 157 | Option which determines how the subject or issuer names are displayed. The |
ad39b31c DB |
158 | B<option> argument can be a single option or multiple options separated by |
159 | commas. Alternatively the B<-nameopt> switch may be used more than once to | |
160 | set multiple options. See the L<x509(1)> manual page for details. | |
161 | ||
5a1f853b RS |
162 | =item B<-no_check_time> |
163 | ||
1bc74519 RS |
164 | This option suppresses checking the validity period of certificates and CRLs |
165 | against the current time. If option B<-attime timestamp> is used to specify | |
5a1f853b RS |
166 | a verification time, the check is not suppressed. |
167 | ||
2866441a | 168 | =item B<-partial_chain> |
9ed03faa | 169 | |
feb2f53e VD |
170 | Allow verification to succeed even if a I<complete> chain cannot be built to a |
171 | self-signed trust-anchor, provided it is possible to construct a chain to a | |
172 | trusted certificate that might not be self-signed. | |
9ed03faa | 173 | |
e5fa864f DSH |
174 | =item B<-policy arg> |
175 | ||
3a778a29 BL |
176 | Enable policy processing and add B<arg> to the user-initial-policy-set (see |
177 | RFC5280). The policy B<arg> can be an object name an OID in numeric form. | |
178 | This argument can appear more than once. | |
e5fa864f DSH |
179 | |
180 | =item B<-policy_check> | |
181 | ||
182 | Enables certificate policy processing. | |
183 | ||
e5fa864f DSH |
184 | =item B<-policy_print> |
185 | ||
3a778a29 | 186 | Print out diagnostics related to policy processing. |
e5fa864f | 187 | |
2866441a | 188 | =item B<-purpose purpose> |
e5fa864f | 189 | |
2866441a HK |
190 | The intended use for the certificate. If this option is not specified, |
191 | B<verify> will not consider certificate purpose during chain verification. | |
192 | Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>, | |
193 | B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more | |
194 | information. | |
e5fa864f | 195 | |
2866441a | 196 | =item B<-suiteB_128_only>, B<-suiteB_128>, B<-suiteB_192> |
e5fa864f | 197 | |
c4de074e | 198 | Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or |
2866441a HK |
199 | 192 bit, or only 192 bit Level of Security respectively. |
200 | See RFC6460 for details. In particular the supported signature algorithms are | |
201 | reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves | |
202 | P-256 and P-384. | |
e5fa864f | 203 | |
2866441a | 204 | =item B<-trusted_first> |
e5fa864f | 205 | |
feb2f53e VD |
206 | When constructing the certificate chain, use the trusted certificates specified |
207 | via B<-CAfile>, B<-CApath> or B<-trusted> before any certificates specified via | |
208 | B<-untrusted>. | |
209 | This can be useful in environments with Bridge or Cross-Certified CAs. | |
0daccd4d | 210 | As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. |
e5fa864f | 211 | |
fa7b0111 MC |
212 | =item B<-no_alt_chains> |
213 | ||
0daccd4d VD |
214 | By default, unless B<-trusted_first> is specified, when building a certificate |
215 | chain, if the first certificate chain found is not trusted, then OpenSSL will | |
216 | attempt to replace untrusted issuer certificates with certificates from the | |
217 | trust store to see if an alternative chain can be found that is trusted. | |
218 | As of OpenSSL 1.1.0, with B<-trusted_first> always on, this option has no | |
219 | effect. | |
fa7b0111 | 220 | |
2866441a | 221 | =item B<-untrusted file> |
e5fa864f | 222 | |
feb2f53e | 223 | A B<file> of additional untrusted certificates (intermediate issuer CAs) used |
35ed393e | 224 | to construct a certificate chain from the subject certificate to a trust-anchor. |
feb2f53e | 225 | The B<file> should contain one or more certificates in PEM format. |
77a795e4 | 226 | This option can be specified more than once to include untrusted certificates |
feb2f53e | 227 | from multiple B<files>. |
e5fa864f | 228 | |
79a55b1f MC |
229 | =item B<-trusted file> |
230 | ||
feb2f53e VD |
231 | A B<file> of trusted certificates, which must be self-signed, unless the |
232 | B<-partial_chain> option is specified. | |
77a795e4 | 233 | The B<file> contains one or more certificates in PEM format. |
feb2f53e VD |
234 | With this option, no additional (e.g., default) certificate lists are |
235 | consulted. | |
236 | That is, the only trust-anchors are those listed in B<file>. | |
237 | This option can be specified more than once to include trusted certificates | |
238 | from multiple B<files>. | |
239 | This option implies the B<-no-CAfile> and B<-no-CApath> options. | |
240 | This option cannot be used in combination with either of the B<-CAfile> or | |
241 | B<-CApath> options. | |
79a55b1f | 242 | |
e5fa864f DSH |
243 | =item B<-use_deltas> |
244 | ||
245 | Enable support for delta CRLs. | |
246 | ||
2866441a | 247 | =item B<-verbose> |
cd028c8e | 248 | |
2866441a | 249 | Print extra information about the operations being performed. |
cd028c8e | 250 | |
fbb82a60 VD |
251 | =item B<-auth_level level> |
252 | ||
253 | Set the certificate chain authentication security level to B<level>. | |
254 | The authentication security level determines the acceptable signature and | |
255 | public key strength when verifying certificate chains. | |
256 | For a certificate chain to validate, the public keys of all the certificates | |
257 | must meet the specified security B<level>. | |
258 | The signature algorithm security level is enforced for all the certificates in | |
259 | the chain except for the chain's I<trust anchor>, which is either directly | |
260 | trusted or validated by means other than its signature. | |
261 | See L<SSL_CTX_set_security_level(3)> for the definitions of the available | |
262 | levels. | |
263 | The default security level is -1, or "not set". | |
264 | At security level 0 or lower all algorithms are acceptable. | |
265 | Security level 1 requires at least 80-bit-equivalent security and is broadly | |
266 | interoperable, though it will, for example, reject MD5 signatures or RSA keys | |
267 | shorter than 1024 bits. | |
268 | ||
cd028c8e HK |
269 | =item B<-verify_depth num> |
270 | ||
fbb82a60 VD |
271 | Limit the certificate chain to B<num> intermediate CA certificates. |
272 | A maximal depth chain can have up to B<num+2> certificates, since neither the | |
273 | end-entity certificate nor the trust-anchor certificate count against the | |
274 | B<-verify_depth> limit. | |
cd028c8e HK |
275 | |
276 | =item B<-verify_email email> | |
277 | ||
278 | Verify if the B<email> matches the email address in Subject Alternative Name or | |
115e4809 | 279 | the email in the subject Distinguished Name. |
cd028c8e HK |
280 | |
281 | =item B<-verify_hostname hostname> | |
282 | ||
283 | Verify if the B<hostname> matches DNS name in Subject Alternative Name or | |
284 | Common Name in the subject certificate. | |
285 | ||
286 | =item B<-verify_ip ip> | |
287 | ||
288 | Verify if the B<ip> matches the IP address in Subject Alternative Name of | |
289 | the subject certificate. | |
290 | ||
291 | =item B<-verify_name name> | |
292 | ||
feb2f53e | 293 | Use default verification policies like trust model and required certificate |
cd028c8e | 294 | policies identified by B<name>. |
0daccd4d VD |
295 | The trust model determines which auxiliary trust or reject OIDs are applicable |
296 | to verifying the given certificate chain. | |
297 | See the B<-addtrust> and B<-addreject> options of the L<x509(1)> command-line | |
298 | utility. | |
feb2f53e VD |
299 | Supported policy names include: B<default>, B<pkcs7>, B<smime_sign>, |
300 | B<ssl_client>, B<ssl_server>. | |
0daccd4d VD |
301 | These mimics the combinations of purpose and trust settings used in SSL, CMS |
302 | and S/MIME. | |
303 | As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not | |
304 | specified, so the B<-verify_name> options are functionally equivalent to the | |
305 | corresponding B<-purpose> settings. | |
cd028c8e | 306 | |
2866441a HK |
307 | =item B<-x509_strict> |
308 | ||
309 | For strict X.509 compliance, disable non-compliant workarounds for broken | |
310 | certificates. | |
311 | ||
7f3f41d8 MC |
312 | =item B<-show_chain> |
313 | ||
314 | Display information about the certificate chain that has been built (if | |
315 | successful). Certificates in the chain that came from the untrusted list will be | |
316 | flagged as "untrusted". | |
317 | ||
13938ace DSH |
318 | =item B<-> |
319 | ||
3a778a29 | 320 | Indicates the last option. All arguments following this are assumed to be |
7b418a47 DSH |
321 | certificate files. This is useful if the first certificate filename begins |
322 | with a B<->. | |
13938ace DSH |
323 | |
324 | =item B<certificates> | |
325 | ||
3a778a29 BL |
326 | One or more certificates to verify. If no certificates are given, B<verify> |
327 | will attempt to read a certificate from standard input. Certificates must be | |
328 | in PEM format. | |
13938ace DSH |
329 | |
330 | =back | |
331 | ||
332 | =head1 VERIFY OPERATION | |
333 | ||
334 | The B<verify> program uses the same functions as the internal SSL and S/MIME | |
335 | verification, therefore this description applies to these verify operations | |
336 | too. | |
337 | ||
338 | There is one crucial difference between the verify operations performed | |
339 | by the B<verify> program: wherever possible an attempt is made to continue | |
340 | after an error whereas normally the verify operation would halt on the | |
341 | first error. This allows all the problems with a certificate chain to be | |
342 | determined. | |
343 | ||
344 | The verify operation consists of a number of separate steps. | |
345 | ||
346 | Firstly a certificate chain is built up starting from the supplied certificate | |
feb2f53e VD |
347 | and ending in the root CA. |
348 | It is an error if the whole chain cannot be built up. | |
349 | The chain is built up by looking up the issuers certificate of the current | |
350 | certificate. | |
351 | If a certificate is found which is its own issuer it is assumed to be the root | |
352 | CA. | |
353 | ||
354 | The process of 'looking up the issuers certificate' itself involves a number of | |
355 | steps. | |
77a795e4 | 356 | After all certificates whose subject name matches the issuer name of the current |
feb2f53e VD |
357 | certificate are subject to further tests. |
358 | The relevant authority key identifier components of the current certificate (if | |
359 | present) must match the subject key identifier (if present) and issuer and | |
360 | serial number of the candidate issuer, in addition the keyUsage extension of | |
361 | the candidate issuer (if present) must permit certificate signing. | |
709e8595 | 362 | |
13938ace | 363 | The lookup first looks in the list of untrusted certificates and if no match |
19d2bb57 | 364 | is found the remaining lookups are from the trusted certificates. The root CA |
13938ace DSH |
365 | is always looked up in the trusted certificate list: if the certificate to |
366 | verify is a root certificate then an exact match must be found in the trusted | |
367 | list. | |
368 | ||
369 | The second operation is to check every untrusted certificate's extensions for | |
370 | consistency with the supplied purpose. If the B<-purpose> option is not included | |
371 | then no checks are done. The supplied or "leaf" certificate must have extensions | |
372 | compatible with the supplied purpose and all other certificates must also be valid | |
373 | CA certificates. The precise extensions required are described in more detail in | |
7b418a47 | 374 | the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility. |
13938ace | 375 | |
feb2f53e VD |
376 | The third operation is to check the trust settings on the root CA. The root CA |
377 | should be trusted for the supplied purpose. | |
378 | For compatibility with previous versions of OpenSSL, a certificate with no | |
379 | trust settings is considered to be valid for all purposes. | |
13938ace DSH |
380 | |
381 | The final operation is to check the validity of the certificate chain. The validity | |
382 | period is checked against the current system time and the notBefore and notAfter | |
383 | dates in the certificate. The certificate signatures are also checked at this | |
384 | point. | |
385 | ||
386 | If all operations complete successfully then certificate is considered valid. If | |
387 | any operation fails then the certificate is not valid. | |
388 | ||
7b418a47 DSH |
389 | =head1 DIAGNOSTICS |
390 | ||
391 | When a verify operation fails the output messages can be somewhat cryptic. The | |
392 | general form of the error message is: | |
393 | ||
394 | server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) | |
395 | error 24 at 1 depth lookup:invalid CA certificate | |
396 | ||
397 | The first line contains the name of the certificate being verified followed by | |
398 | the subject name of the certificate. The second line contains the error number | |
399 | and the depth. The depth is number of the certificate being verified when a | |
400 | problem was detected starting with zero for the certificate being verified itself | |
401 | then 1 for the CA that signed the certificate and so on. Finally a text version | |
402 | of the error number is presented. | |
403 | ||
77a795e4 | 404 | A partial list of the error codes and messages is shown below, this also |
7b418a47 DSH |
405 | includes the name of the error code as defined in the header file x509_vfy.h |
406 | Some of the error codes are defined but never returned: these are described | |
407 | as "unused". | |
408 | ||
409 | =over 4 | |
410 | ||
0634424f | 411 | =item B<X509_V_OK> |
7b418a47 | 412 | |
0634424f | 413 | The operation was successful. |
7b418a47 | 414 | |
0634424f | 415 | =item B<X509_V_ERR_UNSPECIFIED> |
d33def66 | 416 | |
0634424f | 417 | Unspecified error; should not happen. |
d33def66 | 418 | |
0634424f | 419 | =item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> |
7b418a47 | 420 | |
0634424f | 421 | The issuer certificate of a looked up certificate could not be found. This |
7d3d1788 | 422 | normally means the list of trusted certificates is not complete. |
7b418a47 | 423 | |
0634424f | 424 | =item B<X509_V_ERR_UNABLE_TO_GET_CRL> |
7b418a47 | 425 | |
0634424f | 426 | The CRL of a certificate could not be found. |
7b418a47 | 427 | |
0634424f | 428 | =item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE> |
7b418a47 | 429 | |
c4de074e P |
430 | The certificate signature could not be decrypted. This means that the |
431 | actual signature value could not be determined rather than it not matching | |
432 | the expected value, this is only meaningful for RSA keys. | |
7b418a47 | 433 | |
0634424f | 434 | =item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE> |
7b418a47 | 435 | |
c4de074e P |
436 | The CRL signature could not be decrypted: this means that the actual |
437 | signature value could not be determined rather than it not matching the | |
438 | expected value. Unused. | |
7b418a47 | 439 | |
0634424f | 440 | =item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY> |
7b418a47 | 441 | |
0634424f | 442 | The public key in the certificate SubjectPublicKeyInfo could not be read. |
7b418a47 | 443 | |
0634424f | 444 | =item B<X509_V_ERR_CERT_SIGNATURE_FAILURE> |
7b418a47 | 445 | |
0634424f | 446 | The signature of the certificate is invalid. |
7b418a47 | 447 | |
0634424f | 448 | =item B<X509_V_ERR_CRL_SIGNATURE_FAILURE> |
7b418a47 | 449 | |
0634424f | 450 | The signature of the certificate is invalid. |
7b418a47 | 451 | |
0634424f | 452 | =item B<X509_V_ERR_CERT_NOT_YET_VALID> |
7b418a47 | 453 | |
c4de074e P |
454 | The certificate is not yet valid: the notBefore date is after the |
455 | current time. | |
7b418a47 | 456 | |
0634424f | 457 | =item B<X509_V_ERR_CERT_HAS_EXPIRED> |
7b418a47 | 458 | |
c4de074e P |
459 | The certificate has expired: that is the notAfter date is before the |
460 | current time. | |
7b418a47 | 461 | |
0634424f | 462 | =item B<X509_V_ERR_CRL_NOT_YET_VALID> |
7b418a47 | 463 | |
0634424f | 464 | The CRL is not yet valid. |
7b418a47 | 465 | |
0634424f | 466 | =item B<X509_V_ERR_CRL_HAS_EXPIRED> |
7b418a47 | 467 | |
0634424f | 468 | The CRL has expired. |
7b418a47 | 469 | |
0634424f | 470 | =item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD> |
7b418a47 | 471 | |
0634424f | 472 | The certificate notBefore field contains an invalid time. |
13938ace | 473 | |
0634424f | 474 | =item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD> |
7b418a47 | 475 | |
0634424f | 476 | The certificate notAfter field contains an invalid time. |
7b418a47 | 477 | |
0634424f | 478 | =item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD> |
7b418a47 | 479 | |
0634424f | 480 | The CRL lastUpdate field contains an invalid time. |
7b418a47 | 481 | |
0634424f | 482 | =item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD> |
7b418a47 | 483 | |
0634424f | 484 | The CRL nextUpdate field contains an invalid time. |
7b418a47 | 485 | |
0634424f | 486 | =item B<X509_V_ERR_OUT_OF_MEM> |
7b418a47 | 487 | |
0634424f | 488 | An error occurred trying to allocate memory. This should never happen. |
7b418a47 | 489 | |
0634424f | 490 | =item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT> |
7b418a47 | 491 | |
c4de074e P |
492 | The passed certificate is self-signed and the same certificate cannot |
493 | be found in the list of trusted certificates. | |
7b418a47 | 494 | |
0634424f | 495 | =item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN> |
7b418a47 | 496 | |
c4de074e P |
497 | The certificate chain could be built up using the untrusted certificates |
498 | but the root could not be found locally. | |
7b418a47 | 499 | |
0634424f | 500 | =item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> |
7b418a47 | 501 | |
0634424f | 502 | The issuer certificate could not be found: this occurs if the issuer |
7d3d1788 | 503 | certificate of an untrusted certificate cannot be found. |
7b418a47 | 504 | |
0634424f | 505 | =item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE> |
7b418a47 | 506 | |
c4de074e P |
507 | No signatures could be verified because the chain contains only one |
508 | certificate and it is not self signed. | |
7b418a47 | 509 | |
0634424f | 510 | =item B<X509_V_ERR_CERT_CHAIN_TOO_LONG> |
7b418a47 | 511 | |
c4de074e P |
512 | The certificate chain length is greater than the supplied maximum |
513 | depth. Unused. | |
7b418a47 | 514 | |
0634424f | 515 | =item B<X509_V_ERR_CERT_REVOKED> |
7b418a47 | 516 | |
0634424f | 517 | The certificate has been revoked. |
7b418a47 | 518 | |
0634424f | 519 | =item B<X509_V_ERR_INVALID_CA> |
7b418a47 | 520 | |
c4de074e P |
521 | A CA certificate is invalid. Either it is not a CA or its extensions |
522 | are not consistent with the supplied purpose. | |
7b418a47 | 523 | |
0634424f | 524 | =item B<X509_V_ERR_PATH_LENGTH_EXCEEDED> |
7b418a47 | 525 | |
0634424f | 526 | The basicConstraints pathlength parameter has been exceeded. |
7b418a47 | 527 | |
0634424f | 528 | =item B<X509_V_ERR_INVALID_PURPOSE> |
7b418a47 | 529 | |
0634424f | 530 | The supplied certificate cannot be used for the specified purpose. |
7b418a47 | 531 | |
0634424f | 532 | =item B<X509_V_ERR_CERT_UNTRUSTED> |
7b418a47 | 533 | |
c4de074e | 534 | The root CA is not marked as trusted for the specified purpose. |
7b418a47 | 535 | |
0634424f | 536 | =item B<X509_V_ERR_CERT_REJECTED> |
7b418a47 | 537 | |
0634424f | 538 | The root CA is marked to reject the specified purpose. |
7b418a47 | 539 | |
0634424f | 540 | =item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH> |
709e8595 | 541 | |
c4de074e | 542 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
d33def66 | 543 | B<-issuer_checks> option. |
709e8595 | 544 | |
0634424f | 545 | =item B<X509_V_ERR_AKID_SKID_MISMATCH> |
709e8595 | 546 | |
d33def66 VD |
547 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
548 | B<-issuer_checks> option. | |
709e8595 | 549 | |
0634424f | 550 | =item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH> |
709e8595 | 551 | |
d33def66 VD |
552 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
553 | B<-issuer_checks> option. | |
554 | ||
0634424f | 555 | =item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN> |
d33def66 VD |
556 | |
557 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the | |
558 | B<-issuer_checks> option. | |
559 | ||
05ea606a | 560 | =item B<X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER> |
d33def66 | 561 | |
05ea606a | 562 | Unable to get CRL issuer certificate. |
d33def66 | 563 | |
05ea606a | 564 | =item B<X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION> |
d33def66 | 565 | |
05ea606a | 566 | Unhandled critical extension. |
d33def66 | 567 | |
05ea606a | 568 | =item B<X509_V_ERR_KEYUSAGE_NO_CRL_SIGN> |
d33def66 | 569 | |
05ea606a | 570 | Key usage does not include CRL signing. |
d33def66 | 571 | |
05ea606a | 572 | =item B<X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION> |
d33def66 | 573 | |
05ea606a | 574 | Unhandled critical CRL extension. |
d33def66 | 575 | |
05ea606a | 576 | =item B<X509_V_ERR_INVALID_NON_CA> |
d33def66 | 577 | |
05ea606a | 578 | Invalid non-CA certificate has CA markings. |
d33def66 | 579 | |
05ea606a | 580 | =item B<X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED> |
d33def66 | 581 | |
05ea606a | 582 | Proxy path length constraint exceeded. |
d33def66 | 583 | |
a392ef20 RL |
584 | =item B<X509_V_ERR_PROXY_SUBJECT_INVALID> |
585 | ||
586 | Proxy certificate subject is invalid. It MUST be the same as the issuer | |
587 | with a single CN component added. | |
588 | ||
05ea606a | 589 | =item B<X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE> |
d33def66 | 590 | |
05ea606a | 591 | Key usage does not include digital signature. |
d33def66 | 592 | |
05ea606a | 593 | =item B<X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED> |
d33def66 | 594 | |
a392ef20 | 595 | Proxy certificates not allowed, please use B<-allow_proxy_certs>. |
d33def66 | 596 | |
05ea606a | 597 | =item B<X509_V_ERR_INVALID_EXTENSION> |
d33def66 | 598 | |
05ea606a | 599 | Invalid or inconsistent certificate extension. |
d33def66 | 600 | |
05ea606a | 601 | =item B<X509_V_ERR_INVALID_POLICY_EXTENSION> |
d33def66 | 602 | |
05ea606a | 603 | Invalid or inconsistent certificate policy extension. |
d33def66 | 604 | |
05ea606a | 605 | =item B<X509_V_ERR_NO_EXPLICIT_POLICY> |
d33def66 | 606 | |
05ea606a | 607 | No explicit policy. |
d33def66 | 608 | |
05ea606a | 609 | =item B<X509_V_ERR_DIFFERENT_CRL_SCOPE> |
d33def66 | 610 | |
05ea606a | 611 | Different CRL scope. |
d33def66 | 612 | |
05ea606a | 613 | =item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE> |
d33def66 | 614 | |
05ea606a | 615 | Unsupported extension feature. |
d33def66 | 616 | |
05ea606a | 617 | =item B<X509_V_ERR_UNNESTED_RESOURCE> |
d33def66 | 618 | |
05ea606a | 619 | RFC 3779 resource not subset of parent's resources. |
d33def66 | 620 | |
05ea606a | 621 | =item B<X509_V_ERR_PERMITTED_VIOLATION> |
709e8595 | 622 | |
05ea606a | 623 | Permitted subtree violation. |
709e8595 | 624 | |
05ea606a | 625 | =item B<X509_V_ERR_EXCLUDED_VIOLATION> |
d33def66 | 626 | |
05ea606a | 627 | Excluded subtree violation. |
d33def66 | 628 | |
05ea606a | 629 | =item B<X509_V_ERR_SUBTREE_MINMAX> |
d33def66 | 630 | |
05ea606a | 631 | Name constraints minimum and maximum not supported. |
709e8595 | 632 | |
05ea606a | 633 | =item B<X509_V_ERR_APPLICATION_VERIFICATION> |
7b418a47 | 634 | |
05ea606a | 635 | Application verification failure. Unused. |
7b418a47 | 636 | |
05ea606a | 637 | =item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE> |
d33def66 | 638 | |
05ea606a | 639 | Unsupported name constraint type. |
d33def66 | 640 | |
05ea606a | 641 | =item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX> |
d33def66 | 642 | |
05ea606a | 643 | Unsupported or invalid name constraint syntax. |
d33def66 | 644 | |
05ea606a | 645 | =item B<X509_V_ERR_UNSUPPORTED_NAME_SYNTAX> |
d33def66 | 646 | |
05ea606a | 647 | Unsupported or invalid name syntax. |
d33def66 | 648 | |
05ea606a | 649 | =item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR> |
d33def66 | 650 | |
05ea606a | 651 | CRL path validation error. |
d33def66 | 652 | |
05ea606a | 653 | =item B<X509_V_ERR_PATH_LOOP> |
d33def66 | 654 | |
05ea606a | 655 | Path loop. |
d33def66 | 656 | |
05ea606a | 657 | =item B<X509_V_ERR_SUITE_B_INVALID_VERSION> |
d33def66 | 658 | |
05ea606a | 659 | Suite B: certificate version invalid. |
d33def66 | 660 | |
05ea606a | 661 | =item B<X509_V_ERR_SUITE_B_INVALID_ALGORITHM> |
d33def66 | 662 | |
05ea606a | 663 | Suite B: invalid public key algorithm. |
d33def66 | 664 | |
05ea606a | 665 | =item B<X509_V_ERR_SUITE_B_INVALID_CURVE> |
d33def66 | 666 | |
05ea606a | 667 | Suite B: invalid ECC curve. |
d33def66 | 668 | |
05ea606a | 669 | =item B<X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM> |
d33def66 | 670 | |
05ea606a | 671 | Suite B: invalid signature algorithm. |
d33def66 | 672 | |
05ea606a | 673 | =item B<X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED> |
d33def66 | 674 | |
05ea606a | 675 | Suite B: curve not allowed for this LOS. |
d33def66 | 676 | |
05ea606a | 677 | =item B<X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256> |
d33def66 | 678 | |
05ea606a | 679 | Suite B: cannot sign P-384 with P-256. |
d33def66 | 680 | |
05ea606a | 681 | =item B<X509_V_ERR_HOSTNAME_MISMATCH> |
d33def66 | 682 | |
05ea606a | 683 | Hostname mismatch. |
d33def66 | 684 | |
05ea606a | 685 | =item B<X509_V_ERR_EMAIL_MISMATCH> |
d33def66 | 686 | |
05ea606a | 687 | Email address mismatch. |
d33def66 | 688 | |
05ea606a | 689 | =item B<X509_V_ERR_IP_ADDRESS_MISMATCH> |
d33def66 | 690 | |
05ea606a | 691 | IP address mismatch. |
d33def66 | 692 | |
05ea606a | 693 | =item B<X509_V_ERR_DANE_NO_MATCH> |
d33def66 VD |
694 | |
695 | DANE TLSA authentication is enabled, but no TLSA records matched the | |
696 | certificate chain. | |
697 | This error is only possible in L<s_client(1)>. | |
698 | ||
7b418a47 | 699 | =back |
13938ace | 700 | |
709e8595 DSH |
701 | =head1 BUGS |
702 | ||
c4de074e P |
703 | Although the issuer checks are a considerable improvement over the old |
704 | technique they still suffer from limitations in the underlying X509_LOOKUP | |
705 | API. One consequence of this is that trusted certificates with matching | |
706 | subject name must either appear in a file (as specified by the B<-CAfile> | |
707 | option) or a directory (as specified by B<-CApath>). If they occur in | |
708 | both then only the certificates in the file will be recognised. | |
709e8595 | 709 | |
c4de074e P |
710 | Previous versions of OpenSSL assume certificates with matching subject |
711 | name are identical and mishandled them. | |
709e8595 | 712 | |
7d3d1788 DSH |
713 | Previous versions of this documentation swapped the meaning of the |
714 | B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> and | |
0634424f | 715 | B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. |
7d3d1788 | 716 | |
13938ace DSH |
717 | =head1 SEE ALSO |
718 | ||
9b86974e | 719 | L<x509(1)> |
13938ace | 720 | |
fa7b0111 MC |
721 | =head1 HISTORY |
722 | ||
d33def66 VD |
723 | The B<-show_chain> option was first added to OpenSSL 1.1.0. |
724 | ||
725 | The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and | |
726 | is silently ignored. | |
fa7b0111 | 727 | |
e2f92610 RS |
728 | =head1 COPYRIGHT |
729 | ||
c4de074e | 730 | Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 RS |
731 | |
732 | Licensed under the OpenSSL license (the "License"). You may not use | |
733 | this file except in compliance with the License. You can obtain a copy | |
734 | in the file LICENSE in the source distribution or at | |
735 | L<https://www.openssl.org/source/license.html>. | |
736 | ||
737 | =cut |