]>
Commit | Line | Data |
---|---|---|
13938ace DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
3f2181e6 | 5 | openssl-verify, |
bb9ad09e | 6 | verify - Utility to verify certificates |
13938ace DSH |
7 | |
8 | =head1 SYNOPSIS | |
9 | ||
10 | B<openssl> B<verify> | |
169394d4 | 11 | [B<-help>] |
13938ace | 12 | [B<-CAfile file>] |
2866441a | 13 | [B<-CApath directory>] |
40e2d76b MC |
14 | [B<-no-CAfile>] |
15 | [B<-no-CApath>] | |
a392ef20 | 16 | [B<-allow_proxy_certs>] |
2866441a | 17 | [B<-attime timestamp>] |
cd028c8e | 18 | [B<-check_ss_sig>] |
8332f91c | 19 | [B<-CRLfile file>] |
79a55b1f | 20 | [B<-crl_download>] |
e5fa864f DSH |
21 | [B<-crl_check>] |
22 | [B<-crl_check_all>] | |
feb2f53e | 23 | [B<-engine id>] |
e5fa864f | 24 | [B<-explicit_policy>] |
e5fa864f | 25 | [B<-extended_crl>] |
2866441a HK |
26 | [B<-ignore_critical>] |
27 | [B<-inhibit_any>] | |
28 | [B<-inhibit_map>] | |
ad39b31c | 29 | [B<-nameopt option>] |
5a1f853b | 30 | [B<-no_check_time>] |
cd028c8e | 31 | [B<-partial_chain>] |
2866441a HK |
32 | [B<-policy arg>] |
33 | [B<-policy_check>] | |
34 | [B<-policy_print>] | |
35 | [B<-purpose purpose>] | |
cd028c8e HK |
36 | [B<-suiteB_128>] |
37 | [B<-suiteB_128_only>] | |
38 | [B<-suiteB_192>] | |
2866441a | 39 | [B<-trusted_first>] |
fa7b0111 | 40 | [B<-no_alt_chains>] |
2866441a | 41 | [B<-untrusted file>] |
79a55b1f | 42 | [B<-trusted file>] |
2866441a | 43 | [B<-use_deltas>] |
13938ace | 44 | [B<-verbose>] |
fbb82a60 | 45 | [B<-auth_level level>] |
cd028c8e HK |
46 | [B<-verify_depth num>] |
47 | [B<-verify_email email>] | |
48 | [B<-verify_hostname hostname>] | |
49 | [B<-verify_ip ip>] | |
50 | [B<-verify_name name>] | |
2866441a | 51 | [B<-x509_strict>] |
7f3f41d8 | 52 | [B<-show_chain>] |
7eba43e8 PY |
53 | [B<-sm2-id string>] |
54 | [B<-sm2-hex-id hex-string>] | |
13938ace DSH |
55 | [B<->] |
56 | [certificates] | |
57 | ||
13938ace DSH |
58 | =head1 DESCRIPTION |
59 | ||
60 | The B<verify> command verifies certificate chains. | |
61 | ||
3dfda1a6 | 62 | =head1 OPTIONS |
13938ace DSH |
63 | |
64 | =over 4 | |
65 | ||
169394d4 MR |
66 | =item B<-help> |
67 | ||
68 | Print out a usage message. | |
69 | ||
2866441a HK |
70 | =item B<-CAfile file> |
71 | ||
feb2f53e VD |
72 | A B<file> of trusted certificates. |
73 | The file should contain one or more certificates in PEM format. | |
2866441a | 74 | |
13938ace DSH |
75 | =item B<-CApath directory> |
76 | ||
77 | A directory of trusted certificates. The certificates should have names | |
78 | of the form: hash.0 or have symbolic links to them of this | |
79 | form ("hash" is the hashed certificate subject name: see the B<-hash> option | |
80 | of the B<x509> utility). Under Unix the B<c_rehash> script will automatically | |
81 | create symbolic links to a directory of certificates. | |
82 | ||
40e2d76b MC |
83 | =item B<-no-CAfile> |
84 | ||
c4de074e | 85 | Do not load the trusted CA certificates from the default file location. |
40e2d76b MC |
86 | |
87 | =item B<-no-CApath> | |
88 | ||
c4de074e | 89 | Do not load the trusted CA certificates from the default directory location. |
40e2d76b | 90 | |
a392ef20 RL |
91 | =item B<-allow_proxy_certs> |
92 | ||
c4de074e | 93 | Allow the verification of proxy certificates. |
a392ef20 | 94 | |
2866441a | 95 | =item B<-attime timestamp> |
13938ace | 96 | |
2866441a HK |
97 | Perform validation checks using time specified by B<timestamp> and not |
98 | current system time. B<timestamp> is the number of seconds since | |
99 | 01.01.1970 (UNIX time). | |
13938ace | 100 | |
2866441a | 101 | =item B<-check_ss_sig> |
13938ace | 102 | |
2866441a HK |
103 | Verify the signature on the self-signed root CA. This is disabled by default |
104 | because it doesn't add any security. | |
13938ace | 105 | |
8332f91c | 106 | =item B<-CRLfile file> |
fc1d88f0 | 107 | |
feb2f53e VD |
108 | The B<file> should contain one or more CRLs in PEM format. |
109 | This option can be specified more than once to include CRLs from multiple | |
110 | B<files>. | |
fc1d88f0 | 111 | |
79a55b1f MC |
112 | =item B<-crl_download> |
113 | ||
114 | Attempt to download CRL information for this certificate. | |
115 | ||
2866441a | 116 | =item B<-crl_check> |
6d3d5793 | 117 | |
2866441a HK |
118 | Checks end entity certificate validity by attempting to look up a valid CRL. |
119 | If a valid CRL cannot be found an error occurs. | |
6d3d5793 | 120 | |
2866441a | 121 | =item B<-crl_check_all> |
13938ace | 122 | |
2866441a HK |
123 | Checks the validity of B<all> certificates in the chain by attempting |
124 | to look up valid CRLs. | |
125 | ||
feb2f53e VD |
126 | =item B<-engine id> |
127 | ||
128 | Specifying an engine B<id> will cause L<verify(1)> to attempt to load the | |
129 | specified engine. | |
130 | The engine will then be set as the default for all its supported algorithms. | |
131 | If you want to load certificates or CRLs that require engine support via any of | |
132 | the B<-trusted>, B<-untrusted> or B<-CRLfile> options, the B<-engine> option | |
133 | must be specified before those options. | |
134 | ||
2866441a HK |
135 | =item B<-explicit_policy> |
136 | ||
137 | Set policy variable require-explicit-policy (see RFC5280). | |
138 | ||
139 | =item B<-extended_crl> | |
140 | ||
141 | Enable extended CRL features such as indirect CRLs and alternate CRL | |
142 | signing keys. | |
13938ace | 143 | |
2866441a | 144 | =item B<-ignore_critical> |
13938ace | 145 | |
2866441a HK |
146 | Normally if an unhandled critical extension is present which is not |
147 | supported by OpenSSL the certificate is rejected (as required by RFC5280). | |
148 | If this option is set critical extensions are ignored. | |
149 | ||
150 | =item B<-inhibit_any> | |
151 | ||
152 | Set policy variable inhibit-any-policy (see RFC5280). | |
153 | ||
154 | =item B<-inhibit_map> | |
155 | ||
156 | Set policy variable inhibit-policy-mapping (see RFC5280). | |
13938ace | 157 | |
ad39b31c DB |
158 | =item B<-nameopt option> |
159 | ||
c4de074e | 160 | Option which determines how the subject or issuer names are displayed. The |
ad39b31c DB |
161 | B<option> argument can be a single option or multiple options separated by |
162 | commas. Alternatively the B<-nameopt> switch may be used more than once to | |
163 | set multiple options. See the L<x509(1)> manual page for details. | |
164 | ||
5a1f853b RS |
165 | =item B<-no_check_time> |
166 | ||
1bc74519 RS |
167 | This option suppresses checking the validity period of certificates and CRLs |
168 | against the current time. If option B<-attime timestamp> is used to specify | |
5a1f853b RS |
169 | a verification time, the check is not suppressed. |
170 | ||
2866441a | 171 | =item B<-partial_chain> |
9ed03faa | 172 | |
feb2f53e VD |
173 | Allow verification to succeed even if a I<complete> chain cannot be built to a |
174 | self-signed trust-anchor, provided it is possible to construct a chain to a | |
175 | trusted certificate that might not be self-signed. | |
9ed03faa | 176 | |
e5fa864f DSH |
177 | =item B<-policy arg> |
178 | ||
3a778a29 BL |
179 | Enable policy processing and add B<arg> to the user-initial-policy-set (see |
180 | RFC5280). The policy B<arg> can be an object name an OID in numeric form. | |
181 | This argument can appear more than once. | |
e5fa864f DSH |
182 | |
183 | =item B<-policy_check> | |
184 | ||
185 | Enables certificate policy processing. | |
186 | ||
e5fa864f DSH |
187 | =item B<-policy_print> |
188 | ||
3a778a29 | 189 | Print out diagnostics related to policy processing. |
e5fa864f | 190 | |
2866441a | 191 | =item B<-purpose purpose> |
e5fa864f | 192 | |
2866441a HK |
193 | The intended use for the certificate. If this option is not specified, |
194 | B<verify> will not consider certificate purpose during chain verification. | |
195 | Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>, | |
196 | B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more | |
197 | information. | |
e5fa864f | 198 | |
2866441a | 199 | =item B<-suiteB_128_only>, B<-suiteB_128>, B<-suiteB_192> |
e5fa864f | 200 | |
c4de074e | 201 | Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or |
2866441a HK |
202 | 192 bit, or only 192 bit Level of Security respectively. |
203 | See RFC6460 for details. In particular the supported signature algorithms are | |
204 | reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves | |
205 | P-256 and P-384. | |
e5fa864f | 206 | |
2866441a | 207 | =item B<-trusted_first> |
e5fa864f | 208 | |
feb2f53e VD |
209 | When constructing the certificate chain, use the trusted certificates specified |
210 | via B<-CAfile>, B<-CApath> or B<-trusted> before any certificates specified via | |
211 | B<-untrusted>. | |
212 | This can be useful in environments with Bridge or Cross-Certified CAs. | |
0daccd4d | 213 | As of OpenSSL 1.1.0 this option is on by default and cannot be disabled. |
e5fa864f | 214 | |
fa7b0111 MC |
215 | =item B<-no_alt_chains> |
216 | ||
0daccd4d VD |
217 | By default, unless B<-trusted_first> is specified, when building a certificate |
218 | chain, if the first certificate chain found is not trusted, then OpenSSL will | |
219 | attempt to replace untrusted issuer certificates with certificates from the | |
220 | trust store to see if an alternative chain can be found that is trusted. | |
221 | As of OpenSSL 1.1.0, with B<-trusted_first> always on, this option has no | |
222 | effect. | |
fa7b0111 | 223 | |
2866441a | 224 | =item B<-untrusted file> |
e5fa864f | 225 | |
feb2f53e | 226 | A B<file> of additional untrusted certificates (intermediate issuer CAs) used |
35ed393e | 227 | to construct a certificate chain from the subject certificate to a trust-anchor. |
feb2f53e | 228 | The B<file> should contain one or more certificates in PEM format. |
77a795e4 | 229 | This option can be specified more than once to include untrusted certificates |
feb2f53e | 230 | from multiple B<files>. |
e5fa864f | 231 | |
79a55b1f MC |
232 | =item B<-trusted file> |
233 | ||
feb2f53e VD |
234 | A B<file> of trusted certificates, which must be self-signed, unless the |
235 | B<-partial_chain> option is specified. | |
77a795e4 | 236 | The B<file> contains one or more certificates in PEM format. |
feb2f53e VD |
237 | With this option, no additional (e.g., default) certificate lists are |
238 | consulted. | |
239 | That is, the only trust-anchors are those listed in B<file>. | |
240 | This option can be specified more than once to include trusted certificates | |
241 | from multiple B<files>. | |
242 | This option implies the B<-no-CAfile> and B<-no-CApath> options. | |
243 | This option cannot be used in combination with either of the B<-CAfile> or | |
244 | B<-CApath> options. | |
79a55b1f | 245 | |
e5fa864f DSH |
246 | =item B<-use_deltas> |
247 | ||
248 | Enable support for delta CRLs. | |
249 | ||
2866441a | 250 | =item B<-verbose> |
cd028c8e | 251 | |
2866441a | 252 | Print extra information about the operations being performed. |
cd028c8e | 253 | |
fbb82a60 VD |
254 | =item B<-auth_level level> |
255 | ||
256 | Set the certificate chain authentication security level to B<level>. | |
257 | The authentication security level determines the acceptable signature and | |
258 | public key strength when verifying certificate chains. | |
259 | For a certificate chain to validate, the public keys of all the certificates | |
260 | must meet the specified security B<level>. | |
261 | The signature algorithm security level is enforced for all the certificates in | |
262 | the chain except for the chain's I<trust anchor>, which is either directly | |
263 | trusted or validated by means other than its signature. | |
264 | See L<SSL_CTX_set_security_level(3)> for the definitions of the available | |
265 | levels. | |
266 | The default security level is -1, or "not set". | |
267 | At security level 0 or lower all algorithms are acceptable. | |
268 | Security level 1 requires at least 80-bit-equivalent security and is broadly | |
269 | interoperable, though it will, for example, reject MD5 signatures or RSA keys | |
270 | shorter than 1024 bits. | |
271 | ||
cd028c8e HK |
272 | =item B<-verify_depth num> |
273 | ||
fbb82a60 VD |
274 | Limit the certificate chain to B<num> intermediate CA certificates. |
275 | A maximal depth chain can have up to B<num+2> certificates, since neither the | |
276 | end-entity certificate nor the trust-anchor certificate count against the | |
277 | B<-verify_depth> limit. | |
cd028c8e HK |
278 | |
279 | =item B<-verify_email email> | |
280 | ||
281 | Verify if the B<email> matches the email address in Subject Alternative Name or | |
115e4809 | 282 | the email in the subject Distinguished Name. |
cd028c8e HK |
283 | |
284 | =item B<-verify_hostname hostname> | |
285 | ||
286 | Verify if the B<hostname> matches DNS name in Subject Alternative Name or | |
287 | Common Name in the subject certificate. | |
288 | ||
289 | =item B<-verify_ip ip> | |
290 | ||
291 | Verify if the B<ip> matches the IP address in Subject Alternative Name of | |
292 | the subject certificate. | |
293 | ||
294 | =item B<-verify_name name> | |
295 | ||
feb2f53e | 296 | Use default verification policies like trust model and required certificate |
cd028c8e | 297 | policies identified by B<name>. |
0daccd4d VD |
298 | The trust model determines which auxiliary trust or reject OIDs are applicable |
299 | to verifying the given certificate chain. | |
300 | See the B<-addtrust> and B<-addreject> options of the L<x509(1)> command-line | |
301 | utility. | |
feb2f53e VD |
302 | Supported policy names include: B<default>, B<pkcs7>, B<smime_sign>, |
303 | B<ssl_client>, B<ssl_server>. | |
0daccd4d VD |
304 | These mimics the combinations of purpose and trust settings used in SSL, CMS |
305 | and S/MIME. | |
306 | As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not | |
307 | specified, so the B<-verify_name> options are functionally equivalent to the | |
308 | corresponding B<-purpose> settings. | |
cd028c8e | 309 | |
2866441a HK |
310 | =item B<-x509_strict> |
311 | ||
312 | For strict X.509 compliance, disable non-compliant workarounds for broken | |
313 | certificates. | |
314 | ||
7f3f41d8 MC |
315 | =item B<-show_chain> |
316 | ||
317 | Display information about the certificate chain that has been built (if | |
318 | successful). Certificates in the chain that came from the untrusted list will be | |
319 | flagged as "untrusted". | |
320 | ||
7eba43e8 PY |
321 | =item B<-sm2-id> |
322 | ||
323 | Specify the ID string to use when verifying an SM2 certificate. The ID string is | |
324 | required by the SM2 signature algorithm for signing and verification. | |
325 | ||
326 | =item B<-sm2-hex-id> | |
327 | ||
328 | Specify a binary ID string to use when signing or verifying using an SM2 | |
329 | certificate. The argument for this option is string of hexadecimal digits. | |
330 | ||
13938ace DSH |
331 | =item B<-> |
332 | ||
3a778a29 | 333 | Indicates the last option. All arguments following this are assumed to be |
7b418a47 DSH |
334 | certificate files. This is useful if the first certificate filename begins |
335 | with a B<->. | |
13938ace DSH |
336 | |
337 | =item B<certificates> | |
338 | ||
3a778a29 BL |
339 | One or more certificates to verify. If no certificates are given, B<verify> |
340 | will attempt to read a certificate from standard input. Certificates must be | |
341 | in PEM format. | |
13938ace DSH |
342 | |
343 | =back | |
344 | ||
345 | =head1 VERIFY OPERATION | |
346 | ||
347 | The B<verify> program uses the same functions as the internal SSL and S/MIME | |
348 | verification, therefore this description applies to these verify operations | |
349 | too. | |
350 | ||
351 | There is one crucial difference between the verify operations performed | |
352 | by the B<verify> program: wherever possible an attempt is made to continue | |
353 | after an error whereas normally the verify operation would halt on the | |
354 | first error. This allows all the problems with a certificate chain to be | |
355 | determined. | |
356 | ||
357 | The verify operation consists of a number of separate steps. | |
358 | ||
359 | Firstly a certificate chain is built up starting from the supplied certificate | |
feb2f53e VD |
360 | and ending in the root CA. |
361 | It is an error if the whole chain cannot be built up. | |
362 | The chain is built up by looking up the issuers certificate of the current | |
363 | certificate. | |
364 | If a certificate is found which is its own issuer it is assumed to be the root | |
365 | CA. | |
366 | ||
367 | The process of 'looking up the issuers certificate' itself involves a number of | |
368 | steps. | |
77a795e4 | 369 | After all certificates whose subject name matches the issuer name of the current |
feb2f53e VD |
370 | certificate are subject to further tests. |
371 | The relevant authority key identifier components of the current certificate (if | |
372 | present) must match the subject key identifier (if present) and issuer and | |
373 | serial number of the candidate issuer, in addition the keyUsage extension of | |
374 | the candidate issuer (if present) must permit certificate signing. | |
709e8595 | 375 | |
13938ace | 376 | The lookup first looks in the list of untrusted certificates and if no match |
19d2bb57 | 377 | is found the remaining lookups are from the trusted certificates. The root CA |
13938ace DSH |
378 | is always looked up in the trusted certificate list: if the certificate to |
379 | verify is a root certificate then an exact match must be found in the trusted | |
380 | list. | |
381 | ||
382 | The second operation is to check every untrusted certificate's extensions for | |
383 | consistency with the supplied purpose. If the B<-purpose> option is not included | |
384 | then no checks are done. The supplied or "leaf" certificate must have extensions | |
385 | compatible with the supplied purpose and all other certificates must also be valid | |
386 | CA certificates. The precise extensions required are described in more detail in | |
7b418a47 | 387 | the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility. |
13938ace | 388 | |
feb2f53e VD |
389 | The third operation is to check the trust settings on the root CA. The root CA |
390 | should be trusted for the supplied purpose. | |
391 | For compatibility with previous versions of OpenSSL, a certificate with no | |
392 | trust settings is considered to be valid for all purposes. | |
13938ace DSH |
393 | |
394 | The final operation is to check the validity of the certificate chain. The validity | |
395 | period is checked against the current system time and the notBefore and notAfter | |
396 | dates in the certificate. The certificate signatures are also checked at this | |
397 | point. | |
398 | ||
399 | If all operations complete successfully then certificate is considered valid. If | |
400 | any operation fails then the certificate is not valid. | |
401 | ||
7b418a47 DSH |
402 | =head1 DIAGNOSTICS |
403 | ||
404 | When a verify operation fails the output messages can be somewhat cryptic. The | |
405 | general form of the error message is: | |
406 | ||
407 | server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) | |
408 | error 24 at 1 depth lookup:invalid CA certificate | |
409 | ||
410 | The first line contains the name of the certificate being verified followed by | |
411 | the subject name of the certificate. The second line contains the error number | |
412 | and the depth. The depth is number of the certificate being verified when a | |
413 | problem was detected starting with zero for the certificate being verified itself | |
414 | then 1 for the CA that signed the certificate and so on. Finally a text version | |
415 | of the error number is presented. | |
416 | ||
77a795e4 | 417 | A partial list of the error codes and messages is shown below, this also |
7b418a47 DSH |
418 | includes the name of the error code as defined in the header file x509_vfy.h |
419 | Some of the error codes are defined but never returned: these are described | |
420 | as "unused". | |
421 | ||
422 | =over 4 | |
423 | ||
0634424f | 424 | =item B<X509_V_OK> |
7b418a47 | 425 | |
0634424f | 426 | The operation was successful. |
7b418a47 | 427 | |
0634424f | 428 | =item B<X509_V_ERR_UNSPECIFIED> |
d33def66 | 429 | |
0634424f | 430 | Unspecified error; should not happen. |
d33def66 | 431 | |
0634424f | 432 | =item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> |
7b418a47 | 433 | |
0634424f | 434 | The issuer certificate of a looked up certificate could not be found. This |
7d3d1788 | 435 | normally means the list of trusted certificates is not complete. |
7b418a47 | 436 | |
0634424f | 437 | =item B<X509_V_ERR_UNABLE_TO_GET_CRL> |
7b418a47 | 438 | |
0634424f | 439 | The CRL of a certificate could not be found. |
7b418a47 | 440 | |
0634424f | 441 | =item B<X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE> |
7b418a47 | 442 | |
c4de074e P |
443 | The certificate signature could not be decrypted. This means that the |
444 | actual signature value could not be determined rather than it not matching | |
445 | the expected value, this is only meaningful for RSA keys. | |
7b418a47 | 446 | |
0634424f | 447 | =item B<X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE> |
7b418a47 | 448 | |
c4de074e P |
449 | The CRL signature could not be decrypted: this means that the actual |
450 | signature value could not be determined rather than it not matching the | |
451 | expected value. Unused. | |
7b418a47 | 452 | |
0634424f | 453 | =item B<X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY> |
7b418a47 | 454 | |
0634424f | 455 | The public key in the certificate SubjectPublicKeyInfo could not be read. |
7b418a47 | 456 | |
0634424f | 457 | =item B<X509_V_ERR_CERT_SIGNATURE_FAILURE> |
7b418a47 | 458 | |
0634424f | 459 | The signature of the certificate is invalid. |
7b418a47 | 460 | |
0634424f | 461 | =item B<X509_V_ERR_CRL_SIGNATURE_FAILURE> |
7b418a47 | 462 | |
0634424f | 463 | The signature of the certificate is invalid. |
7b418a47 | 464 | |
0634424f | 465 | =item B<X509_V_ERR_CERT_NOT_YET_VALID> |
7b418a47 | 466 | |
c4de074e P |
467 | The certificate is not yet valid: the notBefore date is after the |
468 | current time. | |
7b418a47 | 469 | |
0634424f | 470 | =item B<X509_V_ERR_CERT_HAS_EXPIRED> |
7b418a47 | 471 | |
c4de074e P |
472 | The certificate has expired: that is the notAfter date is before the |
473 | current time. | |
7b418a47 | 474 | |
0634424f | 475 | =item B<X509_V_ERR_CRL_NOT_YET_VALID> |
7b418a47 | 476 | |
0634424f | 477 | The CRL is not yet valid. |
7b418a47 | 478 | |
0634424f | 479 | =item B<X509_V_ERR_CRL_HAS_EXPIRED> |
7b418a47 | 480 | |
0634424f | 481 | The CRL has expired. |
7b418a47 | 482 | |
0634424f | 483 | =item B<X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD> |
7b418a47 | 484 | |
0634424f | 485 | The certificate notBefore field contains an invalid time. |
13938ace | 486 | |
0634424f | 487 | =item B<X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD> |
7b418a47 | 488 | |
0634424f | 489 | The certificate notAfter field contains an invalid time. |
7b418a47 | 490 | |
0634424f | 491 | =item B<X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD> |
7b418a47 | 492 | |
0634424f | 493 | The CRL lastUpdate field contains an invalid time. |
7b418a47 | 494 | |
0634424f | 495 | =item B<X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD> |
7b418a47 | 496 | |
0634424f | 497 | The CRL nextUpdate field contains an invalid time. |
7b418a47 | 498 | |
0634424f | 499 | =item B<X509_V_ERR_OUT_OF_MEM> |
7b418a47 | 500 | |
0634424f | 501 | An error occurred trying to allocate memory. This should never happen. |
7b418a47 | 502 | |
0634424f | 503 | =item B<X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT> |
7b418a47 | 504 | |
c4de074e P |
505 | The passed certificate is self-signed and the same certificate cannot |
506 | be found in the list of trusted certificates. | |
7b418a47 | 507 | |
0634424f | 508 | =item B<X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN> |
7b418a47 | 509 | |
c4de074e P |
510 | The certificate chain could be built up using the untrusted certificates |
511 | but the root could not be found locally. | |
7b418a47 | 512 | |
0634424f | 513 | =item B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> |
7b418a47 | 514 | |
0634424f | 515 | The issuer certificate could not be found: this occurs if the issuer |
7d3d1788 | 516 | certificate of an untrusted certificate cannot be found. |
7b418a47 | 517 | |
0634424f | 518 | =item B<X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE> |
7b418a47 | 519 | |
c4de074e P |
520 | No signatures could be verified because the chain contains only one |
521 | certificate and it is not self signed. | |
7b418a47 | 522 | |
0634424f | 523 | =item B<X509_V_ERR_CERT_CHAIN_TOO_LONG> |
7b418a47 | 524 | |
c4de074e P |
525 | The certificate chain length is greater than the supplied maximum |
526 | depth. Unused. | |
7b418a47 | 527 | |
0634424f | 528 | =item B<X509_V_ERR_CERT_REVOKED> |
7b418a47 | 529 | |
0634424f | 530 | The certificate has been revoked. |
7b418a47 | 531 | |
0634424f | 532 | =item B<X509_V_ERR_INVALID_CA> |
7b418a47 | 533 | |
c4de074e P |
534 | A CA certificate is invalid. Either it is not a CA or its extensions |
535 | are not consistent with the supplied purpose. | |
7b418a47 | 536 | |
0634424f | 537 | =item B<X509_V_ERR_PATH_LENGTH_EXCEEDED> |
7b418a47 | 538 | |
0634424f | 539 | The basicConstraints pathlength parameter has been exceeded. |
7b418a47 | 540 | |
0634424f | 541 | =item B<X509_V_ERR_INVALID_PURPOSE> |
7b418a47 | 542 | |
0634424f | 543 | The supplied certificate cannot be used for the specified purpose. |
7b418a47 | 544 | |
0634424f | 545 | =item B<X509_V_ERR_CERT_UNTRUSTED> |
7b418a47 | 546 | |
c4de074e | 547 | The root CA is not marked as trusted for the specified purpose. |
7b418a47 | 548 | |
0634424f | 549 | =item B<X509_V_ERR_CERT_REJECTED> |
7b418a47 | 550 | |
0634424f | 551 | The root CA is marked to reject the specified purpose. |
7b418a47 | 552 | |
0634424f | 553 | =item B<X509_V_ERR_SUBJECT_ISSUER_MISMATCH> |
709e8595 | 554 | |
c4de074e | 555 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
d33def66 | 556 | B<-issuer_checks> option. |
709e8595 | 557 | |
0634424f | 558 | =item B<X509_V_ERR_AKID_SKID_MISMATCH> |
709e8595 | 559 | |
d33def66 VD |
560 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
561 | B<-issuer_checks> option. | |
709e8595 | 562 | |
0634424f | 563 | =item B<X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH> |
709e8595 | 564 | |
d33def66 VD |
565 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the |
566 | B<-issuer_checks> option. | |
567 | ||
0634424f | 568 | =item B<X509_V_ERR_KEYUSAGE_NO_CERTSIGN> |
d33def66 VD |
569 | |
570 | Not used as of OpenSSL 1.1.0 as a result of the deprecation of the | |
571 | B<-issuer_checks> option. | |
572 | ||
05ea606a | 573 | =item B<X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER> |
d33def66 | 574 | |
05ea606a | 575 | Unable to get CRL issuer certificate. |
d33def66 | 576 | |
05ea606a | 577 | =item B<X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION> |
d33def66 | 578 | |
05ea606a | 579 | Unhandled critical extension. |
d33def66 | 580 | |
05ea606a | 581 | =item B<X509_V_ERR_KEYUSAGE_NO_CRL_SIGN> |
d33def66 | 582 | |
05ea606a | 583 | Key usage does not include CRL signing. |
d33def66 | 584 | |
05ea606a | 585 | =item B<X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION> |
d33def66 | 586 | |
05ea606a | 587 | Unhandled critical CRL extension. |
d33def66 | 588 | |
05ea606a | 589 | =item B<X509_V_ERR_INVALID_NON_CA> |
d33def66 | 590 | |
05ea606a | 591 | Invalid non-CA certificate has CA markings. |
d33def66 | 592 | |
05ea606a | 593 | =item B<X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED> |
d33def66 | 594 | |
05ea606a | 595 | Proxy path length constraint exceeded. |
d33def66 | 596 | |
a392ef20 RL |
597 | =item B<X509_V_ERR_PROXY_SUBJECT_INVALID> |
598 | ||
599 | Proxy certificate subject is invalid. It MUST be the same as the issuer | |
600 | with a single CN component added. | |
601 | ||
05ea606a | 602 | =item B<X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE> |
d33def66 | 603 | |
05ea606a | 604 | Key usage does not include digital signature. |
d33def66 | 605 | |
05ea606a | 606 | =item B<X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED> |
d33def66 | 607 | |
a392ef20 | 608 | Proxy certificates not allowed, please use B<-allow_proxy_certs>. |
d33def66 | 609 | |
05ea606a | 610 | =item B<X509_V_ERR_INVALID_EXTENSION> |
d33def66 | 611 | |
05ea606a | 612 | Invalid or inconsistent certificate extension. |
d33def66 | 613 | |
05ea606a | 614 | =item B<X509_V_ERR_INVALID_POLICY_EXTENSION> |
d33def66 | 615 | |
05ea606a | 616 | Invalid or inconsistent certificate policy extension. |
d33def66 | 617 | |
05ea606a | 618 | =item B<X509_V_ERR_NO_EXPLICIT_POLICY> |
d33def66 | 619 | |
05ea606a | 620 | No explicit policy. |
d33def66 | 621 | |
05ea606a | 622 | =item B<X509_V_ERR_DIFFERENT_CRL_SCOPE> |
d33def66 | 623 | |
05ea606a | 624 | Different CRL scope. |
d33def66 | 625 | |
05ea606a | 626 | =item B<X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE> |
d33def66 | 627 | |
05ea606a | 628 | Unsupported extension feature. |
d33def66 | 629 | |
05ea606a | 630 | =item B<X509_V_ERR_UNNESTED_RESOURCE> |
d33def66 | 631 | |
05ea606a | 632 | RFC 3779 resource not subset of parent's resources. |
d33def66 | 633 | |
05ea606a | 634 | =item B<X509_V_ERR_PERMITTED_VIOLATION> |
709e8595 | 635 | |
05ea606a | 636 | Permitted subtree violation. |
709e8595 | 637 | |
05ea606a | 638 | =item B<X509_V_ERR_EXCLUDED_VIOLATION> |
d33def66 | 639 | |
05ea606a | 640 | Excluded subtree violation. |
d33def66 | 641 | |
05ea606a | 642 | =item B<X509_V_ERR_SUBTREE_MINMAX> |
d33def66 | 643 | |
05ea606a | 644 | Name constraints minimum and maximum not supported. |
709e8595 | 645 | |
05ea606a | 646 | =item B<X509_V_ERR_APPLICATION_VERIFICATION> |
7b418a47 | 647 | |
05ea606a | 648 | Application verification failure. Unused. |
7b418a47 | 649 | |
05ea606a | 650 | =item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE> |
d33def66 | 651 | |
05ea606a | 652 | Unsupported name constraint type. |
d33def66 | 653 | |
05ea606a | 654 | =item B<X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX> |
d33def66 | 655 | |
05ea606a | 656 | Unsupported or invalid name constraint syntax. |
d33def66 | 657 | |
05ea606a | 658 | =item B<X509_V_ERR_UNSUPPORTED_NAME_SYNTAX> |
d33def66 | 659 | |
05ea606a | 660 | Unsupported or invalid name syntax. |
d33def66 | 661 | |
05ea606a | 662 | =item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR> |
d33def66 | 663 | |
05ea606a | 664 | CRL path validation error. |
d33def66 | 665 | |
05ea606a | 666 | =item B<X509_V_ERR_PATH_LOOP> |
d33def66 | 667 | |
05ea606a | 668 | Path loop. |
d33def66 | 669 | |
05ea606a | 670 | =item B<X509_V_ERR_SUITE_B_INVALID_VERSION> |
d33def66 | 671 | |
05ea606a | 672 | Suite B: certificate version invalid. |
d33def66 | 673 | |
05ea606a | 674 | =item B<X509_V_ERR_SUITE_B_INVALID_ALGORITHM> |
d33def66 | 675 | |
05ea606a | 676 | Suite B: invalid public key algorithm. |
d33def66 | 677 | |
05ea606a | 678 | =item B<X509_V_ERR_SUITE_B_INVALID_CURVE> |
d33def66 | 679 | |
05ea606a | 680 | Suite B: invalid ECC curve. |
d33def66 | 681 | |
05ea606a | 682 | =item B<X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM> |
d33def66 | 683 | |
05ea606a | 684 | Suite B: invalid signature algorithm. |
d33def66 | 685 | |
05ea606a | 686 | =item B<X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED> |
d33def66 | 687 | |
05ea606a | 688 | Suite B: curve not allowed for this LOS. |
d33def66 | 689 | |
05ea606a | 690 | =item B<X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256> |
d33def66 | 691 | |
05ea606a | 692 | Suite B: cannot sign P-384 with P-256. |
d33def66 | 693 | |
05ea606a | 694 | =item B<X509_V_ERR_HOSTNAME_MISMATCH> |
d33def66 | 695 | |
05ea606a | 696 | Hostname mismatch. |
d33def66 | 697 | |
05ea606a | 698 | =item B<X509_V_ERR_EMAIL_MISMATCH> |
d33def66 | 699 | |
05ea606a | 700 | Email address mismatch. |
d33def66 | 701 | |
05ea606a | 702 | =item B<X509_V_ERR_IP_ADDRESS_MISMATCH> |
d33def66 | 703 | |
05ea606a | 704 | IP address mismatch. |
d33def66 | 705 | |
05ea606a | 706 | =item B<X509_V_ERR_DANE_NO_MATCH> |
d33def66 VD |
707 | |
708 | DANE TLSA authentication is enabled, but no TLSA records matched the | |
709 | certificate chain. | |
710 | This error is only possible in L<s_client(1)>. | |
711 | ||
3bb0f989 TS |
712 | =item B<X509_V_ERR_EE_KEY_TOO_SMALL> |
713 | ||
714 | EE certificate key too weak. | |
715 | ||
716 | =item B<X509_ERR_CA_KEY_TOO_SMALL> | |
717 | ||
718 | CA certificate key too weak. | |
719 | ||
720 | =item B<X509_ERR_CA_MD_TOO_WEAK> | |
721 | ||
722 | CA signature digest algorithm too weak. | |
723 | ||
724 | =item B<X509_V_ERR_INVALID_CALL> | |
725 | ||
726 | nvalid certificate verification context. | |
727 | ||
728 | =item B<X509_V_ERR_STORE_LOOKUP> | |
729 | ||
730 | Issuer certificate lookup error. | |
731 | ||
732 | =item B<X509_V_ERR_NO_VALID_SCTS> | |
733 | ||
734 | Certificate Transparency required, but no valid SCTs found. | |
735 | ||
736 | =item B<X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION> | |
737 | ||
738 | Proxy subject name violation. | |
739 | ||
740 | =item B<X509_V_ERR_OCSP_VERIFY_NEEDED> | |
741 | ||
742 | Returned by the verify callback to indicate an OCSP verification is needed. | |
743 | ||
744 | =item B<X509_V_ERR_OCSP_VERIFY_FAILED> | |
745 | ||
746 | Returned by the verify callback to indicate OCSP verification failed. | |
747 | ||
748 | =item B<X509_V_ERR_OCSP_CERT_UNKNOWN> | |
749 | ||
750 | Returned by the verify callback to indicate that the certificate is not recognized | |
751 | by the OCSP responder. | |
752 | ||
7b418a47 | 753 | =back |
13938ace | 754 | |
709e8595 DSH |
755 | =head1 BUGS |
756 | ||
c4de074e P |
757 | Although the issuer checks are a considerable improvement over the old |
758 | technique they still suffer from limitations in the underlying X509_LOOKUP | |
759 | API. One consequence of this is that trusted certificates with matching | |
760 | subject name must either appear in a file (as specified by the B<-CAfile> | |
761 | option) or a directory (as specified by B<-CApath>). If they occur in | |
762 | both then only the certificates in the file will be recognised. | |
709e8595 | 763 | |
c4de074e P |
764 | Previous versions of OpenSSL assume certificates with matching subject |
765 | name are identical and mishandled them. | |
709e8595 | 766 | |
7d3d1788 DSH |
767 | Previous versions of this documentation swapped the meaning of the |
768 | B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT> and | |
0634424f | 769 | B<X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. |
7d3d1788 | 770 | |
13938ace DSH |
771 | =head1 SEE ALSO |
772 | ||
9b86974e | 773 | L<x509(1)> |
13938ace | 774 | |
fa7b0111 MC |
775 | =head1 HISTORY |
776 | ||
fc5ecadd | 777 | The B<-show_chain> option was added in OpenSSL 1.1.0. |
d33def66 VD |
778 | |
779 | The B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and | |
780 | is silently ignored. | |
fa7b0111 | 781 | |
4674aaf4 | 782 | The B<-sm2-id> and B<-sm2-hex-id> options were added in OpenSSL 3.0. |
7eba43e8 | 783 | |
e2f92610 RS |
784 | =head1 COPYRIGHT |
785 | ||
7eba43e8 | 786 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 787 | |
449040b4 | 788 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
789 | this file except in compliance with the License. You can obtain a copy |
790 | in the file LICENSE in the source distribution or at | |
791 | L<https://www.openssl.org/source/license.html>. | |
792 | ||
793 | =cut |