diff options
author | Beat Bolli <dev@drbeat.li> | 2021-07-30 18:39:51 +0200 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-08-04 15:02:27 +1000 |
commit | 2fc02378ffcd9a266077eeea224890c534b7aaef (patch) | |
tree | 257bb9c5ffd11e27ffcf6f7e0126b833c66aef03 /doc/man1/openssl-verification-options.pod | |
parent | 92c03668c0cd77434006b613e3429888a0a8ecfe (diff) |
doc: use the documented =item markers
The generated lists[1] look weird when using a dash as the list item
character. Perlpod documents[2] '*' for unordered lists and '1.' (note
the period) for ordered lists. Use these characters instead.
[1] e.g. https://www.openssl.org/docs/manmaster/man7/migration_guide.html#New-Algorithms
[2] https://perldoc.perl.org/perlpod
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16190)
Diffstat (limited to 'doc/man1/openssl-verification-options.pod')
-rw-r--r-- | doc/man1/openssl-verification-options.pod | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/doc/man1/openssl-verification-options.pod b/doc/man1/openssl-verification-options.pod index c634ccae15..70daa986b8 100644 --- a/doc/man1/openssl-verification-options.pod +++ b/doc/man1/openssl-verification-options.pod @@ -274,50 +274,50 @@ among others, the following certificate well-formedness conditions are checked: =over 4 -=item - +=item * The basicConstraints of CA certificates must be marked critical. -=item - +=item * CA certificates must explicitly include the keyUsage extension. -=item - +=item * If a pathlenConstraint is given the key usage keyCertSign must be allowed. -=item - +=item * The pathlenConstraint must not be given for non-CA certificates. -=item - +=item * The issuer name of any certificate must not be empty. -=item - +=item * The subject name of CA certs, certs with keyUsage crlSign, and certs without subjectAlternativeName must not be empty. -=item - +=item * If a subjectAlternativeName extension is given it must not be empty. -=item - +=item * The signatureAlgorithm field and the cert signature must be consistent. -=item - +=item * Any given authorityKeyIdentifier and any given subjectKeyIdentifier must not be marked critical. -=item - +=item * The authorityKeyIdentifier must be given for X.509v3 certs unless they are self-signed. -=item - +=item * The subjectKeyIdentifier must be given for all X.509v3 CA certs. |