Update man3/verify documentation, error text

Move the x509_V_ERR_xxx definitions from openssl-verify to
X509_STORE_CTX_get_error.pod.  Add some missing ones.  Consistently
start with a lowercase letter, unless it's an acronym.

Fix some markup mistakes in X509_verify_cert.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10132)

10 files changed, 326 insertions, 894 deletions

diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index 56fe42c788..3a919edae5 100644
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -39,34 +39,6 @@ B<openssl> B<cms>
 [B<-text>]
 [B<-noout>]
 [B<-print>]
-[B<-attime> I<timestamp>]
-[B<-check_ss_sig>]
-[B<-crl_check>]
-[B<-crl_check_all>]
-[B<-explicit_policy>]
-[B<-extended_crl>]
-[B<-ignore_critical>]
-[B<-inhibit_any>]
-[B<-inhibit_map>]
-[B<-no_check_time>]
-[B<-partial_chain>]
-[B<-policy> I<arg>]
-[B<-policy_check>]
-[B<-policy_print>]
-[B<-purpose> I<purpose>]
-[B<-suiteB_128>]
-[B<-suiteB_128_only>]
-[B<-suiteB_192>]
-[B<-trusted_first>]
-[B<-no_alt_chains>]
-[B<-use_deltas>]
-[B<-auth_level> I<num>]
-[B<-verify_depth> I<num>]
-[B<-verify_email> I<email>]
-[B<-verify_hostname> I<hostname>]
-[B<-verify_ip> I<ip>]
-[B<-verify_name> I<name>]
-[B<-x509_strict>]
 [B<-md> I<digest>]
 [B<-I<cipher>>]
 [B<-nointern>]
@@ -78,7 +50,6 @@ B<openssl> B<cms>
 [B<-crlfeol>]
 [B<-asciicrlf>]
 [B<-nodetach>]
-[B<-certfile> I<file>]
 [B<-certsout> I<file>]
 [B<-signer> I<file>]
 [B<-recip> I<file>]
@@ -97,6 +68,7 @@ B<openssl> B<cms>
 [B<-to> I<addr>]
 [B<-from> I<addr>]
 [B<-subject> I<subj>]
+{- $OpenSSL::safe::opt_v_synopsis -}
 {- $OpenSSL::safe::opt_trust_synopsis -}
 {- $OpenSSL::safe::opt_r_synopsis -}
 [I<cert.pem> ...]
@@ -462,16 +434,9 @@ portion of a message so they may be included manually. If signing
 then many S/MIME mail clients check the signers certificate's email
 address matches that specified in the From: address.
 
-=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
-B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
-B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
-B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
-B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
-B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-B<-verify_ip>, B<-verify_name>, B<-x509_strict>
+{- $OpenSSL::safe::opt_v_item -}
 
-Set various certificate chain validation options. See the
-L<openssl-verify(1)> manual page for details.
+Any verification errors cause the command to exit.
 
 {- $OpenSSL::safe::opt_trust_item -}
 
diff --git a/doc/man1/openssl-dgst.pod.in b/doc/man1/openssl-dgst.pod.in
index a954b8b253..bd7b41cb37 100644
--- a/doc/man1/openssl-dgst.pod.in
+++ b/doc/man1/openssl-dgst.pod.in
@@ -27,6 +27,7 @@ B<openssl> B<dgst>|I<digest>
 [B<-hmac> I<key>]
 [B<-fips-fingerprint>]
 [B<-engine> I<id>]
+[B<-engine_impl> I<id>]
 {- $OpenSSL::safe::opt_engine_synopsis -}
 {- $OpenSSL::safe::opt_r_synopsis -}
 [I<file> ...]
@@ -170,17 +171,17 @@ option.
 
 Compute HMAC using a specific key for certain OpenSSL-FIPS operations.
 
-=item B<-engine_impl>
-
-When used with the B<-engine> option, it specifies to also use
-engine I<id> for digest operations.
-
 {- $OpenSSL::safe::opt_r_item -}
 
 {- $OpenSSL::safe::opt_engine_item -}
 The engine is not used for digests unless the B<-engine_impl> option is
 used or it is configured to do so, see L<config(5)/Engine Configuration Module>.
 
+=item B<-engine_impl>
+
+When used with the B<-engine> option, it specifies to also use
+engine I<id> for digest operations.
+
 =item I<file> ...
 
 File or files to digest. If no files are specified then standard input is
diff --git a/doc/man1/openssl-ocsp.pod.in b/doc/man1/openssl-ocsp.pod.in
index fb32ffef71..a866a38ebc 100644
--- a/doc/man1/openssl-ocsp.pod.in
+++ b/doc/man1/openssl-ocsp.pod.in
@@ -31,34 +31,6 @@ B<openssl> B<ocsp>
 [B<-multi> I<process-count>]
 [B<-header>]
 [B<-path>]
-[B<-attime> I<timestamp>]
-[B<-check_ss_sig>]
-[B<-crl_check>]
-[B<-crl_check_all>]
-[B<-explicit_policy>]
-[B<-extended_crl>]
-[B<-ignore_critical>]
-[B<-inhibit_any>]
-[B<-inhibit_map>]
-[B<-no_check_time>]
-[B<-partial_chain>]
-[B<-policy> I<arg>]
-[B<-policy_check>]
-[B<-policy_print>]
-[B<-purpose> I<purpose>]
-[B<-suiteB_128>]
-[B<-suiteB_128_only>]
-[B<-suiteB_192>]
-[B<-trusted_first>]
-[B<-no_alt_chains>]
-[B<-use_deltas>]
-[B<-auth_level> I<num>]
-[B<-verify_depth> I<num>]
-[B<-verify_email> I<email>]
-[B<-verify_hostname> I<hostname>]
-[B<-verify_ip> I<ip>]
-[B<-verify_name> I<name>]
-[B<-x509_strict>]
 [B<-VAfile> I<file>]
 [B<-validity_period> I<n>]
 [B<-status_age> I<n>]
@@ -88,6 +60,7 @@ B<openssl> B<ocsp>
 [B<-rcid> I<digest>]
 [B<-I<digest>>]
 {- $OpenSSL::safe::opt_trust_synopsis -}
+{- $OpenSSL::safe::opt_v_synopsis -}
 
 =for openssl ifdef multi
 
@@ -206,17 +179,6 @@ each child is willing to wait for the client's OCSP response.
 This option is available on POSIX systems (that support the fork() and other
 required unix system-calls).
 
-=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
-B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
-B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
-B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
-B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
-B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-B<-verify_ip>, B<-verify_name>, B<-x509_strict>
-
-Set different certificate verification options.
-See L<openssl-verify(1)> manual page for details.
-
 =item B<-verify_other> I<file>
 
 File containing additional certificates to search when attempting to locate
@@ -307,6 +269,8 @@ digest used by subsequent certificate identifiers.
 
 {- $OpenSSL::safe::opt_trust_item -}
 
+{- $OpenSSL::safe::opt_v_item -}
+
 =back
 
 =head2 OCSP Server Options
diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
index 779f91700f..48157d0fdd 100644
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@@ -36,35 +36,7 @@ B<openssl> B<s_client>
 [B<-dane_tlsa_domain> I<domain>]
 [B<-dane_tlsa_rrdata> I<rrdata>]
 [B<-dane_ee_no_namechecks>]
-[B<-attime> I<timestamp>]
-[B<-check_ss_sig>]
-[B<-crl_check>]
-[B<-crl_check_all>]
-[B<-explicit_policy>]
-[B<-extended_crl>]
-[B<-ignore_critical>]
-[B<-inhibit_any>]
-[B<-inhibit_map>]
-[B<-no_check_time>]
-[B<-partial_chain>]
-[B<-policy> I<arg>]
-[B<-policy_check>]
-[B<-policy_print>]
-[B<-purpose> I<purpose>]
-[B<-suiteB_128>]
-[B<-suiteB_128_only>]
-[B<-suiteB_192>]
-[B<-trusted_first>]
-[B<-no_alt_chains>]
-[B<-use_deltas>]
-[B<-auth_level> I<num>]
-[B<-verify_depth> I<num>]
-[B<-verify_email> I<email>]
-[B<-verify_hostname> I<hostname>]
-[B<-verify_ip> I<ip>]
-[B<-verify_name> I<name>]
 [B<-build_chain>]
-[B<-x509_strict>]
 [B<-reconnect>]
 [B<-showcerts>]
 [B<-debug>]
@@ -119,6 +91,7 @@ B<openssl> B<s_client>
 {- $OpenSSL::safe::opt_trust_synopsis -}
 {- $OpenSSL::safe::opt_r_synopsis -}
 {- $OpenSSL::safe::opt_engine_synopsis -}
+{- $OpenSSL::safe::opt_v_synopsis -}
 [I<host>:I<port>]
 
 =for openssl ifdef engine ssl_client_engine ct noct ctlogfile
@@ -347,17 +320,6 @@ records already make it possible for a remote domain to redirect client
 connections to any server of its choice, and in any case SMTP and XMPP clients
 do not execute scripts downloaded from remote servers.
 
-=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
-B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
-B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
-B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
-B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
-B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-B<-verify_ip>, B<-verify_name>, B<-x509_strict>
-
-Set various certificate chain validation options. See the
-L<openssl-verify(1)> manual page for details.
-
 =item B<-reconnect>
 
 Reconnects to the same server 5 times using the same session ID, this can
@@ -668,6 +630,11 @@ happen whether or not a certificate has been provided via B<-cert>.
 
 {- $OpenSSL::safe::opt_engine_item -}
 
+{- $OpenSSL::safe::opt_v_item -}
+
+Verification errors are displayed, for debugging, but the command will
+proceed unless the B<-verify_return_error> option is used.
+
 =item I<host>:I<port>
 
 Rather than providing B<-connect>, the target hostname and optional port may
diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index 47343585bd..a35ddf289e 100644
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -107,36 +107,6 @@ B<openssl> B<s_server>
 [B<-dhparam> I<infile>]
 [B<-record_padding> I<val>]
 [B<-debug_broken_protocol>]
-[B<-policy> I<val>]
-[B<-purpose> I<val>]
-[B<-verify_name> I<val>]
-[B<-verify_depth> I<int>]
-[B<-auth_level> I<int>]
-[B<-attime> I<intmax>]
-[B<-verify_hostname> I<val>]
-[B<-verify_email> I<val>]
-[B<-verify_ip>]
-[B<-ignore_critical>]
-[B<-issuer_checks>]
-[B<-crl_check>]
-[B<-crl_check_all>]
-[B<-policy_check>]
-[B<-explicit_policy>]
-[B<-inhibit_any>]
-[B<-inhibit_map>]
-[B<-x509_strict>]
-[B<-extended_crl>]
-[B<-use_deltas>]
-[B<-policy_print>]
-[B<-check_ss_sig>]
-[B<-trusted_first>]
-[B<-suiteB_128_only>]
-[B<-suiteB_128>]
-[B<-suiteB_192>]
-[B<-partial_chain>]
-[B<-no_alt_chains>]
-[B<-no_check_time>]
-[B<-allow_proxy_certs>]
 [B<-nbio>]
 [B<-psk_identity> I<val>]
 [B<-psk_hint> I<val>]
@@ -161,6 +131,7 @@ B<openssl> B<s_server>
 [B<-http_server_binmode>]
 {- $OpenSSL::safe::opt_name_synopsis -}
 {- $OpenSSL::safe::opt_version_synopsis -}
+{- $OpenSSL::safe::opt_v_synopsis -}
 {- $OpenSSL::safe::opt_x_synopsis -}
 {- $OpenSSL::safe::opt_trust_synopsis -}
 {- $OpenSSL::safe::opt_r_synopsis -}
@@ -565,23 +536,6 @@ load the parameters from the server certificate file.
 If this fails then a static set of parameters hard coded into this command
 will be used.
 
-=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
-B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
-B<-inhibit_map>, B<-no_alt_chains>, B<-no_check_time>, B<-partial_chain>, B<-policy>,
-B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
-B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
-B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-B<-verify_ip>, B<-verify_name>, B<-x509_strict>
-
-Set different peer certificate verification options.
-See the L<openssl-verify(1)> manual page for details.
-
-=item B<-crl_check>, B<-crl_check_all>
-
-Check the peer certificate has not been revoked by its CA.
-The CRL(s) are appended to the certificate file. With the B<-crl_check_all>
-option all CRLs of all CAs in the chain are checked.
-
 =item B<-nbio>
 
 Turns on non blocking I/O.
@@ -692,6 +646,12 @@ by the client in binary mode.
 
 {- $OpenSSL::safe::opt_engine_item -}
 
+{- $OpenSSL::safe::opt_v_item -}
+
+If the server requests a client certificate, then
+verification errors are displayed, for debugging, but the command will
+proceed unless the B<-verify_return_error> option is used.
+
 =back
 
 =head1 CONNECTED COMMANDS
diff --git a/doc/man1/openssl-s_time.pod.in b/doc/man1/openssl-s_time.pod.in
index ed1c012f8e..1d87c8c0dd 100644
--- a/doc/man1/openssl-s_time.pod.in
+++ b/doc/man1/openssl-s_time.pod.in
@@ -72,12 +72,6 @@ Currently the verify operation continues after errors so all the problems
 with a certificate chain can be seen. As a side effect the connection
 will never fail due to a server certificate verify failure.
 
-=item B<-CApath> I<directory>
-
-The directory to use for server certificate verification. This directory
-must be in "hash format", see L<openssl-verify(1)> for more information.
-These are also used when building the client certificate chain.
-
 =item B<-new>
 
 Performs the timing test using a new session ID for each connection.
diff --git a/doc/man1/openssl-smime.pod.in b/doc/man1/openssl-smime.pod.in
index 5653c0f68c..55bd34f72e 100644
--- a/doc/man1/openssl-smime.pod.in
+++ b/doc/man1/openssl-smime.pod.in
@@ -19,33 +19,6 @@ B<openssl> B<smime>
 [B<-crlfeol>]
 [B<-I<cipher>>]
 [B<-in> I<file>]
-[B<-attime> I<timestamp>]
-[B<-check_ss_sig>]
-[B<-crl_check>]
-[B<-crl_check_all>]
-[B<-explicit_policy>]
-[B<-extended_crl>]
-[B<-ignore_critical>]
-[B<-inhibit_any>]
-[B<-inhibit_map>]
-[B<-partial_chain>]
-[B<-policy> I<arg>]
-[B<-policy_check>]
-[B<-policy_print>]
-[B<-purpose> I<purpose>]
-[B<-suiteB_128>]
-[B<-suiteB_128_only>]
-[B<-suiteB_192>]
-[B<-trusted_first>]
-[B<-no_alt_chains>]
-[B<-use_deltas>]
-[B<-auth_level> I<num>]
-[B<-verify_depth> I<num>]
-[B<-verify_email> I<email>]
-[B<-verify_hostname> I<hostname>]
-[B<-verify_ip> I<ip>]
-[B<-verify_name> I<name>]
-[B<-x509_strict>]
 [B<-certfile> I<file>]
 [B<-signer> I<file>]
 [B<-recip> I< file>]
@@ -66,6 +39,7 @@ B<openssl> B<smime>
 [B<-md> I<digest>]
 {- $OpenSSL::safe::opt_trust_synopsis -}
 {- $OpenSSL::safe::opt_r_synopsis -}
+{- $OpenSSL::safe::opt_v_synopsis -}
 I<cert.pem> ...
 
 =for openssl ifdef engine
@@ -283,16 +257,9 @@ portion of a message so they may be included manually. If signing
 then many S/MIME mail clients check the signers certificate's email
 address matches that specified in the From: address.
 
-=item B<-attime>, B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
-B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
-B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
-B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
-B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
-B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
-B<-verify_ip>, B<-verify_name>, B<-x509_strict>
+{- $OpenSSL::safe::opt_v_item -}
 
-Set various options of certificate chain verification. See
-L<openssl-verify(1)> manual page for details.
+Any verification errors cause the command to exit.
 
 {- $OpenSSL::safe::opt_trust_item -}
 
diff --git a/doc/man1/openssl-ts.pod.in b/doc/man1/openssl-ts.pod.in
index 53781126fa..b9c3692c62 100644
--- a/doc/man1/openssl-ts.pod.in
+++ b/doc/man1/openssl-ts.pod.in
@@ -33,6 +33,7 @@ B<-reply>
 [B<-chain> I<certs_file.pem>]
 [B<-tspolicy> I<object_id>]
 [B<-in> I<response.tsr>]
+[B<-untrusted> I<file>]
 [B<-token_in>]
 [B<-out> I<response.tsr>]
 [B<-token_out>]
@@ -46,42 +47,8 @@ B<-verify>
 [B<-queryfile> I<request.tsq>]
 [B<-in> I<response.tsr>]
 [B<-token_in>]
-[B<-CApath> I<trusted_cert_path>]
-[B<-CAfile> I<trusted_certs.pem>]
-[B<-CAstore> I<trusted_certs_uri>]
-[B<-untrusted> I<cert_file.pem>]
-[I<verify options>]
-
-I<verify options:>
-[B<-attime> I<timestamp>]
-[B<-check_ss_sig>]
-[B<-crl_check>]
-[B<-crl_check_all>]
-[B<-explicit_policy>]
-[B<-extended_crl>]
-[B<-ignore_critical>]
-[B<-inhibit_any>]
-[B<-inhibit_map>]
-[B<-issuer_checks>]
-[B<-no_alt_chains>]
-[B<-no_check_time>]
-[B<-partial_chain>]
-[B<-policy> I<arg>]
-[B<-policy_check>]
-[B<-policy_print>]
-[B<-purpose> I<purpose>]
-[B<-suiteB_128>]
-[B<-suiteB_128_only>]
-[B<-suiteB_192>]
-[B<-trusted_first>]
-[B<-use_deltas>]
-[B<-auth_level> I<num>]
-[B<-verify_depth> I<num>]
-[B<-verify_email> I<email>]
-[B<-verify_hostname> I<hostname>]
-[B<-verify_ip> I<ip>]
-[B<-verify_name> I<name>]
-[B<-x509_strict>]
+{- $OpenSSL::safe::opt_trust_synopsis -}
+{- $OpenSSL::safe::opt_v_synopsis -}
 
 =for openssl ifdef engine
 
@@ -344,12 +311,6 @@ This flag can be used together with the B<-in> option and indicates
 that the input is a DER encoded timestamp token (ContentInfo) instead
 of a timestamp response (TimeStampResp). (Optional)
 
-=item B<-CAfile> I<file>, B<-CApath> I<dir>, B<-CAstore> I<uri>
-
-See L<openssl(1)/Trusted Certificate Options> for more information.
-
-At least one of B<-CApath>, B<-CAfile> or B<-CAstore> must be specified.
-
 =item B<-untrusted> I<cert_file.pem>
 
 Set of additional untrusted certificates in PEM format which may be
@@ -358,17 +319,13 @@ certificate. This file must contain the TSA signing certificate and
 all intermediate CA certificates unless the response includes them.
 (Optional)
 
-=item I<verify options>
-
-The options B<-attime>, B<-check_ss_sig>, B<-crl_check>,
-B<-crl_check_all>, B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>,
-B<-inhibit_any>, B<-inhibit_map>, B<-issuer_checks>, B<-no_alt_chains>,
-B<-no_check_time>, B<-partial_chain>, B<-policy>, B<-policy_check>,
-B<-policy_print>, B<-purpose>, B<-suiteB_128>, B<-suiteB_128_only>,
-B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>, B<-auth_level>,
-B<-verify_depth>, B<-verify_email>, B<-verify_hostname>, B<-verify_ip>,
-B<-verify_name>, and B<-x509_strict> can be used to control timestamp
-verification.  See L<openssl-verify(1)>.
+{- $OpenSSL::safe::opt_trust_item -}
+
+At least one of B<-CApath>, B<-CAfile> or B<-CAstore> must be specified.
+
+{- $OpenSSL::safe::opt_v_item -}
+
+Any verification errors cause the command to exit.
 
 =back
 
diff --git a/doc/man1/openssl-verify.pod.in b/doc/man1/openssl-verify.pod.in
index ab8257a5e4..3f13f307e1 100644
--- a/doc/man1/openssl-verify.pod.in
+++ b/doc/man1/openssl-verify.pod.in
@@ -9,46 +9,18 @@ openssl-verify - Utility to verify certificates
 
 B<openssl> B<verify>
 [B<-help>]
-[B<-allow_proxy_certs>]
-[B<-attime> I<timestamp>]
-[B<-check_ss_sig>]
 [B<-CRLfile> I<file>]
 [B<-crl_download>]
-[B<-crl_check>]
-[B<-crl_check_all>]
-[B<-explicit_policy>]
-[B<-extended_crl>]
-[B<-ignore_critical>]
-[B<-inhibit_any>]
-[B<-inhibit_map>]
-[B<-no_check_time>]
-[B<-partial_chain>]
-[B<-policy> I<arg>]
-[B<-policy_check>]
-[B<-policy_print>]
-[B<-purpose> I<purpose>]
-[B<-suiteB_128>]
-[B<-suiteB_128_only>]
-[B<-suiteB_192>]
-[B<-trusted_first>]
-[B<-no_alt_chains>]
-[B<-untrusted> I<file>]
-[B<-trusted> I<file>]
-[B<-use_deltas>]
-[B<-verbose>]
-[B<-auth_level> I<level>]
-[B<-verify_depth> I<num>]
-[B<-verify_email> I<email>]
-[B<-verify_hostname> I<hostname>]
-[B<-verify_ip> I<ip>]
-[B<-verify_name> I<name>]
-[B<-x509_strict>]
 [B<-show_chain>]
-[B<-sm2-id> I<string>]
-[B<-sm2-hex-id> I<hex-string>]
+[B<-sm2-id> I<hexstring>]
+[B<-sm2-hex-id> I<hexstring>]
+[B<-verbose>]
+[B<-trusted> I<file>]
+[B<-untrusted> I<file>]
 {- $OpenSSL::safe::opt_name_synopsis -}
 {- $OpenSSL::safe::opt_trust_synopsis -}
 {- $OpenSSL::safe::opt_engine_synopsis -}
+{- $OpenSSL::safe::opt_v_synopsis -}
 [B<-->]
 [I<certificate> ...]
 
@@ -66,20 +38,9 @@ This command verifies certificate chains.
 
 Print out a usage message.
 
-=item B<-allow_proxy_certs>
-
-Allow the verification of proxy certificates.
-
-=item B<-attime> I<timestamp>
+=item B<-CAfile> I<file>, B<-no-CAfile>, B<-CApath> I<dir>, B<-no-CApath>
 
-Perform validation checks using time specified by I<timestamp> and not
-current system time. I<timestamp> is the number of seconds since
-01.01.1970 (UNIX time).
-
-=item B<-check_ss_sig>
-
-Verify the signature on the self-signed root CA. This is disabled by default
-because it doesn't add any security.
+See L<openssl(1)/Trusted Certificate Options> for more information.
 
 =item B<-CRLfile> I<file>
 
@@ -91,285 +52,61 @@ I<file>s.
 
 Attempt to download CRL information for this certificate.
 
-=item B<-crl_check>
-
-Checks end entity certificate validity by attempting to look up a valid CRL.
-If a valid CRL cannot be found an error occurs.
-
-=item B<-crl_check_all>
-
-Checks the validity of B<all> certificates in the chain by attempting
-to look up valid CRLs.
-
-=item B<-explicit_policy>
-
-Set policy variable require-explicit-policy (see RFC5280).
-
-=item B<-extended_crl>
-
-Enable extended CRL features such as indirect CRLs and alternate CRL
-signing keys.
-
-=item B<-ignore_critical>
-
-Normally if an unhandled critical extension is present which is not
-supported by OpenSSL the certificate is rejected (as required by RFC5280).
-If this option is set critical extensions are ignored.
-
-=item B<-inhibit_any>
-
-Set policy variable inhibit-any-policy (see RFC5280).
-
-=item B<-inhibit_map>
-
-Set policy variable inhibit-policy-mapping (see RFC5280).
-
-=item B<-no_check_time>
-
-This option suppresses checking the validity period of certificates and CRLs
-against the current time. If option B<-attime> is used to specify
-a verification time, the check is not suppressed.
-
-=item B<-partial_chain>
-
-Allow verification to succeed even if a I<complete> chain cannot be built to a
-self-signed trust-anchor, provided it is possible to construct a chain to a
-trusted certificate that might not be self-signed.
-
-=item B<-policy> I<arg>
-
-Enable policy processing and add I<arg> to the user-initial-policy-set (see
-RFC5280). The policy I<arg> can be an object name an OID in numeric form.
-This argument can appear more than once.
-
-=item B<-policy_check>
-
-Enables certificate policy processing.
-
-=item B<-policy_print>
-
-Print out diagnostics related to policy processing.
-
-=item B<-purpose> I<purpose>
-
-The intended use for the certificate. If this option is not specified,
-this command will not consider certificate purpose during chain
-verification.
-Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>,
-B<smimesign>, B<smimeencrypt>. See the L</VERIFY OPERATION> section for more
-information.
-
-=item B<-suiteB_128_only>, B<-suiteB_128>, B<-suiteB_192>
-
-Enable the Suite B mode operation at 128 bit Level of Security, 128 bit or
-192 bit, or only 192 bit Level of Security respectively.
-See RFC6460 for details. In particular the supported signature algorithms are
-reduced to support only ECDSA and SHA256 or SHA384 and only the elliptic curves
-P-256 and P-384.
-
-=item B<-trusted_first>
-
-When constructing the certificate chain, use the trusted certificates specified
-via B<-CAfile>, B<-CApath>, B<-CAstore> or B<-trusted> before any certificates
-specified via B<-untrusted>.
-This can be useful in environments with Bridge or Cross-Certified CAs.
-As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.
-
-=item B<-no_alt_chains>
-
-By default, unless B<-trusted_first> is specified, when building a certificate
-chain, if the first certificate chain found is not trusted, then OpenSSL will
-attempt to replace untrusted issuer certificates with certificates from the
-trust store to see if an alternative chain can be found that is trusted.
-As of OpenSSL 1.1.0, with B<-trusted_first> always on, this option has no
-effect.
-
-=item B<-untrusted> I<file>
-
-A I<file> of additional untrusted certificates (intermediate issuer CAs) used
-to construct a certificate chain from the subject certificate to a trust-anchor.
-The I<file> should contain one or more certificates in PEM format.
-This option can be specified more than once to include untrusted certificates
-from multiple I<file>s.
-
-=item B<-trusted> I<file>
-
-A I<file> of trusted certificates, which must be self-signed, unless the
-B<-partial_chain> option is specified.
-The I<file> contains one or more certificates in PEM format.
-With this option, no additional (e.g., default) certificate lists are
-consulted.
-That is, the only trust-anchors are those listed in I<file>.
-This option can be specified more than once to include trusted certificates
-from multiple I<file>s.
-This option implies the B<-no-CAfile>, B<-no-CApath> and B<-no-CAstore> options.
-This option cannot be used in combination with any of the B<-CAfile>,
-B<-CApath> or B<-CAstore> options.
-
-=item B<-use_deltas>
-
-Enable support for delta CRLs.
-
-=item B<-verbose>
-
-Print extra information about the operations being performed.
-
-=item B<-auth_level> I<level>
-
-Set the certificate chain authentication security level to I<level>.
-The authentication security level determines the acceptable signature and
-public key strength when verifying certificate chains.
-For a certificate chain to validate, the public keys of all the certificates
-must meet the specified security I<level>.
-The signature algorithm security level is enforced for all the certificates in
-the chain except for the chain's I<trust anchor>, which is either directly
-trusted or validated by means other than its signature.
-See L<SSL_CTX_set_security_level(3)> for the definitions of the available
-levels.
-The default security level is -1, or "not set".
-At security level 0 or lower all algorithms are acceptable.
-Security level 1 requires at least 80-bit-equivalent security and is broadly
-interoperable, though it will, for example, reject MD5 signatures or RSA keys
-shorter than 1024 bits.
-
-=item B<-verify_depth> I<num>
-
-Limit the certificate chain to I<num> intermediate CA certificates.
-A maximal depth chain can have up to I<num>+2 certificates, since neither the
-end-entity certificate nor the trust-anchor certificate count against the
-B<-verify_depth> limit.
-
-=item B<-verify_email> I<email>
-
-Verify if I<email> matches the email address in Subject Alternative Name or
-the email in the subject Distinguished Name.
-
-=item B<-verify_hostname> I<hostname>
-
-Verify if I<hostname> matches DNS name in Subject Alternative Name or
-Common Name in the subject certificate.
-
-=item B<-verify_ip> I<ip>
-
-Verify if I<ip> matches the IP address in Subject Alternative Name of
-the subject certificate.
-
-=item B<-verify_name> I<name>
-
-Use default verification policies like trust model and required certificate
-policies identified by I<name>.
-The trust model determines which auxiliary trust or reject OIDs are applicable
-to verifying the given certificate chain.
-See the B<-addtrust> and B<-addreject> options for L<openssl-x509(1)>.
-Supported policy names include: B<default>, B<pkcs7>, B<smime_sign>,
-B<ssl_client>, B<ssl_server>.
-These mimics the combinations of purpose and trust settings used in SSL, CMS
-and S/MIME.
-As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not
-specified, so the B<-verify_name> options are functionally equivalent to the
-corresponding B<-purpose> settings.
-
-=item B<-x509_strict>
-
-For strict X.509 compliance, disable non-compliant workarounds for broken
-certificates.
-
 =item B<-show_chain>
 
 Display information about the certificate chain that has been built (if
 successful). Certificates in the chain that came from the untrusted list will be
 flagged as "untrusted".
 
-=item B<-sm2-id>
+=item B<-sm2-id> I<hexstring>
 
 Specify the ID string to use when verifying an SM2 certificate. The ID string is
 required by the SM2 signature algorithm for signing and verification.
 
-=item B<-sm2-hex-id>
+=item B<-sm2-hex-id> I<hexstring>
 
 Specify a binary ID string to use when signing or verifying using an SM2
 certificate. The argument for this option is string of hexadecimal digits.
 
-{- $OpenSSL::safe::opt_name_item -}
+=item B<-verbose>
 
-{- $OpenSSL::safe::opt_trust_item -}
+Print extra information about the operations being performed.
+
+=item B<-trusted> I<file>
+
+A file of trusted certificates.
+
+=item B<-untrusted> I<file>
+
+A file of untrusted certificates.
+
+{- $OpenSSL::safe::opt_name_item -}
 
 {- $OpenSSL::safe::opt_engine_item -}
 To load certificates or CRLs that require engine support, specify the
 B<-engine> option before any of the
 B<-trusted>, B<-untrusted> or B<-CRLfile> options.
 
+{- $OpenSSL::safe::opt_trust_item -}
+
+{- $OpenSSL::safe::opt_v_item -}
+
 =item B<-->
 
 Indicates the last option. All arguments following this are assumed to be
 certificate files. This is useful if the first certificate filename begins
-with a B<-->.
+with a B<->.
 
 =item I<certificate> ...
 
 One or more certificates to verify. If no certificates are given,
 this command will attempt to read a certificate from standard input.
 Certificates must be in PEM format.
+If a certificate chain has multiple problems, this program tries to