diff options
author | Richard Levitte <levitte@openssl.org> | 2016-06-19 10:55:43 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2016-06-20 21:34:37 +0200 |
commit | a392ef20f0a9fedc811b6a06bf50ff3f151e266f (patch) | |
tree | fb2b07384737b8c961a0fdcfc5467ec871424e24 /doc | |
parent | ed17c7c146a79100bfba5609c3889bddb14f74a2 (diff) |
Allow proxy certs to be present when verifying a chain
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/apps/verify.pod | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index 051cd624f1..0fd1799af2 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -12,6 +12,7 @@ B<openssl> B<verify> [B<-CApath directory>] [B<-no-CAfile>] [B<-no-CApath>] +[B<-allow_proxy_certs>] [B<-attime timestamp>] [B<-check_ss_sig>] [B<-CRLfile file>] @@ -83,6 +84,10 @@ Do not load the trusted CA certificates from the default file location Do not load the trusted CA certificates from the default directory location +=item B<-allow_proxy_certs> + +Allow the verification of proxy certificates + =item B<-attime timestamp> Perform validation checks using time specified by B<timestamp> and not @@ -564,13 +569,18 @@ Invalid non-CA certificate has CA markings. Proxy path length constraint exceeded. +=item B<X509_V_ERR_PROXY_SUBJECT_INVALID> + +Proxy certificate subject is invalid. It MUST be the same as the issuer +with a single CN component added. + =item B<X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE> Key usage does not include digital signature. =item B<X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED> -Proxy certificates not allowed, please set the appropriate flag. +Proxy certificates not allowed, please use B<-allow_proxy_certs>. =item B<X509_V_ERR_INVALID_EXTENSION> |