diff options
Diffstat (limited to 'doc/man1/verify.pod')
-rw-r--r-- | doc/man1/verify.pod | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/doc/man1/verify.pod b/doc/man1/verify.pod index 71288be40d..da2b702482 100644 --- a/doc/man1/verify.pod +++ b/doc/man1/verify.pod @@ -382,10 +382,14 @@ should be trusted for the supplied purpose. For compatibility with previous versions of OpenSSL, a certificate with no trust settings is considered to be valid for all purposes. -The final operation is to check the validity of the certificate chain. The validity -period is checked against the current system time and the notBefore and notAfter -dates in the certificate. The certificate signatures are also checked at this -point. +The final operation is to check the validity of the certificate chain. +For each element in the chain, including the root CA certificate, +the validity period as specified by the C<notBefore> and C<notAfter> fields +is checked against the current system time. +The B<-attime> flag may be used to use a reference time other than "now." +The certificate signature is checked as well +(except for the signature of the typically self-signed root CA certificate, +which is verified only if the B<-check_ss_sig> option is given). If all operations complete successfully then certificate is considered valid. If any operation fails then the certificate is not valid. |