Lines Matching +full:as +full:- +full:is
5 openssl-verification-options - generic X.509 certificate verification options
19 Certificate verification is implemented by L<X509_verify_cert(3)>.
20 It is a complicated process consisting of a number of steps
25 starting from the I<target certificate> that is to be verified
26 and ending in a certificate that due to some policy is trusted.
27 Verification is done relative to the given I<purpose>, which is the intended use
28 of the target certificate, such as SSL server, or by default for any purpose.
33 DANE support is documented in L<openssl-s_client(1)>,
39 In general, according to RFC 4158 and RFC 5280, a I<trust anchor> is
41 for some reason is considered trusted
42 and thus is acceptable as the root of a chain of certificates.
50 is used for matching trust anchors during chain building.
53 all self-signed "root" CA certificates that are placed in the I<trust store>,
54 which is a collection of certificates that are trusted for certain uses.
55 This is akin to what is used in the trust stores of Mozilla Firefox,
58 From the OpenSSL perspective, a trust anchor is a certificate
60 uses of a target certificate the certificate may serve as a trust anchor.
61 In PEM encoding, this is indicated by the C<TRUSTED CERTIFICATE> string.
67 (EKUs) that may be given in X.509 extensions of end-entity certificates.
75 As of OpenSSL 1.1.0, the last of these blocks all uses when rejected or
78 A certificate, which may be CA certificate or an end-entity certificate,
79 is considered a trust anchor for the given use
86 It is an an element of the trust store.
96 It is self-signed or the B<-partial_chain> option is given
103 First, a certificate chain is built up starting from the target certificate
106 The chain is built up iteratively, looking up in turn
108 matches as an issuer of the current "subject" certificate as described below.
109 If there is such a certificate, the first one found that is currently valid
110 is taken, otherwise the one that expired most recently of all such certificates.
111 For efficiency, no backtracking is performed, thus
114 When a self-signed certificate has been added, chain construction stops.
129 each of its sub-fields equals the corresponding subject key identifier, serial
131 as far as the respective fields are present in both certificates.
136 is supported and
150 The first step is to check that each certificate is well-formed.
151 Part of these checks are enabled only if the B<-x509_strict> option is given.
153 The second step is to check the extensions of every untrusted certificate
155 If the B<-purpose> option is not given then no such checks are done
158 The target or "leaf" certificate, as well as any other untrusted certificates,
162 L<openssl-x509(1)/CERTIFICATE EXTENSIONS>.
164 The third step is to check the trust settings on the last certificate
165 (which typically is a self-signed root CA certificate).
167 For compatibility with previous versions of OpenSSL, a self-signed certificate
168 with no trust attributes is considered to be valid for all uses.
170 The fourth, and final, step is to check the validity of the certificate chain.
172 the validity period as specified by the C<notBefore> and C<notAfter> fields
173 is checked against the current system time.
174 The B<-attime> flag may be used to use a reference time other than "now."
175 The certificate signature is checked as well
176 (except for the signature of the typically self-signed root CA certificate,
177 which is verified only if the B<-check_ss_sig> option is given).
180 is checked to permit digitalSignature for signing proxy certificates
182 If all operations complete successfully then certificate is considered
183 valid. If any operation fails then the certificate is not valid.
190 that can be used as trust anchors for certain uses.
191 As mentioned, a collection of such certificates is called a I<trust store>.
196 L<https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/>.
203 =item B<-CAfile> I<file>
206 or several of them in case the input is in PEM or PKCS#12 format.
207 PEM-encoded certificates may also have trust attributes set.
209 =item B<-no-CAfile>
213 =item B<-CApath> I<dir>
215 Use the specified directory as a collection of trusted certificates,
218 certificate. This is so that the library can extract the IssuerName,
220 See L<openssl-rehash(1)> for information on creating this type of directory.
222 =item B<-no-CApath>
226 =item B<-CAstore> I<uri>
228 Use I<uri> as a store of CA certificates.
229 The URI may indicate a single certificate, as well as a collection of them.
230 With URIs in the C<file:> scheme, this acts as B<-CAfile> or
231 B<-CApath>, depending on if the URI indicates a single file or
233 See L<ossl_store-file(7)> for more information on the C<file:> scheme.
236 chain (for example with L<openssl-s_server(1)>) or client certificate
237 chain (for example with L<openssl-s_time(1)>).
239 =item B<-no-CAstore>
247 The certificate verification can be fine-tuned with the following flags.
251 =item B<-verbose>
255 =item B<-attime> I<timestamp>
258 current system time. I<timestamp> is the number of seconds since
261 =item B<-no_check_time>
264 against the current time. If option B<-attime> is used to specify
265 a verification time, the check is not suppressed.
267 =item B<-x509_strict>
269 This disables non-compliant workarounds for broken certificates.
272 When this option is set,
273 among others, the following certificate well-formedness conditions are checked:
287 If a pathlenConstraint is given the key usage keyCertSign must be allowed.
291 The pathlenConstraint must not be given for non-CA certificates.
304 If a subjectAlternativeName extension is given it must not be empty.
318 are self-signed.
326 =item B<-ignore_critical>
328 Normally if an unhandled critical extension is present that is not
329 supported by OpenSSL the certificate is rejected (as required by RFC5280).
330 If this option is set critical extensions are ignored.
332 =item B<-issuer_checks>
336 =item B<-crl_check>
341 =item B<-crl_check_all>
346 =item B<-use_deltas>
350 =item B<-extended_crl>
352 Enable extended CRL features such as indirect CRLs and alternate CRL
355 =item B<-suiteB_128_only>, B<-suiteB_128>, B<-suiteB_192>
361 P-256 and P-384.
363 =item B<-auth_level> I<level>
369 specified security I<level>. The signature algorithm security level is
371 I<trust anchor>, which is either directly trusted or validated by means
373 definitions of the available levels. The default security level is -1,
375 Security level 1 requires at least 80-bit-equivalent security and is broadly
379 =item B<-partial_chain>
382 That is, a chain ending in a certificate that normally would not be trusted
383 (because it has no matching positive trust attributes and is not self-signed)
384 but is an element of the trust store.
385 This certificate may be self-issued or belong to an intermediate CA.
387 =item B<-check_ss_sig>
390 the last certificate in a chain if the certificate is supposedly self-signed.
391 This is prohibited and will result in an error if it is a non-conforming CA
393 This verification is disabled by default because it doesn't add any security.
395 =item B<-allow_proxy_certs>
399 =item B<-trusted_first>
401 As of OpenSSL 1.1.0 this option is on by default and cannot be disabled.
404 via B<-CAfile>, B<-CApath>, B<-CAstore> or B<-trusted> are always used
405 before any certificates specified via B<-untrusted>.
407 =item B<-no_alt_chains>
409 As of OpenSSL 1.1.0, since B<-trusted_first> always on, this option has no
412 =item B<-trusted> I<file>
414 Parse I<file> as a set of one or more certificates.
415 Each of them qualifies as trusted if has a suitable positive trust attribute
416 or it is self-signed or the B<-partial_chain> option is specified.
417 This option implies the B<-no-CAfile>, B<-no-CApath>, and B<-no-CAstore> options
418 and it cannot be used with the B<-CAfile>, B<-CApath> or B<-CAstore> options, so
419 only certificates specified using the B<-trusted> option are trust anchors.
422 =item B<-untrusted> I<file>
424 Parse I<file> as a set of one or more certificates.
430 =item B<-policy> I<arg>
432 Enable policy processing and add I<arg> to the user-initial-policy-set (see
436 =item B<-explicit_policy>
438 Set policy variable require-explicit-policy (see RFC5280).
440 =item B<-policy_check>
444 =item B<-policy_print>
448 =item B<-inhibit_any>
450 Set policy variable inhibit-any-policy (see RFC5280).
452 =item B<-inhibit_map>
454 Set policy variable inhibit-policy-mapping (see RFC5280).
456 =item B<-purpose> I<purpose>
462 If peer certificate verification is enabled, by default the TLS implementation
463 as well as the commands B<s_client> and B<s_server> check for consistency
466 While IETF RFC 5280 says that B<id-kp-serverAuth> and B<id-kp-clientAuth>
468 and servers, and this is what OpenSSL assumes as well.
470 =item B<-verify_depth> I<num>
474 end-entity certificate nor the trust-anchor certificate count against the
475 B<-verify_depth> limit.
477 =item B<-verify_email> I<email>
482 =item B<-verify_hostname> I<hostname>
487 =item B<-verify_ip> I<ip>
492 =item B<-verify_name> I<name>
498 They can be given using the B<-addtrust> and B<-addreject> options
499 for L<openssl-x509(1)>.
504 As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not
505 specified, so the B<-verify_name> options are functionally equivalent to the
506 corresponding B<-purpose> settings.
513 end-entity certificate.
516 Another reason is when a CA might have intermediates that use two different
517 signature formats, such as a SHA-1 and a SHA-256 digest.
524 =item B<-xkey> I<infile>, B<-xcert> I<infile>, B<-xchain>
527 in the same manner as the B<-cert>, B<-key> and B<-cert_chain> options. When
531 =item B<-xchain_build>
534 provided to the server for the extra certificates via the B<-xkey>,
535 B<-xcert>, and B<-xchain> options.
537 =item B<-xcertform> B<DER>|B<PEM>|B<P12>
540 This option has no effect and is retained for backward compatibility only.
542 =item B<-xkeyform> B<DER>|B<PEM>|B<P12>
545 This option has no effect and is retained for backward compatibility only.
551 Options like B<-purpose> lead to checking the certificate extensions,
557 The basicConstraints extension CA flag is used to determine whether the
558 certificate can be used as a CA. If the CA flag is true then it is a CA,
559 if the CA flag is false then it is not a CA. B<All> CAs should have the
562 If the basicConstraints extension is absent,
563 which includes the case that it is an X.509v1 certificate,
564 then the certificate is considered to be a "possible CA" and
566 The treatment of certificates without basicConstraints as a CA
567 is presently supported, but this could change in the future.
571 If the keyUsage extension is present then additional restraints are
573 keyCertSign bit set if the keyUsage extension is present.
578 certificate uses. If this extension is present (whether critical or not)
581 A complete description of each check is given below. The comments about
600 This is used as a work around if the basicConstraints extension is absent.
615 This is used as a work around if the basicConstraints extension is absent.
620 keyEncipherment bit set if the keyUsage extension is present. This isn't
622 Otherwise it is the same as a normal SSL server.
628 S/MIME bit set. If the S/MIME bit is not set in the Netscape certificate type
629 then the SSL client bit is tolerated as an alternative but a warning is shown.
630 This is because some Verisign certificates don't set the S/MIME bit.
635 the nonRepudiation bit must be set if the keyUsage extension is present.
640 if the keyUsage extension is present.
647 This is used as a work around if the basicConstraints extension is absent.
664 API. One consequence of this is that trusted certificates with matching
665 subject name must appear in a file (as specified by the B<-CAfile> option),
666 a directory (as specified by B<-CApath>),
667 or a store (as specified by B<-CAstore>).
669 only the first one (in the mentioned order of locations) is recognised.
674 L<openssl-verify(1)>,
675 L<openssl-ocsp(1)>,
676 L<openssl-ts(1)>,
677 L<openssl-s_client(1)>,
678 L<openssl-s_server(1)>,
679 L<openssl-smime(1)>,
680 L<openssl-cmp(1)>,
681 L<openssl-cms(1)>
685 The checks enabled by B<-x509_strict> have been extended in OpenSSL 3.0.
689 Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.