aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/openssl/doc/man1/verify.pod
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2020-09-25 22:43:14 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2020-09-25 22:43:14 +0000
commit7fc1f569abf7c799c6334297ee020a01b5d3d71e (patch)
tree6494fa45d06ccd27128ac6675e338eb0ee59ac62 /crypto/openssl/doc/man1/verify.pod
parent2367fca656edb8ea52e6a2f7d8ef63e3a38966d6 (diff)
downloadsrc-7fc1f569abf7c799c6334297ee020a01b5d3d71e.tar.gz
src-7fc1f569abf7c799c6334297ee020a01b5d3d71e.zip
MFS: r366176
Merge OpenSSL 1.1.1h. Approved by: re (gjb)
Notes
Notes: svn path=/releng/12.2/; revision=366177
Diffstat (limited to 'crypto/openssl/doc/man1/verify.pod')
-rw-r--r--crypto/openssl/doc/man1/verify.pod11
1 files changed, 7 insertions, 4 deletions
diff --git a/crypto/openssl/doc/man1/verify.pod b/crypto/openssl/doc/man1/verify.pod
index 63ba850b915d..71288be40d4c 100644
--- a/crypto/openssl/doc/man1/verify.pod
+++ b/crypto/openssl/doc/man1/verify.pod
@@ -98,8 +98,11 @@ current system time. B<timestamp> is the number of seconds since
=item B<-check_ss_sig>
-Verify the signature on the self-signed root CA. This is disabled by default
-because it doesn't add any security.
+Verify the signature of
+the last certificate in a chain if the certificate is supposedly self-signed.
+This is prohibited and will result in an error if it is a non-conforming CA
+certificate with key usage restrictions not including the keyCertSign bit.
+This verification is disabled by default because it doesn't add any security.
=item B<-CRLfile file>
@@ -333,7 +336,7 @@ in PEM format.
=head1 VERIFY OPERATION
The B<verify> program uses the same functions as the internal SSL and S/MIME
-verification, therefore this description applies to these verify operations
+verification, therefore, this description applies to these verify operations
too.
There is one crucial difference between the verify operations performed
@@ -769,7 +772,7 @@ is silently ignored.
=head1 COPYRIGHT
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy