path: root/secure/usr.bin/openssl/man/verify.1
diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/verify.1')
1 files changed, 9 insertions, 6 deletions
diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1
index c51a709d2315..9293261ca906 100644
--- a/secure/usr.bin/openssl/man/verify.1
+++ b/secure/usr.bin/openssl/man/verify.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.IX Title "VERIFY 1"
-.TH VERIFY 1 "2020-04-21" "1.1.1g" "OpenSSL"
+.TH VERIFY 1 "2020-09-22" "1.1.1h" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -222,8 +222,11 @@ current system time. \fBtimestamp\fR is the number of seconds since
01.01.1970 (\s-1UNIX\s0 time).
.IP "\fB\-check_ss_sig\fR" 4
.IX Item "-check_ss_sig"
-Verify the signature on the self-signed root \s-1CA.\s0 This is disabled by default
-because it doesn't add any security.
+Verify the signature of
+the last certificate in a chain if the certificate is supposedly self-signed.
+This is prohibited and will result in an error if it is a non-conforming \s-1CA\s0
+certificate with key usage restrictions not including the keyCertSign bit.
+This verification is disabled by default because it doesn't add any security.
.IP "\fB\-CRLfile file\fR" 4
.IX Item "-CRLfile file"
The \fBfile\fR should contain one or more CRLs in \s-1PEM\s0 format.
@@ -420,7 +423,7 @@ in \s-1PEM\s0 format.
The \fBverify\fR program uses the same functions as the internal \s-1SSL\s0 and S/MIME
-verification, therefore this description applies to these verify operations
+verification, therefore, this description applies to these verify operations
There is one crucial difference between the verify operations performed
@@ -772,7 +775,7 @@ The \fB\-issuer_checks\fR option is deprecated as of OpenSSL 1.1.0 and
is silently ignored.
-Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy