27 Verification is done relative to the given I<purpose>, which is the intended use
44 In practice, trust anchors are given in the form of certificates,
67 (EKUs) that may be given in X.509 extensions of end-entity certificates.
79 is considered a trust anchor for the given use
90 It does not have a negative trust attribute rejecting the given use.
94 It has a positive trust attribute accepting the given use
96 It is self-signed or the B<-partial_chain> option is given
151 Part of these checks are enabled only if the B<-x509_strict> option is given.
155 If the B<-purpose> option is not given then no such checks are done
166 It must be trusted for the given use.
177 which is verified only if the B<-check_ss_sig> option is given).
287 If a pathlenConstraint is given the key usage keyCertSign must be allowed.
291 The pathlenConstraint must not be given for non-CA certificates.
304 If a subjectAlternativeName extension is given it must not be empty.
312 Any given authorityKeyIdentifier and any given subjectKeyIdentifier
317 The authorityKeyIdentifier must be given for X.509v3 certs unless they
322 The subjectKeyIdentifier must be given for all X.509v3 CA certs.
497 to verifying the given certificate chain.
498 They can be given using the B<-addtrust> and B<-addreject> options
581 A complete description of each check is given below. The comments about

Last Index update Tue Nov 19 16:08:31 UTC 2024

Dedicated to & Maintained by Room-11