90 It does not have a negative trust attribute rejecting the given use.
142 If it does not find a match there it consults
155 If the B<-purpose> option is not given then no such checks are done
183 valid. If any operation fails then the certificate is not valid.
193 Note that OpenSSL does not provide a default set of trust anchors.  Many
211 Do not load the default file of trusted certificates.
224 Do not use the default directory of trusted certificates.
241 Do not use the default store of trusted CA certificates.
257 Perform validation checks using time specified by I<timestamp> and not
265 a verification time, the check is not suppressed.
270 Thus errors are thrown on certificates not compliant with RFC 5280.
291 The pathlenConstraint must not be given for non-CA certificates.
295 The issuer name of any certificate must not be empty.
300 without subjectAlternativeName must not be empty.
304 If a subjectAlternativeName extension is given it must not be empty.
313 must not be marked critical.
328 Normally if an unhandled critical extension is present that is not
374 or "not set".  At security level 0 or lower all algorithms are acceptable.
382 That is, a chain ending in a certificate that normally would not be trusted
383 (because it has no matching positive trust attributes and is not self-signed)
392 certificate with key usage restrictions not including the keyCertSign bit.
504 As of OpenSSL 1.1.0, the trust model is inferred from the purpose when not
559 if the CA flag is false then it is not a CA. B<All> CAs should have the
578 certificate uses. If this extension is present (whether critical or not)
628 S/MIME bit set. If the S/MIME bit is not set in the Netscape certificate type
691 Licensed under the Apache License 2.0 (the "License").  You may not use

Last Index update Thu Oct 03 10:07:44 UTC 2024

Dedicated to & Maintained by Room-11