aboutsummaryrefslogtreecommitdiff
path: root/openssl/doc/apps/verify.pod
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/doc/apps/verify.pod')
-rw-r--r--openssl/doc/apps/verify.pod9
1 files changed, 8 insertions, 1 deletions
diff --git a/openssl/doc/apps/verify.pod b/openssl/doc/apps/verify.pod
index da683004b..f35d40295 100644
--- a/openssl/doc/apps/verify.pod
+++ b/openssl/doc/apps/verify.pod
@@ -25,6 +25,7 @@ B<openssl> B<verify>
[B<-untrusted file>]
[B<-help>]
[B<-issuer_checks>]
+[B<-attime timestamp>]
[B<-verbose>]
[B<->]
[certificates]
@@ -80,6 +81,12 @@ rejected. The presence of rejection messages does not itself imply that
anything is wrong; during the normal verification process, several
rejections may take place.
+=item B<-attime timestamp>
+
+Perform validation checks using time specified by B<timestamp> and not
+current system time. B<timestamp> is the number of seconds since
+01.01.1970 (UNIX time).
+
=item B<-policy arg>
Enable policy processing and add B<arg> to the user-initial-policy-set (see
@@ -386,7 +393,7 @@ an application specific error. Unused.
=head1 BUGS
-Although the issuer checks are a considerably improvement over the old technique they still
+Although the issuer checks are a considerable improvement over the old technique they still
suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that
trusted certificates with matching subject name must either appear in a file (as specified by the
B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 10:21:35 +0000