SSL certificate verification
Jan Just Keijser
janjust at nikhef.nl
Wed Dec 18 16:10:42 UTC 2019
On 18/12/19 09:54, Mody, Darshan Arvindkumar (Darshan) wrote:
>
> Hi
>
> We are using SSL_CTX_use_certificate and
> SSL_CTX_use_certificate_chain_file APIs to load the certificates.
>
> My query is when we are loading the certificate in the Context does
> openssl verify the certificates for e.g. whether the certificate is
> expired already etc.
>
>
the short answer is no, it does not; the openssl library will let you
load expired/invalid certificates if you do not do any explicit checks.
Use a verify_callback and call X509_verify_cert() to check the validity.
HTH,
JJK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191218/523c8d27/attachment-0001.html>
More information about the openssl-users
mailing list