Misunderstanding openssl verify
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Aug 16 14:04:38 UTC 2021
> On 16 Aug 2021, at 9:41 am, Ken Goldman <kgoldman at us.ibm.com> wrote:
>
> Adding -check_ss_sig correctly causes a signature failure.
Well, there you are. See the documentation of "check_ss_sig":
-check_ss_sig
Verify the signature on the self-signed root CA. This is
disabled by default because it doesn't add any security.
> It seems as though the 'verify' command checks the issuer,
> but not the signature of the certificate - the last parameter.
As documented.
--
Viktor.
More information about the openssl-users
mailing list