[openssl-users] [openssl-dev] X509_verify() error - block type is not 01

Viktor Dukhovni openssl-users at dukhovni.org
Mon Jun 22 03:31:39 UTC 2015

On Mon, Jun 22, 2015 at 08:57:08AM +0530, Nayna Jain wrote:

> What will X509_verify() will verify if I pass it public key.

It checks the signature of the certificate using the supplied key.

> I mean does it check the private key with which certificate was signed, or
> the public key which this certificate signs.

It checks whether the given key *signed* the certificate.  It does
not examine the key in the certificate (the subject public key).

> Sorry, I think I am still bit not clear on purpose of the API.

X509_verify() verifies the certificate signature via the issuer
public key.


More information about the openssl-users mailing list