[openssl-users] Regarding SSL_VERIFY_PEER

Viktor Dukhovni openssl-users at dukhovni.org
Wed May 3 12:39:43 UTC 2017

> On May 3, 2017, at 5:58 AM, john gloster <glosterj9 at gmail.com> wrote:
> Hi,
> I needed to validate different extensions of each of the Issuer certificate in the chain.
> Snippet rom https://linux.die.net/man/3/ssl_set_verify:
> "The certificate chain is checked starting with the deepest nesting level (the root CA certificate) and worked upward to the peer's certificate. At each level signatures and issuer attributes are checked. "
> When we say "issuer attributes", could someone let me know what different stuffs in the CA certificate are validated?

For the full verification process see:


which happens after checking that the peer's key meets the required security level at:


The specific chain checks you may be thinking of are:



More information about the openssl-users mailing list