SSL certificate verification

Jan Just Keijser janjust at
Wed Dec 18 16:10:42 UTC 2019

On 18/12/19 09:54, Mody, Darshan Arvindkumar (Darshan) wrote:
> Hi
> We are using SSL_CTX_use_certificate and 
> SSL_CTX_use_certificate_chain_file APIs to load the certificates.
> My query is when we are loading the certificate in the Context does 
> openssl verify the certificates for e.g. whether the certificate is 
> expired already etc.
the short answer is no, it does not; the openssl library will let you 
load expired/invalid certificates if you do not do any explicit checks.  
Use a verify_callback and call X509_verify_cert() to check the validity.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list