Misunderstanding openssl verify
kgoldman at us.ibm.com
Mon Aug 16 13:41:44 UTC 2021
It doesn't seem to be verifying the signature on the certificate
parameter. Version 1.1.1k.
I create an incorrectly signed self signed certificate and convert it from
der to pem.
openssl verify -CAfile c1.pem c1.pem
Returns OK, even though the signature is bad. Why?
Editing the der to change the after date, the public key, or the
signature still returns OK. Why?
Editing the der to change the issuer causes a failure.
Adding -check_ss_sig correctly causes a signature failure.
It seems as though the 'verify' command checks the issuer,
but not the signature of the certificate - the last parameter.
More information about the openssl-users