Misunderstanding openssl verify

Ken Goldman kgoldman at us.ibm.com
Mon Aug 16 14:30:05 UTC 2021

On 8/16/2021 10:04 AM, Viktor Dukhovni wrote:
>> It seems as though the 'verify' command checks the issuer,
>> but not the signature of the certificate - the last parameter.
> As documented.

Then I am not understanding the documentation.



"The final operation is to check the validity of the certificate chain.
  The certificate signature is checked as well "

However. my experience is that the certificate signature is not
checked.  I can hand modify the validity, public key, or
signature, but the command still returns "OK".

More information about the openssl-users mailing list