Misunderstanding openssl verify

Viktor Dukhovni openssl-users at dukhovni.org
Mon Aug 16 15:08:54 UTC 2021

As documented, the self-signature checks on self-signed certs are by
default skipped.  If your trust store can be modified by untrusted
actors, self-signature checks won't help you.

If you want to check the self-signature, pass the "-check_ss_sig"


More information about the openssl-users mailing list