reg: question about SSL server cert verification
sami0l
samsapi01 at protonmail.ch
Fri Jun 18 04:38:44 UTC 2021
I'm curious how exactly an SSL client verifies an SSL server's certificate which is signed by a CA. So, during the SSL handshake, when the server sends its certificate, will the SSL client first checks the `Issuer`'s `CN` field from the x509 SSL certificate that it received for example, and compares against all the `CN`s of all the certificates stored `/etc/ssl/certs` of that client and if it matches any one of them, next it checks the signature of the received certificate by parsing the public key from that CA cert located in `/etc/ssl/certs/someCA.crt` and performers the decryption and checks the signature of the received certificate and if the signature matches, the browser accepts the certificate since it just verified that it's signed by the CA which is located in `/etc/ssl/certs` and uses that cert? Is this how the SSL client verifies the certificate when it receives a server's certificate during the handshake process? If not, It'd be really helpful if someone could explain me how it's exactly done.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210618/5be9c5ce/attachment.html>
More information about the openssl-users
mailing list