SSL_CTX_set_verify uses the "wrong" certificate chain (cross signed certificate )

Viktor Dukhovni openssl-users at
Sun Oct 3 16:48:38 UTC 2021

> On 3 Oct 2021, at 12:33 pm, Alex Robuchon <alexandre.robuchon at> wrote:
> So I suppose openssl skip the part that is supposed to build the chain when no store is configured.

Not quite, a candidate chain is constructed from whatever certificates
the peer (server in your case) provided, and then passed to the callback
with "preverify_ok" set to false (for the top certificate), because the
chain is not trusted.

But the evenmachine callback ignores "preverify_ok" and goes through the
motions of doing some sort of verification of each certificate.

Ultimately, it will attempt to "verify" the leaf certificate, and if it
can somehow do a fair job of that (by building its own chain, checking
all the signatures, doing the name checks (for a name that does not
appear to be passed to the verification function), then in theory
the checks at depths above 0 are just silly opportunities to fail and
the EE cert check would be enough.

But given all the evidence before me, I'd want to delete that code and
never see it again.


More information about the openssl-users mailing list