openssl is flexible when verifying

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, when I verify an X509 cert against a ca certificate, I found that the
cert can pass validation even if it has two instances of X509v3 Basic
Constraints, X509v3 Subject Key ids, and authority key ids. Seems that some
issues are not important in verification. (I guess one reason is that one
subject key id is the same as the authority key id, and thus openssl may
regard it as a self-signed certificate? ) Should this be forbidden?
command:  openssl verify -x509_strict -verbose -CAfile  myroot.pem
mycert.pem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150405/4ace5ce9/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: myroot.pem
Type: application/x-x509-ca-cert
Size: 1815 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150405/4ace5ce9/attachment-0002.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: myfile.pem
Type: application/x-x509-ca-cert
Size: 2612 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150405/4ace5ce9/attachment-0003.crt>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux