Re: SSL certificate verification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 18/12/19 09:54, Mody, Darshan Arvindkumar (Darshan) wrote:

Hi

 

We are using SSL_CTX_use_certificate and SSL_CTX_use_certificate_chain_file APIs to load the certificates.

 

My query is when we are loading the certificate in the Context does openssl verify the certificates for e.g. whether the certificate is expired already etc.


the short answer is no, it does not; the openssl library will let you load expired/invalid certificates if you do not do any explicit checks.  Use a verify_callback and call X509_verify_cert() to check the validity.

HTH,

JJK

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux