It doesn't seem to be verifying the signature on the certificate parameter. Version 1.1.1k. I create an incorrectly signed self signed certificate and convert it from der to pem. A basic openssl verify -CAfile c1.pem c1.pem Returns OK, even though the signature is bad. Why? Editing the der to change the after date, the public key, or the signature still returns OK. Why? Editing the der to change the issuer causes a failure. Adding -check_ss_sig correctly causes a signature failure. It seems as though the 'verify' command checks the issuer, but not the signature of the certificate - the last parameter.
