Re: Misunderstanding openssl verify

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "openssl-users@xxxxxxxxxxx" <openssl-users@xxxxxxxxxxx>
Subject: Re: Misunderstanding openssl verify
From: Viktor Dukhovni <openssl-users@xxxxxxxxxxxx>
Date: Mon, 16 Aug 2021 11:08:54 -0400
In-reply-to: <sfdspe$2r3$1@ciao.gmane.io>
References: <sfdpup$1497$1@ciao.gmane.io> <63A4000E-CEEC-4FCF-87C1-1AAF6E576748@dukhovni.org> <sfdspe$2r3$1@ciao.gmane.io>
Reply-to: "openssl-users@xxxxxxxxxxx" <openssl-users@xxxxxxxxxxx>

As documented, the self-signature checks on self-signed certs are by
default skipped.  If your trust store can be modified by untrusted
actors, self-signature checks won't help you.

If you want to check the self-signature, pass the "-check_ss_sig"
option.

-- 
	Viktor.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

References:
- Misunderstanding openssl verify
  - From: Ken Goldman
- Re: Misunderstanding openssl verify
  - From: Viktor Dukhovni
- Re: Misunderstanding openssl verify
  - From: Ken Goldman

Prev by Date: Re: Misunderstanding openssl verify
Next by Date: Re: One iOS App - 2 OpenSSL libraries.
Previous by thread: Re: Misunderstanding openssl verify
Next by thread: Re: Misunderstanding openssl verify
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Security] [Bugtraq] [Linux] [Linux OMAP] [Linux MIPS] [ECOS] [Asterisk Internet PBX] [Linux API]

Powered by Linux