On Mon, Aug 13, 2001 at 08:01:48AM +0200, Filip Van de Velde wrote:
> I am wondering if the signature of an X509v3 certificate is automatically checked
>when you make an SSL connection or do you have to do the signature check of the
>certificate in the verify_callback function by yourself?
A certificate sent by the peer will undergo the chain verification procedure.
The verify_callback will help you to evaluate each verification problem
found and maybe override it.
When SSL_VERIFY_PEER is set, each verification failure will be considered
fatal and the handshake will be stopped with a "bad certificate" alert.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
