Hello,
We have decided to use openssl to protect a connection in our system with TLS.
Clients will be authenticated using X509 certificates. To cut a long story
short, a decision has been taken to use self-signed certificates. On the
server, each client's self-signed cert will be loaded by a call to
SSL_CTX_load_verify_locations(). This is pretty much working as expected, apart
from one thing. If we modify the client's private key (modified a bit in the
privateExponent), the TLS connection is still successfully established. I had
expected the signature verification (certificate verify message) of the
handshake to fail in this case.
Are there any gotchas with self-signed certs? Or is there something else we
have missed that explains why the signature verification is successful with the
modified key?
We are using openssl-0.9.8o.
Regards Roger
