> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Bruce Cloutier > Sent: Thursday, June 25, 2020 12:10 > > By "If OpenSSL fails to validate this particular digital signature that > would be the case." I meant to question whether or not OpenSSL is in > fact doing the validation? In the case that the signature is being > ignored then clients wouldn't complain. They wouldn't notice.
s_client should be verifying the signature.[1] That is, it should be verifying every signature that's part of the actual TLS protocol. I admit it's not entirely clear to me which signature isn't being verified successfully by your client. [1] I'm not sure "validate" is the proper term here, technically speaking. In my experience, the literature usually uses "verify" for confirming a signature. "Validate" is generally used for more complex protocols, such as certificate validation, which involves a large number of steps with various types of checks. -- Michael Wojcik Distinguished Engineer, Micro Focus
