Re: Peer Certificate Verification API
The algorithm for checking of the digital signature of the peer
certificate is covered in PKIX (RFC 3280, obsoleted by RFC 5280) and
the ITU standard X.509.
The library-client code for verifying a certificate can be found in
the apps/verify.c .
You might want to look at the man pages for SSL_set_verify and
SSL_get_verify_callback, as they will allow you to do much of what you
might want to do, as well as tell you a couple of the things that you
need to watch out for.
On Mon, Nov 3, 2008 at 5:24 AM, Aravinda babu <email@example.com> wrote:[color=blue]
> Hi all,
> Normally , During HTTPS connection establishment peer server produces it's
> certificate to the client.I want to know how openssl checks this certificate
> ? I want to know the exact API which does this so that i will check the code
> of that API. Please tell me the related things regarding this. (Means how
> client checks the digital signature of peer certificate etc........)
> Thanks in advance,
OpenSSL Project [url]http://www.openssl.org[/url]
Development Mailing List [email]firstname.lastname@example.org[/email]
Automated List Manager [email]email@example.com[/email]