The algorithm for checking of the digital signature of the peer
certificate is covered in PKIX (RFC 3280, obsoleted by RFC 5280) and
the ITU standard X.509.

The library-client code for verifying a certificate can be found in
the apps/verify.c .

You might want to look at the man pages for SSL_set_verify and
SSL_get_verify_callback, as they will allow you to do much of what you
might want to do, as well as tell you a couple of the things that you
need to watch out for.

-Kyle H

On Mon, Nov 3, 2008 at 5:24 AM, Aravinda babu wrote:
> Hi all,
>
> Normally , During HTTPS connection establishment peer server produces it's
> certificate to the client.I want to know how openssl checks this certificate
> ? I want to know the exact API which does this so that i will check the code
> of that API. Please tell me the related things regarding this. (Means how
> client checks the digital signature of peer certificate etc........)
>
> Thanks in advance,
> Aravind.
>

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org