openssl证书过期后,openssl RSA_verify成功。
[英]openssl RSA_verify succeeds after the openssl certificate is expired.
问题描述
I created a self signed openssl certificate using the below commads. 
我使用以下逗号创建了一个自签名的openssl证书。
- openssl genrsa -des3 -out server.key 2048 openssl genrsa -des3 -out server.key 2048
- openssl rsa -in server.key -out server.key openssl rsa -in server.key -out server.key
- openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=localhost' openssl req -sha256-新-key server.key -out server.csr -subj'/ CN = localhost'
- openssl x509 -req -sha256 -days 10 -in server.csr -signkey server.key -out openssl x509 -req -sha256 -days 10 -in server.csr -signkey server.key -out
- cat server.crt server.key > cert.pem cat server.crt server.key> cert.pem
Using the cert.pem and RSA_sign function I created a signature after the certificate expired ( after 10 days ) 我使用cert.pem和RSA_sign函数在证书过期后(10天后)创建了一个签名。
The RSA_verify of the above signature still succeeds. 上述签名的RSA_verify仍然成功。 Can you help me with this? 你能帮我吗?
Best regards, Poornima.M 最好的问候,Poornima.M
1 个解决方案
解决方案1
0 2018-03-30 11:09:07
RSA_verify() will verify the signature taking the rsa public key, it does not deal with the public key certificate. RSA_verify()将使用rsa公钥验证签名,而不处理公钥证书。
Public key and the key certificate are not the same thing, public key resides in public key certificate. 公钥和密钥证书不是同一件事,公钥位于公钥证书中。 So when you extracted public key from the certificate there only you have to check if its expired or not and avoid using it if its expired 因此,当您从证书中提取公钥时,只需检查其是否过期,并避免在过期时避免使用它
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.