stackoom
  简体   繁体   中英

Does PyOpenSSL verify_certificate() do signature verification

 原文  2016-11-13 20:00:16       python/ x509/ verification/ pyopenssl

Question

I use PyOpenSSL verify_certificate() to verify certificate chains. My code seems to work. But I was wondering if the function also checks the signatures along the certificate chain. Lets assume we have the chain ca_cert -> i_ca_cert -> s_cert. Thus ca_cert signed i_ca_cert and i_ca_cert signed s_cert. Does verify_certificate() check whether the signer's (RSA) key was used to sign the certificate and whether the signature is correct, for every certificate along the chain?

1 answers

solution1
 0 ACCPTED  2016-11-13 20:32:30

But I was wondering if the function also checks the signatures along the certificate chain

Of course it does. Otherwise what is the purpose of chain verification? From the OpenSSL documentation ( man 1ssl verify on linux):

The final operation is to check the validity of the certificate chain. The validity period is checked against the current system time and the notBefore and notAfter dates in the certificate. The certificate signatures are also checked at this point.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to verify certificate signature in pyOpenSSL? Verify signature with pyopenssl Pyopenssl to verify the file signature How do you verify an RSA SHA1 signature in pyOpenSSL Python: How to verify sha1 rsa signature with pyopenssl? Verify signature on X509 certificate in Python PKCS #7 detached signature with Python and PyOpenSSL PyOpenSSL throws error loading a certificate pyOpenSSL : verify certificates chain : works with 2 but not with more PyOpenSSL convert certificate object to .pem file
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM