On 8/16/2021 10:04 AM, Viktor Dukhovni wrote:
It seems as though the 'verify' command checks the issuer, but not the signature of the certificate - the last parameter.
>
As documented.
Then I am not understanding the documentation. https://www.openssl.org/docs/man1.1.1/man1/verify.html says "The final operation is to check the validity of the certificate chain. ... The certificate signature is checked as well " However. my experience is that the certificate signature is not checked. I can hand modify the validity, public key, or signature, but the command still returns "OK".
