PyOpenSSL verify_certificate() 是否做签名验证
Does PyOpenSSL verify_certificate() do signature verification
我使用 PyOpenSSL verify_certificate() 来验证证书链。我的代码似乎有效。但我想知道该函数是否还检查证书链上的签名。假设我们有链 ca_cert -> i_ca_cert -> s_cert。因此 ca_cert 签署了 i_ca_cert 并且 i_ca_cert 签署了 s_cert。 verify_certificate() 是否检查签名者的 (RSA) 密钥是否用于签署证书以及签名是否正确,对于链上的每个证书?
But I was wondering if the function also checks the signatures along the certificate chain
当然可以。否则链验证的目的是什么?来自 OpenSSL 文档(man 1ssl verify on linux):
The final operation is to check the validity of the certificate chain. The validity period is checked against the current system time and the notBefore and notAfter dates in the certificate. The certificate signatures are also checked at this point.
我使用 PyOpenSSL verify_certificate() 来验证证书链。我的代码似乎有效。但我想知道该函数是否还检查证书链上的签名。假设我们有链 ca_cert -> i_ca_cert -> s_cert。因此 ca_cert 签署了 i_ca_cert 并且 i_ca_cert 签署了 s_cert。 verify_certificate() 是否检查签名者的 (RSA) 密钥是否用于签署证书以及签名是否正确,对于链上的每个证书?
But I was wondering if the function also checks the signatures along the certificate chain
当然可以。否则链验证的目的是什么?来自 OpenSSL 文档(man 1ssl verify on linux):
The final operation is to check the validity of the certificate chain. The validity period is checked against the current system time and the notBefore and notAfter dates in the certificate. The certificate signatures are also checked at this point.