This is used when the certificate is being verified for a specific purpose, and the signature has already been checked somewhere else in the code. For example,
http://lxr.mozilla.org/mozilla/source/security/nss/lib/ssl/ssl3con.c#6583 checks if the certificate is valid for SSL Step Up. The certificate's signature has already been checked in the authCertificate() call on line 6553. Patrick wrote: >CERT_VerifyCertNow has a parameter (checkSig) for specifying whether or not >the issuer's signature should be checked. I'm curious, in what circumstances >would one want to turn that particular check off? > >-- P > >
