The algorithm for checking of the digital signature of the peer certificate is covered in PKIX (RFC 3280, obsoleted by RFC 5280) and the ITU standard X.509.
The library-client code for verifying a certificate can be found in the apps/verify.c . You might want to look at the man pages for SSL_set_verify and SSL_get_verify_callback, as they will allow you to do much of what you might want to do, as well as tell you a couple of the things that you need to watch out for. -Kyle H On Mon, Nov 3, 2008 at 5:24 AM, Aravinda babu <[EMAIL PROTECTED]> wrote: > Hi all, > > Normally , During HTTPS connection establishment peer server produces it's > certificate to the client.I want to know how openssl checks this certificate > ? I want to know the exact API which does this so that i will check the code > of that API. Please tell me the related things regarding this. (Means how > client checks the digital signature of peer certificate etc........) > > Thanks in advance, > Aravind. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
