If the certificate chain cannot be built to a trusted root then none of the keys can be trusted either. An attacker could build a totally bogus chain using their own keys and valid signatures... but it would not be valid because it would not chain to a trusted root.
Signature verification can be an expensive operation, for certain algorithms and certain key sizes. OpenSSL does not check signatures until the chain is complete, and then from root to leaf, to avoid a possible DOS attack. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
