On 18/12/19 09:54, Mody, Darshan Arvindkumar (Darshan) wrote:
Hi
We are using SSL_CTX_use_certificate and
SSL_CTX_use_certificate_chain_file APIs to load the certificates.
My query is when we are loading the certificate in the Context does
openssl verify the certificates for e.g. whether the certificate is
expired already etc.
the short answer is no, it does not; the openssl library will let you
load expired/invalid certificates if you do not do any explicit checks.
Use a verify_callback and call X509_verify_cert() to check the validity.
HTH,
JJK