[strongSwan-dev] Subject certificate signature verification

Martin Willi martin at strongswan.org
Mon Nov 10 10:42:35 CET 2014


> Can anyone point me out, where in code the actual signature verification 
> against CA is done for RSA/DSA/ECDSA?

While the trustchain validation is handled in the credential manager
[1], the raw signature verification is done in the available crypto

For RSA, there are several backends available, namely gmp [2] (the
default), gcrypt [3] and openssl [4]. DSA is currently not supported by
any backend.

> And is ECDSA verification done in OpenSSL lib always?

Yes, ECDSA is currently supported by the openssl backend [5] only.



More information about the Dev mailing list