Sorry if it is a simple question but, when i set verificationMode to full how is decided that certificate is valid or not? Which part of certificate is compared to what to check the certificate validation?
A verification mode of full uses
- PKIX (see RFC 5280) validation rules for certificate validity
- A HTTPS Server identity check (see RFC 2818; §3.1) for the hostname.
Explaining the full PKIX rules is a bit too complex to cover in details but it includes:
- The signing chain
- The validity dates
- Extensions such as
KeyUsage, if present.
Thanks for providing links.