PhotonLibOS icon indicating copy to clipboard operation
PhotonLibOS copied to clipboard

Published 20 hours ago verified publisher icon alibaba

TLS implementation does not validate certificate chain

Open benwaffle opened this issue 1 year ago • 2 comments

You can see this by trying to connect to a TLS server using a self-signed certificate (e.g. https://self-signed.badssl.com/).

I would expect to see calls to SSL_CTX_set_default_verify_paths() and SSL_get_verify_result() in the code.

benwaffle avatar Apr 17 '24 01:04 benwaffle

What is the minimum OpenSSL version that supports SSL_CTX_set_default_verify_paths and SSL_get_verify_result ?

beef9999 avatar Apr 17 '24 10:04 beef9999

What is the minimum OpenSSL version that supports SSL_CTX_set_default_verify_paths and SSL_get_verify_result ?

SSL_get_verify_result is provided in openssl 1.0.2

SSL_CTX_set_default_verify_paths is for 1.1.1 above. old version can only set by SSL_use_certificate_file like API.

Current SSL adaptors in photon just simply do not validate certificates.

Coldwings avatar Apr 18 '24 03:04 Coldwings