libmumble-legacy icon indicating copy to clipboard operation
libmumble-legacy copied to clipboard

Published 20 hours ago verified publisher icon mumble-voip

Stricter checking for self-signed certificates

Open mkrautz opened this issue 10 years ago • 0 comments

As-is, libmumble isn't as strict about self signed certificates as it should be. It doesn't check for the 'certificate signing' key usage.

Take for example the replay-server certificate I'm working with at the moment, created using the same template as selfsign-server from the tree:

$ openssl verify -verbose -issuer_checks -purpose sslserver -CAfile testdata/x509/replay-server/replay-server.crt testdata/x509/replay-server/replay-server.crt 
testdata/x509/replay-server/replay-server.crt: CN = localhost, O = libmumble
error 32 at 0 depth lookup:key usage does not include certificate signing
CN = localhost, O = libmumble
error 32 at 0 depth lookup:key usage does not include certificate signing
CN = localhost, O = libmumble
error 32 at 0 depth lookup:key usage does not include certificate signing
CN = localhost, O = libmumble
error 32 at 0 depth lookup:key usage does not include certificate signing
CN = localhost, O = libmumble
error 32 at 0 depth lookup:key usage does not include certificate signing
CN = localhost, O = libmumble
error 32 at 0 depth lookup:key usage does not include certificate signing
CN = localhost, O = libmumble
error 20 at 0 depth lookup:unable to get local issuer certificate

mkrautz avatar Jul 13 '13 17:07 mkrautz