-
-
Notifications
You must be signed in to change notification settings - Fork 6.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wolfSSL HTTP/3 peer verification is lacking #13487
Comments
@icing feel free to edit/follow-up with corrections or added details as you see fit |
This appears to be a wolfSSL problem, would you agree @icing? I see nothing in the wolfSSL docs that suggests that this would not work for QUIC connections but only for TCP. Or am I missing something? |
I agree. I found no obvious way to do this with the wolfSSL API. |
Since we believe this problem is in the wolfSSL end, I'm closing this issue. |
Its a curl bug. Fix @ #13680. |
I did this
build curl with ngtcp2 + nghttp3 + wolfSSL
Issue a request that should fail the certificate check, like this:
The problem is likely here:
curl/lib/vquic/vquic-tls.c
Lines 325 to 330 in c8e0cd1
This does not really verify the peer certificate. For TCP connections this works as it is wired into the wolfSSL connect() implementation and gives a special return code on such a fail.
I expected the following
A request to a server that fails the check should error out.
curl/libcurl version
git master
operating system
independent
The text was updated successfully, but these errors were encountered: