Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS implementation does not validate certificate chain #457

Open
benwaffle opened this issue Apr 17, 2024 · 2 comments
Open

TLS implementation does not validate certificate chain #457

benwaffle opened this issue Apr 17, 2024 · 2 comments
Assignees
@Coldwings

Comments

@benwaffle
Copy link
Contributor

benwaffle commented Apr 17, 2024
edited

You can see this by trying to connect to a TLS server using a self-signed certificate (e.g. https://self-signed.badssl.com/).

I would expect to see calls to SSL_CTX_set_default_verify_paths() and SSL_get_verify_result() in the code.
@benwaffle benwaffle changed the title TLS implementation does not validate certificate TLS implementation does not validate certificate chain Apr 17, 2024
@beef9999
Copy link
Collaborator

beef9999 commented Apr 17, 2024
edited

What is the minimum OpenSSL version that supports SSL_CTX_set_default_verify_paths and SSL_get_verify_result ?

@Coldwings
Copy link
Collaborator

Coldwings commented Apr 18, 2024
edited

What is the minimum OpenSSL version that supports SSL_CTX_set_default_verify_paths and SSL_get_verify_result ?

SSL_get_verify_result is provided in openssl 1.0.2

SSL_CTX_set_default_verify_paths is for 1.1.1 above. old version can only set by SSL_use_certificate_file like API.

Current SSL adaptors in photon just simply do not validate certificates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Coldwings Coldwings

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@benwaffle @beef9999 @Coldwings