This repository has been archived by the owner on Jan 17, 2022. It is now read-only.
OpenSSL's default CA locations are not enabled #160
Labels
Comments
ghost
added
the
|
Even it use_https is enabled & only ssl_ca_list is set then server certificate is not verified as connection is successful even if ssl_ca_list contains any cacert.pem using which server certificate cannot be verified. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
If the profile contains 'use_https' but not 'ssl_ca_list' then
the function SSL_CTX_set_default_verify_paths() is never called to initialise an SSL context to point to the operating system's default set of CA certificates. So if a server sends a certificate it is never verified.
The text was updated successfully, but these errors were encountered: