TLS implementation does not validate certificate chain
benwaffle opened this issue · comments
You can see this by trying to connect to a TLS server using a self-signed certificate (e.g. https://self-signed.badssl.com/).
I would expect to see calls to SSL_CTX_set_default_verify_paths()
and SSL_get_verify_result()
in the code.
What is the minimum OpenSSL version that supports SSL_CTX_set_default_verify_paths
and SSL_get_verify_result
?
What is the minimum OpenSSL version that supports
SSL_CTX_set_default_verify_paths
andSSL_get_verify_result
?
SSL_get_verify_result is provided in openssl 1.0.2
SSL_CTX_set_default_verify_paths is for 1.1.1 above. old version can only set by SSL_use_certificate_file
like API.
Current SSL adaptors in photon just simply do not validate certificates.