Using default CA path from openssl
Michal Cichra
michal at 3scale.net
Thu Sep 11 14:17:27 UTC 2014
Yes, the s_client and s_server core is …
There are even bugs filled https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/396818
But this is different. The SSL_CTX_set_default_verify_paths does not have a bug,
but the usage of it is wrong.
Cheers.
On 11 Sep 2014, at 05:14, Philipp <e1c1bac6253dc54a1e89ddc046585792 at posteo.net> wrote:
> Am 11.09.2014 00:56 schrieb Michal Cichra:
>> What I propose is a configuration flag, to set
>> `SSL_CTX_set_default_verify_paths`.
>
> Careful what you wish for..
>
> I didnt check the surrounding code, but above call and CAfile/CApath sets (if cmd-line or via API wont matter)
> has "funny" error conditions; see this post and the thread:
> http://marc.info/?l=openbsd-tech&m=140646297120492&w=2
>
> Just a 2ct heads up.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140911/ebaa1f4e/attachment.html>
More information about the nginx
mailing list