Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing certificate verification #39

Open
jnthn opened this issue Apr 2, 2017 · 1 comment
Open

Missing certificate verification #39

jnthn opened this issue Apr 2, 2017 · 1 comment

Comments

@jnthn
Copy link

jnthn commented Apr 2, 2017

It appears that certificates presented by servers are not being verified. Which that behavior is often exposed as an option, it is not a good default as it means man-in-the-middle attacks can be easily missed, greatly reducing the utility of SSL. Feel free to crib from this commit.

I'd like to contribute the various C function bindings missing in this module, but that I've temporarily added in my work-in-progress IO::Socket::Async::SSL, back to this one, so we can keep all of the C binding aspects of OpenSSL in one place; I'll submit a PR for that once my development work over in my new module gets a bit further along.
@ufobat
Copy link

ufobat commented Mar 11, 2018

I am looking for the ability to set own verfiy_callbacks, as they're mentioned there: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_verify.html

@ufobat ufobat mentioned this issue Mar 13, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jnthn @ufobat