SSL_VERIFY_PEER

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL_VERIFY_PEER

Nathan Smyth
Just wondering - if SSL_VERIFY_PEER is set on a connection, if the verification locations have not been loaded (SSL_CTX_load_verify_locations has not been set) - does the connection fail? Or continue as unverified?


Also, is it possible to set the verify_location as somewhere remote (i.e. some URL) rather than some local path.

Thanks
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SSL_VERIFY_PEER

Viktor Dukhovni
On Tue, Mar 12, 2013 at 10:23:20AM +0000, Nathan Smyth wrote:

> Just wondering - if SSL_VERIFY_PEER is set on a connection, if
> the verification locations have not been loaded
> (SSL_CTX_load_verify_locations has not been set) - does the connection
> fail? Or continue as unverified?

This is answered in some detail in:

        https://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

if you find part of the answer confusing, it is best to ask a more
specific question referencing the text in question.

> Also, is it possible to set the verify_location as somewhere
> remote (i.e. some URL) rather than some local path.

https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html

so you mount a FUSE filesystem that provides secure access to remote
URLs you could use that if you're sufficiently motivated (misguided?).

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]