Allow to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE - openssl.git

diff options

author	André Klitzing <aklitzing@gmail.com>	2020-03-18 16:04:06 +0100
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-10-08 16:49:29 +0200
commit	02a2567173a451d8d00c276e6d8c1d1cb171234d (patch)
tree	3802a34e731cfc1c8b2fba445af34c89a5f999db /test/threadstest.c
parent	df38dcfcd5c3e264e449589ef0b9fce8ce6e428c (diff)
download	openssl-02a2567173a451d8d00c276e6d8c1d1cb171234d.tar.gz

Allow to continue on UNABLE_TO_VERIFY_LEAF_SIGNATURE

This unifies the behaviour of a single certificate with an unknown CA certificate with a self-signed certificate. The user callback can mask that error to retrieve additional error information. So the user application can decide to abort the connection instead to be forced by openssl. This change in behaviour is backward compatible as user callbacks who don't want to ignore UNABLE_TO_VERIFY_LEAF_SIGNATURE will still abort the connection by default. CLA: trivial Fixes #11297 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13083)

Diffstat (limited to 'test/threadstest.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: