Hex Artifact Content
Not logged in
HomeTimelineBranchesTagsTicketsWikiLogin
Download

Artifact be789d5307e4edc10219a8e10ea5fd8521c8a210:

Ticket change [be789d5307] - New ticket [f696bc85f8] Client side verification of SSL server certificates should use system wide default CAs. by anonymous 2010-07-14 14:50:53. 
0000: 44 20 32 30 31 30 2d 30 37 2d 31 34 54 31 34 3a  D 2010-07-14T14:
0010: 35 30 3a 35 33 0a 4a 20 63 6f 6d 6d 65 6e 74 20  50:53.J comment 
0020: 4d 6f 73 74 5c 73 69 6e 73 74 61 6c 6c 61 74 69  Most\sinstallati
0030: 6f 6e 73 5c 73 6f 66 5c 73 4f 70 65 6e 53 53 4c  ons\sof\sOpenSSL
0040: 5c 73 63 6f 6d 65 5c 73 77 69 74 68 5c 73 61 5c  \scome\swith\sa\
0050: 73 73 79 73 74 65 6d 5c 73 77 69 64 65 5c 73 64  ssystem\swide\sd
0060: 69 72 65 63 74 6f 72 79 5c 73 6f 66 5c 73 64 65  irectory\sof\sde
0070: 66 61 75 6c 74 5c 73 63 65 72 74 69 66 69 63 61  fault\scertifica
0080: 74 65 5c 73 61 75 74 68 6f 72 69 74 69 65 73 5c  te\sauthorities\
0090: 73 61 6e 64 5c 73 6d 6f 73 74 5c 73 61 70 70 6c  sand\smost\sappl
00a0: 69 63 61 74 69 6f 6e 73 5c 73 75 73 69 6e 67 5c  ications\susing\
00b0: 73 4f 70 65 6e 53 53 4c 5c 73 6d 61 6b 65 5c 73  sOpenSSL\smake\s
00c0: 75 73 65 5c 73 6f 66 5c 73 74 68 69 73 5c 73 63  use\sof\sthis\sc
00d0: 65 72 74 69 66 69 63 61 74 65 5c 73 73 74 6f 72  ertificate\sstor
00e0: 65 5c 73 64 75 72 69 6e 67 5c 73 73 65 72 76 65  e\sduring\sserve
00f0: 72 5c 73 63 65 72 74 69 66 69 63 61 74 65 5c 73  r\scertificate\s
0100: 76 65 72 69 66 69 63 61 74 69 6f 6e 2c 5c 73 77  verification,\sw
0110: 68 69 63 68 5c 73 69 73 5c 73 68 61 6e 64 79 5c  hich\sis\shandy\
0120: 73 62 65 63 61 75 73 65 5c 73 61 5c 73 73 79 73  sbecause\sa\ssys
0130: 74 65 6d 5c 73 61 64 6d 69 6e 69 73 74 72 61 74  tem\sadministrat
0140: 6f 72 5c 73 6f 6e 6c 79 5c 73 68 61 73 5c 73 74  or\sonly\shas\st
0150: 6f 5c 73 6d 61 6e 61 67 65 5c 73 6f 6e 65 5c 73  o\smanage\sone\s
0160: 63 65 6e 74 72 61 6c 5c 73 73 74 6f 72 65 5c 73  central\sstore\s
0170: 6f 66 5c 73 61 63 63 65 70 74 61 62 6c 65 5c 73  of\sacceptable\s
0180: 63 65 72 74 69 66 69 63 61 74 65 5c 73 61 75 74  certificate\saut
0190: 68 6f 72 69 74 69 65 73 2e 5c 72 5c 6e 5c 72 5c  horities.\r\n\r\
01a0: 6e 46 6f 73 73 69 6c 5c 73 70 72 65 73 65 6e 74  nFossil\spresent
01b0: 6c 79 5c 73 64 6f 65 73 6e 27 74 5c 73 75 73 65  ly\sdoesn't\suse
01c0: 5c 73 74 68 65 5c 73 73 79 73 74 65 6d 5c 73 77  \sthe\ssystem\sw
01d0: 69 64 65 5c 73 43 41 5c 73 63 65 72 74 69 66 69  ide\sCA\scertifi
01e0: 63 61 74 65 5c 73 73 74 6f 72 65 2c 5c 73 62 75  cate\sstore,\sbu
01f0: 74 5c 73 49 5c 73 74 68 69 6e 6b 5c 73 69 74 5c  t\sI\sthink\sit\
0200: 73 73 68 6f 75 6c 64 5c 73 3a 2d 29 5c 73 54 68  sshould\s:-)\sTh
0210: 65 5c 73 6e 65 63 65 73 73 61 72 79 5c 73 63 68  e\snecessary\sch
0220: 61 6e 67 65 5c 73 69 73 5c 73 6f 6e 6c 79 5c 73  ange\sis\sonly\s
0230: 6f 6e 65 5c 73 6c 69 6e 65 5c 73 6f 66 5c 73 63  one\sline\sof\sc
0240: 6f 64 65 3a 5c 72 5c 6e 3c 76 65 72 62 61 74 69  ode:\r\n<verbati
0250: 6d 3e 5c 72 5c 6e 49 6e 64 65 78 3a 5c 73 73 72  m>\r\nIndex:\ssr
0260: 63 2f 68 74 74 70 5f 73 73 6c 2e 63 5c 72 5c 6e  c/http_ssl.c\r\n
0270: 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d  ================
0280: 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d  ================
0290: 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d  ================
02a0: 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d  ================
02b0: 3d 3d 3d 5c 72 5c 6e 2d 2d 2d 5c 73 73 72 63 2f  ===\r\n---\ssrc/
02c0: 68 74 74 70 5f 73 73 6c 2e 63 5c 72 5c 6e 2b 2b  http_ssl.c\r\n++
02d0: 2b 5c 73 73 72 63 2f 68 74 74 70 5f 73 73 6c 2e  +\ssrc/http_ssl.
02e0: 63 5c 72 5c 6e 40 40 5c 73 2d 39 30 2c 31 30 5c  c\r\n@@\s-90,10\
02f0: 73 2b 39 30 2c 31 31 5c 73 40 40 5c 72 5c 6e 5c  s+90,11\s@@\r\n\
0300: 73 5c 73 5c 73 5c 73 5c 73 53 53 4c 5f 6c 69 62  s\s\s\s\sSSL_lib
0310: 72 61 72 79 5f 69 6e 69 74 28 29 3b 5c 72 5c 6e  rary_init();\r\n
0320: 5c 73 5c 73 5c 73 5c 73 5c 73 53 53 4c 5f 6c 6f  \s\s\s\s\sSSL_lo
0330: 61 64 5f 65 72 72 6f 72 5f 73 74 72 69 6e 67 73  ad_error_strings
0340: 28 29 3b 5c 72 5c 6e 5c 73 5c 73 5c 73 5c 73 5c  ();\r\n\s\s\s\s\
0350: 73 45 52 52 5f 6c 6f 61 64 5f 42 49 4f 5f 73 74  sERR_load_BIO_st
0360: 72 69 6e 67 73 28 29 3b 5c 72 5c 6e 5c 73 5c 73  rings();\r\n\s\s
0370: 5c 73 5c 73 5c 73 4f 70 65 6e 53 53 4c 5f 61 64  \s\s\sOpenSSL_ad
0380: 64 5f 61 6c 6c 5f 61 6c 67 6f 72 69 74 68 6d 73  d_all_algorithms
0390: 28 29 3b 5c 72 5c 6e 5c 73 5c 73 5c 73 5c 73 5c  ();\r\n\s\s\s\s\
03a0: 73 73 73 6c 43 74 78 5c 73 3d 5c 73 53 53 4c 5f  ssslCtx\s=\sSSL_
03b0: 43 54 58 5f 6e 65 77 28 53 53 4c 76 32 33 5f 63  CTX_new(SSLv23_c
03c0: 6c 69 65 6e 74 5f 6d 65 74 68 6f 64 28 29 29 3b  lient_method());
03d0: 5c 72 5c 6e 2b 5c 73 5c 73 5c 73 5c 73 58 35 30  \r\n+\s\s\s\sX50
03e0: 39 5f 53 54 4f 52 45 5f 73 65 74 5f 64 65 66 61  9_STORE_set_defa
03f0: 75 6c 74 5f 70 61 74 68 73 28 53 53 4c 5f 43 54  ult_paths(SSL_CT
0400: 58 5f 67 65 74 5f 63 65 72 74 5f 73 74 6f 72 65  X_get_cert_store
0410: 28 73 73 6c 43 74 78 29 29 3b 5c 72 5c 6e 5c 73  (sslCtx));\r\n\s
0420: 5c 73 5c 73 5c 73 5c 73 73 73 6c 49 73 49 6e 69  \s\s\s\ssslIsIni
0430: 74 5c 73 3d 5c 73 31 3b 5c 72 5c 6e 5c 73 5c 73  t\s=\s1;\r\n\s\s
0440: 5c 73 7d 5c 72 5c 6e 5c 73 7d 5c 72 5c 6e 5c 73  \s}\r\n\s}\r\n\s
0450: 5c 72 5c 6e 5c 73 2f 2a 5c 72 5c 6e 3c 2f 76 65  \r\n\s/*\r\n</ve
0460: 72 62 61 74 69 6d 3e 0a 4a 20 66 6f 75 6e 64 69  rbatim>.J foundi
0470: 6e 20 66 62 35 66 30 63 32 35 38 30 0a 4a 20 70  n fb5f0c2580.J p
0480: 72 69 76 61 74 65 5f 63 6f 6e 74 61 63 74 20 39  rivate_contact 9
0490: 31 31 65 63 63 38 30 35 30 32 36 33 32 64 61 61  11ecc80502632daa
04a0: 64 30 39 35 63 66 30 34 64 61 63 35 36 30 64 34  d095cf04dac560d4
04b0: 65 64 32 35 61 64 34 0a 4a 20 73 65 76 65 72 69  ed25ad4.J severi
04c0: 74 79 20 4d 69 6e 6f 72 0a 4a 20 73 74 61 74 75  ty Minor.J statu
04d0: 73 20 4f 70 65 6e 0a 4a 20 74 69 74 6c 65 20 43  s Open.J title C
04e0: 6c 69 65 6e 74 5c 73 73 69 64 65 5c 73 76 65 72  lient\sside\sver
04f0: 69 66 69 63 61 74 69 6f 6e 5c 73 6f 66 5c 73 53  ification\sof\sS
0500: 53 4c 5c 73 73 65 72 76 65 72 5c 73 63 65 72 74  SL\sserver\scert
0510: 69 66 69 63 61 74 65 73 5c 73 73 68 6f 75 6c 64  ificates\sshould
0520: 5c 73 75 73 65 5c 73 73 79 73 74 65 6d 5c 73 77  \suse\ssystem\sw
0530: 69 64 65 5c 73 64 65 66 61 75 6c 74 5c 73 43 41  ide\sdefault\sCA
0540: 73 0a 4a 20 74 79 70 65 20 46 65 61 74 75 72 65  s.J type Feature
0550: 5f 52 65 71 75 65 73 74 0a 4b 20 66 36 39 36 62  _Request.K f696b
0560: 63 38 35 66 38 62 39 31 64 32 36 33 66 35 62 66  c85f8b91d263f5bf
0570: 34 63 35 62 62 64 32 36 31 62 64 32 35 32 63 34  4c5bbd261bd252c4
0580: 36 61 30 0a 55 20 61 6e 6f 6e 79 6d 6f 75 73 0a  6a0.U anonymous.
0590: 5a 20 61 64 66 37 38 32 66 61 33 63 63 35 35 38  Z adf782fa3cc558
05a0: 33 38 30 61 35 64 34 62 66 64 39 34 30 63 64 35  380a5d4bfd940cd5
05b0: 66 31 0a                                         f1.
Fossil version [4df919803b] 2020-05-25 23:23:49