mirror of https://github.com/wolfSSL/wolfssl
1. Updated README Note 2. The error code described for no signer
errors is -188. (The error code -155 is for the signature confirmation failing.) 2. Fixed bug in copying the signature from a DecodedCert to a CYASSL_X509 record.
This commit is contained in:
parent
42f82ce9cc
commit
dabb8058c4
8
README
8
README
|
@ -23,10 +23,10 @@ beginning of the note and specify the full path.
|
||||||
Note 2)
|
Note 2)
|
||||||
CyaSSL takes a different approach to certificate verification than OpenSSL does.
|
CyaSSL takes a different approach to certificate verification than OpenSSL does.
|
||||||
The default policy for the client is to verify the server, this means that if
|
The default policy for the client is to verify the server, this means that if
|
||||||
you don't load CAs to verify the server you'll get a connect error, unable to
|
you don't load CAs to verify the server you'll get a connect error, no signer
|
||||||
verify (-155). It you want to mimic OpenSSL behavior of having SSL_connect
|
error to confirm failure (-188). If you want to mimic OpenSSL behavior of
|
||||||
succeed even if verifying the server fails and reducing security you can do
|
having SSL_connect succeed even if verifying the server fails and reducing
|
||||||
this by calling:
|
security you can do this by calling:
|
||||||
|
|
||||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
||||||
|
|
||||||
|
|
|
@ -3136,8 +3136,7 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
|
||||||
ret = MEMORY_E;
|
ret = MEMORY_E;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
XMEMCPY(x509->sig.buffer,
|
XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength);
|
||||||
&dCert->source[dCert->sigIndex], dCert->sigLength);
|
|
||||||
x509->sig.length = dCert->sigLength;
|
x509->sig.length = dCert->sigLength;
|
||||||
x509->sigOID = dCert->signatureOID;
|
x509->sigOID = dCert->signatureOID;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue