mirror of https://github.com/wolfSSL/wolfssl
1. Updated README Note 2. The error code described for no signer
errors is -188. (The error code -155 is for the signature confirmation failing.) 2. Fixed bug in copying the signature from a DecodedCert to a CYASSL_X509 record.
This commit is contained in:
parent
42f82ce9cc
commit
dabb8058c4
8
README
8
README
|
@ -23,10 +23,10 @@ beginning of the note and specify the full path.
|
|||
Note 2)
|
||||
CyaSSL takes a different approach to certificate verification than OpenSSL does.
|
||||
The default policy for the client is to verify the server, this means that if
|
||||
you don't load CAs to verify the server you'll get a connect error, unable to
|
||||
verify (-155). It you want to mimic OpenSSL behavior of having SSL_connect
|
||||
succeed even if verifying the server fails and reducing security you can do
|
||||
this by calling:
|
||||
you don't load CAs to verify the server you'll get a connect error, no signer
|
||||
error to confirm failure (-188). If you want to mimic OpenSSL behavior of
|
||||
having SSL_connect succeed even if verifying the server fails and reducing
|
||||
security you can do this by calling:
|
||||
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
|
||||
|
||||
|
|
|
@ -3136,8 +3136,7 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
|
|||
ret = MEMORY_E;
|
||||
}
|
||||
else {
|
||||
XMEMCPY(x509->sig.buffer,
|
||||
&dCert->source[dCert->sigIndex], dCert->sigLength);
|
||||
XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength);
|
||||
x509->sig.length = dCert->sigLength;
|
||||
x509->sigOID = dCert->signatureOID;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue