SSL: CA Cert List
-
dnishimura
- Posts: 19
- Joined: Fri Dec 19, 2014 3:07 pm
SSL: CA Cert List
Is there a way to update the CA Cert list without having to regenerate the ccerts.cpp file and recompiling each time?
-
dnishimura
- Posts: 19
- Joined: Fri Dec 19, 2014 3:07 pm
Re: SSL: CA Cert List
Couple of possible issues (v2.7.6):
Scenario 1) When doing a SSL_connect to a particularly busy server, having verify_peer=true, I get a TCP timeout and it subsequently keeps timing out with each call. However, if I do a SSL_connect with verify_peer=true, then SSL_connect with verify_peer=false, I'm able to connect, even if I set verify_peer back to true again.
Scenario 2) I created a valid CA cert in the ccerts.cpp file, but not one that is installed on the server I want to connect to. When doing SSL_connect with verify_peer=true, it's able to connect even though the CA cert in ccerts.cpp is different from what is installed on the server. How is SSL_connect verifying?
Scenario 1) When doing a SSL_connect to a particularly busy server, having verify_peer=true, I get a TCP timeout and it subsequently keeps timing out with each call. However, if I do a SSL_connect with verify_peer=true, then SSL_connect with verify_peer=false, I'm able to connect, even if I set verify_peer back to true again.
Scenario 2) I created a valid CA cert in the ccerts.cpp file, but not one that is installed on the server I want to connect to. When doing SSL_connect with verify_peer=true, it's able to connect even though the CA cert in ccerts.cpp is different from what is installed on the server. How is SSL_connect verifying?