[Nut-upsdev] SSL certificate verification with OpenSSL in NUTtrunk
Arjen de Korte
nut+devel at de-korte.org
Thu Jan 13 16:16:21 UTC 2011
Citeren EmilienKia op Eaton.com:
> Reverting commit r2819 seems fixing the problem.
>
> Index: /trunk/clients/upsclient.c
> ===================================================================
> --- /trunk/clients/upsclient.c (revision 2724)
> +++ /trunk/clients/upsclient.c (revision 2819)
> @@ -387,5 +387,5 @@
> }
>
> - SSL_set_verify(ups->ssl, ssl_mode, NULL);
> + SSL_CTX_set_verify(ups->ssl_ctx, ssl_mode, NULL);
>
> return 1;
>
> IMHO, as the secured socket is already instanciated, context
> modification is not propagated to the socket so the secured socket does
> not switch to "verify" mode.
That is weird. I would also expect that the
SSL_CTX_load_verify_locations() call would also be ineffective if that
were the case, since that's dealing with the same
> Do I revert commit ?
Well, since it doesn't seem to make a difference here, but it does on
your side, I guess that is the most sensible thing to do. Due to the
above I'm a bit worried though, that there is something else going on.
Best regards, Arjen
--
Please keep list traffic on the list (off-list replies will be rejected)
More information about the Nut-upsdev
mailing list