Displaying 6 results from an estimated 6 matches for "ssl_verify_peer".
2019 Aug 29
0
I broke "yum update" - C7
...ssl_ca_cert' : None,
'ssl_cert' : None,
'ssl_cert_type': 'PEM',
'ssl_context' : None,
'ssl_key' : None,
'ssl_key_pass' : None,
'ssl_key_type' : 'PEM',
'ssl_verify_host': True,
'ssl_verify_peer': True,
'text' : None,
'throttle' : 1.0,
'timedhosts' : None,
'timeout' : 300,
'urlparser' : <urlgrabber.grabber.URLParser instance at 0x7effcd5bc518>,
'user_agent' : 'urlgrabber/3.10 yum/3...
2019 Aug 29
4
I broke "yum update" - C7
Am 2019-08-29 16:51, schrieb Gary Stainburn:
> On Thursday 29 August 2019 15:45:44 Gordon Messmer wrote:
>> On 8/29/19 3:03 AM, Gary Stainburn wrote:
>> > https://us-east.repo.webtatic.com/yum/el7/x86_64/repodata/repomd.xml: [Errno 14] curl#60 - "Peer's Certificate issuer is not recognized."
>>
>>
>> What do you see when you run:
>>
2006 Jun 01
1
ssl-proxy: client certificates and crl check
...erify_cert_error_string(ctx->error),buf);
+ }
+ else
+ { i_warning("CERT: %s",buf); } /* logging */
- return 1;
+ return preverify_ok;
+ /* HJHJ */
+
}
static int
@@ -666,10 +684,20 @@
if (getenv("SSL_VERIFY_CLIENT_CERT") != NULL) {
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER |
- SSL_VERIFY_CLIENT_ONCE,
+ SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
ssl_verify_client_cert);
}
+ /* HJHJ */
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ X509_STORE *store;
+ if( (store=SSL_CTX_get_cert_store(ssl_ctx)) != NULL )
+ { X509_STORE_set_flags( store, X509_V_FLAG_CRL...
2019 Aug 29
0
I broke "yum update" - C7
...ssl_ca_cert' : None,
'ssl_cert' : None,
'ssl_cert_type': 'PEM',
'ssl_context' : None,
'ssl_key' : None,
'ssl_key_pass' : None,
'ssl_key_type' : 'PEM',
'ssl_verify_host': True,
'ssl_verify_peer': True,
'text' : None,
'throttle' : 0,
'timedhosts' : None,
'timeout' : 30.0,
'urlparser' : <urlgrabber.grabber.URLParser instance at 0x7fd3bf6f3ab8>,
'user_agent' : 'urlgrabber/3.10 yum/3....
2019 Aug 29
2
I broke "yum update" - C7
Am 2019-08-29 17:36, schrieb Gary Stainburn:
> On Thursday 29 August 2019 16:20:00 Alexander Dalloz wrote:
>> Hi,
>>
>> yum uses libcurl behind the scenes and thus NSS and not OpenSSL.
>>
>> Do you get something indicative when running:
>>
>> URLGRABBER_DEBUG=1 yum --disablerepo=\* --enablerepo=webtatic
>> check-update
>>
>>
2015 Feb 11
2
[PATCH] Fix for client certificate validation does not work
...void
@@ -1068,7 +1037,7 @@
}
static void
-ssl_proxy_ctx_verify_client(SSL_CTX *ssl_ctx, STACK_OF(X509_NAME) *ca_names)
+ssl_proxy_ctx_verify_client(SSL_CTX *ssl_ctx)
{
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
X509_STORE *store;
@@ -1079,8 +1048,6 @@
#endif
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
ssl_verify_client_cert);
- /* set list of CA names that are sent to client */
- SSL_CTX_set_client_CA_list(ssl_ctx, ca_names);
}
static const char *ssl_proxy_get_use_certificate_error(const char *cert)
@@ -1277,7 +1244,7 @@
ctx->ctx = ssl_ctx = SSL_CTX_new(...