OpenSSL Ignore Self-signed certificate error

后端 未结 6 1901
独厮守ぢ
独厮守ぢ 2021-02-19 07:42

I\'m writing a small program with the OpenSSL library that is suppose to establish a connection with an SSLv3 server. This server dispenses a self-signed certificate, which caus

6条回答
  •  攒了一身酷
    2021-02-19 08:44

    By default OpenSSL walks the certificate chain and tries to verify on each step, SSL_set_verify() does not change that, see tha man page. Quoting it:

    The actual verification procedure is performed either using the built-in verification procedure or using another application provided verification function set with SSL_CTX_set_cert_verify_callback(3).

    So the solution is to create a simple callback and set that one, so that you override all certificate-chain walking:

    static int always_true_callback(X509_STORE_CTX *ctx, void *arg)
    {
        return 1;
    }
    
    SSL_CTX_set_cert_verify_callback(CTX, always_true_callback);
    

提交回复
热议问题