[jdev] self signed cert
Tomasz Sterna
tomek at xiaoka.com
Tue May 3 15:52:00 UTC 2016
W dniu 03.05.2016, wto o godzinie 02∶12 -0700, użytkownik
lists at lazygranch.com napisał:
> jabberd2 version(2.3.6)
> I followed these instructions:
> https://github.com/jabberd2/jabberd2/wiki/InstallGuide-OpenSSLConfigu
> ration
> [...]
> SM : sx (ssl.c:405) secure channel not established, handshake in
> progress
> SM : sx (ssl.c:59) verify error:num=18:self signed
> certificate:depth=0:/C=US/ST=state/L=city/O=none/OU=none
> /CN=mydomain.org/emailAddress=webmaster at mydomain.org
> ----------------------------------------------------
I guess I could catch X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT (18)
in SSL_CTX_set_verify callback and pass the cert through,
but I'm ambivalent about it...
We should really discourage use of self-signed certificates.
On the other hand, it really speeds-up test deployments.
Maybe have it as an opition, to enable if you really-really need to use
self-signed certificates?
What do you think?
--
smoku @ http://abadcafe.pl/ @ http://xiaoka.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <https://www.jabber.org/jdev/attachments/20160503/81ea44c2/attachment.sig>
More information about the JDev
mailing list