Re: resumption problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 27, 2020 at 09:25:28PM +0000, Jeremy Harris wrote:

> > If the distro started with 1.1.1 and only backported security fixes, you
> > could be running an OpenSSL version with the unintentional bidirectional
> > setting.
> 
> .. either this, or even an unpatched basic 1.1.1 .
> 
> A simple code addition to avoid that call in the client case sounds
> in order.  Would the above likely explain the error I'm getting?

You could explicitly set the client CA list to an empty stack,
as a final step in initializing the SSL_CTX:

    SSL_CTX_set0_CA_list(ctx, NULL);

> > Another possibility is that your system-wide openssl.cnf file has a
> > "RequestCAFile" or "ClientCAFile" setting.
> 
> Neither appears to be present in /etc/pki/tls/openssl.cnf

And neither has any ".include" directives?

-- 
    Viktor.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux