Re: [openssl][uwp] SSL_CTX_load_verify_locations not working for UWP port

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 05 Jun 2020 03:04:47 +0200,
Feng LI wrote:
> SSL_CTX_load_verify_locations is required for UWP port to load ca file since OpenSSL will not use
> the CA of the OS.
> 
> But in UWP build, stdio is disabled by default. However, SSL_CTX_load_verify_locations relies on
> the default X509_STORE file lookup functionality uses stdio (via BIO_s_file). That basically means
> no verification of peers and hosts is possible with OpenSSL on UWP port.
> 
> Is there a way to fix this or if there's a workaround for UWP ?

It should be enough to use BIO_s_fd() instead of BIO_s_file() (it
takes a bit more than a mere change of function name, OpenSSL's file
descriptor isn't quite designed for use with files, unfortunately).

That is, with the assumption that POSIX file descriptors can be used
at all with UWP...  otherwise, someone will have to come up with a BIO
method that supports whatever file API that UWP supports.

Cheers,
Richard

-- 
Richard Levitte         levitte@xxxxxxxxxxx
OpenSSL Project         http://www.openssl.org/~levitte/




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux