On Mon, Feb 13, 2023 at 09:03:13AM -0600, Mark Hack wrote:
> Looking at the IX code (and it was a very quick look), I suspect that
> only the CN is validated. If the server cert shows "localhost" then
> that is probably the issue.
The IXWebSocket code may simply not support IP address certificates. It
may be treating a dotted-quad IP address string as a hostname, which it
then fails to match.
The OP reports:
OpenSSL failed - error:0A000086:SSL routines::certificate verify failed
The OpenSSL error stack would typically have more detailed error
information if more than just the last error were reported. If the OP
has additional error info, that'd be very useful. If not, the
application should really have done a better job of reporting error
conditions.
--
Viktor.
