bcollet/socat
1
0
Fork 0
mirror of https://repo.or.cz/socat.git synced 2024-12-22 15:32:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Warning that Socat does not check CRLs

Browse source
This commit is contained in:
Gerhard Rieger 2023-06-17 08:44:02 +02:00
parent 779473f667
commit 4bab097ffc
2 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,4 +1,8 @@

Security:
Socats OpenSSL addresses do not (and never did) check certificate
revocation lists (CRLs). Socat now prints a warning about this.
Features:
Added the --experimental option that enables use of features that might
change in the future.

1
xio-openssl.c
View file

@ -1397,6 +1397,7 @@ cont_out:
sycSSL_CTX_set_verify(ctx,
SSL_VERIFY_PEER| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
NULL);
Warn("OpenSSL: Warning: this implementation does not check CRLs");
} else {
sycSSL_CTX_set_verify(ctx,
SSL_VERIFY_NONE,