mirror of
https://repo.or.cz/socat.git
synced 2024-12-22 23:42:34 +00:00
Warning that Socat does not check CRLs
This commit is contained in:
parent
779473f667
commit
4bab097ffc
2 changed files with 5 additions and 0 deletions
4
CHANGES
4
CHANGES
|
@ -1,4 +1,8 @@
|
||||||
|
|
||||||
|
Security:
|
||||||
|
Socats OpenSSL addresses do not (and never did) check certificate
|
||||||
|
revocation lists (CRLs). Socat now prints a warning about this.
|
||||||
|
|
||||||
Features:
|
Features:
|
||||||
Added the --experimental option that enables use of features that might
|
Added the --experimental option that enables use of features that might
|
||||||
change in the future.
|
change in the future.
|
||||||
|
|
|
@ -1397,6 +1397,7 @@ cont_out:
|
||||||
sycSSL_CTX_set_verify(ctx,
|
sycSSL_CTX_set_verify(ctx,
|
||||||
SSL_VERIFY_PEER| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
SSL_VERIFY_PEER| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
||||||
NULL);
|
NULL);
|
||||||
|
Warn("OpenSSL: Warning: this implementation does not check CRLs");
|
||||||
} else {
|
} else {
|
||||||
sycSSL_CTX_set_verify(ctx,
|
sycSSL_CTX_set_verify(ctx,
|
||||||
SSL_VERIFY_NONE,
|
SSL_VERIFY_NONE,
|
||||||
|
|
Loading…
Reference in a new issue