Warning that Socat does not check CRLs

This commit is contained in:
Gerhard Rieger 2023-06-17 08:44:02 +02:00
parent 779473f667
commit 4bab097ffc
2 changed files with 5 additions and 0 deletions

View file

@ -1,4 +1,8 @@
 
Security:
Socats OpenSSL addresses do not (and never did) check certificate
revocation lists (CRLs). Socat now prints a warning about this.
Features: Features:
Added the --experimental option that enables use of features that might Added the --experimental option that enables use of features that might
change in the future. change in the future.

View file

@ -1397,6 +1397,7 @@ cont_out:
sycSSL_CTX_set_verify(ctx, sycSSL_CTX_set_verify(ctx,
SSL_VERIFY_PEER| SSL_VERIFY_FAIL_IF_NO_PEER_CERT, SSL_VERIFY_PEER| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
NULL); NULL);
Warn("OpenSSL: Warning: this implementation does not check CRLs");
} else { } else {
sycSSL_CTX_set_verify(ctx, sycSSL_CTX_set_verify(ctx,
SSL_VERIFY_NONE, SSL_VERIFY_NONE,