weechat-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Weechat-dev] [patch #7459] Fix a problem with certificate verification.

From: anonymous
Subject: [Weechat-dev] [patch #7459] Fix a problem with certificate verification.
Date: Wed, 09 Feb 2011 17:46:07 +0000
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101230 Firefox/3.6.13 
Follow-up Comment #1, patch #7459 (project weechat):

oh, and i forgot the POC:
$ openssl genrsa -out server.key 4096
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out
server.crt
$ openssl dhparam -outform PEM -out dhparam.pem 4096
$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem
-accept 6697

then try to connect on 127.0.0.1/6697 -ssl and there will be no verification
of the server certificate.
If we configure openssl to request a client certificate using s_server's
'-verify' option, then weechat will check the certificate (and detect it as
self-signed).

$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem
-accept 6697 -verify yes

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/patch/?7459>

_______________________________________________
  Message posté via/par Savannah
  http://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]