[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Weechat-dev] [patch #7459] Fix a problem with certificate verification.
From: |
anonymous |
Subject: |
[Weechat-dev] [patch #7459] Fix a problem with certificate verification. |
Date: |
Wed, 09 Feb 2011 17:46:07 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101230 Firefox/3.6.13 |
Follow-up Comment #1, patch #7459 (project weechat):
oh, and i forgot the POC:
$ openssl genrsa -out server.key 4096
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out
server.crt
$ openssl dhparam -outform PEM -out dhparam.pem 4096
$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem
-accept 6697
then try to connect on 127.0.0.1/6697 -ssl and there will be no verification
of the server certificate.
If we configure openssl to request a client certificate using s_server's
'-verify' option, then weechat will check the certificate (and detect it as
self-signed).
$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem
-accept 6697 -verify yes
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/patch/?7459>
_______________________________________________
Message posté via/par Savannah
http://savannah.nongnu.org/