[jdev] self signed cert

Tomasz Sterna tomek at xiaoka.com
Tue May 3 15:52:00 UTC 2016


W dniu 03.05.2016, wto o godzinie 02∶12 -0700, użytkownik
lists at lazygranch.com napisał:
> jabberd2 version(2.3.6)
> I followed these instructions:
> https://github.com/jabberd2/jabberd2/wiki/InstallGuide-OpenSSLConfigu
> ration
> [...]
> SM  : sx (ssl.c:405) secure channel not established, handshake in
> progress
> SM  : sx (ssl.c:59) verify error:num=18:self signed
> certificate:depth=0:/C=US/ST=state/L=city/O=none/OU=none
> /CN=mydomain.org/emailAddress=webmaster at mydomain.org
> ----------------------------------------------------

I guess I could catch X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT (18)
in SSL_CTX_set_verify callback and pass the cert through,
but I'm ambivalent about it...

We should really discourage use of self-signed certificates.
On the other hand, it really speeds-up test deployments.

Maybe have it as an opition, to enable if you really-really need to use
self-signed certificates?

What do you think?


-- 
smoku @ http://abadcafe.pl/ @ http://xiaoka.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20160503/81ea44c2/attachment.sig>


More information about the JDev mailing list