Revert "openssl: Don't add verify locations when verifypeer==0" #2451

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants
@malhotrag
Contributor

malhotrag commented Apr 3, 2018

This reverts commit dc85437.

libcurl (with the OpenSSL backend) performs server certificate verification
even if verifypeer == 0 and the verification result is available using
CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the
CURLINFO_SSL_VERIFYRESULT to not have useful information for the
verifypeer == 0 use case (it would always have
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY).

Revert "openssl: Don't add verify locations when verifypeer==0"
This reverts commit dc85437.

libcurl (with the OpenSSL backend) performs server certificate verification
even if verifypeer == 0 and the verification result is available using
CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the
CURLINFO_SSL_VERIFYRESULT to not have useful information for the
verifypeer == 0 use case (it would always have
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY).
@malhotrag

This comment has been minimized.

Show comment Hide comment
@malhotrag

malhotrag Apr 3, 2018

Contributor

See comment on #2290 for more details

Contributor

malhotrag commented Apr 3, 2018

See comment on #2290 for more details

@bagder

This comment has been minimized.

Show comment Hide comment
@bagder

bagder Apr 4, 2018

Member

In the mean time, it seems the macos libressl build uses libressl 2.7.2 that causes a build error if this gets reverted. We should probably try to merge #2447 first then...

Member

bagder commented Apr 4, 2018

In the mean time, it seems the macos libressl build uses libressl 2.7.2 that causes a build error if this gets reverted. We should probably try to merge #2447 first then...

@malhotrag

This comment has been minimized.

Show comment Hide comment
@malhotrag

malhotrag Apr 4, 2018

Contributor

Sorry, I'm a little confused by the comment. Are you saying the revert causes the build failure? As I understand it, the build failure is an existing issue that #2447 is attempting to fix.

I also noticed a per-existing fuzzer failure. https://travis-ci.org/curl/curl/jobs/361624340
Is this something that needs more investigation? I could take a look if required.

Contributor

malhotrag commented Apr 4, 2018

Sorry, I'm a little confused by the comment. Are you saying the revert causes the build failure? As I understand it, the build failure is an existing issue that #2447 is attempting to fix.

I also noticed a per-existing fuzzer failure. https://travis-ci.org/curl/curl/jobs/361624340
Is this something that needs more investigation? I could take a look if required.

@bagder

This comment has been minimized.

Show comment Hide comment
@bagder

bagder Apr 6, 2018

Member

The fuzz fail was fixed already in 82dfdac

Member

bagder commented Apr 6, 2018

The fuzz fail was fixed already in 82dfdac

@bagder

This comment has been minimized.

Show comment Hide comment
@bagder

bagder Apr 6, 2018

Member

Thanks for this!

Member

bagder commented Apr 6, 2018

Thanks for this!

@bagder bagder closed this in 2536e24 Apr 6, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment