You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It appears that libustream-wolfssl20200215, which is used as the default TLS client implementation in current OpenWRT snapshot images, checks only if the CN or SAN in the server certificate matches the hostname, but not if the certificate was actually issue/signed by a trusted CA (thus making all other checks completely pointless) or if the certificate has expired.
I can confirm this on 19.07 as well. It's not related to version bump from wolfssl 4.4.0 to 4.5.0 (latest stable release), I've tried to downgrade and the problem is same with the previous version as well, so the problem is probably somewhere in the libustream-wolfssl library itself.