Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/tls: Add a way to disable certificate validation #2546

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

net/tls: Add a way to disable certificate validation #2546

wants to merge 1 commit into from
+23 −0

Conversation

p12tic
Copy link
Contributor

@p12tic p12tic commented Nov 22, 2024

This feature is useful when testing TLS client with a server that does not have proper certificates setup yet.

The API to control this has been added to the certificate_credentials class because an instance of that class is already accepted by functions that may want to configure TLS. This way the requirement of additional set of overloads is avoided.

Controlling certificate validation is not completely unrelated to what certificate_credentials already does. It effectively controls which server certificetes the client is going to accept. Calling set_enable_certificate_verification(true) effectively adds all possible certificates to the set of accepted certificates. set_priority_string() already offers a similar control on algorithm quality.

@p12tic p12tic force-pushed the tls-cert-verification-disable branch from f86ca7a to 2456c3c Compare November 24, 2024 17:23
@xemul xemul requested a review from elcallio November 25, 2024 09:04
elcallio
elcallio approved these changes Nov 25, 2024
View reviewed changes
Copy link
Contributor

@elcallio elcallio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's hope no one uses this.

@xemul
Copy link
Contributor

xemul commented Nov 28, 2024

Conflicts, please rebase (@p12tic )

@p12tic
net/tls: Add a way to disable certificate validation
6b62deb 
This feature is useful when testing TLS client with a server that does
not have proper certificates setup yet.

The API to control this has been added to the certificate_credentials
class because an instance of that class is already accepted by functions
that may want to configure TLS. This way the requirement of additional
set of overloads is avoided.

Controlling certificate validation is not completely unrelated to what
certificate_credentials already does. It effectively controls which
server certificetes the client is going to accept. Calling
set_enable_certificate_verification(true) effectively adds all possible
certificates to the set of accepted certificates. set_priority_string()
already offers a similar control on algorithm quality.
@p12tic p12tic force-pushed the tls-cert-verification-disable branch from 2456c3c to 6b62deb Compare November 28, 2024 12:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elcallio elcallio elcallio approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@p12tic @xemul @elcallio