| Summary | System default openssl certificates are not used |
| Queue | gloox |
| Queue Version | 1.0.23 |
| Type | Bug |
| State | Unconfirmed |
| Priority | 1. Low |
| Owners | |
| Requester | pulkomandy (at) gmail (dot) com |
| Created | 11/15/2020 (384 days ago) |
| Due | |
| Updated | 11/15/2020 (384 days ago) |
| Assigned | |
| Resolved |
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ System default openssl certificates are not used
Queue ⇒ gloox
system ones to be used. This would require gloox to call int
SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); but apparently it
doesn't.
Is that intentional? It's a bit annoying because there is no way to
access the openssl context from outside gloox, so I can't use this API
in my client. As a result I can't connect to any server if I want to
rely on CertInfo.status to check validity of certificates, unless I
hardcode the path to the system cacerts.pem file.
(btw, 1.0.24 is not available as a release to report bugs again in the
bugtracker)