Tickets :: [#292] System default openssl certificates are not used

Summary	System default openssl certificates are not used
Queue	gloox
Queue Version	1.0.23
Type	Bug
State	Unconfirmed
Priority	1. Low
Owners
Requester	pulkomandy (at) gmail (dot) com
Created	11/15/2020 (686 days ago)
Due
Updated	02/13/2022 (231 days ago)
Assigned
Resolved

02/13/2022 07:32:09 PM	pulkomandy (at) gmail (dot) com	Comment #2	Reply to this comment
Proposed patch: https://github.com/haikuports/haikuports/blob/master/net-libs/gloox/patches/gloox-1.0.24.patchset#L78

11/15/2020 02:41:13 PM	pulkomandy (at) gmail (dot) com	Comment #1 State ⇒ Unconfirmed Priority ⇒ 1. Low Type ⇒ Bug Summary ⇒ System default openssl certificates are not used Queue ⇒ gloox	Reply to this comment
If I don't specify a cacert directory or file, I expected the default system ones to be used. This would require gloox to call int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); but apparently it doesn't. Is that intentional? It's a bit annoying because there is no way to access the openssl context from outside gloox, so I can't use this API in my client. As a result I can't connect to any server if I want to rely on CertInfo.status to check validity of certificates, unless I hardcode the path to the system cacerts.pem file. (btw, 1.0.24 is not available as a release to report bugs again in the bugtracker)