5.2.20
11/24/2020

[#292] System default openssl certificates are not used
Summary System default openssl certificates are not used
Queue gloox
Queue Version 1.0.23
Type Bug
State Unconfirmed
Priority 1. Low
Owners
Requester pulkomandy (at) gmail (dot) com
Created 11/15/2020 (9 days ago)
Due
Updated 11/15/2020 (9 days ago)
Assigned
Resolved

History
11/15/2020 02:41:13 PM pulkomandy (at) gmail (dot) com Comment #1
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ System default openssl certificates are not used
Queue ⇒ gloox
Reply to this comment
If I don't specify a cacert directory or file, I expected the default 
system ones to be used. This would require gloox to call  int 
SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); but apparently it 
doesn't.

Is that intentional? It's a bit annoying because there is no way to 
access the openssl context from outside gloox, so I can't use this API 
in my client. As a result I can't connect to any server if I want to 
rely on CertInfo.status to check validity of certificates, unless I 
hardcode the path to the system cacerts.pem file.

(btw, 1.0.24 is not available as a release to report bugs again in the 
bugtracker)