]> git.ipfire.org Git - thirdparty/curl.git/commit
projects / thirdparty / curl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5bbe732) | patch
wolfssl: ignore errors in CA path
authorDaniel Stenberg <daniel@haxx.se>
Fri, 29 Sep 2023 10:58:43 +0000 (12:58 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Sat, 30 Sep 2023 09:19:38 +0000 (11:19 +0200)
commit463528b0f874be22461de5398b7414feb43d0a76
treebc01071c54550034bd5fd9c03a34ce6210850f3dtree
parent5bbe732d20c7d1aa057db1b570282fe12bc3af1bcommit | diff
wolfssl: ignore errors in CA path

The default wolfSSL_CTX_load_verify_locations() function is quite picky
with the certificates it loads and will for example return error if just
one of the certs has expired.

With the *_ex() function and its WOLFSSL_LOAD_FLAG_IGNORE_ERR flag, it
behaves more similar to what OpenSSL does by default.

Even the set of default certs on my Debian unstable has several expired
ones.

Assisted-by: Juliusz Sosinowicz
Assisted-by: Michael Osipov
Closes #11987
lib/vquic/curl_ngtcp2.c diff | blob | blame | history
lib/vtls/wolfssl.c diff | blob | blame | history
Mirror of https://github.com/curl/curl.git