Actions
Feature #14377
closed
Improve documentation for `OpenSSL::X509::Store#verify_callback=` and `OpenSSL::SSL::SSLContext#verify_callback=`
Status:
Rejected
Assignee:
-
Target version:
-
Description
I'm trying to use OpenSSL::X509::Store#verify_callback= to ignore all error during certificate validation, which according to man SSL_CTX_set_verify should be possible:
If verify_callback always returns 1, the TLS/SSL handshake will not be
terminated with respect to verification failures and the connection will
be established.
However, when I try to use simplest possible callback satifying the condition
above
cert_store.verify_callback = lambda do |preverify_ok, store_ctx|
true
end
ruby still throws exception about certificate being invalid:
$ ~/ruby_debug/bin/ruby server.rb
Traceback (most recent call last):
1: from server.rb:24:in `<main>'
server.rb:24:in `accept': SSL_accept returned=1 errno=0 state=error: certificate verify failed (self signed certificate) (OpenSSL::SSL::SSLError)
and client
$ ~/ruby_debug/bin/ruby client.rb
Traceback (most recent call last):
1: from client.rb:20:in `<main>'
client.rb:20:in `connect': SSL_connect returned=1 errno=0 state=SSLv3/TLS write finished: tlsv1 alert unknown ca (OpenSSL::SSL::SSLError)
Both server.rb and client.rb are attached.
Files
Updated by 
Updated by
Actions
Like0
Like0Like0Like0