Hi all
I looked at ssl_auth.c and found that SSL_get_verify_result is checked whether X509_V_OK.
However, according to OpenSSL(https://www.openssl.org/docs/manmaster/ssl/SSL_get_verify_result.html), it is not enough for checking valid SSL connection.
For valid checking, check whether certificate is existing or not.
This is my patch for resolving the issue.
hi, thx for the patch.
How did you find that problem ?
Hi. I am currently working on creating some static analyzer.
That analyzer found bug it.
On Wed, Nov 25, 2015 at 5:39 AM, grumpf_ grumpf_@users.sf.net wrote:
--
Regards
Insu Yun
Related
Bugs:
#37