Home
last modified time | relevance | path

Searched hist:f7b97bf7d9139c8b602d3da3aadbeef0631e39c1 (Results 1 – 2 of 2) sorted by relevance

/trunk/main/ucb/source/ucp/webdav/
H A DCurlSession.hxxf7b97bf7d9139c8b602d3da3aadbeef0631e39c1 Sun Apr 21 15:07:24 UTC 2024 Damjan Jovanovic <damjan@apache.org> Override OpenSSL's certificate verification with our own, instead of
using its verification and selectively overriding the result.
- A nonsense self-signed expired certificate is fed into Curl to get it
to initialize even when the certificates in its expected system path
are missing or elsewhere.
- In Curl's CURLOPT_SSL_CTX_FUNCTION, our Curl_SSLContextCallback, we
then completely override OpenSSL's verification process with ours,
using SSL_CTX_set_cert_verify_callback() (instead of the previous
SSL_CTX_set_verify() which just allows us to override OpenSSL's
verification result).
- The verification is largely the same as before, we just have to call
slightly different functions to retrieve the certificate to verify and
the untrusted chain.
- Create components using the component context, not the legacy multi
service factory.
- Various other cleanups, better logging, etc. were made in the process.

Patch by: me
H A DCurlSession.cxxf7b97bf7d9139c8b602d3da3aadbeef0631e39c1 Sun Apr 21 15:07:24 UTC 2024 Damjan Jovanovic <damjan@apache.org> Override OpenSSL's certificate verification with our own, instead of
using its verification and selectively overriding the result.
- A nonsense self-signed expired certificate is fed into Curl to get it
to initialize even when the certificates in its expected system path
are missing or elsewhere.
- In Curl's CURLOPT_SSL_CTX_FUNCTION, our Curl_SSLContextCallback, we
then completely override OpenSSL's verification process with ours,
using SSL_CTX_set_cert_verify_callback() (instead of the previous
SSL_CTX_set_verify() which just allows us to override OpenSSL's
verification result).
- The verification is largely the same as before, we just have to call
slightly different functions to retrieve the certificate to verify and
the untrusted chain.
- Create components using the component context, not the legacy multi
service factory.
- Various other cleanups, better logging, etc. were made in the process.

Patch by: me