wolfSSL: how to treat expired certs ?

Илья Шипицин Sun, 12 Mar 2023 10:36:48 -0700

Hello,

during enabling wolfSSL CI I met the following


#    top  TEST reg-tests/ssl/ssl_default_server.vtc FAILED (5.123) exit=2

***  h1    debug|<134>Mar 12 12:04:49 haproxy[115196]: unix:1
[12/Mar/2023:12:04:49.922] ssl-lst/1: SSL client CA chain cannot be verified
***  h1    debug|fd[0x12] OpenSSL error[0x2d] : unknown error number
***  h1    debug|fd[0x12] OpenSSL error[0x139] : received alert fatal error
**** dT    1.152
***  h1    debug|fd[0x12] OpenSSL error[0x2d] : unknown error number
***  h1    debug|fd[0x12] OpenSSL error[0x139] : received alert fatal error
**** dT    1.157
***  h1    debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current
date after
***  h1    debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current
date after
***  h1    debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current
date after
***  h1    debug|fd[0x13] OpenSSL error[0x97] : ASN date error, current
date after
***  h1    debug|<134>Mar 12 12:04:51 haproxy[115196]: unix:1
[12/Mar/2023:12:04:50.963] ssl-lst/1: SSL client CA chain cannot be verified


I wonder what is prefferable way of addressing that

1) excluding several "vtc" if haproxy is built with wolfSSL
2) adding "WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY" to cert validation

cheers,
Ilya

wolfSSL: how to treat expired certs ?

Reply via email to