--- Begin Message ---
As far as I know with the current client implementation the server
certificate is always valid and I believe additional work is required to
bypass validity checks and allow things like self signed certificates.
A client could check this, but it would require work to do this in
ClientTLSState::setup.
After SSL_CTX_new I believe you would need to add a call
SSL_CTX_set_verify with a verification callback which could be used to
inspect the server certificate and bypass checks. I'm not sure it's
worth the effort.
However it might be useful to add a virtual function call after the if
(fCtx == NULL) check to allow the user to make changes to the context,
e.g. setting allowed TLS versions, allowed encryption methods, ciphers etc.
The same goes for ServerTLSState::setup a virtual function might be
useful to allow the user to customise the context, if you do so I'd move
the 3 calls between SSL_CTX_new and SSL_new in setup into that virtual
function, maybe have it return a boolean value to replicate the current
break statements.
On 17/06/2025 10:21, Ross Finlayson wrote:
On Jun 17, 2025, at 2:13 AM, BENMOUSSA Yahia - Contractor via live-devel
<[email protected]> wrote:
At the client side, how we can check the validity of the server certificate ?
For ex. It is self-signed certificate or not.
As far as I know, there’s no way for the client to check this. Once the TLS
connection succeeds, it is assumed to be valid.
Ross Finlayson
Live Networks, Inc.
http://www.live555.com/
_______________________________________________
live-devel mailing list
[email protected]
http://lists.live555.com/mailman/listinfo/live-devel
--- End Message ---
_______________________________________________
live-devel mailing list
[email protected]
http://lists.live555.com/mailman/listinfo/live-devel
