Follow-up Comment #1, patch #7459 (project weechat):
oh, and i forgot the POC:
$ openssl genrsa -out server.key 4096
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out
server.crt
$ openssl dhparam -outform PEM -out dhparam.pem 4096
$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem
-accept 6697
then try to connect on 127.0.0.1/6697 -ssl and there will be no verification
of the server certificate.
If we configure openssl to request a client certificate using s_server's
'-verify' option, then weechat will check the certificate (and detect it as
self-signed).
$ openssl s_server -cert server.crt -key server.key -dhparam dhparam.pem
-accept 6697 -verify yes
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/patch/?7459>
_______________________________________________
Message posté via/par Savannah
http://savannah.nongnu.org/
_______________________________________________
Weechat-dev mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/weechat-dev
