tzippy84
commented
2 months ago If you dont mind me asking, how would you use the X509_STORE_CTX_set_verify_cb in a potential solution to this problem?
Open Fethbita opened 5 months ago
tzippy84
commented
2 months ago If you dont mind me asking, how would you use the X509_STORE_CTX_set_verify_cb in a potential solution to this problem?
Fethbita
commented
2 months ago @tzippy84 As I explained in the https://github.com/sfackler/rust-openssl/issues/2220 issue, with this callback function we can check the error that is passed, and if it is X509_V_ERR_EC_KEY_EXPLICIT_PARAMS then we can return false. That would make the x509_vfy.c#172 check invalid (it would not return) and the code would continue running.
Master List verification fails during master list parsing with the following error:
This error is caused by openssl and there are issues for this created in
opensslGitHub: https://github.com/openssl/openssl/issues/9286 https://github.com/openssl/openssl/issues/20117 https://github.com/openssl/openssl/issues/20119 however it seems that there won't be an solution implemented anytime soon. The solution that can be currently implemented is to use theX509_STORE_CTX_set_verify_cbfunction, however that one is not exposed by rust-openssl. An issue for exposing this function is created inrust-opensslGitHub: https://github.com/sfackler/rust-openssl/issues/2220.