ufobat
commented
6 years ago I am looking for the ability to set own verfiy_callbacks, as they're mentioned there: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_verify.html
Open jnthn opened 7 years ago
ufobat
commented
6 years ago I am looking for the ability to set own verfiy_callbacks, as they're mentioned there: https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_verify.html
It appears that certificates presented by servers are not being verified. Which that behavior is often exposed as an option, it is not a good default as it means man-in-the-middle attacks can be easily missed, greatly reducing the utility of SSL. Feel free to crib from this commit.
I'd like to contribute the various C function bindings missing in this module, but that I've temporarily added in my work-in-progress
IO::Socket::Async::SSL, back to this one, so we can keep all of the C binding aspects of OpenSSL in one place; I'll submit a PR for that once my development work over in my new module gets a bit further along.