Author njs
Recipients Hiroaki.Kawai, asmodai, chaen, chet, christian.heimes, dsoprea, dstufft, jcea, joernheissler, maker, miki725, mmasztalerczuk, njs, pitrou, underrun
Date 2019-11-27.00:13:37
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1574813617.47.0.985360367811.issue18233@roundup.psfhosted.org>
In-reply-to
Content
There's another important use case for this, that hasn't been discussed here. If you want to use openssl for TLS + the system trust store to verify certificates, then you need to disable openssl's certificate validation, perform the handshake, and then extract the certificate chain that there peer sent and pass it to the system native APIs to validate.

For this case, we don't need to do any validation or resolution on the chain – we just want to pull out the DER that the peer sent. AFAICT, the lack of this functionality is the one major blocker to using the system trust store with the 'ssl' module.
History
Date User Action Args
2019-11-27 00:13:37njssetrecipients: + njs, jcea, pitrou, christian.heimes, asmodai, maker, Hiroaki.Kawai, underrun, dstufft, dsoprea, miki725, mmasztalerczuk, chet, joernheissler, chaen
2019-11-27 00:13:37njssetmessageid: <1574813617.47.0.985360367811.issue18233@roundup.psfhosted.org>
2019-11-27 00:13:37njslinkissue18233 messages
2019-11-27 00:13:37njscreate