W dniu 03.05.2016, wto o godzinie 02∶12 -0700, użytkownik
li...@lazygranch.com napisał:
> jabberd2 version(2.3.6)
> I followed these instructions:
> https://github.com/jabberd2/jabberd2/wiki/InstallGuide-OpenSSLConfigu
> ration
> [...]
> SM  : sx (ssl.c:405) secure channel not established, handshake in
> progress
> SM  : sx (ssl.c:59) verify error:num=18:self signed
> certificate:depth=0:/C=US/ST=state/L=city/O=none/OU=none
> /CN=mydomain.org/emailAddress=webmas...@mydomain.org
> ----------------------------------------------------

I guess I could catch X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT (18)
in SSL_CTX_set_verify callback and pass the cert through,
but I'm ambivalent about it...

We should really discourage use of self-signed certificates.
On the other hand, it really speeds-up test deployments.

Maybe have it as an opition, to enable if you really-really need to use
self-signed certificates?

What do you think?

smoku @ http://abadcafe.pl/ @ http://xiaoka.com/

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to