SSL_CTX_set_verify() is used to modify the default value in an SSL_CTX instance and that will apply to every SSL instance created from that SSL_CTX. SSL_set_verify() is used to set the parameter for each SSL instance. Either call can be used in general to do the same.
SSL_CTX_set_verify() would be appropriate if the same parameters would apply to all SSL handshake instances, but that is not the case with an EAP server that handles both EAP-TLS (require client certificate validation) and EAP-TTLS/PEAP (do not require client certificate validation). SSL_set_verify() for each SSL instance is the way to go in such cases as can be seen in the implementation here. In other words, this report does not look valid to me and it does not identify any real issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1677947 Title: no SSL certificate verify To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/moonshot-gss-eap/+bug/1677947/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
