Article delegate-en/4063 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4062@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: How to verify a server's certificate?
11 Aug 2008 09:36:15 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4062@delegate-en.ML_> on 08/11/08(18:15:29)
you Monika Schilling <p3ehqbdyi-uqy4d4tmnhjr.ml@ml.delegate.org> wrote:
 |On Monday August 11 2008 07:58, Yutaka Sato wrote:
 |> ...
 |>
 |> Thus I think setting SSL_CERT_DIR environment variable to an empty
 |> directory will be effective to solve your problem, without changing
 |> the code of DeleGate.
 |
 |Yes, this works! So I have an immediate solution.
 |
 |
 |On Monday August 11 2008 03:45, Yutaka Sato wrote:
 |> ...
 |> Maybe it is because sslway.c loades the default location of certificates
 |> together with the explicitly specified certificates.
 |
 |What do you think about a new DeleGate option which allows to switch off this 
 |implicit action. This avoids the scattered configuration (DeleGate 
 |configuration file + OpenSSL environment variable).

I did it tentatively for the testing :)
But note that the SSL (TLS) configuration of DeleGate is moving from
sslway options like -CApath to files under the CERTDIR (like ca-sv.pem)
after DeleGate/9.8.0 and the recommended way to disable the default
certificates will be making a special file under CERTDIR.
<URL:http://www.delegate.org/delegate/Manual.htm?CERTDIR>

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V