1 (edited by rahuld3919 2019-03-19 05:28:51)

Topic: SSL server connection problem

How to connect a SSL server(the server have server signed certificate) without loading the CA certificate on Client side?.

If want to connect SSL Server with signed certificate, not required to load the CA certificate on client.

If any idea please share

Share

Re: SSL server connection problem

Hi rahuld3919,

If you are trying to connect to a server that has a self-signed certificate (server cert is signed by itself), you have two options:

1)  Load the same server certificate into the client as a trusted root certificate.  You can do this using the wolfSSL_CTX_load_verify_locations() API.

2)  Disable peer verification using the wolfSSL_CTX_set_verify() with SSL_VERIFY_NONE.  This will disable verification, and is not recommended.

Best Regards,
Chris

Re: SSL server connection problem

Hi @rahuld3919,

Can you tell us a bit about your current effort and what it is you are trying to do specifically? Why would you want to connect to a server without first loading a certificate with which to validate the server? If you do not load a certificate to validate the peer you might be connecting to any malicious server out there. This would not be a good thing. Please explain the motivation behind the inquiry. As Chris suggested when using a self signed cert just load it on both side of the connection! The client can use the self-signed cert to validate the peer.


Warmest Regards,

K

4 (edited by rahuld3919 2019-03-19 23:36:20)

Re: SSL server connection problem

Hi Kaleb

I want to connect a SSL server(have CA signed server certificate). but I don't want to Load the certificate in client .
 
In Browser we are not loading the ssl certificate to connect the HTTPS server.
I don't know how browser working, but I want same

regards
rahul

Share

Re: SSL server connection problem

Hi @rahuld3919,

Browsers come with entire stores of certificates which they load hundreds or thousands of every time they are launched. Whenever they connect to a server the browser will use every cert in it's store to try and verify that server until the store is exausted without a successful verify at which point the browser would report an error and refuse to connect to the server unless you manually add a security exception to the browser for that server. If your server certificate is signed by a CA authority and your browser connects without any issues then your browser is loading a copy of the CA that signed your server cert or it would report an error when connecting to the server.

Warm Regards,

K

Re: SSL server connection problem

Hi,

Can you give more clarifications about how to use wolfssl for adding a security feature in the  web server for communicating with a web browser(as client) in embedded applications.We need a secure data exchange between the server and client(web browser) in a LAN connection.

Regards
fabin

Share