You are not logged in. Please login or register.
Active topics Unanswered topics
Welcome to the wolfSSL Forums!
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
References
Stable Releases - download stable product releases.
Development Branch - latest development branch on GitHub.
wolfSSL Manual - wolfSSL (formerly CyaSSL) product manual and API reference.
Search options
Kaleb and Bitgid thank you very much for the responses, since we have earlier version of WOLFSSL (WOLFSSL_ALT_CERT_CHAINS available from October 2017) we are going to override verification result with verify_cb if it will prove necessary.
Thanks again!
Amir
Thanks Bitgid, but I've seen this manual and the answer to my question is not there.
to clarify: assuming we have 3 certificates A->B->C (A signed B, B signed C), where A is self-signed certificate, is there a way to load B as the my trust anchor, and allow WOLFSSL to authenticate C only with B (that is, without self-signed certificate)?
this behavior will be equivalent to OPENSSL with "partial_chain" flag.
anyway, thanks!
Amir
Hello,
OPENSSL provide the flag "partial_chain" that allow non self signed certificates to be used as CA, and verify certificates signed by one of those non self signed CA certificates. also, with "partial_chain" a non self signed CA can verify itself (which I'm not sure that is a private case of the partial chain verification rule).
is there a similar behavior supported by WOLFSSL? I'm looking for partial chain verification, self-verification, or both.
I know there is possibility to overwrite the verification result with verify_cb mechanism but I want to use WOLFSSL verification schemes. maybe I can call relevant WOLFSSL function from inside my verify_cb?
Thanks!
Amir
p.s.
without the flag, OPENSSL return "unable to get local issuer certificate". WOLFSSL return -188 (ASN_NO_SIGNER_E).
Posts found: 3
Generated in 0.015 seconds (95% PHP - 5% DB) with 4 queries