Overview
Comment: | Added certificate validation process info to the documentation |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | tls-1.8 |
Files: | files | file ages | folders |
SHA3-256: |
afe4ade02785f65518d3a39228cae1b8 |
User & Date: | bohagan on 2024-06-29 00:53:30 |
Other Links: | branch diff | manifest | tags |
Context
2024-06-29
| ||
02:46 | Added comments and function preamble comments to BIO and IO files. check-in: 9e79f40ed5 user: bohagan tags: tls-1.8 | |
00:53 | Added certificate validation process info to the documentation check-in: afe4ade027 user: bohagan tags: tls-1.8 | |
2024-06-28
| ||
19:33 | Updated Tls_NewX509Obj to use Tcl_Objs for returned hex values. Use a dynamically allocated temp buffer. check-in: 121a81e392 user: bohagan tags: tls-1.8 | |
Changes
Modified doc/tls.html
from [e737f7c8c8]
to [02cd2779a5].
︙ | |||
451 452 453 454 455 456 457 458 | 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 | + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - + + + + + + - + | </dl> <br> <hr> <h3><a name="CERTIFICATE VALIDATION">CERTIFICATE VALIDATION</a></h3> <h4>Summary of command line options:</h4> <p>The following options are used for certificate validation:</p> <ul> <li>The <b>-cadir</b> option specifies the directory where the Certificate Authority (CA) certificates are stored. The default is platform specific, but is usually "/etc/ssl/certs" on Linux/Unix systems. The default location can be overridden via the <b>SSL_CERT_DIR</b> environment variable.</li> <li>The <b>-cafile </b> option specifies the file that contains all of the Certificate Authority (CA) certificates in the PEM file format. The default is <b>cert.pem</b>, in the OpenSSL directory. On Linux/Unix systems, this is usually "/etc/ssl/ca-bundle.pem". The default file can be overridden via the <b>SSL_CERT_FILE</b> environment variable.</li> <li>The <b>-castore</b> option contains the URI to the Certificate Authority (CA) store, which may be a single container or a catalog of containers. Starting with OpenSSL 3.2 on Windows, set this to "org.openssl.winstore://" to use the built-in Windows Certificate Store. The Windows cert store only supports root certificate stores.</li> <li>The <b>-request</b> option is used to request the server send its certificate chain as part of the connection negotiation process. This is needed to do certificate validation. The default is true. In addition, the client can manually inspect and accept or reject each certificate using the <b>-validatecommand</b> option.</li> <li>The <b>-require</b> option is used to require certificate validation be performed as part of the connection negotiation process. A valid CA directory, file, or store must be present for this to work.</li> </ul> <br> <h4>When are command line options needed:</h4> <p> |
︙ |