Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Use Platform Root CA by Default

Description

Refer to

Environment

None

Release Notes Description

None

Activity

Show:

Sergey Auseyau October 11, 2022 at 10:19 AM

Sergey Auseyau October 4, 2022 at 5:11 PM

check OPENSSLDIR value

Sergey Auseyau October 4, 2022 at 4:13 PM

For example OpenSSL module inside Ruby interpreter does it like this: https://github.com/ruby/ruby/blob/cc8ff8b50d445b0621fef9f3dce0da02ec3d406f/ext/openssl/ossl_x509store.c#L395-L418

Python also has similar logic (maybe even something windows-specific, but I haven't checked):
https://github.com/python/cpython/blob/00464bbed66e5f64bdad7f930b315a88d5afccae/Lib/ssl.py#L380-L392

Sergey Auseyau October 4, 2022 at 4:08 PM

https://www.openssl.org/docs/manmaster/man3/X509_STORE_set_default_paths.html

X509_STORE_set_default_paths_ex() is somewhat misnamed, in that it does not set what default paths should be used for loading certificates. Instead, it loads certificates into the X509_STORE from the hardcoded default paths. The library context libctx and property query propq are used when fetching algorithms from providers.

Sergey Auseyau October 4, 2022 at 6:50 AM

OpenSSL initialisation code lives here: https://github.com/couchbaselabs/couchbase-cxx-client/blob/78e3e889f01ee3f082a05d031d9f9ec7c2004195/core/cluster.hxx#L344-L398

The task is to find out what we can do regarding the subject and update this place.

Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Sprint

Story Points

Fix versions

Labels

Priority

Instabug

Open Instabug

Sentry

Zendesk Support

Created October 3, 2022 at 11:22 PM
Updated October 19, 2022 at 6:45 PM
Resolved October 12, 2022 at 10:46 AM
Instabug