Thank youu PS, I know there will be risk without authentication but it is mostly like a enclosed system, And also we have the replacement mechanism to do the authentication. I look into the source code find that before the do check_trust there is a flag ctx->param->trust. Anyone know how to set it.
Some cases we need authentication but to others we need not. So callback function is not the best choice. Anyone can help me, Thank you. 2009/2/19 PS <mytechl...@gmail.com> > There are a couple of alternatives. > You can set a callback function in the SSL_set_verify method. This callback > function can then be used to mask the self-signed error.( See > http://openssl.org/docs/ssl/SSL_CTX_set_verify.html# ) > Alternatively, on the client side, you can invoke SSL_set_verify() method > with the flag SSL_VERIFY_NONE. > > BTW, it is a potentially insecure system that you have if you intend to do > this unless your only goal is to provide enryption and not authentication. > > PS > > On Thu, Feb 19, 2009 at 2:22 AM, Anri Lau <anri...@gmail.com> wrote: > >> >> All, >> >> I encountered a problem. There is no trusted cert list in my system, so I >> have to ignore the certificate chain self signed error. Which API can I use? >> >> Two API invocation below do not worked. >> >> SSL_CTX_set_trust(ctx, X509_TRUST_SSL_CLIENT); >> X509_STORE_set_trust(store, 1); >> >> Thank you. >> >> -- >> Best regards to you and your family >> > > -- Best regards to you and your family
