TLS implementation does not validate certificate chain

[benwaffle]

You can see this by trying to connect to a TLS server using a self-signed certificate (e.g. https://self-signed.badssl.com/).

I would expect to see calls to SSL_CTX_set_default_verify_paths() and SSL_get_verify_result() in the code.

[beef9999]

What is the minimum OpenSSL version that supports SSL_CTX_set_default_verify_paths and SSL_get_verify_result ?

[Coldwings]

What is the minimum OpenSSL version that supports SSL_CTX_set_default_verify_paths and SSL_get_verify_result ?

SSL_get_verify_result is provided in openssl 1.0.2

SSL_CTX_set_default_verify_paths is for 1.1.1 above. old version can only set by SSL_use_certificate_file like API.

Current SSL adaptors in photon just simply do not validate certificates.