[ruby-core:85069] [Ruby trunk Feature#14377] Improve documentation for `OpenSSL::X509::Store#verify_callback=` and `OpenSSL::SSL::SSLContext#verify

< ^ > P N |<>| ^ _>< --- | ~ ...Help
Issue #14377 has been updated by graywolf (Gray Wolf).

Tracker changed from Bug to Feature
Subject changed from OpenSSL::X509::Store#verify_callback= doesn't seem to work as expected to Improve documentation for `OpenSSL::X509::Store#verify_callback=` and `OpenSSL::SSL::SSLContext#verify_callback=`
ruby -v deleted (ruby 2.6.0dev (2018-01-20 trunk 61969) [x86_64-linux])
Backport deleted (2.3: UNKNOWN, 2.4: UNKNOWN, 2.5: UNKNOWN)

It seems that it works as intended, however `SSLContext#verify_callback=` is completely missing from documentation ( https://docs.ruby-lang.org/en/2.5.0/OpenSSL/SSL/SSLContext.html ).

Will make patch to document it properly.

----------------------------------------
Feature #14377: Improve documentation for `OpenSSL::X509::Store#verify_callback=` and `OpenSSL::SSL::SSLContext#verify_callback=`
https://bugs.ruby-lang.org/issues/14377#change-69787

* Author: graywolf (Gray Wolf)
* Status: Open
* Priority: Normal
* Assignee: 
* Target version: 
----------------------------------------
I'm trying to use `OpenSSL::X509::Store#verify_callback=` to ignore all error during certificate validation, which according to `man SSL_CTX_set_verify` should be possible:

> If verify_callback always returns 1, the TLS/SSL handshake will not be
> terminated with respect to verification failures and the connection will
> be established.

However, when I try to use simplest possible callback satifying the condition
above

	cert_store.verify_callback = lambda do |preverify_ok, store_ctx|
		true
	end

ruby still throws exception about certificate being invalid:

	$ ~/ruby_debug/bin/ruby server.rb 
	Traceback (most recent call last):
		1: from server.rb:24:in `<main>'
	server.rb:24:in `accept': SSL_accept returned=1 errno=0 state=error: certificate verify failed (self signed certificate) (OpenSSL::SSL::SSLError)

and client

	$ ~/ruby_debug/bin/ruby client.rb 
	Traceback (most recent call last):
		1: from client.rb:20:in `<main>'
	client.rb:20:in `connect': SSL_connect returned=1 errno=0 state=SSLv3/TLS write finished: tlsv1 alert unknown ca (OpenSSL::SSL::SSLError)

Both `server.rb` and `client.rb` are attached.


---Files--------------------------------
client.rb (533 Bytes)
server.rb (709 Bytes)


-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>