Re: MySql TLS Multi-CA Heirarchy Support Question
It will do what the underlying SSL library does. The client does do SSL_CTX_load_verify_locations(ssl_fd->ssl_context, ca_file, ca_path).
And then, if there's CRL support and a CRL location or file:
X509_STORE_load_locations(store, crl_file, crl_path);
X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
The way I read the openssl docs for these functions I'd guess the answer to your question is yes, the certificates in the chain are verified for validity too (expiration, valid signatures and revocation if supported).
Otherwise good point on the singular-vs-plural.
Subject
Views
Written By
Posted
1180
February 02, 2017 05:20PM
Re: MySql TLS Multi-CA Heirarchy Support Question
647
February 20, 2017 08:21AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.