[Ovmsdev] TLS CA question
casner at acm.org
Thu Mar 4 09:00:37 HKT 2021
I find that I need to enable the following option in my testing of the
possible replacement of MEDTLS with WolfSSL, otherwise I get an "ASN
no signer to confirm" error:
WOLFSSL_ALT_CERT_CHAIN allows CA's to be presented by peer, but
not part of a valid chain. Default wolfSSL behavior is to require
validation of all presented peer certificates. This also allows
loading intermediate CA's as trusted and ignoring no signer
failures for CA's up the chain to root. The alternate certificate
chain mode only requires that the peer certificate validate to a
Is that expected for the trust arrangements we are using?
A possibly related question: do we expect the server to validate
clients, or only the clients to validate the server?
More information about the OvmsDev