Am 21.10.2014 um 17:08 schrieb 润青杨:
Hello Rainkin,
I'm not a developer, but after a short look your bug essentially says
"perdition will eventually accept self-signed and expired certificates".
This is configurable and - if configured - intended to happen:
# ssl_ca_accept_self_signed:
# Accept self-signed certificates.
#ssl_ca_accept_self_signed
# ssl_cert_accept_expired:
# Accept expired certificates. This includes server certificates
# and certificats authority certificates.
ssl_cert_accept_expired
# ssl_cert_accept_not_yet_valid:
# Accept certificates that are not yet valid. This includes server
# certificates and certificats authority certificates.
ssl_cert_accept_not_yet_valid
# ssl_no_cert_verify:
# Don't cryptographically verify the real-server's certificate.
ssl_no_cert_verify
# ssl_no_cn_verify:
# Don't verify the real-server's common name with the name used
# to connect to the server.
ssl_no_cn_verify
Did your tool check the code paths for these options?
Regards
Matthias