This repository was archived by the owner on Jan 29, 2023. It is now read-only.
  
  
  
  
Disabled SSL verification? #18
              
                Unanswered
              
          
                  
                    
                      marcelstoer
                    
                  
                
                  asked this question in
                Q&A
              
            Replies: 1 comment 3 replies
-
| IMO, I think this is one of the intended features of using Root CA. The modern TLS root store structure has the shape of inverted pyramid, and we have here the lowest CAs in the base 
 More info can be read here If you have more questions, please post on Security StackExchange where there are much better experts to answer. | 
Beta Was this translation helpful? Give feedback.
                  
                    3 replies
                  
                
            
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment
  
        
    
Uh oh!
There was an error while loading. Please reload this page.
-
I tested two SSL/TLS examples - one HTTP, one MQTT - without updating the default
trust anchorsand it works!How is that possible?
Your examples use CA certs like "Baltimore CyberTrust Root" or "GlobalSign" as e.g. here https://github.com/khoih-prog/EthernetWebServer_SSL/blob/main/examples/WebClientMulti_SSL/trustanchors.h. I connected to HTTP & MQTT hosts that have certificates issued by other CAs. Yet, even without touching your default
trust anchorsthe hand shake did not fail. I am puzzled.Beta Was this translation helpful? Give feedback.
All reactions