Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
black_list_man2021-09-06 23:28:41
C++ / C#
black_list_man, 2021-09-06 23:28:41

How to disable certificate verification in BearSSL?

Is it possible to disable certificate verification in the BearSSL library?
Task context: there is a mapping application with support for raster tiles. Many tile servers use HTTPS. Decided to use BearSSL as an SSL library. There are very few examples. And as far as I understand, in order to communicate with the server, I need to add the root certificate corresponding to this server to the list (trusted anchors). Those. for each server you need to have your own root certificate, and up-to date, because they tend to expire. This is not how I imagined the work of an SLL client. Or am I not understanding something? In my application, the user should be able to add any tile source. How can I anticipate all options? Security is of little concern to me, I don’t understand why encrypt this kind of content at all.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
K
ky0, 2021-09-07
@ky0

Yes, everything works exactly as you described - either a set of periodically updated root certificates is used, whether it is the browser store, as in FF, is global for the OS (a package ca-certificatesin Linux is it), or some kind of application's own keystore; or we forget about checks and accept any certificate, even a self-signed one.
Judging by this ticket , there is no such possibility (yet).
Regarding "the ability to add any source of tiles", everything indicated in the first paragraph is true - either users use sources with valid certificates, or they will have to add them to the OS / application keystore by hand, or forget about encrypting connections, allowing everything in a row.

Report
C
CityCat4, 2021-09-07
@CityCat4

I don't care much about safety.

But she worries others. Although for those who do not care about it, of course it is necessary to provide for the "accept all certificates" mode.
Yes, for each server you need to have its publisher's certificate in the root store - that's why LE is so popular :) When establishing a connection, if the publisher's certificate cannot be verified - there is no trust, the certificate is not valid.

Similar questions
P
Pavel2016-06-25 16:09:44
How to make a button for loading images in the additional field DLE when you click the review? 3Reply
1
12332112022-02-03 16:21:05
Is there a site for evaluating an npm module? 3Reply
U
Uno2018-12-07 00:48:24
What is more important: experience or diploma? 7Reply
A
Archakov Dennis2016-07-10 15:15:53
Why doesn't Opera load MP3s in? 3Reply
P
parkito2016-05-27 00:13:40
How to store the result of a system command call? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question