New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ValidateCertificate should be able to validate certificate chain #96

Open

asbachb opened this issue Jul 26, 2018 · 1 comment

Labels

Diverge from zcash Enhancement

asbachb commented Jul 26, 2018

I guess zend should be able to verify the certification chain like every other ssl enabled service (httpd, imaps, ...)

Adding the intermediate certificate like described in step 3,4 (https://zencash.atlassian.net/wiki/spaces/ZEN/pages/7537014/Part+6+-+Procure+and+Configure+Certificate) should not be necessary if ValidateCertificate (https://github.com/ZencashOfficial/zen/blob/48bba6a7b46f428b75f4cd925ff91d1f1fd462b2/src/zen/utiltls.cpp#L417) would behave correctly.

A problem which might help with that issue is that zend is currently not providing the entire certificate chain during handshake.
see https://github.com/asbachb/zen/blob/master/src/zen/tlsmanager.cpp#L183

The text was updated successfully, but these errors were encountered:

asbachb added a commit to asbachb/zen that referenced this issue


          Loading entire certificate chain from file into ssl context instead i…

5bead7c

…nstead of only the first one.

This enables a client to retrieve a full certificate chain during a tls handshake.

relates to HorizenOfficial#96

tarrenj added Enhancement Diverge from zcash labels

Contributor

tarrenj commented Jul 30, 2018

Also see #85 and #85

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment