• ikod (20/20) Nov 15 2016 Hello,

ikod <geller.garry gmail.com> writes:

Hello,

Sorry if this is FAQ, or any other way stupid question, e.t.c.

I have to configure vibe.d tlsstream to verify remote certificate.

Please correct me if I'm wrong -- here is part of my code to 
request certificate verification:

     auto sslctx = createTLSContext(TLSContextKind.client);
     
sslctx.useTrustedCertificateFile("/opt/local/etc/openssl/cert.pem");
     sslctx.peerValidationMode = TLSPeerValidationMode.trustedCert;
     auto _stream = createTLSStream(_conn, sslctx, host);

the problem here is call to useTrustedCertificateFile. At compile 
time I do not know place of cert authority file, and this 
location can also be unknown for program user even if there is a 
way to configure it during program start.

libopenssl provide call SSL_CTX_set_default_verify_paths(ctx) - 
which configure default (already known to library code) location 
of ca certs distributed with openssl.

Is there any way for vibed sslctx to configure CA cert path "by 
default value"?

Thanks for your responce!