Using SSL/TLS without the server certificate validation check.

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
KoSa_1909416
Level 5
Level 5
Distributor - Marubun (Japan)
250 sign-ins 25 replies posted First solution authored

Hi All,

I am planning to make a client to connect to the https server with WiCED.

Then I hope to disable the server certificate validation check.

The SSL/TLS handshake process I have mentioned is as follows.

I checked the URL "The SSL/TLS Handshake: an Overview - SSL.com" .

          https://www.ssl.com/article/ssl-tls-handshake-overview/

In the third step

          "Client verifies the server's certificate, then extracts the public key ....... .......

           ..................... then sends it to the server."

I want that the Client does not verify the server's certificate.

Is there any client-side sample code like this ?

Best Regards,

Sakagami

0 Likes
1 Solution
GauravS_31
Moderator
Moderator
Moderator
10 questions asked 250 solutions authored 250 sign-ins

The TLS 1.2 spec is defined in https://tools.ietf.org/html/rfc5246 for your reference. If you want to skip certificate verification, you can set WICED_TLS_DEFAULT_VERIFICATION to TLS_NO_VERIFICATION in wiced_defaults.h.

View solution in original post

1 Reply
GauravS_31
Moderator
Moderator
Moderator
10 questions asked 250 solutions authored 250 sign-ins

The TLS 1.2 spec is defined in https://tools.ietf.org/html/rfc5246 for your reference. If you want to skip certificate verification, you can set WICED_TLS_DEFAULT_VERIFICATION to TLS_NO_VERIFICATION in wiced_defaults.h.