Summary
As an Asio successor, Corosio's TLS is not currently safe against the public
internet; the trust store and verify callback are not wired up.
Detail
As an Asio successor, Corosio's TLS "is not currently safe against the public
internet." The docs disclose that set_default_verify_paths() leaves an empty
trust store, and set_verify_callback() "fails to link." These gaps should be
filled before Boost acceptance.
Acceptance criteria
- Wire up
set_default_verify_paths to a real trust store.
- Make
set_verify_callback link/work.
- Document verified-safe TLS defaults.
References
Boost ML announcement + "Capy review".
Raised by Gennaro Prota, Ruben Perez (blocking). The set_verify_callback link
failure is a defect; the gaps are disclosed in Capy/Corosio's own docs.
Summary
As an Asio successor, Corosio's TLS is not currently safe against the public
internet; the trust store and verify callback are not wired up.
Detail
As an Asio successor, Corosio's TLS "is not currently safe against the public
internet." The docs disclose that
set_default_verify_paths()leaves an emptytrust store, and
set_verify_callback()"fails to link." These gaps should befilled before Boost acceptance.
Acceptance criteria
set_default_verify_pathsto a real trust store.set_verify_callbacklink/work.References
Boost ML announcement + "Capy review".
Raised by Gennaro Prota, Ruben Perez (blocking). The
set_verify_callbacklinkfailure is a defect; the gaps are disclosed in Capy/Corosio's own docs.