Skip to content

TLS incomplete / not safe against the public internet #297

Description

@sgerbino

Summary

As an Asio successor, Corosio's TLS is not currently safe against the public
internet; the trust store and verify callback are not wired up.

Detail

As an Asio successor, Corosio's TLS "is not currently safe against the public
internet." The docs disclose that set_default_verify_paths() leaves an empty
trust store, and set_verify_callback() "fails to link." These gaps should be
filled before Boost acceptance.

Acceptance criteria

  • Wire up set_default_verify_paths to a real trust store.
  • Make set_verify_callback link/work.
  • Document verified-safe TLS defaults.

References

Boost ML announcement + "Capy review".

Raised by Gennaro Prota, Ruben Perez (blocking). The set_verify_callback link
failure is a defect; the gaps are disclosed in Capy/Corosio's own docs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Ready

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions