OPERATIONAL DEFECT DATABASE
...
...
There is no way to perform a soft server certificate verification.
No way to perform a soft server certificate verification and continue the handshake as though the verification is OK, even if it is not OK.
Server-side SSL forward proxy when 'server certificate is set to 'require' and 'untrusted CA response control' and 'expired certificate response control' are both set to 'ignore'.
None.
There is a new sys db variable: tmm.ssl.servercert_softval with default value 'disabled'. When this sys db variable is 'enabled', calling SSL::verify_result will return a soft verfiy_result value. Typical use case: It is used in the server-side SSL forward proxy when 'server certificate is set to 'require' and 'untrusted CA response control' and 'expired certificate response control' are both set to 'ignore' but would like to perform a soft server certificate verification.
There is a new sys db variable: tmm.ssl.servercert_softval with default value 'disabled'. When this sys db variable is 'enabled', calling SSL::verify_result will return a soft verfiy_result value. Typical use case: It is used in the server-side SSL forward proxy when 'server certificate is set to 'require' and 'untrusted CA response control' and 'expired certificate response control' are both set to 'ignore' but would like to perform a soft server certificate verification.
Click on a version to see all relevant bugs
F5 Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
