Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 2.3.18, 2.4.8
-
Component/s: REST-API
-
Labels:None
Description
The admin_ssl_ca_cert parameter uses the value of admin_ssl_cert as the client verification certificate. It also appears to be that libmicrohttpd by default doesn't verify that the client certificates are valid even if MHD_OPTION_HTTPS_MEM_TRUST is passed (unlike OpenSSL).
In addition, the CA parameter should not be mandatory as it is not required to enable TLS.