Do Any SSL/WSS Components Perform Expiration Validation?
Posted: Sun Mar 28, 2021 4:09 pm
Hi There,
I am using encryption in several IDF components:
1. Http Client -- requests to https, for which I supply a certificate
2. OTA -- the firmware downloads from a https url, for which I supply a certificate
3. MQTT -- wss://, for which I DO NOT provide a certificate.
Question 1:
I know 1 and 2 perform CN checking by default, however I am not sure about CN checking for wss://. Is CN checking performed for 3?
Question 2:
DO ANY of the above methods check expiration time? I have read in several places that by default no expiration checking is done. I'm not setting the time on the device so I don't even know how it would be possible. If possible, I'd like to disable all expiration checking.
Thanks!
I am using encryption in several IDF components:
1. Http Client -- requests to https, for which I supply a certificate
2. OTA -- the firmware downloads from a https url, for which I supply a certificate
3. MQTT -- wss://, for which I DO NOT provide a certificate.
Question 1:
I know 1 and 2 perform CN checking by default, however I am not sure about CN checking for wss://. Is CN checking performed for 3?
Question 2:
DO ANY of the above methods check expiration time? I have read in several places that by default no expiration checking is done. I'm not setting the time on the device so I don't even know how it would be possible. If possible, I'd like to disable all expiration checking.
Thanks!