Can we detect bad certs at startup? Make a fake request using the virtual host name? Is there a more direct way to verify with the SSL library?
Here, I tried to use the yhoti.org certs and then requested https://opendylan.org:1066/
(lldb) run --port 1066 --ssl-cert _certs/yhoti.org/fullchain1.pem --ssl-key _certs/yhoti.org/privkey1.pem --directory /var/www/opendylan.org/ --debug
Process 79451 launched: '/home/cgay/dylan/bin/http-server' (x86_64)
*** DEBUGGING ENABLED *** Error conditions will cause server to enter debugger (or exit).
I 2025-12-12T14:28:09.000+0000 [Main thread] Starting Dylan HTTP Server
I 2025-12-12T14:28:09.000+0000 [Main thread] Server root directory is /home/cgay/dylan/workspaces/http/
I 2025-12-12T14:28:09.000+0000 [Main thread] Dylan HTTP Server (v1.2.0-27-g58f1dff built on 2025-12-12T14:17:53+00:00) ready for service on 0.0.0.0:1066
I 2025-12-12T14:28:23.000+0000 [conn worker 0] close-connection({<tcp-connection> 1})
E 2025-12-12T14:28:23.000+0000 [conn worker 0] error closing socket: received ssl error error:0A000412:SSL routines::ssl/tls alert bad certificate
I 2025-12-12T14:28:23.000+0000 [conn worker 1] close-connection({<tcp-connection> 2})
E 2025-12-12T14:28:23.000+0000 [conn worker 1] error closing socket: received ssl error error:0A000412:SSL routines::ssl/tls alert bad certificate
I 2025-12-12T14:28:24.000+0000 [conn worker 2] close-connection({<tcp-connection> 3})
E 2025-12-12T14:28:24.000+0000 [conn worker 2] error closing socket: received ssl error error:0A000412:SSL routines::ssl/tls alert bad certificate
Can we detect bad certs at startup? Make a fake request using the virtual host name? Is there a more direct way to verify with the SSL library?
Here, I tried to use the yhoti.org certs and then requested https://opendylan.org:1066/