Hi,

when using libcurl (version 7.10.8) from a C++ program, I try to
establish a secure connection to an apache web server. I use the
CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_VERIFYPEER and CURLOPT_CAINFO
options, and thus, I receive an error „SSL: certificate subject name
'test.arp-guard.com' does not match target host name '192.168.0.25'“
when I connect to an address which does not match the address mentioned
in the certificate.

However, since other connection problems are quite normal in TCP/IP
networks, my application tries to connect for a second time. I can see
that the line before calling curl_easy_perform for the second time is
executed, but curl_easy_perform seems to crash since the line after it
is not executed and the process does no longer exist.

My application calls curl_global_init at the beginning, and for each
connection it creates an own handle using curl_easy_init (and
curl_easy_cleanup). Using tcpdump, I can see that several packets are
exchanged for the first connection, but for the second connection, only
a few packets are exchanged.

Thus, I assume that cURL uses a cache where it stores SSL parameters to
avoid a complete SSL handshake each time a new connection to a known
server is established. However, since the first connection ended with a
certificate mismatch, the cached information might not be complete?

Any help for this problem (workarounds or bug fixes) is much
appreciated,

regards,

Andreas

-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op%cck
Received on 2003-12-09