cURL / Mailing Lists / curl-users / Single Mail

curl-users

ssl peer validation not working

From: Bill Shupp <hostmaster_at_shupp.org>
Date: Mon, 30 Nov 2009 09:58:31 -0800

All,

I'm having an issue with curl and ssl peer validation. The problem is that SSL peer and host verification don't work in PHP's curl implementation (on two of my machines), nor does it work via curl CLI on those same machines. The host that should be rejected is:

https://test-id.net

It's part of an OpenID suite of tests, and has a revoked cert. wget does detect the revoked cert and prevents you from connecting without disabling verification via an option. But curl says it's verified.

I've tried pointing curl's CAPATH to use /etc/ssl/certs (openssl ca bundles), but it still fails. I've also downloaded the curl's latest bundle pem file, and pointed the request to that, but it still thinks it's verified.

Any thoughts?

Thanks!

Bill Shupp

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-11-30

This message: [ Message body ]
Next message: Daniel Stenberg: "RE: CURLE_SSH (79) curl: (79)"
Previous message: Daniel Stenberg: "SFTP winsshd (was Re: CURLE_SSH (79) curl: (79))"
Next in thread: Daniel Stenberg: "Re: ssl peer validation not working"
Reply: Daniel Stenberg: "Re: ssl peer validation not working"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]