cURL
Haxx ad
libcurl

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-library Mailing List Archives

Finer control over certificate verification in SSL

From: Don Dwiggins <don_at_dondwiggins.net>
Date: Tue, 01 Jun 2010 16:03:13 -0700

I have an application that includes a web server acting as a client to a
"backend" server (using XMLRPC over HTTP), which has been working well.
 Now, I want to secure the connection using SSL, with the client
verifying the backend server's certificate against a CA cert. I have
this partially working.

The problem I have is this: the application can be configured so that
multiple backend serves may exist on the same machine, distinguished by
their port numbers. So, I set the CN in the server certificate to
something like "foo.bar.com:4060".

Unfortunately, when I set CURLOPT_SSL_VERIFYHOST to 2, the verification
fails, because apparently libcurl only uses the host name to match the CN.

So, is there a way to tell libcurl to use the port name as well, or to
"take control" of verification with a function of my own? Alternately,
can I get access to the CN of the server certificate after "level 1"
verification, so I can write my own verification of the host name and port?

(By the way, I'm using Zend Framework's Curl Adapter on the client side,
which in turn uses the PHP curl wrapper.)

Thanks for any good words,

-- 
Don Dwiggins
Advanced Publishing Technology

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-06-02

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET