On 7/7/15 10:12 AM, Dr. Roger Cuypers wrote:
>
> Greetings,
>
> can someone explain me what the difference between
> CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER is in the context of
> a client program? For a client, the host and the peer are both the server.
>
> The only difference I can make out at first glance is that verifypeer
> may cause the connection to fail while verifyhost is tested later.
>
The difference is visible if you look at the summary of each option:
CURLOPT_SSL_VERIFYPEER - verify the peer's SSL certificate
CURLOPT_SSL_VERIFYHOST - verify the certificate's name against host

Note the difference in the description.
VERIFYPEER basically makes sure the certificate itself is valid (i.e.,
signed by a trusted CA, the certificate chain is complete, etc).
VERIFYHOST checks that the host you're talking to is the host named in
the certificate.

(using a driver's license analogy: VERIFYPEER makes sure the license
itself is not fake; VERIFYHOST makes sure the person whose name and
photo are on the license is the same as the person showing the license :)

HTH,
-Vadim

> Regards
>
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-07-07