cURL / Mailing Lists / curl-library / Single Mail


Re: SSLv2 and certificate verification

From: Cris Bailiff <>
Date: Sat, 12 Oct 2002 08:47:45 +1000

The site is using a 'chained' or 'intermediate' certificate, as is usual with
verisign 'global' certificates. (The site cert is signed by a 'Verisign Trust
Network' cert, which is in turn signed by the Verisign root key in the ca-bundle

ssl2 doesn't support certificate chaining, that features is only in ssl3 and
above, so the certificate chain can't be verified when using ssl2.

Don't use ssl2 - there's no good reason if you have ssl3 capable software (and
you almost always do) - ssl2 is broken in plenty of other ways too.


Craig Davison wrote:
> Hi again,
> Does anyone know why this might fail due to a certificate problem (with 7.10.1):
> curl -2
> While SSLv3 (-3) and TLSv1 (-1) succeed?
> Other hosts I can make this happen with are,, and upload, tms and analyzer are IIS servers, whereas sfcm is running Apache on UNIX.
> Is this a problem with our certificates, or is SSLv2 certificate verification somehow broken?
> Thanks in advance for any help.

This email is sponsored by:ThinkGeek
Welcome to geek heaven.
Received on 2002-10-12