cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: SSL_VERIFYPEER=FALSE workaround also needs VERIFYHOST=1?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 2 Dec 2002 07:45:25 +0100 (MET)

On Sun, 1 Dec 2002, Soren Spies wrote:

> > 2. curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
>
> In trying to use this workaround (on a system with no default bundle
> installed), I had to look at the curl(1) source and add the line:
> curl_easy_setopt(tempCURL, CURLOPT_SSL_VERIFYHOST, 1); // also
> needed
>
> Should I have had to do that? Should it be documented?

SSL_VERIFYHOST makes sure that the host name used in the server's certificate
matches the host name you're using. It isn't strictly connected to the
SSL_VERIFYPEER option.

But it should be documented, yes.

You may be getting problems with SSL_VERIFYHOST set to 2 due to curl's
current inability to understand wildcards in the name field:
http://sourceforge.net/tracker/index.php?func=detail&aid=634700&group_id=976&atid=100976

> I also noticed that TOT curl_easy_setopt.3 doesn't document current
> functionality:

> Here's a diff to make it somewhat more up to date:

[snip]

Thanks, I'm applying!

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2002-12-02