Date: Tue, 15 Jun 2004 18:06:28 +0200
I asked about Common Names regarding IDNA:
and got some conflicting answers, but I think libcurl does the right
thing by comparing 'peer'_CN' against 'conn->host.name'. Not sure
about the ASN1_STRING_to_UTF8() wrt. IDNA. Until I find an ACE-host
with a certificate, I'll leave it.
I have some other patches:
* Tracing of SSL/TLS handshake is handy with "curl --trace". Found
some problems with some https sites this way.
* Print the details of the CERT-problem from OpenSSL; "certificate expired"
* If SSL_connect() fails and ERR_get_error() is 0, the problem is with the
socket-state itself. But OpenSSL seems to clear the errno so using SO_ERROR
isn't any help. This can happen e.g. if we request a SSLv2 method and the
host doesn't like us, it simply resets the connection. Verify with
curl --sslv2 https://www.thawte.com/ucgi/browsercheck.exe
So printing "Unknown SSL protocol error in connection to .." is better than
- text/plain attachment: diffs.txt