cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Using CURLOPT_SSL_VERIFYHOST

From: Nilesh <nilesh_at_kenati.com>
Date: Wed, 22 Mar 2006 13:55:13 +0530

Yeah I buy your point. I may need to use both the options together.

Thanks for your kind response.

Daniel Stenberg wrote:

> On Wed, 22 Mar 2006, Nilesh wrote:
>
>> curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER, 0);
>
>
>> Which gaurantees validation of ceritificate using 'hostname' or
>> 'ipaddress' of URL.
>
>
> By disabling VERIFYPEER you switch off the verification of the
> server's certificate and by using VERIFYHOST you only verify that the
> name field (common name or subjectaltname) matches the host name of
> the server.
>
> Thus, a man in the middle attack that would use a new (bad)
> certificate with the correct name field would not be discovered.
>
Received on 2006-03-22