Re: Does curl REALLY ignore CURLOPT_SSL_VERIFYPEER / CURLOPT_SSL_VERIFYHOST?
Date: Tue, 27 Nov 2007 23:04:04 +0100 (CET)
On Tue, 27 Nov 2007, paranoid paranoia wrote:
> The following snippet in Curl_ossl_connect_step3 causes aborted connection
> attempts even when curl is rather clearly instructed to not bother checking
> the peer's certificate:
I can only agree that this code should not be failing if no verification of
the certificate is requested. The docs for the SSL_get_peer_certificate()
function says it can return NULL when "No certificate was presented by the
peer" and in a non-verification case that should be fine for libcurl!
You up to providing a patch that corrects this?
-- Commercial curl and libcurl Technical Support: http://haxx.se/curl.htmlReceived on 2007-11-27