cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: certificate verification against system cert (?) when custom CAINFO is set

From: David Strauss <david_at_davidstrauss.net>
Date: Thu, 11 Apr 2013 13:36:00 -0700

On Thu, Apr 11, 2013 at 1:22 PM, Guenter <lists_at_gknw.net> wrote:
> (that info was already in OP's initial post)

Oh, it certainly is. I must have missed it.

So, I would check out OpenSSL's validation path. As a last resort, it
should be possible to run curl in a chroot or modified file system
namespace to remove access to any system-level trusted certificates.

--
David Strauss
   | david_at_davidstrauss.net
   | +1 512 577 5827 [mobile]
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-04-11