cURL / Mailing Lists / curl-library / Single Mail


Re: CURLINFO_CERTINFO only filled in if connection successful?

From: Daniel Stenberg <>
Date: Sun, 10 Nov 2013 00:33:36 +0100 (CET)

On Thu, 7 Nov 2013, Rich Bramante wrote:

> My original reason for asking this was I need to provide a workflow similar
> to a browser where, upon receiving a CURLE_SSL_CACERT error, I would display
> the server certificate details to the user and ask if they wanted to trust
> the certificate. Of course it was a chicken-vs.-egg problem in that I needed
> the connection to succeed before I could get the certificate.

Right, and in your particular case it looked like the connection was failed
before it reached the code snippet were the certinfo stuff is made.

> One workaround I considered was creating a one-shot dummy connection with
> verification disabled to just grab and present the certificate details.
> However, I am now realizing that a bigger issue is setting CURLOPT_CERTINFO
> is not supported in all of the environments I am looking at supporting (e.g.
> OSX 10.9) due to particulars of the selected ssl implementation.

Yes. Unfortunate, but true.

> Is there any other more generic way to get the server certificate
> information that does not rely on the underlying ssl implementation curl is
> using (debug callback looked like a possibility but awfully heavy handed)?
> Or do I need to consider building/bundling my own libcurl/libopenssl
> combination for each platform I want to support with my application?

To get that kind of information, I think you need to do something like that.

List admin:
Received on 2013-11-10