Hi,

Is it possible to override the hostname validation for SSL certificates? I
have 2 servers with the same hostname (Primary & Standby) but different IP
Addresses. My application needs to poll a test page on both servers to
check their status, To do this I have to specify the IP address instead
of the hostname in the URL.
e.g.
  curl_easy_setopt(curl, CURLOPT_URL, "https://x.x.x.x/test.html");

When using the IP address in the URL the following error gets returned
after calling curl_easy_perform(...)

* SSL: certificate subject name 'myserver.test.com' does not match target
host name '192.168.x.x'
* Closing connection #0
* SSL peer certificate was not ok
curl_easy_perform() failed: SSL peer certificate was not ok

I can solve this error by turning of the hostname validation using
CURLOPT_SSL_VERIFYHOST but this would not be adequate for out security
requirements.

What I would like to know is can I send a request to a specific IP address
and still verity the certificate contains the expect hostname?

I am using CURL version 7.15.5

Thanks Pete

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-01-29