cURL / Mailing Lists / curl-library / Single Mail


RE: How do I customise SSL hostname validation

From: Patrick Monnerat <>
Date: Wed, 29 Jan 2014 11:02:32 +0100

Peter Andrews wrote:

> What I would like to know is can I send a request to a specific IP
address and still verity the certificate contains the expect hostname?

Hi Peter,

This is a TLS problem, not a curl problem.

IMHO, the only way to achieve what you want is to specify the "subject
alternative name" (SAN) extension in the server's certificate.

While most clients check IP addresses to IP-type SAN fields, IE wants IP
addresses as names (DNS). Thus you have to put both forms for each IP

Most clients also dot not check the CN when the SAN is given (so does
curl): so put also the host name in a SAN field.

In short, build your SAN with the following info:
- the host name as DNS type
- IP 1 as IP
- IP 1 as DNS
- IP 2 as IP
- IP 2 as DNS


List admin:
Received on 2014-01-29