cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: AW: AW: Difference between CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER?

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 14 Jul 2015 00:16:43 -0400

On 7/13/2015 3:33 AM, Dr. Roger Cuypers wrote:
> Does libcurl implement the former part via SSL_get_verify_result?
>
> -----Ursprüngliche Nachricht-----
> Von: curl-library [mailto:curl-library-bounces_at_cool.haxx.se] Im Auftrag von Daniel Stenberg
> Gesendet: Freitag, 10. Juli 2015 11:29
> An: libcurl development
> Betreff: Re: AW: Difference between CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER?
>
> On Wed, 8 Jul 2015, Dr. Roger Cuypers wrote:
>
>> So simplified that means that verify peer has a similar functionality
>> like SSL_get_verify_result in OpenSSL while verify host checks the common name?
> Verify peer checks that the cert is signed by a CA, verify host makes sure the cert contains the server name.

Please don't top post it makes the conversation hard to follow. If peer
verification is enabled and fails OpenSSL will terminate the handshake.
That happens in OpenSSL. SSL_get_verify_result gets the result of the
peer verification. Host verification is different, that's done by libcurl.

[1]: https://www.openssl.org/docs/ssl/SSL_get_verify_result.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-07-14

This message: [ Message body ]
Next message: Ray Satiro via curl-library: "Re: VMS - VAX and 64 bit fixes for master to build."
Previous message: Ray Satiro via curl-library: "Re: CURL handle re-use with different query parameters"
In reply to: Dr. Roger Cuypers: "AW: AW: Difference between CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]