cURL / Mailing Lists / curl-library / Single Mail

curl-library

Manually verifying certificate before sending HTTP request - is it possible?

From: Georgi Chulkov <georgi_at_guinpen.eu>
Date: Sat, 23 Jan 2016 00:46:38 +0100

Hello,

My application uses libcurl to connect to a HTTPS server, but I would
like to perform manual checks on the server's certificate before sending
my request. In particular, I would like to compare the Distinguished
Name within the certificate to a specific string, which is different
than the server's hostname.

My current approach is:
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_easy_setopt(curl, CURLOPT_CERTINFO, 1);
curl_easy_perform(curl);
curl_easy_getinfo(curl, CURLINFO_CERTINFO, &info);
... examine info->certinfo[0]

The problem is that I can only validate the DN after the fact. Is there
a way to perform these manual checks on the certificate after it has
been received from the server, but before the HTTP request has been
transmitted?

Thanks and regards
Georgi

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2016-01-23