cURL / Mailing Lists / curl-library / Single Mail

curl-library

Override libcurl's server cert validation (WINSSL)

From: Ribhi Kamal <rbhkamal_at_gmail.com>
Date: Fri, 4 Nov 2016 17:17:43 -0400

Hi all,
I'm trying to find a way to enable me to tell libcurl "Hey, I know this
FTPS server is using a bad certificate, but its OK! I recognize its public
key, so please go ahead and connect to it." In other words, I would like to
have a say when libcurl is validating a certificate without turning off
certificate validation completely. See example below.

My main motivation is that I'm writing a windows program that downloads
files from an FTPS server and I don't want to modify the machines
certificate stores so that the server's cert is trusted. Does libcurl have
a callback or an option that allows to specify my own custom server cert
validation?

Something like this (none of this is real):

static bool my_func(char * tServerCertPEM, size_t size)
{
  bool bIsValid = false;

   // Do my own checking
   bIsValid = CustomCheck(tServerCertPEM, size);

   if (!bIsValid)
   {
     // Fallback to the default libcurl cert validation
     bIsValid = curl_super_dupper_easy_validate_cert(tServerCertPEM, size);
   }

   return bIsValid;
}

int main()
{
.
.
curl_easy_setopt(curl, CURLOPT_SSL_CERTVALIDATOR, my_func);
.
.
}

Thanks!

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-11-04