curl / Mailing Lists / curl-library / Single Mail


RE: Fetching the detail of SSL Host verification failure

From: Basuke Suzuki via curl-library <>
Date: Thu, 25 Oct 2018 17:20:54 +0000

> >
> > Because OpenSSL returns no validation error, the field for this verify
> > result is available in the situation. When verifyhost() fails, return
> > code is unchanged from CURLE_PEER_FAILED_VERIFICATION and put newly
> > defined error code into data->set.ssl. certverifyresult which is
> > available by curl_easy_getinfo with CURLINFO_SSL_VERIFYRESULT. This
> > doesn't break existing application.
> >
> > We are ready to send a PR for solution 4, but before sending this, we
> > want to hear the voice of community.
> This is the approach I personally prefer. Just make sure you document the
> specific error codes and for what situations they are used, as detailed as
> possible. This is the sort of thing that people soon might want for other SSL
> backends as well and then we need detailed explanations to know how to
> implement and use them there as well...

Got it. Thanks for the comment. I'll open a PR.

Basuke Suzuki
Sony PlayStation
Received on 2018-10-25