curl / Mailing Lists / curl-library / Single Mail


RE: Fetching the detail of SSL Host verification failure

From: Daniel Stenberg via curl-library <>
Date: Wed, 31 Oct 2018 13:22:43 +0100 (CET)

On Mon, 29 Oct 2018, wrote:

> Oh my. I thought I need to return OpenSSL error code because current code
> base is doing so.
>> lerr = *certverifyresult = SSL_get_verify_result(BACKEND->handle);

Hm, you're right of course. But this isn't documented... An interesting

Gah, why did we do it like that! I can only see that only NSS and OpenSSL ever
support this.

Okay, what about this adjusted plan:

Create a new info flag ("CURLINFO_SSL_VERIFIED" ?) that works the way I
described it, that can return certificate verification details in a SSL
backend agnostic way and we document that clearly and as preferred over

What do you think? (It also needs a separate proxy version.)

Received on 2018-10-31