curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: php curl insecure connection option is skipped

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Wed, 8 May 2019 02:11:03 -0400

On 5/8/2019 12:32 AM, surya chandrika wrote:
> Disabling  CURLOPT_SSL_VERIFYHOST  worked. Yes as you said this is not
> recommended.
> But am not sure why certificate with correct hostname is not
> recognized from uploaded certificate.
>  I added certificate in path "/etc/pki/ca-trust/source/anchors/
> In verbose mode it says it got 5 certificate 
>> * found 171 certificates in /etc/pki/tls/certs/ca-bundle.crt
>> * *found 5 certificates in /etc/pki/ca-trust/source/anchors/*
>> *
>> *
>> *But throw error *SSL: certificate subject name (#1300) does not
>> match target host name 'abc.com <http://abc.com/>
> Any idea why certificate is not recognized

If abc.com is a hostname in the certificate then you should not see that
message. Check if OpenSSL gives different results:

(HOST=abc.com ; echo | openssl s_client -servername $HOST -connect
$HOST:443 2>/dev/null | openssl x509 -noout -checkhost $HOST)

Instead of -checkhost $HOST you can use -text to dump the certificate
details. You should see the hostname in X509v3 Subject Alternative Name.

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-05-08