curl / Mailing Lists / curl-library / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: CURLOPT_SSL_VERIFYPEER - multiple paths

From: Rainer Canavan via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 2 Jul 2020 13:01:06 +0200

[...]
> > investigation learns that certificate has 2 paths which 1 of them if valid
> > and other has 'self signed cert'. How can is setup curl lib so that it
> > 'VERIFYPEER' , so that connection succeeds if there is still 'a valid path';
> > despite some that having error?
>
> This sounds like a TLS library problem.

It does indeed sound suspiciously similar to the problems in various TLS
libraries when the "AddTrust External Root CA" expired on May 30th, where
the libraries would fail to construct an alternate, valid trust chain.

rainer
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-07-02

This message: [ Message body ]
Next message: Vermeire, Baudewijn via curl-library: "RE: CURLOPT_SSL_VERIFYPEER - multiple paths"
Previous message: Kamil Dudka via curl-library: "Re: Considering a version 8 at some point..."
In reply to: Daniel Stenberg via curl-library: "Re: CURLOPT_SSL_VERIFYPEER - multiple paths"
Next in thread: Vermeire, Baudewijn via curl-library: "RE: CURLOPT_SSL_VERIFYPEER - multiple paths"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]