Look at the code again:

If the user lets libcurl do that call and it doesn't care about checking the cert or the host name in the cert, then the return code is ignored. Isn't that how you'd go ahead? I mean, ADH pretty much means that you ignore checking the server cert doesn't it?

---
** [bugs:#1290] Client code, ADH, servercert, and NULL certifcate**
**Status:** open
**Created:** Sun Oct 13, 2013 09:12 AM UTC by Jeffrey Walton
**Last Updated:** Sun Oct 13, 2013 08:48 PM UTC
**Owner:** Daniel Stenberg
    // From ssluse.c, around line 2127
    connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
    if(!connssl->server_cert) {
      if(strict)
        failf(data, "SSL: couldn't get peer certificate!");
      return CURLE_PEER_FAILED_VERIFICATION;
    }
In client code, `SSL_get_peer_certificate` will return `NULL` in the case of ADH *if* the server does not have a certificate to offer. If the user asked for ADH, then the return value might be misleading or even incorrect.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.