curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: self signed certificates evaluation fails on Windows and OSX using the system provided back end

From: Tomalak Geret'kal via curl-library <curl-library_at_cool.haxx.se>
Date: Sun, 11 Apr 2021 12:47:34 +0100

On 10/04/2021 23:05, Daniel Stenberg via curl-library wrote:
>
>
>> Shouldn't libcurl offer a switch to disable revocation
>> check of self-signed
>> certificates?
>
> libcurl doesn't know "self-signed". but you can ask it to
> disable revocation checks with CURLOPT_SSL_OPTIONS's
> CURLSSLOPT_NO_REVOKE bit.

For what it's worth, I am turning this option on for any
build using Schannel in an environment that may use
self-signed certificates, or root certs that do MITM on a
corporate network; security issues with this aside, it's
common practice in many corporate networks, and adding this
option mimics what browsers do in this scenario.

It is kind of a shame that the optoin is an all-or-nothing
proposition, but I get why.

Cheers

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Received on 2021-04-11