cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: SSL: certificate subject name does not match target host name

From: Wayne Dawson <Wayne_Dawson_at_inventuresolutions.com>
Date: Sat, 15 Oct 2005 16:05:12 -0700

Not to point our the obvious, but...
Yes, you can revoke your certificat and use the proper Common Name when
you generate your CSR. (The common name in the certificate signing
request, has to be the host part of the DNS name of the site you're
trying to use ssl on.)

-----Original Message-----
From: curl-users-bounces_at_cool.haxx.se
[mailto:curl-users-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
Sent: Thursday, October 13, 2005 2:47 PM
To: the curl tool
Subject: Re: SSL: certificate subject name does not match target host
name

On Thu, 13 Oct 2005, Chidanand Gangur wrote:

> When I try to acces my index page using curl I get the following error

> message. I do not want to use "-k" option. Does curl provide any other

> option which can over come this problem

> * SSL: certificate subject name 'TestServer' does not match target
> host name 'vml3chidanandg'

With the command line tool you cannot avoid this without using -k, as
when I added the option I thought that you mostly _either_ want to
verify the cert or you don't. Of course I could very well agree on
adding an option that would allow this.

In libcurl land however, you have the option to verify the cert part and
skip the host name vs CN checking part. Disable CURLOPT_SSL_VERIFYHOST
and no CN or other checks will be used against the host name.

--
  Commercial curl and libcurl Technical Support:
http://haxx.se/curl.html
This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom they are addressed. If you have received this email in error, please delete this email from your system.
Received on 2005-10-16