cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: SSL: certificate subject name does not match target host name

From: Chidanand Gangur <chidanand.gangur_at_gmail.com>
Date: Tue, 18 Oct 2005 19:33:06 +0530

Hi,
Thanks for your suggestion Daniel. I used libcurl CURLOPT_SSL_VERIFYHOST =
false. But the main cause of the problem was with respect to Key Usage
attribute in certificate. I had set it just to "key encipherment" now I
added one more option "digital certificate" to it.

Things are working fine now.

Cheers
Chidanand.

On 10/16/05, Wayne Dawson <Wayne_Dawson_at_inventuresolutions.com> wrote:
>
> Not to point our the obvious, but...
> Yes, you can revoke your certificat and use the proper Common Name when
> you generate your CSR. (The common name in the certificate signing
> request, has to be the host part of the DNS name of the site you're
> trying to use ssl on.)
>
> -----Original Message-----
> From: curl-users-bounces_at_cool.haxx.se
> [mailto:curl-users-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
> Sent: Thursday, October 13, 2005 2:47 PM
> To: the curl tool
> Subject: Re: SSL: certificate subject name does not match target host
> name
>
> On Thu, 13 Oct 2005, Chidanand Gangur wrote:
>
> > When I try to acces my index page using curl I get the following error
>
> > message. I do not want to use "-k" option. Does curl provide any other
>
> > option which can over come this problem
>
> > * SSL: certificate subject name 'TestServer' does not match target
> > host name 'vml3chidanandg'
>
> With the command line tool you cannot avoid this without using -k, as
> when I added the option I thought that you mostly _either_ want to
> verify the cert or you don't. Of course I could very well agree on
> adding an option that would allow this.
>
> In libcurl land however, you have the option to verify the cert part and
> skip the host name vs CN checking part. Disable CURLOPT_SSL_VERIFYHOST
> and no CN or other checks will be used against the host name.
>
> --
> Commercial curl and libcurl Technical Support:
> http://haxx.se/curl.html
>
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual to whom they are addressed. If you have
> received this email in error, please delete this email from your system.
>
>

--
Chidanand Gangur
Pune.
Received on 2005-10-18