Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: Unable to verify server certificate

From: Salgar, Gowtam <Gowtam_Salgar_at_adp.com>
Date: Tue, 5 Aug 2008 19:58:11 -0400

Is there a way to validate the actual server certificate.?

Lets say if I get the server certificate in advance can I use it to
cross check while connecting every time, so that I make sure I am
connecting to the right web site.?

Bcoz just validating the CA againt the ca-bundle.crt in real scenario is
not completely validating the actual certificate issued.?

In reality we do know that if a CA is valid then the certificate issued
by the CA is also going to be valid. But we want to go one steop ahead
and validate the actual server certificate issued by the CA.?

-----Original Message-----
From: curl-users-bounces_at_cool.haxx.se
[mailto:curl-users-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
Sent: Tuesday, August 05, 2008 2:39 PM
To: the curl tool
Subject: Re: Unable to verify server certificate

On Tue, 5 Aug 2008, Salgar, Gowtam wrote:

> I need to connect to a secure website which is https based. I have to
> validate the certificate of the site before connecting.
>
> I trying opening the site, exporting the certificate from IE to .cer
format
> and then use openssl to convert it to .pem as CURL supports only ..pem

> format only.

That's not what you need or want to do. When you _verify_ a remote
certificate, you need a ca cert bundle not a copy of the server's
certificate. 

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
-----------------------------------------
This message and any attachments are intended only for the use of
the addressee and may contain information that is privileged and
confidential. If the reader of the message is not the intended
recipient or an authorized representative of the intended
recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this
communication in error, notify the sender immediately by return
email and delete the message and any attachments from your system.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2008-08-06