cURL / Mailing Lists / curl-users / Single Mail

curl-users

RE: Unable to verify server certificate

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 6 Aug 2008 12:38:16 +0200 (CEST)

On Tue, 5 Aug 2008, Salgar, Gowtam wrote:

> Is there a way to validate the actual server certificate.?

No.

> Lets say if I get the server certificate in advance can I use it to cross
> check while connecting every time, so that I make sure I am connecting to
> the right web site.?

That's typically what the CA cert stuff does. Together with the check that the
name within the cert matches the host name of the site.

> Bcoz just validating the CA againt the ca-bundle.crt in real scenario is not
> completely validating the actual certificate issued.?

It validates the peer's cert by the fact that the CA of it is "trusted".
That's how SSL certs work.

> In reality we do know that if a CA is valid then the certificate issued by
> the CA is also going to be valid. But we want to go one steop ahead and
> validate the actual server certificate issued by the CA.?

curl and libcurl has no feature currently...

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2008-08-06

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Help with Error 60 from Yahoo Store Hosting"
Previous message: brubelsabs: "Re: broken pipe"
In reply to: Salgar, Gowtam: "RE: Unable to verify server certificate"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]