curl-users
RE: Unable to verify server certificate
Date: Wed, 6 Aug 2008 12:38:16 +0200 (CEST)
On Tue, 5 Aug 2008, Salgar, Gowtam wrote:
> Is there a way to validate the actual server certificate.?
No.
> Lets say if I get the server certificate in advance can I use it to cross
> check while connecting every time, so that I make sure I am connecting to
> the right web site.?
That's typically what the CA cert stuff does. Together with the check that the
name within the cert matches the host name of the site.
> Bcoz just validating the CA againt the ca-bundle.crt in real scenario is not
> completely validating the actual certificate issued.?
It validates the peer's cert by the fact that the CA of it is "trusted".
That's how SSL certs work.
> In reality we do know that if a CA is valid then the certificate issued by
> the CA is also going to be valid. But we want to go one steop ahead and
> validate the actual server certificate issued by the CA.?
curl and libcurl has no feature currently...
-- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users FAQ: http://curl.haxx.se/docs/faq.html Etiquette: http://curl.haxx.se/mail/etiquette.htmlReceived on 2008-08-06