cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: ssl peer validation not working

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 30 Nov 2009 22:44:36 +0100 (CET)

On Mon, 30 Nov 2009, Bill Shupp wrote:

> It's part of an OpenID suite of tests, and has a revoked cert. wget does
> detect the revoked cert and prevents you from connecting without disabling
> verification via an option. But curl says it's verified.
>
> I've tried pointing curl's CAPATH to use /etc/ssl/certs (openssl ca
> bundles), but it still fails. I've also downloaded the curl's latest bundle
> pem file, and pointed the request to that, but it still thinks it's
> verified.
>
> Any thoughts?

I'm far from a SSL wizard, but I thought revoked certs were provided in a CRL
that isn't immediately available when a client connects to a peer.

How does wget figure out the cert is revoked without any special CRL
treatment?

BTW, is that a wget built to use OpenSSL or GnuTLS?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2009-11-30

This message: [ Message body ]
Previous message: Daniel Stenberg: "RE: CURLE_SSH (79) curl: (79)"
In reply to: Bill Shupp: "ssl peer validation not working"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]