curl / Mailing Lists / curl-users / Single Mail


Re: Intermediate Certificate

From: Daniel Stenberg <>
Date: Thu, 6 Dec 2018 23:23:32 +0100 (CET)

On Thu, 6 Dec 2018, Marcionelli Michele wrote:

> I wrote a kind of link-checker in bash using curl and sometimes the check
> fails - I think - because an incomplete certificate chain. But with a
> browser the certificate looks good.

1. That's a broken site as a TLS server isn't suppposed to act like this.

2. Browsers tend to cache intermediate certificates and curl doesn't, which
makes them handle missing ones in many cases.

3. There's a x509 extension called AIA (Authority Information Access) that
tells the browser where it can download the extra certficiate for this. This
is supported by some browsers if I understand things correctly. curl does not.

Received on 2018-12-06