Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: SAN certificate validation?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-users <curl-users_at_lists.haxx.se>
Date: Sun, 3 Jul 2022 11:26:20 +0200 (CEST)
On Sat, 2 Jul 2022, AlMo via curl-users wrote:
> I ran curl 7.58.0 (see version in attached pic) with -v and got a result
> indicating the CN=example.com in the cert was OK, but that curl couldn't
> find a matching subjectAltName. Is there a switch or param to disable this
> checking, or should I assume the issue is with the server software.
The issue is that it is a bad server certificate.
If there is a SAN field in the cert, that one *SHOULD* be checked and the CN
is to be ignored. If none of the SAN fields match, the cert is not okay.
curl has only one option to ignore the certificate check.
Date: Sun, 3 Jul 2022 11:26:20 +0200 (CEST)
On Sat, 2 Jul 2022, AlMo via curl-users wrote:
> I ran curl 7.58.0 (see version in attached pic) with -v and got a result
> indicating the CN=example.com in the cert was OK, but that curl couldn't
> find a matching subjectAltName. Is there a switch or param to disable this
> checking, or should I assume the issue is with the server software.
The issue is that it is a bad server certificate.
If there is a SAN field in the cert, that one *SHOULD* be checked and the CN
is to be ignored. If none of the SAN fields match, the cert is not okay.
curl has only one option to ignore the certificate check.
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-07-03