cURL / Mailing Lists / curl-and-php / Single Mail

curl-and-php

Re: Adding a certificate

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sun, 16 Mar 2003 17:01:08 +0100 (CET)

On Sat, 15 Mar 2003, Jesse Brede wrote:

> I am trying to add my own uncertified certificate to curls
> curl-ca-bundle.crt file on a machine that will be connecting to my own
> servers in which I have installed the same certificates.

I'm certainly not a cert wizard, but I'll tell you my side of the story:

They should be separate ones. The CA cert is a cert used to verify the server
cert. They are not the same.

> I am also looking for a concise explanation about the curl_setopt flats
> VERIFYPEER AND VERIFYHOST. When to use which and why?

VERIFYPEER is set to enable or disable peer certificate verify. If set to
TRUE, you should also provide a cert path or dir using CAINFO or CAPATH.

VERIFYHOST defines what kind of verify on the name in the peer certificate
you want. The name in the cert is supposedly the same as the host name you're
communicating to.

Both these are documented in the curl_easy_setopt man page.

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
Received on 2003-03-16