cURL / Mailing Lists / curl-library / Single Mail

curl-library

cacert verification

From: Jukka Pihl <jukka.pihl_at_entirem.com>
Date: Fri, 11 May 2001 17:34:41 +0300

Curl-program has option:

--cacert [cert-file]

If servert cert doesn't match with it then program just puts text (when
having -v option)

* Verify result: 21

Actually it would be nice to make program just exit with some defined
exit(2)-code in that case.

someting like this should be inserted to "lib/ssluse.c". I guess.

ssluse.c: 356

if(data->ssl.verifypeer) {
    data->ssl.certverifyresult=SSL_get_verify_result(conn->ssl.handle);
    infof(data, "Verify result: %d\n", data->ssl.certverifyresult);
+ if(data->ssl.certverifyresult != 0) {
+ failf(data, "SSL: server cert verify fails!");
+ return XXXX;
    }
  }

Any opinions.

Jukka Pihl
jukka pihl at entirem.com

_______________________________________________
Curl-library mailing list
Curl-library_at_lists.sourceforge.net
http://lists.sourceforge.net/lists/listinfo/curl-library
Received on 2001-05-11

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: cacert verification"
Previous message: Daniel Stenberg: "Re: patch for ftp resume"
Next in thread: Daniel Stenberg: "Re: cacert verification"
Reply: Daniel Stenberg: "Re: cacert verification"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]