cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: ssl certificates again

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 24 Mar 2003 23:42:05 +0100 (CET)

On Mon, 17 Mar 2003, Philippe Raoult wrote:

(I'm sorry this has taken me a while!)

> > caveats:
>
> another one :
> * now i seem to get those : cURL error : SSL:
> error:00000001:lib(0):func(0):reason(1).

> It looks like it is related to the VERIFYPEER option.

Yes, I see reason 1 returned from OpenSSL at times when the ca cert doesn't
properly verify the peer.

> I cant figure out what the code is trying to do, but the callback curl uses
> for checking the peer doesnt seem to do anything, i dont know if it's
> really useful. If anyone can enlighten me on this ...

Are you saying that your patch makes this error more likely to occur or just
that you saw this even with your patch applied?

A few remarks on your patch:

We can't depend on the HAVE_XXX or USE_SSLEAY defines in the curl/curl.h
header, since that is a public header and we can't expect other applications
to set those defines in the same manner as (lib)curl does.

Also, all other options that set callbacks have a corresponding option that
sets the user data pointer. As in READFUNCTION/READDATA,
WRITEFUNCTION/WRITEDATA so I guess it would make the best sense if
CERTFUNCTION had a CERTDATA that set the user pointer passed in to the
callback...

I was also missing the man page section describing how the new option works
and is supposed to be used by applications. I would LOVE a source code
example showing this...

-- 
 Daniel Stenberg -- curl, cURL, Curl, CURL. Groks URLs.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2003-03-24