>> > > therefore, do we need to set those stuff as below?
> > > Or, libcurl can handle internally
> >
> > > curl_easy_setopt(curl,CURLOPT_CAINFO,pCACertFile);
> > > curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1);
> >
> > These determine if/how libcurl verifies the validity of the
> > server certificate. Validation is turned on by default; you
> > can disable it with the VERIFYPEER option.
>
> Hi Henrik,
> I have turned it off by this:
> curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,0);
> does it mean libcurl will trust the server's certificate without
verifying?
>
> I saw server sent to my app the certificate information once my app tried
to
> hit it.
> libcurl shall handle the server's certificate for my app, then server
would
> start to send data, is it correct?
> but I didn't see server sent data after that to my app
>
> do you know why possibly?

Hi,
I traced the souce code and found in lib/ssluse.c:

if (!cert_hostcheck(peer_CN, conn_hostname)) {
    if (data->set.ss1.verifyhost > 1 ) {
        ::
        return CURLE_SSL_PEER_CERTIFICATE; //code 51, peer certificate is
not ok
    }
    else {
        : :
    }
::
}

that is why I got return code 51 from curl_easy_perform( ) and application
can't get data from server

why does it still happen even I have done this line:
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER, FALSE);

how can I totally turn off verification on client side against server
certificate?

Regds,
- Jerry

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2003-10-02