cURL / Mailing Lists / curl-library / Single Mail


Re: SSL cert error

From: Gisle Vanem <>
Date: Sun, 13 Jun 2004 13:04:00 +0200

"Daniel Stenberg" <> said:

> > Why should a difference in case of a host/domain-name be a fatal error:
> This is a bug. It only seems to happen on wildcards too. I made a fix for it,
> just committed.

I saw it. I liked the needle and the haystack :). But cert_hostcheck()
is still a bit too simple in the way it only allows a wildcard at certname[0].
It refused to match "www*" against "".

And why must there be >1 dots in a cert-mask? Private host (with
NetBIOS names) should be allowed. E.g. On Win32 and *nix with
Samba, a https://host_on_lan should work since the name_on_lan
gets resolved via WINS.

I'm working on other things in ssluse.c; allthough not strickly any
data that libcurl sees, it would be handy to see the initial SSL/TLS
transactions. i.e. with "curl --trace". OpenSSL has some callbacks
for this. Not sure it should be passed up using CURLINFO_DATA_x,
or if we should add another CURLINFO_SSL_DATA_x etc.

Received on 2004-06-13