cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Using CURLOPT_SSL_VERIFYHOST

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 22 Mar 2006 09:04:02 +0100 (CET)

On Wed, 22 Mar 2006, Nilesh wrote:

> curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER, 0);

> Which gaurantees validation of ceritificate using 'hostname' or 'ipaddress'
> of URL.

By disabling VERIFYPEER you switch off the verification of the server's
certificate and by using VERIFYHOST you only verify that the name field
(common name or subjectaltname) matches the host name of the server.

Thus, a man in the middle attack that would use a new (bad) certificate with
the correct name field would not be discovered.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html

Received on 2006-03-22

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Patch for CURLOPT_CONNECT_ONLY"
Previous message: Nilesh: "Re: Using CURLOPT_SSL_VERIFYHOST"
In reply to: Nilesh: "Re: Using CURLOPT_SSL_VERIFYHOST"
Next in thread: Nilesh: "Re: Using CURLOPT_SSL_VERIFYHOST"
Reply: Nilesh: "Re: Using CURLOPT_SSL_VERIFYHOST"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]