cURL / Mailing Lists / curl-library / Single Mail



From: Daniel Stenberg <>
Date: Wed, 22 Mar 2006 09:04:02 +0100 (CET)

On Wed, 22 Mar 2006, Nilesh wrote:

> curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER, 0);

> Which gaurantees validation of ceritificate using 'hostname' or 'ipaddress'
> of URL.

By disabling VERIFYPEER you switch off the verification of the server's
certificate and by using VERIFYHOST you only verify that the name field
(common name or subjectaltname) matches the host name of the server.

Thus, a man in the middle attack that would use a new (bad) certificate with
the correct name field would not be discovered.

  Commercial curl and libcurl Technical Support:
Received on 2006-03-22