cURL / Mailing Lists / curl-library / Single Mail

curl-library

Does curl REALLY ignore CURLOPT_SSL_VERIFYPEER / CURLOPT_SSL_VERIFYHOST?

From: paranoid paranoia <paranoid.paranoia_at_gmail.com>
Date: Tue, 27 Nov 2007 14:40:15 +0100

The following snippet in Curl_ossl_connect_step3 causes
aborted connection attempts even when curl is rather clearly
instructed to not bother checking the peer's certificate:

ssluse.c: (lines 1638-1641 in 7.6.14, 1624-1628 in today's snapshot)
//-----------------------------------------------------
  connssl->server_cert = SSL_get_peer_certificate(connssl->handle);
  if(!connssl->server_cert) {
    failf(data, "SSL: couldn't get peer certificate!");
    return CURLE_SSL_PEER_CERTIFICATE;
  }
//-----------------------------------------------------

This code is executed _no_matter_what_ even when
CURLOPT_SSL_VERIFYPEER, CURLOPT_SSL_VERIFYHOST,
and CURLOPT_CAINFO are *all* set to 0.

WHY?!??
Received on 2007-11-27