cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Does curl REALLY ignore CURLOPT_SSL_VERIFYPEER / CURLOPT_SSL_VERIFYHOST?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 27 Nov 2007 23:04:04 +0100 (CET)

On Tue, 27 Nov 2007, paranoid paranoia wrote:

> The following snippet in Curl_ossl_connect_step3 causes aborted connection
> attempts even when curl is rather clearly instructed to not bother checking
> the peer's certificate:

I can only agree that this code should not be failing if no verification of
the certificate is requested. The docs for the SSL_get_peer_certificate()
function says it can return NULL when "No certificate was presented by the
peer" and in a non-verification case that should be fine for libcurl!

You up to providing a patch that corrects this?

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html

Received on 2007-11-27

This message: [ Message body ]
Next message: paranoid paranoia: "Re: Does curl REALLY ignore CURLOPT_SSL_VERIFYPEER / CURLOPT_SSL_VERIFYHOST?"
Previous message: Johnny Luong: "Re: Does curl REALLY ignore CURLOPT_SSL_VERIFYPEER / CURLOPT_SSL_VERIFYHOST?"
In reply to: paranoid paranoia: "Does curl REALLY ignore CURLOPT_SSL_VERIFYPEER / CURLOPT_SSL_VERIFYHOST?"
Next in thread: paranoid paranoia: "Re: Does curl REALLY ignore CURLOPT_SSL_VERIFYPEER / CURLOPT_SSL_VERIFYHOST?"
Reply: paranoid paranoia: "Re: Does curl REALLY ignore CURLOPT_SSL_VERIFYPEER / CURLOPT_SSL_VERIFYHOST?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]