cURL / Mailing Lists / curl-library / Single Mail


Re: How to verify the peer certificate by the Certificate Thumbprint

From: Daniel Stenberg <>
Date: Wed, 9 Jan 2008 18:39:15 +0100 (CET)

On Wed, 9 Jan 2008, Hou, LiangX wrote:

> If we get a peer certificate's thumbprint (a SHA-1 hash of the certificate),
> is it possible to set it as an option through "curl_easy_setopt" so as to
> verify the peer certificate by that?
> I know there is an option number "CURLOPT_CAINFO" which can be used to set
> the CA information. But what if we only get the certificate's thumbprint?

Then I think the only way is to disable libcurl's internal verification and
set CURLOPT_SSL_CTX_FUNCTION to your own function and do the entire magic by
yourself. This of course requires that you use OpenSSL as that option isn't
supported by the other SSL libs iirc.

  Commercial curl and libcurl Technical Support:
Received on 2008-01-09