curl-library
RE: How to verify the peer certificate by the Certificate Thumbprint
Date: Tue, 22 Jan 2008 16:37:44 +0800
-----Original Message-----
From: curl-library-bounces_at_cool.haxx.se [mailto:curl-library-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
Sent: 2008Äê1ÔÂ10ÈÕ 1:39
To: libcurl development
Subject: Re: How to verify the peer certificate by the Certificate Thumbprint
On Wed, 9 Jan 2008, Hou, LiangX wrote:
> If we get a peer certificate's thumbprint (a SHA-1 hash of the certificate),
> is it possible to set it as an option through "curl_easy_setopt" so as to
> verify the peer certificate by that?
>
> I know there is an option number "CURLOPT_CAINFO" which can be used to set
> the CA information. But what if we only get the certificate's thumbprint?
>Then I think the only way is to disable libcurl's internal verification and
>set CURLOPT_SSL_CTX_FUNCTION to your own function and do the entire magic by
>yourself. This of course requires that you use OpenSSL as that option isn't
>supported by the other SSL libs iirc.
Daniel,
Your advice is really helpful. Thank you very much.
Liang
-- Commercial curl and libcurl Technical Support: http://haxx.se/curl.htmlReceived on 2008-01-22