cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: How to verify the peer certificate by the Certificate Thumbprint

From: Hou, LiangX <liangx.hou_at_intel.com>
Date: Tue, 22 Jan 2008 16:37:44 +0800

-----Original Message-----
From: curl-library-bounces_at_cool.haxx.se [mailto:curl-library-bounces_at_cool.haxx.se] On Behalf Of Daniel Stenberg
Sent: 2008110 1:39
To: libcurl development
Subject: Re: How to verify the peer certificate by the Certificate Thumbprint

On Wed, 9 Jan 2008, Hou, LiangX wrote:

> If we get a peer certificate's thumbprint (a SHA-1 hash of the certificate),
> is it possible to set it as an option through "curl_easy_setopt" so as to
> verify the peer certificate by that?
>
> I know there is an option number "CURLOPT_CAINFO" which can be used to set
> the CA information. But what if we only get the certificate's thumbprint?

>Then I think the only way is to disable libcurl's internal verification and
>set CURLOPT_SSL_CTX_FUNCTION to your own function and do the entire magic by
>yourself. This of course requires that you use OpenSSL as that option isn't
>supported by the other SSL libs iirc.

Daniel,
   Your advice is really helpful. Thank you very much.
Liang

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2008-01-22