One more proposal: Getting a trust
Date: Thu, 28 Jun 2012 10:08:12 -0600
I've got one more thing to propose before the freeze:
As I mentioned earlier, on Mac OS X, if an app attempts an SSL connection and the connection fails due to trust issues, apps typically put up a window showing the failed certificate and ask if the user wants to connect anyway. But to get that, the app has to be able to read the trust that failed.
I put together a patch that makes the trust available by the proposed option CURLINFO_SSL_TRUST. I also put together a sample project that shows how this would work. For the benefit of those of you that aren't using Mac OS X, I made a video showing how it works: <http://dl.dropbox.com/u/13168713/Screen%20Recording%20-%20Broadband.m4v>
The SFCertificateTrustPanel that you see in the source code in the background is a system-provided class. When I made this, I intentionally set my system clock forward to 2014 (greetings from the future!) so that PayPal's certificate would have expired, and thus the trust would fail. Clicking "Continue" runs it again after turning off CURLOPT_SSL_VERIFYPEER, and this time it connects anyway (as expected).
Let me know what you thinků Is this something the Windows SSL support could use as well?
- application/octet-stream attachment: trust.patch