cURL / Mailing Lists / curl-library / Single Mail


Re: SSL with Client Cert but without Server cert validation?

From: Oscar Koeroo <>
Date: Wed, 03 Oct 2012 09:47:41 +0200

On 02-10-12 19:55, Bill Lear wrote:
> I have an unusual situation with an embedded SSL client using libcurl.
> I need to send a client certificate to the server for validation even though the client does not validate the server certificate. (CURLOPT_SSL_VERIFYPEER = 0)
> Is this possible? I have confirmed that I can establish a connection when I supply a CACert bundle and set VERIFYPEER = 1, but the connection is refused when I set VERIFYPEER = 0.
> Thanks,
> Bill


Do you have more information on how/why it failed. For example by using the
verbose output?

There are two options to toggle:
    curl_easy_setopt(hc->curl, CURLOPT_SSL_VERIFYPEER, 1L);
    curl_easy_setopt(hc->curl, CURLOPT_SSL_VERIFYHOST, 2L);

Details are available in the documentation. Setting both to zero is equal to
the "-k" option.

If you also want to remove the usage of the default included CA bundle (this
is an add-on to the previous options), then you could write a small SSL_CTX
callback function:
    curl_easy_setopt(hc->curl, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function);

This callback function will prepare a bare SSL_CTX and by default is has no
default CA location inclusion, like the CA bundle file.

List admin:
Received on 2012-10-03