cURL / Mailing Lists / curl-library / Single Mail


Re: SSL failed with curl for self signed certs

From: Peter Sylvester <>
Date: Thu, 11 Oct 2012 21:05:28 +0200


On 10/11/2012 08:33 PM, Oscar Koeroo wrote:
> On 11-10-12 10:14, Indtiny s wrote:
>> Hi,
>> I am using the tool which is given by zigbee aliance to generate the
>> selfsigned CA certs , there I can not add the subject .
You may look into the test directory of curl, there are two shell scripts to create
a CA cert a a server cert. They directly use the openssl x509 command.
There are serveral configuration file examples of how to put correct or
bad values into a servername. but ...

>> I have disabed the host verification in (lib)curl (CURLOPT_SSL_VERIFYHOST,
>> 0L);
>> But still I am getting the same error .
this indeed disables the hostname check ...
>> How to manually add the subject name to certtificate .
> Hi,
> Please set CURLOPT_SSL_VERIFYPEER to 0L too. That will probably do the trick.
disabling checks of authenticity is not exactly a good advice IMHO.

one has to understand the purpose of ca cert, it is to
verify a server cert that was signed by the private key corresponding
to the public key in th ca cert.

The client needs the ca cert in a file specified by the CURLOPT_CAINFO option.
The public part, not the private key, just in case to avoid the usual
confusion about the meaning of 'certificate'.

> Creating a self-signed certificate in a more standardized way is not to
> hard. There is sufficient information available that fits your working
> environment in the best possible way.
There is no such such thing as a 'more standardised' way.
if one gets something different than snake oil without
state and location ... :-)


List admin:
Received on 2012-10-11