Hi ,

I am using curl to GET the resource from the server with https and
enabling the verify peer user option set .

When I execute my cCURL clinet code I get the below error .

*223: SSL: couldn't get X509-subject!*
curl_easy_perform() failed: SSL connect error error no is 35 .

 I verified the certificate with openssl command line tool , in that I
could see the subject filed is NULL and the SubjAltNames is present .

This is valid as per the As per [RFC 5280], �If subject naming information
is present only in the subjectAltName extension
(e.g., a key bound only to an email address or URI), then the subject name
MUST be an empty sequence and the subjectAltName extension MUST be critical
.

When I tried to understand the curl code for this problem Curl is calling
�X509_get_subject_name� for retrieving �SubjectName�, if �SubjectName�
field is empty, the curl is throwing �SSL: couldn't get X509-subject!�
error instead of checking for �SubjectAlternativeName extension�. ..

Is it really curl is missing to check the SubjectAlternativeName ..? if
curl support this then how to enable the curl for checking the Subject
Alternative name ?

Rgds
Indra

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-12-26