cURL / Mailing Lists / curl-library / Single Mail

curl-library

subject Alternative field check in server certificate

From: Indtiny s <indtiny_at_gmail.com>
Date: Wed, 26 Dec 2012 11:19:39 -0500

Hi ,

I am using curl to GET the resource from the server with https and
enabling the verify peer user option set .

When I execute my cCURL clinet code I get the below error .

*223: SSL: couldn't get X509-subject!*
curl_easy_perform() failed: SSL connect error error no is 35 .

 I verified the certificate with openssl command line tool , in that I
could see the subject filed is NULL and the SubjAltNames is present .

This is valid as per the As per [RFC 5280], “If subject naming information
is present only in the subjectAltName extension
(e.g., a key bound only to an email address or URI), then the subject name
MUST be an empty sequence and the subjectAltName extension MUST be critical
.

When I tried to understand the curl code for this problem Curl is calling
“X509_get_subject_name” for retrieving “SubjectName”, if “SubjectName”
field is empty, the curl is throwing “SSL: couldn't get X509-subject!”
error instead of checking for “SubjectAlternativeName extension”. ..

Is it really curl is missing to check the SubjectAlternativeName ..? if
curl support this then how to enable the curl for checking the Subject
Alternative name ?

Rgds
Indra

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-12-26