curl-library
Re: certificate verification against system cert (?) when custom CAINFO is set
Date: Sat, 13 Apr 2013 13:40:34 +0200
On Fri, Apr 12, 2013 at 8:53 AM, Dima Tisnek <dimaqq_at_gmail.com> wrote:
> On 11 April 2013 23:39, Daniel Stenberg <daniel_at_haxx.se> wrote:
>> On Thu, 11 Apr 2013, Dima Tisnek wrote:
>>
>>> I'm trying to use curl with custom CA's only, but it seems server
>>> certificate gets verified against system CA's too.
>>
>>
>> I don't remember the exact details right now, but Apple has added some magic
>> for certificate verification in their OpenSSL version.
>
> oh that makes sense, I did see TrustevaluationAgent get loaded right
> after openssl.
> I guess it's not a bug, but a feature then....
>
> I'm not in a hurry to work around it on osx, perhaps it's enough to
> document this behaviour.
Daniel discussed about Apple's OpenSSL patches on his blog back in 2011.
http://daniel.haxx.se/blog/2011/11/05/apples-modified-ca-cert-handling-and-curl/
Thank you, Daniel. :-)
Aside, Apple's OSS modifications are available as per-project tarballs
here: http://opensource.apple.com/tarballs/
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-04-13