cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Curl for https

From: Nick Zitzmann <nick_at_chronosnet.com>
Date: Thu, 1 Aug 2013 10:20:48 -0600

On Aug 1, 2013, at 7:26 AM, "Bunse, Stephan (Stephan)" <stephan.bunse_at_alcatel-lucent.com> wrote:

> Hello,
>
> I want to write a program, which retrieves information using https. Unfortunately, the server has a self signed certificate, so curl fails, unless the options CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST are set to 0. That works, but I would like to download the certificate of the server, store it and check against it next time. Does anybody have an idea how to do this?

I can't really recommend programming an HTTPS client that arbitrarily accepts self-signed certificates for obvious security reasons. It's probably better to distribute the certificate with the program if it is the legitimate certificate.

Anyway, to allow libcurl to work with self-signed certificates once you have one: If you are using Schannel or Secure Transport for TLS, then you must import the certificate into the system and mark it as trusted. For all other engines, save the certificate, and pass the path to it into curl_easy_setopt() with the option CURLOPT_CAINFO.

Nick Zitzmann
<http://www.chronosnet.com/>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-08-01