cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Server Verfication skipped with version 7.21.2

From: Ravi Doppalapudi <ravi.doppalapudi_at_gmail.com>
Date: Thu, 17 Oct 2013 12:59:05 -0500

Here are the curl logs:

I am using libcurl API and I have disabled host verification
(CURLOPT_SSL_VERIFY_HOST) but left the peer verification .

platform_start[2814]: * About to connect() to 192.168.255.100 port 13062
(#0)
platform_start[2814]: * Trying 192.168.255.100... * connected
platform_start[2814]: * Connected to 192.168.255.100 (192.168.255.100) port
13062 (#0)
platform_start[2814]: * found 1 certificates in
/rom/etc/keys.d/bcerts/FactoryCA.pem
platform_start[2814]: * server certificate verification SKIPPED
platform_start[2814]: * common name: SEM (does not match
'192.168.255.100')
platform_start[2814]: * server certificate expiration date OK
platform_start[2814]: * server certificate activation date OK
platform_start[2814]: * certificate public key: RSA
platform_start[2814]: * certificate version: #3
platform_start[2814]: * subject:
C=Unknown,ST=Unknown,L=Unknown,O=****,OU=Radio Access,CN= SEM
platform_start[2814]: * start date: Fri, 31 Dec 1999 07:20:22 GMT
platform_start[2814]: * expire date: Thu, 31 Dec 2037 23:23:23 GMT
platform_start[2814]: * issuer:
C=Unknown,ST=Unknown,L=Unknown,O=**,OU=Radio Access,CN=SEM
platform_start[2814]: * compression: NULL
platform_start[2814]: * cipher: ARCFOUR-128
platform_start[2814]: * MAC: SHA1
platform_start[2814]: * Server auth using Basic with user 'HIks89yXuU4BGfHq'
platform_start[2814]: > GET /File1.xml HTTP/1.1

On Thu, Oct 17, 2013 at 1:39 AM, Yehezkel Horowitz
<horowity_at_checkpoint.com>wrote:

> >With curl version below - I see that the server verification is skipped
> from the curl verbose logs. I am setting the CURLOPT_CAINFO to point to the
> proper certs as well. How can i setup curl so that it does validate the
> server certificates.
>
> CURLOPT_SSL_VERIFYPEER & CURLOPT_SSL_VERIFYHOST are your friends.
>
> But they have a secure default values (validate the server certificate).
>
> Can you show us how you are using curl (and the verbose logs)?
>
> If you are using the curl (not libcurl), you should NOT have -k option in
> you command-line.
>
> Regards,
>
> Yehezkel Horowitz
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-10-17