On Wednesday, October 30, 2013 3:29 PM Mike Mio wrote:

>>I am attempting to upgrade my FTP program to the Win32 v7.33.0 libCURL
dlls.
>>Plain FTP works correctly but when I try to connect via SSL I get this
error:
>>"SSL peer certificate or SSH remote key was not OK"
>>CURLOPT_SSL_VERIFYPEER is set to 0
>>I am wonder if some default changed that I need to account for or there
something I was doing incorrectly but previously worked for some reason.

Ok, well I have answer if anyone is interested:
Due to an excessively cursory reading of the docs line "If libcurl is built
against NSS and CURLOPT_SSL_VERIFYPEER is zero, CURLOPT_SSL_VERIFYHOST is
ignored.", CURLOPT_SSL_VERIFYHOST was not set (to 0)

That worked just fine until v.7.33.0

The different between v7.33.0 and previous versions was this:
  
if(!data->set.ssl.verifypeer && !data->set.ssl.verifyhost)
  (void)servercert(conn, connssl, FALSE);
  else
    retcode = servercert(conn, connssl, TRUE);

versus this:

if(!data->set.ssl.verifypeer)
  (void)servercert(conn, connssl, FALSE);
  else
    retcode = servercert(conn, connssl, TRUE);

Mike

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-11-06