cURL / Mailing Lists / curl-library / Single Mail



From: Nick Zitzmann <>
Date: Sun, 29 Mar 2015 11:20:30 -0500

> On Mar 28, 2015, at 6:43 PM, Jeroen Ooms <> wrote:
> In my client I disabled all SSL verification using:
> curl_easy_setopt(handle, CURLOPT_SSL_VERIFYHOST, 0L);
> However for some servers this actually results in an error. For
> example on OSX 10.10, this works:
>> curl
> But this fails:
>> curl --insecure
> curl: (35) SSL peer handshake failed, the server most likely requires
> a client certificate to connect

Can you file a bug with Apple, please? I think the problem is in the Security framework, not curl, because what's happening is --insecure sets the option "kSSLSessionOptionBreakOnServerAuth" in the SSLContextRef, but for some reason, the call to SSLHandshake() after the context is configured is returning errSSLPeerHandshakeFail on that server when that option is set. I've never seen this happen before. It certainly doesn't happen with "mainstream" sites like Google, Apple, etc.

Apple's bug reporter is here: <>

Nick Zitzmann

List admin:
Received on 2015-03-29