curl-library
Re: TLS certificate verification
Date: Sat, 20 Jun 2015 16:11:45 -0400
On 6/20/2015 3:51 PM, Daniel Stenberg wrote:
> On Sat, 20 Jun 2015, (( \/\/|||"'""/'")) ((\"""" )) (( ))\\\"\\"\ wrote:
>
>> and forgive me if I'm wrong, but it looks like the only original
>> functionality libcurl has is to verify certificates (which doesn't
>> work that well either... try verifying yahoo's cert...).
>
> All HTTPS clients check certificates (or should at least), that's
> hardly original on libcurl's part.
>
> If you have *constructive* ideas and suggestions on how to improve
> things I'm all ears.
>
> I tried 'curl https://www.yahoo.com/' just now, worked flawlessly. In
> what way is libcurl's design to blame for any problem with any TLS
> certificates?
>
What he is likely referring to is the server-sent legacy intermediate
certificate issue that affected libcurl's ability to connect to some
websites. When I use an older version of libcurl I cannot connect to
https://www.yahoo.com either. I fixed it in [1] so that's no longer a
problem in 7.43.0 and it connects fine. Also OpenSSL in 1.0.2c I believe
has a separate fix so if you have the latest OpenSSL 1.0.2 with an older
libcurl that should work as well.
Also, this is OT but I think you were right about that spamhaus thing
because I checked the archive and I'm missing a bunch of messages
starting on the 10th. Today I missed two from you but I got this one, so
it looks like it's hit-or-miss.
[1]: https://github.com/bagder/curl/commit/b8673bb
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-06-20