cURL / Mailing Lists / curl-library / Single Mail


Re: TLS certificate verification

From: Ray Satiro via curl-library <>
Date: Sat, 20 Jun 2015 16:11:45 -0400

On 6/20/2015 3:51 PM, Daniel Stenberg wrote:
> On Sat, 20 Jun 2015, (( \/\/|||"'""/'")) ((\"""" )) (( ))\\\"\\"\ wrote:
>> and forgive me if I'm wrong, but it looks like the only original
>> functionality libcurl has is to verify certificates (which doesn't
>> work that well either... try verifying yahoo's cert...).
> All HTTPS clients check certificates (or should at least), that's
> hardly original on libcurl's part.
> If you have *constructive* ideas and suggestions on how to improve
> things I'm all ears.
> I tried 'curl' just now, worked flawlessly. In
> what way is libcurl's design to blame for any problem with any TLS
> certificates?

What he is likely referring to is the server-sent legacy intermediate
certificate issue that affected libcurl's ability to connect to some
websites. When I use an older version of libcurl I cannot connect to either. I fixed it in [1] so that's no longer a
problem in 7.43.0 and it connects fine. Also OpenSSL in 1.0.2c I believe
has a separate fix so if you have the latest OpenSSL 1.0.2 with an older
libcurl that should work as well.

Also, this is OT but I think you were right about that spamhaus thing
because I checked the archive and I'm missing a bunch of messages
starting on the 10th. Today I missed two from you but I got this one, so
it looks like it's hit-or-miss.


List admin:
Received on 2015-06-20