curl-library
Re: Difference between CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER?
Date: Tue, 07 Jul 2015 13:23:36 -0400
On 7/7/15 10:12 AM, Dr. Roger Cuypers wrote:
>
> Greetings,
>
> can someone explain me what the difference between
> CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER is in the context of
> a client program? For a client, the host and the peer are both the server.
>
> The only difference I can make out at first glance is that verifypeer
> may cause the connection to fail while verifyhost is tested later.
>
The difference is visible if you look at the summary of each option:
CURLOPT_SSL_VERIFYPEER - verify the peer's SSL certificate
CURLOPT_SSL_VERIFYHOST - verify the certificate's name against host
Note the difference in the description.
VERIFYPEER basically makes sure the certificate itself is valid (i.e.,
signed by a trusted CA, the certificate chain is complete, etc).
VERIFYHOST checks that the host you're talking to is the host named in
the certificate.
(using a driver's license analogy: VERIFYPEER makes sure the license
itself is not fake; VERIFYHOST makes sure the person whose name and
photo are on the license is the same as the person showing the license :)
HTH,
-Vadim
> Regards
>
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-07-07