curl-library
AW: Difference between CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER?
Date: Wed, 8 Jul 2015 16:06:53 +0000
So simplified that means that verify peer has a similar functionality like SSL_get_verify_result in OpenSSL while verify host checks the common name?
Von: curl-library [mailto:curl-library-bounces_at_cool.haxx.se] Im Auftrag von Vadim Grinshpun
Gesendet: Dienstag, 7. Juli 2015 19:24
An: curl-library_at_cool.haxx.se
Betreff: Re: Difference between CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER?
On 7/7/15 10:12 AM, Dr. Roger Cuypers wrote:
Greetings,
can someone explain me what the difference between CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER is in the context of a client program? For a client, the host and the peer are both the server.
The only difference I can make out at first glance is that verifypeer may cause the connection to fail while verifyhost is tested later.
The difference is visible if you look at the summary of each option:
CURLOPT_SSL_VERIFYPEER - verify the peer's SSL certificate
CURLOPT_SSL_VERIFYHOST - verify the certificate's name against host
Note the difference in the description.
VERIFYPEER basically makes sure the certificate itself is valid (i.e., signed by a trusted CA, the certificate chain is complete, etc).
VERIFYHOST checks that the host you're talking to is the host named in the certificate.
(using a driver's license analogy: VERIFYPEER makes sure the license itself is not fake; VERIFYHOST makes sure the person whose name and photo are on the license is the same as the person showing the license :)
HTH,
-Vadim
Regards
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-07-08