cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: AW: AW: Difference between CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER?

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 14 Jul 2015 00:16:43 -0400

On 7/13/2015 3:33 AM, Dr. Roger Cuypers wrote:
> Does libcurl implement the former part via SSL_get_verify_result?
>
> -----Ursprüngliche Nachricht-----
> Von: curl-library [mailto:curl-library-bounces_at_cool.haxx.se] Im Auftrag von Daniel Stenberg
> Gesendet: Freitag, 10. Juli 2015 11:29
> An: libcurl development
> Betreff: Re: AW: Difference between CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER?
>
> On Wed, 8 Jul 2015, Dr. Roger Cuypers wrote:
>
>> So simplified that means that verify peer has a similar functionality
>> like SSL_get_verify_result in OpenSSL while verify host checks the common name?
> Verify peer checks that the cert is signed by a CA, verify host makes sure the cert contains the server name.

Please don't top post it makes the conversation hard to follow. If peer
verification is enabled and fails OpenSSL will terminate the handshake.
That happens in OpenSSL. SSL_get_verify_result gets the result of the
peer verification. Host verification is different, that's done by libcurl.

[1]: https://www.openssl.org/docs/ssl/SSL_get_verify_result.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-07-14