cURL / Mailing Lists / curl-library / Single Mail


Manually verifying certificate before sending HTTP request - is it possible?

From: Georgi Chulkov <>
Date: Sat, 23 Jan 2016 00:46:38 +0100


My application uses libcurl to connect to a HTTPS server, but I would
like to perform manual checks on the server's certificate before sending
my request. In particular, I would like to compare the Distinguished
Name within the certificate to a specific string, which is different
than the server's hostname.

My current approach is:
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_easy_setopt(curl, CURLOPT_CERTINFO, 1);
curl_easy_getinfo(curl, CURLINFO_CERTINFO, &info);
... examine info->certinfo[0]

The problem is that I can only validate the DN after the fact. Is there
a way to perform these manual checks on the certificate after it has
been received from the server, but before the HTTP request has been

Thanks and regards

List admin:
Received on 2016-01-23