cURL / Mailing Lists / curl-library / Single Mail


Re: Manually verifying certificate before sending HTTP request - is it possible?

From: Dan Fandrich <>
Date: Sat, 23 Jan 2016 10:13:16 +0100

On Sat, Jan 23, 2016 at 12:46:38AM +0100, Georgi Chulkov wrote:
> Hello,
> My application uses libcurl to connect to a HTTPS server, but I would like
> to perform manual checks on the server's certificate before sending my
> request. In particular, I would like to compare the Distinguished Name
> within the certificate to a specific string, which is different than the
> server's hostname.
> My current approach is:
> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1);
> curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
> curl_easy_setopt(curl, CURLOPT_CERTINFO, 1);
> curl_easy_perform(curl);
> curl_easy_getinfo(curl, CURLINFO_CERTINFO, &info);
> ... examine info->certinfo[0]
> The problem is that I can only validate the DN after the fact. Is there a
> way to perform these manual checks on the certificate after it has been
> received from the server, but before the HTTP request has been transmitted?

The technique mentioned in ought
to be sufficient for this.

>>> Dan
List admin:
Received on 2016-01-23