curl-library
Override libcurl's server cert validation (WINSSL)
Date: Fri, 4 Nov 2016 17:17:43 -0400
Hi all,
I'm trying to find a way to enable me to tell libcurl "Hey, I know this
FTPS server is using a bad certificate, but its OK! I recognize its public
key, so please go ahead and connect to it." In other words, I would like to
have a say when libcurl is validating a certificate without turning off
certificate validation completely. See example below.
My main motivation is that I'm writing a windows program that downloads
files from an FTPS server and I don't want to modify the machines
certificate stores so that the server's cert is trusted. Does libcurl have
a callback or an option that allows to specify my own custom server cert
validation?
Something like this (none of this is real):
static bool my_func(char * tServerCertPEM, size_t size)
{
bool bIsValid = false;
// Do my own checking
bIsValid = CustomCheck(tServerCertPEM, size);
if (!bIsValid)
{
// Fallback to the default libcurl cert validation
bIsValid = curl_super_dupper_easy_validate_cert(tServerCertPEM, size);
}
return bIsValid;
}
int main()
{
.
.
curl_easy_setopt(curl, CURLOPT_SSL_CERTVALIDATOR, my_func);
.
.
}
Thanks!
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-11-04