curl-library
Re: Override libcurl's server cert validation (WINSSL)
Date: Fri, 4 Nov 2016 18:29:45 -0400
Hello Ribhi,
On 11/04/2016 05:17 PM, Ribhi Kamal wrote:
> I'm trying to find a way to enable me to tell libcurl "Hey, I know this
> FTPS server is using a bad certificate, but its OK! I recognize its
> public key, so please go ahead and connect to it."
This is an exact use case filled by CURLOPT_PINNEDPUBLICKEY, basically
turn off certificate validation, turn on CURLOPT_PINNEDPUBLICKEY, and
connect securely!
Unfortunately WinSSL is one of the remaining 2 TLS backends that does
not support this (DarwinSSL being the other). So you could switch to
using another backend like OpenSSL or gnutls, or better yet you could
submit a patch that adds support for WinSSL. If you go with the patch
option I can help you on or off list, it shouldn't be hard, I just don't
even own a windows box so I can't do it myself.
Thanks,
Travis
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-11-04