curl / Mailing Lists / curl-library / Single Mail

curl-library

CURLOPT_SSL_VERIFYHOST and Wildcard Certificates

From: Paul D Rotter <pdrotter_at_us.ibm.com>
Date: Thu, 12 Jan 2017 19:52:40 +0000

Hello,

This question pertains to a C++ implementation of libCurl version 7.33.0.

I am implementing some security upgrades to our software including turning
on CURLOPT_SSL_VERIFYHOST (setting to value 2). Some of the server
certificates we receive are wildcard certs. I was expecting to see
failures after turning on the CURLOPT_SSL_VERIFYHOST, but libCurl it is
happily going about performing the HTTPS request. I'm not sure what the
expected behavior is here.

If I try to connect to https://test.domain.com should a certificate for
*.domain.com pass this verification or no?

Thanks,

Paul

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-01-12

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Status of IDN support?"
Previous message: Daniel Stenberg: "Re: Curl_ssl_random fails in 7.52.1 when SSL backend has no random support"
Next in thread: Daniel Stenberg: "Re: CURLOPT_SSL_VERIFYHOST and Wildcard Certificates"
Reply: Daniel Stenberg: "Re: CURLOPT_SSL_VERIFYHOST and Wildcard Certificates"
Reply: Ray Satiro via curl-library: "Re: CURLOPT_SSL_VERIFYHOST and Wildcard Certificates"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]