curl / Mailing Lists / curl-library / Single Mail

curl-library

CURLOPT_SSL_VERIFYHOST and Wildcard Certificates

From: Paul D Rotter <pdrotter_at_us.ibm.com>
Date: Thu, 12 Jan 2017 19:52:40 +0000

Hello,

This question pertains to a C++ implementation of libCurl version 7.33.0.

I am implementing some security upgrades to our software including turning
on CURLOPT_SSL_VERIFYHOST (setting to value 2). Some of the server
certificates we receive are wildcard certs. I was expecting to see
failures after turning on the CURLOPT_SSL_VERIFYHOST, but libCurl it is
happily going about performing the HTTPS request. I'm not sure what the
expected behavior is here.

 

If I try to connect to https://test.domain.com should a certificate for
*.domain.com pass this verification or no?

 

Thanks,

Paul

 

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-01-12