curl-library
libcurl not verifying proxy url against IP address present in subject alternate name
Date: Wed, 29 Nov 2017 00:42:44 +0530
Hi All,
I am using pycurl (python wrapper of libcurl) to connect to a remote
server(HTTPS) via a proxy(HTTPS).
While establishing SSL connection with the proxy, the certificate shared by
proxy has both CN and SAN entries as below -
Subject: C=IN, ST=KA, L=BGL, O=xxxx, OU=x, *CN=host.cust1.com
<http://host.cust1.com>*/emailAddress=email@domain.com
X509v3 Subject Alternative Name:
DNS:host.cust1.com, *DNS:172.73.74.75*,
DNS:securepr.cust1.com <http://secureprofile.cust1.com>
In my code when I use proxy's FQDN(host.cust1.com) as the proxy URL to
access then the ssl verification works fine but when I try using the
IP Address I get below error -
"SSL: no alternative certificate subject name matches target host name
'172.73.74.75'"
Should not libcurl verify the proxy URL against all the subject alternate
names present in the received certificate or am I missing something here?
Software versions used - PycURL/7.43.0 libcurl/7.56.1
Regards,
Hemant
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-11-29