curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Adding a CURLOPT_SSL_OPTIONS value to disable date checking

From: Tabor Kelly <tabor.kelly_at_hp.com>
Date: Wed, 21 Mar 2018 18:36:31 +0800

On 03/21/2018 05:36 PM, Daniel Stenberg wrote:
> 3. You can opt to disable certificate checking and only do certificate
> pinning.
I would much rather verify the chain of trust. What about the first
time, before the certificate is pinned? What if the server cert has to
change for some legitimate reason?
> 4. Since you're using OpenSSL as TLS backend, you can write your own
> certificate check in your application and make whatever trade-offs you
> want. Example: https://curl.haxx.se/libcurl/c/cacertinmem.html
Absolutely, I am aware of this fact and I currently possess code along
those lines.

-Tabor

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-03-21

This message: [ Message body ]
Next message: Diego Betancor: "Who should contact to give example of code?"
Previous message: Kees Dekker: "RE: curl Windows build and setenv command"
In reply to: Daniel Stenberg: "Re: Adding a CURLOPT_SSL_OPTIONS value to disable date checking"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]