curl / Mailing Lists / curl-library / Single Mail


Re: Adding a CURLOPT_SSL_OPTIONS value to disable date checking

From: Tabor Kelly <>
Date: Wed, 21 Mar 2018 18:36:31 +0800

On 03/21/2018 05:36 PM, Daniel Stenberg wrote:
> 3. You can opt to disable certificate checking and only do certificate
> pinning.
I would much rather verify the chain of trust. What about the first
time, before the certificate is pinned? What if the server cert has to
change for some legitimate reason?
> 4. Since you're using OpenSSL as TLS backend, you can write your own
> certificate check in your application and make whatever trade-offs you
> want. Example:
Absolutely, I am aware of this fact and I currently possess code along
those lines.


Received on 2018-03-21