curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Adding a CURLOPT_SSL_OPTIONS value to disable date checking

From: Tabor Kelly <tabor.kelly_at_hp.com>
Date: Wed, 21 Mar 2018 18:36:31 +0800

On 03/21/2018 05:36 PM, Daniel Stenberg wrote:
> 3. You can opt to disable certificate checking and only do certificate
> pinning.
I would much rather verify the chain of trust. What about the first
time, before the certificate is pinned? What if the server cert has to
change for some legitimate reason?
> 4. Since you're using OpenSSL as TLS backend, you can write your own
> certificate check in your application and make whatever trade-offs you
> want. Example: https://curl.haxx.se/libcurl/c/cacertinmem.html
Absolutely, I am aware of this fact and I currently possess code along
those lines.

-Tabor

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2018-03-21