curl / Mailing Lists / curl-library / Single Mail


RE: Fetching the detail of SSL Host verification failure

From: Basuke Suzuki via curl-library <>
Date: Fri, 2 Nov 2018 17:37:23 +0000

> Okay, what about this adjusted plan:
> Create a new info flag ("CURLINFO_SSL_VERIFIED" ?) that works the way I
> described it, that can return certificate verification details in a SSL backend
> agnostic way and we document that clearly and as preferred over
> What do you think? (It also needs a separate proxy version.)

Let me make understanding clear who you proposed.

  - Basically similar to existing CURLINFO_SSL_VERIFYRESULT
  - Returns only CURLcode
- New CURLcodes will be defined to describe detail situation.
- All backend need to implement this by hand
  - If the backend only returns CURLcode already, just copy the value.
- extra research is needed, but only NSS and OpenSSL need to fix the code.
- Deprecate CURLINFO_SSL_VERIFYRESULT. No change since now for a while.

Are these what you proposed?

Basuke Suzuki
SONY PlayStation

Received on 2018-11-02