curl / Mailing Lists / curl-library / Single Mail

curl-library

RE: Fetching the detail of SSL Host verification failure

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Sat, 17 Nov 2018 11:46:19 +0100 (CET)

On Fri, 2 Nov 2018, Basuke Suzuki via curl-library wrote:

> Let me make understanding clear who you proposed.
>
> - Add new CURLINFO_SSL_VERIFIED.
> - Basically similar to existing CURLINFO_SSL_VERIFYRESULT
> - Returns only CURLcode

I think it should introduce a new line of TLS error codes that provide
additional information for the case when CURLE_PEER_FAILED_VERIFICATION is
returned.

Something like:

  CURLVERIFIED_HOSTFAIL,
  CURLVERIFIED_SIGNATUREFAIL,
  ...

> - All backend need to implement this by hand

We could perhaps have a CURLVERIFIED_MISSING code to return for the backends
that don't yet have additional details implemented.

> Are these what you proposed?

Yes, with my minor clarifications here.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Received on 2018-11-17

This message: [ Message body ]
Next message: Daniel Stenberg via curl-library: "RE: curl_easy_perform blocks when ifdown the ntwk interface"
Previous message: Daniel Stenberg via curl-library: "RE: Curl and c-ares block during curl_multi_remove_handle"
In reply to: Basuke Suzuki via curl-library: "RE: Fetching the detail of SSL Host verification failure"
Next in thread: Basuke Suzuki via curl-library: "RE: Fetching the detail of SSL Host verification failure"
Reply: Basuke Suzuki via curl-library: "RE: Fetching the detail of SSL Host verification failure"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]