curl / Mailing Lists / curl-library / Single Mail


Re: error= 6 (libcurl error) detail= 51 (SSL peer certificate or SSH remote key was not OK)

From: Daniel Stenberg via curl-library <>
Date: Sat, 17 Nov 2018 15:28:24 +0100 (CET)

On Fri, 16 Nov 2018, Tapasvi Soni via curl-library wrote:

> I want to know that multiple wildcards(*) in leftmost label of common name
> of wildcard certificate are supported by curl or not. Because validation is
> failing from libcurl for this certificate.

It seems it does not!

I added a simple test to unit1397.c to check (as shown below) and it fails!

I did went back and read
again, and it doesn't really say anything about the number of wild card
characters that we should support...

The simple fact that you're the first to report this (in quite a number of
years) could possibly be an indication that this is not a feature that is
widely used. Do browsers and other popular internet tools work with this site?

diff --git a/tests/unit/unit1397.c b/tests/unit/unit1397.c
index 432b90973..9b7d3820d 100644
--- a/tests/unit/unit1397.c
+++ b/tests/unit/unit1397.c
@@ -48,10 +48,13 @@ fail_unless(Curl_cert_hostcheck("xxx*",
              "good 3");
  fail_unless(Curl_cert_hostcheck("f*", ""),
              "good 4");
  fail_unless(Curl_cert_hostcheck("", ""),
              "good 5");
+ ""),
+ "good 6");

  fail_if(Curl_cert_hostcheck("", ""), "bad 1");
  fail_if(Curl_cert_hostcheck("*", ""), "bad 2");
  fail_if(Curl_cert_hostcheck("*.*.com", ""), "bad 3");
  fail_if(Curl_cert_hostcheck("*", ""), "bad

Received on 2018-11-17