Re: php curl insecure connection option is skipped
Date: Wed, 8 May 2019 02:11:03 -0400
On 5/8/2019 12:32 AM, surya chandrika wrote:
> Disabling CURLOPT_SSL_VERIFYHOST worked. Yes as you said this is not
> recommended.
> But am not sure why certificate with correct hostname is not
> recognized from uploaded certificate.
> I added certificate in path "/etc/pki/ca-trust/source/anchors/
> In verbose mode it says it got 5 certificate
>> * found 171 certificates in /etc/pki/tls/certs/ca-bundle.crt
>> * *found 5 certificates in /etc/pki/ca-trust/source/anchors/*
>> *
>> *
>> *But throw error *SSL: certificate subject name (#1300) does not
>> match target host name 'abc.com <http://abc.com/>
> Any idea why certificate is not recognized
If abc.com is a hostname in the certificate then you should not see that
message. Check if OpenSSL gives different results:
(HOST=abc.com ; echo | openssl s_client -servername $HOST -connect
$HOST:443 2>/dev/null | openssl x509 -noout -checkhost $HOST)
Instead of -checkhost $HOST you can use -text to dump the certificate
details. You should see the hostname in X509v3 Subject Alternative Name.
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-05-08