Hi , I am using curl to GET the resource from the server with https and enabling the verify peer user option set .
When I execute my cCURL clinet code I get the below error . *223: SSL: couldn't get X509-subject!* curl_easy_perform() failed: SSL connect error error no is 35 . I verified the certificate with openssl command line tool , in that I could see the subject filed is NULL and the SubjAltNames is present . This is valid as per the As per [RFC 5280], “If subject naming information is present only in the subjectAltName extension (e.g., a key bound only to an email address or URI), then the subject name MUST be an empty sequence and the subjectAltName extension MUST be critical . When I tried to understand the curl code for this problem Curl is calling “X509_get_subject_name” for retrieving “SubjectName”, if “SubjectName” field is empty, the curl is throwing “SSL: couldn't get X509-subject!” error instead of checking for “SubjectAlternativeName extension”. .. Is it really curl is missing to check the SubjectAlternativeName ..? if curl support this then how to enable the curl for checking the Subject Alternative name ? Rgds Indra
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
