On Thu, 7 Nov 2013, Rich Bramante wrote:
My original reason for asking this was I need to provide a workflow similar to a browser where, upon receiving a CURLE_SSL_CACERT error, I would display the server certificate details to the user and ask if they wanted to trust the certificate. Of course it was a chicken-vs.-egg problem in that I needed the connection to succeed before I could get the certificate.
Right, and in your particular case it looked like the connection was failed before it reached the code snippet were the certinfo stuff is made.
One workaround I considered was creating a one-shot dummy connection with verification disabled to just grab and present the certificate details. However, I am now realizing that a bigger issue is setting CURLOPT_CERTINFO is not supported in all of the environments I am looking at supporting (e.g. OSX 10.9) due to particulars of the selected ssl implementation.
Yes. Unfortunate, but true.
Is there any other more generic way to get the server certificate information that does not rely on the underlying ssl implementation curl is using (debug callback looked like a possibility but awfully heavy handed)? Or do I need to consider building/bundling my own libcurl/libopenssl combination for each platform I want to support with my application?
To get that kind of information, I think you need to do something like that. -- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
