On 6/20/2015 3:51 PM, Daniel Stenberg wrote:
On Sat, 20 Jun 2015, (( \/\/|||"'""/'")) ((\"""" )) (( ))\\\"\\"\ wrote:
and forgive me if I'm wrong, but it looks like the only original
functionality libcurl has is to verify certificates (which doesn't
work that well either... try verifying yahoo's cert...).
All HTTPS clients check certificates (or should at least), that's
hardly original on libcurl's part.
If you have *constructive* ideas and suggestions on how to improve
things I'm all ears.
I tried 'curl https://www.yahoo.com/' just now, worked flawlessly. In
what way is libcurl's design to blame for any problem with any TLS
certificates?
What he is likely referring to is the server-sent legacy intermediate
certificate issue that affected libcurl's ability to connect to some
websites. When I use an older version of libcurl I cannot connect to
https://www.yahoo.com either. I fixed it in [1] so that's no longer a
problem in 7.43.0 and it connects fine. Also OpenSSL in 1.0.2c I believe
has a separate fix so if you have the latest OpenSSL 1.0.2 with an older
libcurl that should work as well.
Also, this is OT but I think you were right about that spamhaus thing
because I checked the archive and I'm missing a bunch of messages
starting on the 10th. Today I missed two from you but I got this one, so
it looks like it's hit-or-miss.
[1]: https://github.com/bagder/curl/commit/b8673bb
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
