Re: Disabling SSL Verification on std.net.curl
On Friday, 16 May 2014 at 04:58:47 UTC, Jack wrote:
A follow up from :
http://forum.dlang.org/thread/nsdomtdbqqlylrmgo...@forum.dlang.org
I discovered that it was not a C::B issue as I already compiled
it with Xamarin Studio and it was still spewing out the error:
std.net.curl.CurlException@std\net\curl.d(3592): problem with
the SSL CA cert (path? access rights?) on handle 22D3D68
And since I am only using the program by myself for personal
things, I was thinking of disabling SSL Verification to stop it
from complaining about the cert.
So how do I do it?
hi Jack
curl has an option called SSL_VERIFYPEER which is supported by
etc.c.curl: CurlOption.
you can simply do the following:
import std.stdio;
import etc.c.curl : CurlOption;
import std.net.curl;
void main()
{
auto conn = HTTP();
conn.handle.set(CurlOption.ssl_verifypeer, 0);
writeln(get(https://dlang.org/;, conn));
}
if you set the option to 1 you will receive this error:
std.net.curl.CurlException@std/net/curl.d(3592): Peer certificate
cannot be authenticated with given CA certificates on handle
7F908C01DC00
Re: Disabling SSL Verification on std.net.curl
On Friday, 16 May 2014 at 07:37:33 UTC, Mengu wrote:
hi Jack
curl has an option called SSL_VERIFYPEER which is supported by
etc.c.curl: CurlOption.
you can simply do the following:
import std.stdio;
import etc.c.curl : CurlOption;
import std.net.curl;
void main()
{
auto conn = HTTP();
conn.handle.set(CurlOption.ssl_verifypeer, 0);
writeln(get(https://dlang.org/;, conn));
}
if you set the option to 1 you will receive this error:
std.net.curl.CurlException@std/net/curl.d(3592): Peer
certificate cannot be authenticated with given CA certificates
on handle 7F908C01DC00
Never really knew that the C interface of curl had the option.
Thanks for the info ..
Re: Disabling SSL Verification on std.net.curl
On Friday, 16 May 2014 at 07:37:33 UTC, Mengu wrote: On Friday, 16 May 2014 at 04:58:47 UTC, Jack wrote: std.net.curl.CurlException@std\net\curl.d(3592): problem with the SSL CA cert (path? access rights?) on handle 22D3D68 And since I am only using the program by myself for personal things, I was thinking of disabling SSL Verification to stop it from complaining about the cert. So how do I do it? hi Jack curl has an option called SSL_VERIFYPEER which is supported by etc.c.curl: CurlOption. While setting SSL_VERIFYPEER = 0 can be useful for quickly confirming whether CA certificates are causing the problem, and you seem to be aware of the implications, it is worth emphasising, particularly for anyone finding this thread through a search, that setting SSL_VERIFYPEER = 0 reduces the security of SSL almost to the same point as not using SSL at all! See Section 10 of The Most Dangerous Code in the World: http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
