Re: Disabling SSL Verification on std.net.curl
On Friday, 16 May 2014 at 04:58:47 UTC, Jack wrote: A follow up from : http://forum.dlang.org/thread/nsdomtdbqqlylrmgo...@forum.dlang.org I discovered that it was not a C::B issue as I already compiled it with Xamarin Studio and it was still spewing out the error: std.net.curl.CurlException@std\net\curl.d(3592): problem with the SSL CA cert (path? access rights?) on handle 22D3D68 And since I am only using the program by myself for personal things, I was thinking of disabling SSL Verification to stop it from complaining about the cert. So how do I do it? hi Jack curl has an option called SSL_VERIFYPEER which is supported by etc.c.curl: CurlOption. you can simply do the following: import std.stdio; import etc.c.curl : CurlOption; import std.net.curl; void main() { auto conn = HTTP(); conn.handle.set(CurlOption.ssl_verifypeer, 0); writeln(get(https://dlang.org/;, conn)); } if you set the option to 1 you will receive this error: std.net.curl.CurlException@std/net/curl.d(3592): Peer certificate cannot be authenticated with given CA certificates on handle 7F908C01DC00
Re: Disabling SSL Verification on std.net.curl
On Friday, 16 May 2014 at 07:37:33 UTC, Mengu wrote: hi Jack curl has an option called SSL_VERIFYPEER which is supported by etc.c.curl: CurlOption. you can simply do the following: import std.stdio; import etc.c.curl : CurlOption; import std.net.curl; void main() { auto conn = HTTP(); conn.handle.set(CurlOption.ssl_verifypeer, 0); writeln(get(https://dlang.org/;, conn)); } if you set the option to 1 you will receive this error: std.net.curl.CurlException@std/net/curl.d(3592): Peer certificate cannot be authenticated with given CA certificates on handle 7F908C01DC00 Never really knew that the C interface of curl had the option. Thanks for the info ..
Re: Disabling SSL Verification on std.net.curl
On Friday, 16 May 2014 at 07:37:33 UTC, Mengu wrote: On Friday, 16 May 2014 at 04:58:47 UTC, Jack wrote: std.net.curl.CurlException@std\net\curl.d(3592): problem with the SSL CA cert (path? access rights?) on handle 22D3D68 And since I am only using the program by myself for personal things, I was thinking of disabling SSL Verification to stop it from complaining about the cert. So how do I do it? hi Jack curl has an option called SSL_VERIFYPEER which is supported by etc.c.curl: CurlOption. While setting SSL_VERIFYPEER = 0 can be useful for quickly confirming whether CA certificates are causing the problem, and you seem to be aware of the implications, it is worth emphasising, particularly for anyone finding this thread through a search, that setting SSL_VERIFYPEER = 0 reduces the security of SSL almost to the same point as not using SSL at all! See Section 10 of The Most Dangerous Code in the World: http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf