Thanks! I've reinstalled curl with --with-ca-bundle=/path/to/bundle.crt enabled and now persona works with curl_easy_setopt(c, CURLOPT_SSL_VERIFYPEER, 1);
Regards, Sergey 2013/12/11 Chris Double <[email protected]>: > On Wed, Dec 11, 2013 at 8:14 AM, Sergey Mironov <[email protected]> wrote: >> It is possible to workaround it by changing CURLOPT_SSL_VERIFYPEER to >> 0. This probably means that I don't have some important certificates >> installed (I'm not an SSL expert, so I may be wrong). Can anybody >> advise me what to check first? > > The verify peer check is from a reccomendation in the Persona > 'Security Considerations' document: > > <https://developer.mozilla.org/en/Persona/Security_Considerations> > "You must ensure that your HTTPS request verifies the certificate > sent from the server against a trusted root certificate. If you don't, > then an attacker could pose as verifier.login.persona.org and issue > false verifications." > > If you are on Linux you can update the certificate store that cURL > uses by following this: > > <http://www.mylinuxguide.com/ssl-root-certificate-update-in-linux-for-curl/> > > Chris. > -- > http://www.bluishcoder.co.nz > > _______________________________________________ > Ur mailing list > [email protected] > http://www.impredicative.com/cgi-bin/mailman/listinfo/ur _______________________________________________ Ur mailing list [email protected] http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
