Can a curl client be instructed to ONLY validate the certificate of the server when establishing a TLS connection? #11910
Unanswered
HakanSunay
asked this question in
Q&A
Replies: 1 comment 1 reply
-
I was able to find a similar thread for replacing peer verification with public key pinning: Yet, the first question for verifying the certificate (once again, not the chain of certs, but only a single cert) of the remote still remains - be it signed by a private CA or self-signed (not sure if all self-signed certs are considered CA certs). |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
If I have the certificate of a remote server (no chain), that I am trying to connect to, beforehand, is it possible to instruct curl to use that when establishing trust? The
--cacert
option does not seem to fulfill this use-case exactly, since there is no guarantee that this cert is the CA (or it could've been signed by a private CA).I may have found a non-straightforward way to achieve this, but not sure if it is safe/secure. I am using a combination of
-k
and--pinnedpubkey
:Does this mean that the peer verification is skipped, but pubkey is asserted and the transfer is still done in a secure encrypted manner?
Beta Was this translation helpful? Give feedback.
All reactions