Unable to get SSL peer verification to work #95

Merged
merged 3 commits into from Jan 3, 2012

Conversation

Projects
None yet
2 participants
Contributor

amfranz commented Nov 23, 2011

I was unable to get Curl::Easy to (intentionally) fail on a self-signed certificate with this code:

Curl::Easy.http_get("https://localhost/") do |curb|
  curb.ssl_verify_peer = true
  curb.ssl_verify_host = 2
end

The HTTPS request would always work, even if the certificate is not signed by a trusted authority.

I traced the issue back to a few copy-paste mistakes in ext/curb_easy.c. The attached pull request should be pretty self-explanatory.

Though I have to mention, there is one debatable change I made:

In the pull request you will see that I changed the default value of 'ssl_verify_host' from 1 to 2. I changed it to 2 because this is the default value that cURL uses for this setting. I think for the sake of consistency, Curl::Easy should be in sync with cURLs defaults.

This change is just a suggestion. I can see that there is a counter-argument about keeping backwards compatibility with older curb versions which speaks against this change. It's your decision. I isolated the change of the setting into its own commit, feel free to skip this one when pulling.

Owner

taf2 commented Dec 9, 2011

this looks really good thank you.

@taf2 taf2 added a commit that referenced this pull request Jan 3, 2012

@taf2 taf2 Merge pull request #95 from amfranz/master
Unable to get SSL peer verification to work
43d7984

@taf2 taf2 merged commit 43d7984 into taf2:master Jan 3, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment