I hope these are quick questions. I built libcurl with OpenSSL per INSTALL.
The easy option from simplessl.c (http://curl.haxx.se/libcurl/c/simplessl.html) makes the call: res = curl_easy_perform(curl); /* Check for errors */ if(res != CURLE_OK) fprintf(stderr, "curl_easy_perform() failed: %s\n", curl_easy_strerror(res)); Is the following performed by curl_easy_perform when using OpenSSL: * call SSL_get_peer_certificate and verify the certificate is non-NULL * call SSL_get_verify_result and verify the result is X509_V_OK * perform name matching (CN or SAN must match requested host) I think the last item can be controlled with CURLOPT_SSL_VERIFYHOST, so I would have to add it manually (boy there's a lot of curl options). *If* the subject's CN is not listed in the SAN, will libcurl fail the handshake when using CURLOPT_SSL_VERIFYHOST? I did not see an option to disable SSLv3, or an option to disable compression. Are they listed elsewhere? Or is there another way to use, for example, TLS 1.0 and above? Thanks in advance. ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
