On 1/31/19 3:43 PM, Martin Galvan via curl-library wrote:
Hi all,
My application is currently setting CURLOPT_SSL_VERIFYHOST to 2 in
order to enable cert identity verification. However, I saw that
passing the remote host's IP address to libcurl (as opposed to the
hostname) results on the identity verification failing. This is a bit
inconvenient, as sometimes I may want to use hostnames and IP
addresses interchangeably.
What's the best way to do this?
If you have control on the server certificate, set its "Subject
Alternative Name" with the site name and IP (there can be more than one).
Else this might be impossible: For example, you can try https from a
browser with www.google.com's IP address and you'll see it requires the
SNI to be transmitted (by definition, an IP address has no SNI!).
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
