From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) by hurricane.the-brannons.com (Postfix) with ESMTPS id 54EF178C30 for ; Tue, 23 Sep 2014 13:33:00 -0700 (PDT) Received: by mail-wi0-f181.google.com with SMTP id z2so5981508wiv.2 for ; Tue, 23 Sep 2014 13:32:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=luQQOoEjGzbBGT/8QL2jAcjnjXHKw/HtmRo25mNdKIg=; b=ZXHyZyZVsNR/RoUj53nQpisaB1fiJlq1CR2W/qCa0lo6vq/vULRUGJsDJsFK461X3x zuzENVr4nidK5+ohJZe5QuC2HG087WvAzzJQ8KhnQKqC4L02NQTMtIVhjidTBGs/UEpO 63HhsDlNP7Kh6dOkRnrnRo/eyOCwnRrvahntJF6W1pw8wlmWNzhCWxfE3FCSAFCEY/1Z PKFedRio/JBFFmQvwzwtvpexdsu7oXkIEYh04kuNdghq1QCNhGg9gYshXCpLtK2nCI5p hXis3iXuKzievFpWHCy15QgZy9MRuwQsjUhGNm6HYeRZqz5xnLDUE+wG/P5PkMRY6oTb T3qg== X-Received: by 10.194.142.209 with SMTP id ry17mr2386824wjb.57.1411504376939; Tue, 23 Sep 2014 13:32:56 -0700 (PDT) Received: from toaster.adamthompson.me.uk (toaster.adamthompson.me.uk. [2001:8b0:1142:9042::2]) by mx.google.com with ESMTPSA id cj7sm17112070wjc.37.2014.09.23.13.32.55 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Tue, 23 Sep 2014 13:32:56 -0700 (PDT) Date: Tue, 23 Sep 2014 21:32:52 +0100 From: Adam Thompson To: Karl Dahlke Message-ID: <20140923203252.GC12972@toaster.adamthompson.me.uk> References: <20140823124221.eklhad@comcast.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vEao7xgI/oilGqZ+" Content-Disposition: inline In-Reply-To: <20140823124221.eklhad@comcast.net> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: Edbrowse-dev@lists.the-brannons.com Subject: Re: [Edbrowse-dev] Debian X-BeenThere: edbrowse-dev@lists.the-brannons.com X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Edbrowse Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Sep 2014 20:33:00 -0000 --vEao7xgI/oilGqZ+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 23, 2014 at 12:42:21PM -0400, Karl Dahlke wrote: > > So the open question is whether CURLOPT_VERIFYHOST > > should always match CURLOPT_VERIFYPEER? >=20 > Probably yes, as long as curl understands wild card certificates, > wherein *.foobar.com matches www.foobar.com. > I used such a certificate at my last job and it sure was convenient, > and cheaper than buying a certificate for each subdomain. I'd say the two should always match as well, otherwise the behavior is counter-intuative (assuming curl treats the optio= ns separately) particularly when using self-signed certs simply to get the encryption prov= ided by ssl. At the end of the day, when I switch off ssl verification I expect edbrowse= to behave like curl with the --insecure option, i.e. do ssl regardless of whether the certificate can be verified. Incidentally, the afore mentioned curl option works with the systems which caused me to notice this bug. Cheers, Adam. --vEao7xgI/oilGqZ+ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUIdjzAAoJELZ22lNQBzHOkVgIAKhOHr0XuU+uMnNug2c1f8j3 ks2suM1+ziuvbFPUekXG4rrzOhIBW+XkJsqOo+NLw/7o7UefMNfOy47qV396tmlc lpku/fgNKYrtgiRgEyqSPChmUByAI/JhUesFKBKi34ThqbDm97pAGYsBMFwP/QVp 9+M1XPxaoHuT4GdAflxWU758quiodslanwwuTv/tSJd5XiZSdS77/3U017Ra7du8 I5aSPlzdEDg9Spm6Ci3z7B+4Wxel2tRzCmhNKU1Ny9dANlF4cq0W1AQt7VbpDyxg PBnYdTd8JIQ5P7TNXdDqyZxnfTrh5cWuk8vOFOwmNi2qZMkNOYvtNgptG/SM7S8= =EnSD -----END PGP SIGNATURE----- --vEao7xgI/oilGqZ+--