From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (71-38-154-164.ptld.qwest.net [71.38.154.164]) by hurricane.the-brannons.com (Postfix) with ESMTPSA id 34C0C78B86 for ; Tue, 23 Sep 2014 07:56:20 -0700 (PDT) From: Chris Brannon To: Edbrowse-dev@lists.the-brannons.com References: <20140821171918.eklhad@comcast.net> <87ha008als.fsf@mushroom.PK5001Z> <20140923121559.GA12972@toaster.adamthompson.me.uk> Date: Tue, 23 Sep 2014 07:56:19 -0700 In-Reply-To: <20140923121559.GA12972@toaster.adamthompson.me.uk> (Adam Thompson's message of "Tue, 23 Sep 2014 13:15:59 +0100") Message-ID: <8761ge8jxo.fsf@mushroom.PK5001Z> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Subject: Re: [Edbrowse-dev] Debian X-BeenThere: edbrowse-dev@lists.the-brannons.com X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Edbrowse Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Sep 2014 14:56:21 -0000 Adam Thompson writes: > Sorry for the late post (think I've missed the cut off), > but I just found that I'm unable to disable ssl certificate verification with > edbrowse when built on my work debian sid system. Well, you missed the cutoff, but so did I. If you think you can figure out what is going on, I'm more than willing to hold off until we know more. I have a suspicion. There's a second option related to SSL certificate verification that is always set to true. It is CURLOPT_VERIFYHOST. CURLOPT_VERIFYPEER checks to see that the certificate is signed by a recognized certificate authority. CURLOPT_VERIFYHOST checks that the hostname given in the certificate is the same as the hostname that you are connecting to. And these are separate checks. For our purposes, they probably don't need to be. So the open question is whether CURLOPT_VERIFYHOST should always match CURLOPT_VERIFYPEER? -- Chris as