Menu
Search

Forums

Forum Index

Thread overview
Disabling SSL Verification on std.net.curl
May 16, 2014
Jack
May 16, 2014
Mengu
May 16, 2014
Jack
May 16, 2014
Jon Giddy
May 16, 2014
Gravatar of JackPosted by JackReply
Jack
Gravatar of Jack


Reply
A follow up from : http://forum.dlang.org/thread/nsdomtdbqqlylrmgojim@forum.dlang.org

I discovered that it was not a C::B issue as I already compiled it with Xamarin Studio and it was still spewing out the error:

std.net.curl.CurlException@std\net\curl.d(3592): problem with the SSL CA cert (path? access rights?) on handle 22D3D68

And since I am only using the program by myself for personal things, I was thinking of disabling SSL Verification to stop it from complaining about the cert.

So how do I do it?
May 16, 2014
Gravatar of MenguPosted by Mengu
in reply to Jack		Reply
Mengu
Gravatar of Mengu
Posted in reply to Jack


Reply
On Friday, 16 May 2014 at 04:58:47 UTC, Jack wrote:
> A follow up from : http://forum.dlang.org/thread/nsdomtdbqqlylrmgojim@forum.dlang.org
>
> I discovered that it was not a C::B issue as I already compiled it with Xamarin Studio and it was still spewing out the error:
>
> std.net.curl.CurlException@std\net\curl.d(3592): problem with the SSL CA cert (path? access rights?) on handle 22D3D68
>
> And since I am only using the program by myself for personal things, I was thinking of disabling SSL Verification to stop it from complaining about the cert.
>
> So how do I do it?

hi Jack

curl has an option called SSL_VERIFYPEER which is supported by etc.c.curl: CurlOption.

you can simply do the following:

import std.stdio;
import etc.c.curl : CurlOption;
import std.net.curl;

void main()
{
  auto conn = HTTP();
  conn.handle.set(CurlOption.ssl_verifypeer, 0);
  writeln(get("https://dlang.org/", conn));
}


if you set the option to 1 you will receive this error: std.net.curl.CurlException@std/net/curl.d(3592): Peer certificate cannot be authenticated with given CA certificates on handle 7F908C01DC00
May 16, 2014
Gravatar of JackPosted by Jack
in reply to Mengu		Reply
Jack
Gravatar of Jack
Posted in reply to Mengu


Reply
On Friday, 16 May 2014 at 07:37:33 UTC, Mengu wrote:
>
> hi Jack
>
> curl has an option called SSL_VERIFYPEER which is supported by etc.c.curl: CurlOption.
>
> you can simply do the following:
>
> import std.stdio;
> import etc.c.curl : CurlOption;
> import std.net.curl;
>
> void main()
> {
>   auto conn = HTTP();
>   conn.handle.set(CurlOption.ssl_verifypeer, 0);
>   writeln(get("https://dlang.org/", conn));
> }
>
>
> if you set the option to 1 you will receive this error: std.net.curl.CurlException@std/net/curl.d(3592): Peer certificate cannot be authenticated with given CA certificates on handle 7F908C01DC00

Never really knew that the C interface of curl had the option. Thanks for the info ..
May 16, 2014
Gravatar of Jon GiddyPosted by Jon Giddy
in reply to Mengu		Reply
Jon Giddy
Gravatar of Jon Giddy
Posted in reply to Mengu


Reply
On Friday, 16 May 2014 at 07:37:33 UTC, Mengu wrote:
> On Friday, 16 May 2014 at 04:58:47 UTC, Jack wrote:
>>
>> std.net.curl.CurlException@std\net\curl.d(3592): problem with the SSL CA cert (path? access rights?) on handle 22D3D68
>>
>> And since I am only using the program by myself for personal things, I was thinking of disabling SSL Verification to stop it from complaining about the cert.
>>
>> So how do I do it?
>
> hi Jack
>
> curl has an option called SSL_VERIFYPEER which is supported by etc.c.curl: CurlOption.


While setting SSL_VERIFYPEER = 0 can be useful for quickly confirming whether CA certificates are causing the problem, and you seem to be aware of the implications, it is worth emphasising, particularly for anyone finding this thread through a search, that setting SSL_VERIFYPEER = 0 reduces the security of SSL almost to the same point as not using SSL at all!

See Section 10 of "The Most Dangerous Code in the World": http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf